Remove duplicate neverallow for hal_audio_server am: 9dc17d30c7
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1328121
Change-Id: I14105cdaf21cecb9dca1f6dfb421158ea3cc4742
diff --git a/Android.bp b/Android.bp
index 256262b..8705622 100644
--- a/Android.bp
+++ b/Android.bp
@@ -36,6 +36,13 @@
}
se_filegroup {
+ name: "29.0.board.compat.map",
+ srcs: [
+ "compat/29.0/29.0.cil",
+ ],
+}
+
+se_filegroup {
name: "26.0.board.ignore.map",
srcs: [
"compat/26.0/26.0.ignore.cil",
@@ -56,22 +63,103 @@
],
}
+se_filegroup {
+ name: "29.0.board.ignore.map",
+ srcs: [
+ "compat/29.0/29.0.ignore.cil",
+ ],
+}
+
se_cil_compat_map {
- name: "26.0.cil",
+ name: "plat_26.0.cil",
+ stem: "26.0.cil",
bottom_half: [":26.0.board.compat.map"],
- top_half: "27.0.cil",
+ top_half: "plat_27.0.cil",
}
se_cil_compat_map {
- name: "27.0.cil",
+ name: "plat_27.0.cil",
+ stem: "27.0.cil",
bottom_half: [":27.0.board.compat.map"],
- top_half: "28.0.cil",
+ top_half: "plat_28.0.cil",
}
se_cil_compat_map {
- name: "28.0.cil",
+ name: "plat_28.0.cil",
+ stem: "28.0.cil",
bottom_half: [":28.0.board.compat.map"],
- // top_half: "29.0.cil",
+ top_half: "plat_29.0.cil",
+}
+
+se_cil_compat_map {
+ name: "plat_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "plat_30.0.cil",
+}
+
+se_cil_compat_map {
+ name: "system_ext_26.0.cil",
+ stem: "26.0.cil",
+ bottom_half: [":26.0.board.compat.map"],
+ top_half: "system_ext_27.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_27.0.cil",
+ stem: "27.0.cil",
+ bottom_half: [":27.0.board.compat.map"],
+ top_half: "system_ext_28.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_28.0.cil",
+ stem: "28.0.cil",
+ bottom_half: [":28.0.board.compat.map"],
+ top_half: "system_ext_29.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "system_ext_30.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_26.0.cil",
+ stem: "26.0.cil",
+ bottom_half: [":26.0.board.compat.map"],
+ top_half: "product_27.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_27.0.cil",
+ stem: "27.0.cil",
+ bottom_half: [":27.0.board.compat.map"],
+ top_half: "product_28.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_28.0.cil",
+ stem: "28.0.cil",
+ bottom_half: [":28.0.board.compat.map"],
+ top_half: "product_29.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "product_30.0.cil",
+ product_specific: true,
}
se_cil_compat_map {
@@ -89,5 +177,210 @@
se_cil_compat_map {
name: "28.0.ignore.cil",
bottom_half: [":28.0.board.ignore.map"],
- // top_half: "29.0.ignore.cil",
+ top_half: "29.0.ignore.cil",
+}
+
+se_cil_compat_map {
+ name: "29.0.ignore.cil",
+ bottom_half: [":29.0.board.ignore.map"],
+ // top_half: "30.0.ignore.cil",
+}
+
+prebuilt_etc {
+ name: "26.0.compat.cil",
+ src: "private/compat/26.0/26.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "27.0.compat.cil",
+ src: "private/compat/27.0/27.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "28.0.compat.cil",
+ src: "private/compat/28.0/28.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "29.0.compat.cil",
+ src: "private/compat/29.0/29.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+se_filegroup {
+ name: "file_contexts_files",
+ srcs: ["file_contexts"],
+}
+
+se_filegroup {
+ name: "file_contexts_asan_files",
+ srcs: ["file_contexts_asan"],
+}
+
+se_filegroup {
+ name: "file_contexts_overlayfs_files",
+ srcs: ["file_contexts_overlayfs"],
+}
+
+se_filegroup {
+ name: "hwservice_contexts_files",
+ srcs: ["hwservice_contexts"],
+}
+
+se_filegroup {
+ name: "property_contexts_files",
+ srcs: ["property_contexts"],
+}
+
+se_filegroup {
+ name: "service_contexts_files",
+ srcs: ["service_contexts"],
+}
+
+file_contexts {
+ name: "plat_file_contexts",
+ srcs: [":file_contexts_files"],
+ product_variables: {
+ address_sanitize: {
+ srcs: [":file_contexts_asan_files"],
+ },
+ debuggable: {
+ srcs: [":file_contexts_overlayfs_files"],
+ },
+ },
+
+ flatten_apex: {
+ srcs: ["apex/*-file_contexts"],
+ },
+
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "vendor_file_contexts",
+ srcs: [":file_contexts_files"],
+ soc_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "system_ext_file_contexts",
+ srcs: [":file_contexts_files"],
+ system_ext_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "product_file_contexts",
+ srcs: [":file_contexts_files"],
+ product_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "odm_file_contexts",
+ srcs: [":file_contexts_files"],
+ device_specific: true,
+ recovery_available: true,
+}
+
+hwservice_contexts {
+ name: "plat_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+}
+
+hwservice_contexts {
+ name: "system_ext_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ system_ext_specific: true,
+}
+
+hwservice_contexts {
+ name: "product_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ product_specific: true,
+}
+
+hwservice_contexts {
+ name: "vendor_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+}
+
+hwservice_contexts {
+ name: "odm_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ device_specific: true,
+}
+
+property_contexts {
+ name: "plat_property_contexts",
+ srcs: [":property_contexts_files"],
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "system_ext_property_contexts",
+ srcs: [":property_contexts_files"],
+ system_ext_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "product_property_contexts",
+ srcs: [":property_contexts_files"],
+ product_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "vendor_property_contexts",
+ srcs: [":property_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "odm_property_contexts",
+ srcs: [":property_contexts_files"],
+ device_specific: true,
+ recovery_available: true,
+}
+
+service_contexts {
+ name: "plat_service_contexts",
+ srcs: [":service_contexts_files"],
+}
+
+service_contexts {
+ name: "system_ext_service_contexts",
+ srcs: [":service_contexts_files"],
+ system_ext_specific: true,
+}
+
+service_contexts {
+ name: "product_service_contexts",
+ srcs: [":service_contexts_files"],
+ product_specific: true,
+}
+
+service_contexts {
+ name: "vendor_service_contexts",
+ srcs: [":service_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+}
+
+// For vts_treble_sys_prop_test
+filegroup {
+ name: "public_property_contexts",
+ srcs: ["public/property_contexts"],
+ visibility: [
+ "//test/vts-testcase/security/system_property",
+ ],
}
diff --git a/Android.mk b/Android.mk
index dadd7b0..f545b41 100644
--- a/Android.mk
+++ b/Android.mk
@@ -49,18 +49,18 @@
# - compile output binary policy file
PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
-ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
-PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
-endif
PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
-ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
-PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
-endif
PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
+SYSTEM_EXT_PUBLIC_POLICY := $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
+SYSTEM_EXT_PRIVATE_POLICY := $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
+ifneq (,$(SYSTEM_EXT_PUBLIC_POLICY)$(SYSTEM_EXT_PRIVATE_POLICY))
+HAS_SYSTEM_EXT_SEPOLICY_DIR := true
+endif
+
# TODO(b/119305624): Currently if the device doesn't have a product partition,
# we install product sepolicy into /system/product. We do that because bits of
# product sepolicy that's still in /system might depend on bits that have moved
@@ -68,7 +68,7 @@
# it so that if no product partition is present, product sepolicy artifacts are
# not built and installed at all.
ifneq (,$(PRODUCT_PUBLIC_POLICY)$(PRODUCT_PRIVATE_POLICY))
-HAS_PRODUCT_SEPOLICY := true
+HAS_PRODUCT_SEPOLICY_DIR := true
endif
# TODO: move to README when doing the README update and finalizing versioning.
@@ -123,13 +123,6 @@
# Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS.
build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS))
-# Add a file containing only a newline in-between each policy configuration
-# 'contexts' file. This will allow OEM policy configuration files without a
-# final newline (0x0A) to be built correctly by the m4(1) macro processor.
-# $(1): the set of contexts file names.
-# $(2): the file containing only 0x0A.
-add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
-
sepolicy_build_files := security_classes \
initial_sids \
access_vectors \
@@ -152,6 +145,42 @@
genfs_contexts \
port_contexts
+# Security classes and permissions defined outside of system/sepolicy.
+security_class_extension_files := $(call build_policy, security_classes access_vectors, \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+
+ifneq (,$(strip $(security_class_extension_files)))
+ $(error Only platform SELinux policy may define classes and permissions: $(strip $(security_class_extension_files)))
+endif
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+ # Checks if there are public system_ext policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(SYSTEM_EXT_PUBLIC_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_SYSTEM_EXT_PUBLIC_SEPOLICY := true
+ endif
+ # Checks if there are public/private system_ext policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_SYSTEM_EXT_SEPOLICY := true
+ endif
+endif # ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+ # Checks if there are public product policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(PRODUCT_PUBLIC_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_PRODUCT_PUBLIC_SEPOLICY := true
+ endif
+ # Checks if there are public/private product policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_PRODUCT_SEPOLICY := true
+ endif
+endif # ifdef HAS_PRODUCT_SEPOLICY_DIR
+
# CIL files which contain workarounds for current limitation of human-readable
# module policy language. These files are appended to the CIL files produced
# from module language files.
@@ -173,6 +202,22 @@
ifeq ($(NATIVE_COVERAGE),true)
with_native_coverage := true
endif
+ifeq ($(CLANG_COVERAGE),true)
+ with_native_coverage := true
+endif
+
+treble_sysprop_neverallow := true
+ifeq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),true)
+ treble_sysprop_neverallow := false
+endif
+
+ifeq ($(PRODUCT_SHIPPING_API_LEVEL),)
+ #$(warning no product shipping level defined)
+else ifneq ($(call math_lt,29,$(PRODUCT_SHIPPING_API_LEVEL)),)
+ ifneq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),)
+ $(error BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW cannot be set on a device shipping with R or later, and this is tested by CTS.)
+ endif
+endif
# Library extension for host-side tests
ifeq ($(HOST_OS),darwin)
@@ -184,12 +229,12 @@
# Convert a file_context file for a non-flattened APEX into a file for
# flattened APEX. /system/apex/<apex_name> path is prepended to the original paths
# $(1): path to the input file_contexts file for non-flattened APEX
-# $(2): name of the APEX
-# $(3): path to the generated file_contexs file for flattened APEX
+# $(2): path to the flattened APEX
+# $(3): path to the generated file_contexts file for flattened APEX
# $(4): variable where $(3) is added to
define build_flattened_apex_file_contexts
$(4) += $(3)
-$(3): PRIVATE_APEX_PATH := /system/apex/$(subst .,\\.,$(2))
+$(3): PRIVATE_APEX_PATH := $(subst .,\\.,$(2))
$(3): $(1)
$(hide) awk '/object_r/{printf("$$(PRIVATE_APEX_PATH)%s\n",$$$$0)}' $$< > $$@
endef
@@ -206,6 +251,10 @@
include $(BUILD_PHONY_PACKAGE)
+# selinux_policy is a main goal and triggers lots of tests.
+# Most tests are FAKE modules, so aren'triggered on normal builds. (e.g. 'm')
+# By setting as droidcore's dependency, tests will run on normal builds.
+droidcore: selinux_policy
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_policy_system
@@ -213,7 +262,8 @@
# divergence between Treble and non-Treble devices.
LOCAL_REQUIRED_MODULES += \
plat_mapping_file \
- $(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+ $(addprefix plat_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+ $(addsuffix .compat.cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
plat_sepolicy.cil \
plat_sepolicy_and_mapping.sha256 \
secilc \
@@ -221,11 +271,15 @@
LOCAL_REQUIRED_MODULES += \
build_sepolicy \
plat_file_contexts \
+ plat_file_contexts_test \
plat_mac_permissions.xml \
plat_property_contexts \
+ plat_property_contexts_test \
plat_seapp_contexts \
plat_service_contexts \
+ plat_service_contexts_test \
plat_hwservice_contexts \
+ plat_hwservice_contexts_test \
searchpolicy \
# This conditional inclusion closely mimics the conditional logic
@@ -242,10 +296,15 @@
ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
LOCAL_REQUIRED_MODULES += \
sepolicy_tests \
+ $(addsuffix _compat_test,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+
+ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
+LOCAL_REQUIRED_MODULES += \
$(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
-endif
-endif
+endif # PRODUCT_SEPOLICY_SPLIT
+endif # SELINUX_IGNORE_NEVERALLOWS
+endif # with_asan
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
LOCAL_REQUIRED_MODULES += \
@@ -265,6 +324,8 @@
LOCAL_REQUIRED_MODULES += \
precompiled_sepolicy \
precompiled_sepolicy.plat_sepolicy_and_mapping.sha256 \
+ precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256 \
+ system_ext_sepolicy_and_mapping.sha256 \
precompiled_sepolicy.product_sepolicy_and_mapping.sha256 \
product_sepolicy_and_mapping.sha256 \
@@ -280,41 +341,84 @@
LOCAL_REQUIRED_MODULES += \
vendor_file_contexts \
+ vendor_file_contexts_test \
vendor_mac_permissions.xml \
vendor_property_contexts \
+ vendor_property_contexts_test \
vendor_seapp_contexts \
+ vendor_service_contexts \
vendor_hwservice_contexts \
+ vendor_hwservice_contexts_test \
vndservice_contexts \
ifdef BOARD_ODM_SEPOLICY_DIRS
LOCAL_REQUIRED_MODULES += \
odm_sepolicy.cil \
odm_file_contexts \
+ odm_file_contexts_test \
odm_seapp_contexts \
odm_property_contexts \
+ odm_property_contexts_test \
odm_hwservice_contexts \
+ odm_hwservice_contexts_test \
odm_mac_permissions.xml
endif
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+LOCAL_REQUIRED_MODULES += system_ext_sepolicy.cil
+endif
+
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
LOCAL_REQUIRED_MODULES += \
- product_sepolicy.cil \
+ system_ext_mapping_file \
+ $(addprefix system_ext_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+
+endif
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+LOCAL_REQUIRED_MODULES += \
+ system_ext_file_contexts \
+ system_ext_file_contexts_test \
+ system_ext_hwservice_contexts \
+ system_ext_hwservice_contexts_test \
+ system_ext_property_contexts \
+ system_ext_property_contexts_test \
+ system_ext_seapp_contexts \
+ system_ext_service_contexts \
+ system_ext_service_contexts_test \
+ system_ext_mac_permissions.xml \
+
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+LOCAL_REQUIRED_MODULES += product_sepolicy.cil
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+LOCAL_REQUIRED_MODULES += \
+ product_mapping_file \
+ $(addprefix product_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+LOCAL_REQUIRED_MODULES += \
product_file_contexts \
+ product_file_contexts_test \
product_hwservice_contexts \
+ product_hwservice_contexts_test \
product_property_contexts \
+ product_property_contexts_test \
product_seapp_contexts \
product_service_contexts \
+ product_service_contexts_test \
product_mac_permissions.xml \
- product_mapping_file \
endif
-ifneq ($(TARGET_BUILD_VARIANT), user)
LOCAL_REQUIRED_MODULES += \
selinux_denial_metadata \
-endif
-
# Builds an addtional userdebug sepolicy into the debug ramdisk.
LOCAL_REQUIRED_MODULES += \
userdebug_plat_sepolicy.cil \
@@ -325,14 +429,18 @@
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_neverallows
-LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_CLASS := FAKE
LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
# sepolicy_policy.conf - All of the policy for the device. This is only used to
# check neverallow rules.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy_policy.conf := $(intermediates)/policy.conf
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -342,15 +450,18 @@
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
# sepolicy_policy_2.conf - All of the policy for the device. This is only used to
# check neverallow rules using sepolicy-analyze, similar to CTS.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy_policy_2.conf := $(intermediates)/policy_2.conf
$(sepolicy_policy_2.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy_policy_2.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -361,10 +472,8 @@
$(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy_policy_2.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy_policy_2.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(sepolicy_policy_2.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy_policy_2.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy_policy_2.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -397,6 +506,7 @@
# the compilation of public policy and subsequent removal of CIL policy that
# should not be exported.
+policy_files := $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
reqd_policy_mask.conf := $(intermediates)/reqd_policy_mask.conf
$(reqd_policy_mask.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -407,7 +517,9 @@
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(reqd_policy_mask.conf): $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
+$(reqd_policy_mask.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(reqd_policy_mask.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(reqd_policy_mask.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
# b/37755687
CHECKPOLICY_ASAN_OPTIONS := ASAN_OPTIONS=detect_leaks=0
@@ -426,6 +538,21 @@
# policy that would not compile in checkpolicy on its own. To get around this
# limitation, add only the required files from private policy, which will
# generate CIL policy that will then be filtered out by the reqd_policy_mask.
+#
+# There are three pub_policy.cil files below:
+# - pub_policy.cil: exported 'product', 'system_ext' and 'system' policy.
+# - system_ext_pub_policy.cil: exported 'system_ext' and 'system' policy.
+# - plat_pub_policy.cil: exported 'system' policy.
+#
+# Those above files will in turn be used to generate the following versioned cil files:
+# - product_mapping_file: the versioned, exported 'product' policy in product partition.
+# - system_ext_mapping_file: the versioned, exported 'system_ext' policy in system_ext partition.
+# - plat_mapping_file: the versioned, exported 'system' policy in system partition.
+# - plat_pub_versioned.cil: the versioned, exported 'product', 'system_ext' and 'system'
+# policy in vendor partition.
+#
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
pub_policy.conf := $(intermediates)/pub_policy.conf
$(pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -436,8 +563,9 @@
$(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
pub_policy.cil := $(intermediates)/pub_policy.cil
$(pub_policy.cil): PRIVATE_POL_CONF := $(pub_policy.conf)
@@ -452,6 +580,38 @@
pub_policy.conf :=
##################################
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+system_ext_pub_policy.conf := $(intermediates)/system_ext_pub_policy.conf
+$(system_ext_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(system_ext_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(system_ext_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(system_ext_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(system_ext_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(system_ext_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(system_ext_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(system_ext_pub_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+
+system_ext_pub_policy.cil := $(intermediates)/system_ext_pub_policy.cil
+$(system_ext_pub_policy.cil): PRIVATE_POL_CONF := $(system_ext_pub_policy.conf)
+$(system_ext_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(system_ext_pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(system_ext_pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_REQD_MASK) -t $@
+
+system_ext_pub_policy.conf :=
+
+##################################
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -462,8 +622,9 @@
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(plat_pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
plat_pub_policy.cil := $(intermediates)/plat_pub_policy.cil
@@ -478,21 +639,6 @@
plat_pub_policy.conf :=
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := sectxfile_nl
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-
-# Create a file containing newline only to add between context config files
-include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE):
- @mkdir -p $(dir $@)
- $(hide) echo > $@
-
-built_nl := $(LOCAL_BUILT_MODULE)
-
#################################
include $(CLEAR_VARS)
@@ -506,6 +652,8 @@
# plat_policy.conf - A combination of the private and public platform policy
# which will ship with the device. The platform will always reflect the most
# recent platform version and is not currently being attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
plat_policy.conf := $(intermediates)/plat_policy.conf
$(plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -516,8 +664,9 @@
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -549,6 +698,8 @@
include $(BUILD_SYSTEM)/base_rules.mk
# userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
userdebug_plat_policy.conf := $(intermediates)/userdebug_plat_policy.conf
$(userdebug_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -559,8 +710,9 @@
$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(userdebug_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(userdebug_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(userdebug_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(userdebug_plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -583,35 +735,38 @@
#################################
include $(CLEAR_VARS)
-ifdef HAS_PRODUCT_SEPOLICY
-LOCAL_MODULE := product_sepolicy.cil
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+LOCAL_MODULE := system_ext_sepolicy.cil
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
-# product_policy.conf - A combination of the private and public product policy
-# which will ship with the device. Product policy is not attributized.
-product_policy.conf := $(intermediates)/product_policy.conf
-$(product_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
-$(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
-$(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
-$(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
-$(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
-$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
-$(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(product_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+# system_ext_policy.conf - A combination of the private and public system_ext policy
+# which will ship with the device. System_ext policy is not attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY))
+system_ext_policy.conf := $(intermediates)/system_ext_policy.conf
+$(system_ext_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(system_ext_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(system_ext_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(system_ext_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(system_ext_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(system_ext_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(system_ext_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(system_ext_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(system_ext_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(system_ext_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(system_ext_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_CIL := $(built_plat_cil)
-$(LOCAL_BUILT_MODULE): $(product_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(LOCAL_BUILT_MODULE): $(system_ext_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil)
@mkdir -p $(dir $@)
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
@@ -622,12 +777,69 @@
# used for debugging, so we remove them.
$(hide) grep -v ';;' $@ > $@.tmp
$(hide) mv $@.tmp $@
- # Combine plat_sepolicy.cil and product_sepolicy.cil to make sure that the
+ # Combine plat_sepolicy.cil and system_ext_sepolicy.cil to make sure that the
# latter doesn't accidentally depend on vendor/odm policies.
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
$(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL) $@ -o /dev/null -f /dev/null
+built_system_ext_cil := $(LOCAL_BUILT_MODULE)
+system_ext_policy.conf :=
+endif # ifdef HAS_SYSTEM_EXT_SEPOLICY
+
+#################################
+include $(CLEAR_VARS)
+
+ifdef HAS_PRODUCT_SEPOLICY
+LOCAL_MODULE := product_sepolicy.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# product_policy.conf - A combination of the private and public product policy
+# which will ship with the device. Product policy is not attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+product_policy.conf := $(intermediates)/product_policy.conf
+$(product_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(product_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(product_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(product_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+ $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+
+$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil)
+$(LOCAL_BUILT_MODULE): $(product_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc \
+$(built_plat_cil) $(built_system_ext_cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_PLAT_CIL_FILES) -t $@
+ # Line markers (denoted by ;;) are malformed after above cmd. They are only
+ # used for debugging, so we remove them.
+ $(hide) grep -v ';;' $@ > $@.tmp
+ $(hide) mv $@.tmp $@
+ # Combine plat_sepolicy.cil, system_ext_sepolicy.cil and product_sepolicy.cil to
+ # make sure that the latter doesn't accidentally depend on vendor/odm policies.
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
+ $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL_FILES) $@ -o /dev/null -f /dev/null
+
+
built_product_cil := $(LOCAL_BUILT_MODULE)
product_policy.conf :=
endif # ifdef HAS_PRODUCT_SEPOLICY
@@ -671,7 +883,33 @@
#################################
include $(CLEAR_VARS)
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+LOCAL_MODULE := system_ext_mapping_file
+LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux/mapping
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
+$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil)
+$(LOCAL_BUILT_MODULE) : $(system_ext_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
+$(built_plat_mapping_cil)
+ @mkdir -p $(dir $@)
+ # Generate system_ext mapping file as mapping file of 'system' (plat) and 'system_ext'
+ # sepolicy minus plat_mapping_file.
+ $(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
+
+built_system_ext_mapping_cil := $(LOCAL_BUILT_MODULE)
+endif # ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+
+#################################
+include $(CLEAR_VARS)
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
LOCAL_MODULE := product_mapping_file
LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
LOCAL_MODULE_CLASS := ETC
@@ -681,18 +919,18 @@
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
-$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_plat_mapping_cil) $(built_system_ext_mapping_cil)
$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
-$(built_plat_mapping_cil)
+$(built_plat_mapping_cil) $(built_system_ext_mapping_cil)
@mkdir -p $(dir $@)
# Generate product mapping file as mapping file of all public sepolicy minus
- # plat_mapping_file.
+ # plat_mapping_file and system_ext_mapping_file.
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
- -f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
+ -f $(PRIVATE_FILTER_CIL_FILES) -t $@
built_product_mapping_cil := $(LOCAL_BUILT_MODULE)
-endif # HAS_PRODUCT_SEPOLICY
+endif # ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
#################################
include $(CLEAR_VARS)
@@ -709,11 +947,12 @@
$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
$(LOCAL_BUILT_MODULE) : PRIVATE_TGT_POL := $(pub_policy.cil)
-$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
-$(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+$(built_product_cil) $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) \
+$(built_product_mapping_cil)
$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
- $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_product_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil)
+ $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) \
+ $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(HOST_OUT_EXECUTABLES)/version_policy -b $< -t $(PRIVATE_TGT_POL) -n $(PRIVATE_VERS) -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
@@ -735,6 +974,9 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) \
+ $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
vendor_policy.conf := $(intermediates)/vendor_policy.conf
$(vendor_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -745,9 +987,9 @@
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(vendor_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(vendor_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS))
+$(vendor_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(vendor_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(vendor_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -755,13 +997,15 @@
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
-$(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+$(built_product_cil) $(built_pub_vers_cil) $(built_plat_mapping_cil) \
+$(built_system_ext_mapping_cil) $(built_product_mapping_cil)
$(LOCAL_BUILT_MODULE): PRIVATE_FILTER_CIL := $(built_pub_vers_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
$(vendor_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
- $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil)
+ $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) \
+ $(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) \
+ $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -786,6 +1030,9 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) \
+ $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
odm_policy.conf := $(intermediates)/odm_policy.conf
$(odm_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -796,9 +1043,9 @@
$(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(odm_policy.conf): $(call build_policy, $(sepolicy_build_files), \
- $(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
- $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(odm_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(odm_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(odm_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -806,14 +1053,15 @@
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil) \
- $(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)\
- $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+ $(built_product_cil) $(built_pub_vers_cil) $(built_plat_mapping_cil) \
+ $(built_system_ext_mapping_cil) $(built_product_mapping_cil) $(built_vendor_cil)
$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_pub_vers_cil) $(built_vendor_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
$(odm_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
- $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil) $(built_vendor_cil)
+ $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) $(built_pub_vers_cil) \
+ $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) $(built_product_mapping_cil) \
+ $(built_vendor_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -847,11 +1095,20 @@
$(built_pub_vers_cil) \
$(built_vendor_cil)
-ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += \
- $(built_product_cil) \
- $(built_product_mapping_cil) \
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -872,6 +1129,9 @@
# - plat_sepolicy_and_mapping.sha256 equals
# precompiled_sepolicy.plat_sepolicy_and_mapping.sha256
# AND
+# - system_ext_sepolicy_and_mapping.sha256 equals
+# precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
+# AND
# - product_sepolicy_and_mapping.sha256 equals
# precompiled_sepolicy.product_sepolicy_and_mapping.sha256
# See system/core/init/selinux.cpp for details.
@@ -891,6 +1151,19 @@
#################################
include $(CLEAR_VARS)
+LOCAL_MODULE := system_ext_sepolicy_and_mapping.sha256
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH = $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+ cat $^ | sha256sum | cut -d' ' -f1 > $@
+
+#################################
+include $(CLEAR_VARS)
+
LOCAL_MODULE := product_sepolicy_and_mapping.sha256
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -923,6 +1196,27 @@
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
+# SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
+# which precompiled_policy was built.
+#################################
+include $(CLEAR_VARS)
+LOCAL_MODULE := precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+
+ifeq ($(BOARD_USES_ODMIMAGE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+else
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+endif
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+ cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
+
+#################################
# SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
# which precompiled_policy was built.
#################################
@@ -960,11 +1254,20 @@
$(built_pub_vers_cil) \
$(built_vendor_cil)
-ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += \
- $(built_product_cil) \
- $(built_product_mapping_cil) \
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -1004,6 +1307,12 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
+ $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1013,11 +1322,8 @@
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
-$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
- $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
- $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
- $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
- $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy.recovery.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy.recovery.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -1055,6 +1361,8 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
$(LOCAL_BUILT_MODULE): PRIVATE_TARGET_BUILD_VARIANT := user
@@ -1062,9 +1370,10 @@
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
$(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts
+$(LOCAL_BUILT_MODULE): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := cts
$(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true
-$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(LOCAL_BUILT_MODULE): PRIVATE_POLICY_FILES := $(policy_files)
+$(LOCAL_BUILT_MODULE): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -1097,7 +1406,11 @@
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+local_fc_files += $(call build_policy, file_contexts, $(SYSTEM_EXT_PRIVATE_POLICY))
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
local_fc_files += $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
endif
@@ -1107,20 +1420,22 @@
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
-ifeq ($(TARGET_FLATTEN_APEX),true)
- apex_fc_files := $(wildcard $(LOCAL_PATH)/apex/*-file_contexts)
- $(foreach _input,$(apex_fc_files),\
- $(eval _output := $(intermediates)/$(notdir $(_input))-flattened)\
- $(eval _apex_name := $(patsubst %-file_contexts,%,$(notdir $(_input))))\
- $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_name),$(_output),local_fc_files))\
- )
-endif
-local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
+
+# Even if TARGET_FLATTEN_APEX is not turned on, "flattened" APEXes are installed
+$(foreach _tuple,$(APEX_FILE_CONTEXTS_INFOS),\
+ $(eval _apex_name := $(call word-colon,1,$(_tuple)))\
+ $(eval _apex_path := $(call word-colon,2,$(_tuple)))\
+ $(eval _fc_path := $(call word-colon,3,$(_tuple)))\
+ $(eval _input := $(_fc_path))\
+ $(eval _output := $(intermediates)/$(_apex_name)-flattened)\
+ $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_path),$(_output),local_fc_files))\
+ )
file_contexts.local.tmp := $(intermediates)/file_contexts.local.tmp
-$(file_contexts.local.tmp): $(local_fcfiles_with_nl)
+$(file_contexts.local.tmp): PRIVATE_FC_FILES := $(local_fc_files)
+$(file_contexts.local.tmp): $(local_fc_files) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_FC_FILES) > $@
device_fc_files := $(call build_vendor_policy, file_contexts)
@@ -1128,13 +1443,12 @@
device_fc_files += $(call build_odm_policy, file_contexts)
endif
-device_fcfiles_with_nl := $(call add_nl, $(device_fc_files), $(built_nl))
-
file_contexts.device.tmp := $(intermediates)/file_contexts.device.tmp
$(file_contexts.device.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(file_contexts.device.tmp): $(device_fcfiles_with_nl)
+$(file_contexts.device.tmp): PRIVATE_DEVICE_FC_FILES := $(device_fc_files)
+$(file_contexts.device.tmp): $(device_fc_files) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_DEVICE_FC_FILES) > $@
file_contexts.device.sorted.tmp := $(intermediates)/file_contexts.device.sorted.tmp
$(file_contexts.device.sorted.tmp): PRIVATE_SEPOLICY := $(built_sepolicy)
@@ -1142,12 +1456,13 @@
$(HOST_OUT_EXECUTABLES)/fc_sort $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e $(PRIVATE_SEPOLICY) $<
- $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort $< $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort -i $< -o $@
file_contexts.concat.tmp := $(intermediates)/file_contexts.concat.tmp
-$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
+$(file_contexts.concat.tmp): PRIVATE_CONTEXTS := $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
+$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_CONTEXTS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(file_contexts.concat.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/sefcontext_compile $(HOST_OUT_EXECUTABLES)/checkfc
@@ -1166,7 +1481,6 @@
file_contexts.local.tmp :=
##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_denial_metadata
@@ -1175,29 +1489,19 @@
include $(BUILD_SYSTEM)/base_rules.mk
-bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
+bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
$(LOCAL_BUILT_MODULE) : $(bug_files)
@mkdir -p $(dir $@)
cat $^ > $@
bug_files :=
-endif
-
-##################################
-include $(LOCAL_PATH)/file_contexts.mk
##################################
include $(LOCAL_PATH)/seapp_contexts.mk
##################################
-include $(LOCAL_PATH)/property_contexts.mk
-
-##################################
-include $(LOCAL_PATH)/service_contexts.mk
-
-##################################
-include $(LOCAL_PATH)/hwservice_contexts.mk
+include $(LOCAL_PATH)/contexts_tests.mk
##################################
include $(CLEAR_VARS)
@@ -1214,9 +1518,9 @@
vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp
$(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles)
$(vndservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vndservice_contexts.tmp): $(vnd_svcfiles)
+$(vndservice_contexts.tmp): $(vnd_svcfiles) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1233,24 +1537,27 @@
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_tests
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
include $(BUILD_SYSTEM)/base_rules.mk
-all_fc_files := $(built_plat_fc) $(built_vendor_fc)
-ifdef HAS_PRODUCT_SEPOLICY
-all_fc_args += $(built_product_fc)
+all_fc_files := $(TARGET_OUT)/etc/selinux/plat_file_contexts
+all_fc_files += $(TARGET_OUT_VENDOR)/etc/selinux/vendor_file_contexts
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+all_fc_files += $(TARGET_OUT_SYSTEM_EXT)/etc/selinux/system_ext_file_contexts
+endif
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+all_fc_files += $(TARGET_OUT_PRODUCT)/etc/selinux/product_file_contexts
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
-all_fc_files += $(built_odm_fc)
+all_fc_files += $(TARGET_OUT_ODM)/etc/selinux/odm_file_contexts
endif
all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
-sepolicy_tests := $(intermediates)/sepolicy_tests
-$(sepolicy_tests): ALL_FC_ARGS := $(all_fc_args)
-$(sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests -l $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \
$(ALL_FC_ARGS) -p $(PRIVATE_SEPOLICY)
@@ -1262,8 +1569,8 @@
# plat_sepolicy - the current platform policy only, built into a policy binary.
# TODO - this currently excludes partner extensions, but support should be added
# to enable partners to add their own compatibility mapping
-BASE_PLAT_PUBLIC_POLICY := $(filter-out $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR), $(PLAT_PUBLIC_POLICY))
-BASE_PLAT_PRIVATE_POLICY := $(filter-out $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR), $(PLAT_PRIVATE_POLICY))
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1273,18 +1580,19 @@
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(base_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
$(base_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
+$(base_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
built_plat_sepolicy := $(intermediates)/built_plat_sepolicy
$(built_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
- $(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY))
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
$(built_plat_sepolicy): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
$(built_plat_sepolicy): $(base_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
$(HOST_OUT_EXECUTABLES)/secilc \
-$(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY)) \
+$(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
$(built_sepolicy_neverallows)
@mkdir -p $(dir $@)
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
@@ -1292,6 +1600,8 @@
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
base_plat_pub_policy.conf := $(intermediates)/base_plat_pub_policy.conf
$(base_plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(base_plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1301,8 +1611,9 @@
$(base_plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(base_plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
$(base_plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(base_plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(BASE_PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(base_plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_plat_pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
base_plat_pub_policy.cil := $(intermediates)/base_plat_pub_policy.cil
@@ -1315,37 +1626,39 @@
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
-f $(PRIVATE_REQD_MASK) -t $@
-all_fc_files := $(built_plat_fc) $(built_vendor_fc)
-ifdef HAS_PRODUCT_SEPOLICY
-all_fc_files += $(built_product_fc)
-endif
-ifdef BOARD_ODM_SEPOLICY_DIRS
-all_fc_files += $(built_odm_fc)
-endif
-all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
-
+ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
# Tests for Treble compatibility of current platform policy and vendor policy of
# given release version.
version_under_treble_tests := 26.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
-
version_under_treble_tests := 27.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
-
version_under_treble_tests := 28.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+version_under_treble_tests := 29.0
+include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+endif # PRODUCT_SEPOLICY_SPLIT
-BASE_PLAT_PUBLIC_POLICY :=
-BASE_PLAT_PRIVATE_POLICY :=
+version_under_treble_tests := 26.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 27.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 28.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 29.0
+include $(LOCAL_PATH)/compat.mk
+
base_plat_policy.conf :=
base_plat_pub_policy.conf :=
plat_sepolicy :=
+all_fc_files :=
+all_fc_args :=
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_freeze_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
include $(BUILD_SYSTEM)/base_rules.mk
@@ -1379,37 +1692,30 @@
#################################
-add_nl :=
build_vendor_policy :=
build_odm_policy :=
build_policy :=
-built_plat_fc :=
-built_product_fc :=
-built_vendor_fc :=
-built_odm_fc :=
-built_nl :=
built_plat_cil :=
+built_system_ext_cil :=
+built_product_cil :=
built_pub_vers_cil :=
built_plat_mapping_cil :=
+built_system_ext_mapping_cil :=
built_product_mapping_cil :=
-built_plat_pc :=
-built_product_pc :=
built_vendor_cil :=
-built_vendor_pc :=
-built_vendor_sc :=
built_odm_cil :=
-built_odm_pc :=
-built_odm_sc :=
-built_plat_sc :=
built_precompiled_sepolicy :=
built_sepolicy :=
built_sepolicy_neverallows :=
built_plat_svc :=
built_vendor_svc :=
built_plat_sepolicy :=
+treble_sysprop_neverallow :=
mapping_policy :=
my_target_arch :=
pub_policy.cil :=
+system_ext_pub_policy.cil :=
+plat_pub_policy.cil :=
reqd_policy_mask.cil :=
sepolicy_build_files :=
sepolicy_build_cil_workaround_files :=
diff --git a/OWNERS b/OWNERS
index 194acf3..55f7f00 100644
--- a/OWNERS
+++ b/OWNERS
@@ -5,6 +5,7 @@
jbires@google.com
jeffv@google.com
jgalenson@google.com
+jiyong@google.com
nnk@google.com
smoreland@google.com
sspatil@google.com
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index ccb3a50..b2b38ea 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -2,3 +2,6 @@
whitespace = tools/whitespace.sh ${PREUPLOAD_FILES}
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
policy_version_check = tools/policy_version_check.sh
+
+[Builtin Hooks]
+gofmt = true
diff --git a/README b/README
index 0cc8e30..43d9bbc 100644
--- a/README
+++ b/README
@@ -18,13 +18,13 @@
points.
These device policy files can be configured through the use of
-the BOARD_SEPOLICY_DIRS variable. This variable should be set
+the BOARD_VENDOR_SEPOLICY_DIRS variable. This variable should be set
in the BoardConfig.mk file in the device or vendor directories.
-BOARD_SEPOLICY_DIRS contains a list of directories to search
+BOARD_VENDOR_SEPOLICY_DIRS contains a list of directories to search
for additional policy files. Order matters in this list.
For example, if you have 2 instances of widget.te files in the
-BOARD_SEPOLICY_DIRS search path, then the first one found (at the
+BOARD_VENDOR_SEPOLICY_DIRS search path, then the first one found (at the
first search dir containing the file) will be concatenated first.
Reviewing out/target/product/<device>/obj/ETC/sepolicy_intermediates/policy.conf
will help sort out ordering issues.
@@ -32,7 +32,7 @@
Example BoardConfig.mk Usage:
From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
-BOARD_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4
definitions during the build. A definition consists of a string in the form
diff --git a/TEST_MAPPING b/TEST_MAPPING
new file mode 100644
index 0000000..db12ffe
--- /dev/null
+++ b/TEST_MAPPING
@@ -0,0 +1,19 @@
+{
+ "presubmit": [
+ {
+ "name": "CtsSecurityHostTestCases",
+ "options": [
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testPermissionControllerDomain"
+ },
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testVzwOmaTriggerDomain"
+ },
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testGMSCoreDomain"
+ }
+
+ ]
+ }
+ ]
+}
diff --git a/apex/Android.bp b/apex/Android.bp
new file mode 100644
index 0000000..d3acfdb
--- /dev/null
+++ b/apex/Android.bp
@@ -0,0 +1,189 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+filegroup {
+ name: "apex.test-file_contexts",
+ srcs: [
+ "apex.test-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.adbd-file_contexts",
+ srcs: [
+ "com.android.adbd-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.sdkext-file_contexts",
+ srcs: [
+ "com.android.sdkext-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.art.debug-file_contexts",
+ srcs: [
+ "com.android.art.debug-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.art.release-file_contexts",
+ srcs: [
+ "com.android.art.release-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.bootanimation-file_contexts",
+ srcs: [
+ "com.android.bootanimation-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.cellbroadcast-file_contexts",
+ srcs: [
+ "com.android.cellbroadcast-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.conscrypt-file_contexts",
+ srcs: [
+ "com.android.conscrypt-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.cronet-file_contexts",
+ srcs: [
+ "com.android.cronet-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.ipsec-file_contexts",
+ srcs: [
+ "com.android.ipsec-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.i18n-file_contexts",
+ srcs: [
+ "com.android.i18n-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.media-file_contexts",
+ srcs: [
+ "com.android.media-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.mediaprovider-file_contexts",
+ srcs: [
+ "com.android.mediaprovider-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.media.swcodec-file_contexts",
+ srcs: [
+ "com.android.media.swcodec-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.neuralnetworks-file_contexts",
+ srcs: [
+ "com.android.neuralnetworks-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.os.statsd-file_contexts",
+ srcs: [
+ "com.android.os.statsd-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.permission-file_contexts",
+ srcs: [
+ "com.android.permission-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.resolv-file_contexts",
+ srcs: [
+ "com.android.resolv-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.runtime-file_contexts",
+ srcs: [
+ "com.android.runtime-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.telephony-file_contexts",
+ srcs: [
+ "com.android.telephony-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.tzdata-file_contexts",
+ srcs: [
+ "com.android.tzdata-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.vndk-file_contexts",
+ srcs: [
+ "com.android.vndk-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.wifi-file_contexts",
+ srcs: [
+ "com.android.wifi-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.tethering-file_contexts",
+ srcs: [
+ "com.android.tethering-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.extservices-file_contexts",
+ srcs: [
+ "com.android.extservices-file_contexts",
+ ],
+}
diff --git a/apex/com.android.adbd-file_contexts b/apex/com.android.adbd-file_contexts
new file mode 100644
index 0000000..3488de2
--- /dev/null
+++ b/apex/com.android.adbd-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/adbd u:object_r:adbd_exec:s0
diff --git a/apex/com.android.appsearch-file_contexts b/apex/com.android.appsearch-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.appsearch-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
new file mode 100644
index 0000000..8007efd
--- /dev/null
+++ b/apex/com.android.art.debug-file_contexts
@@ -0,0 +1,10 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/dex2oat(d)?(32|64)? u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
+/bin/profman(d)? u:object_r:profman_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
+/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0
diff --git a/apex/com.android.art.release-file_contexts b/apex/com.android.art.release-file_contexts
new file mode 100644
index 0000000..1598afd
--- /dev/null
+++ b/apex/com.android.art.release-file_contexts
@@ -0,0 +1,8 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
+/bin/profman u:object_r:profman_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.bluetooth.updatable-file_contexts b/apex/com.android.bluetooth.updatable-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.bluetooth.updatable-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.bootanimation-file_contexts b/apex/com.android.bootanimation-file_contexts
new file mode 100644
index 0000000..83b4b58
--- /dev/null
+++ b/apex/com.android.bootanimation-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.cellbroadcast-file_contexts b/apex/com.android.cellbroadcast-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.cellbroadcast-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.conscrypt-file_contexts b/apex/com.android.conscrypt-file_contexts
index ffc3109..abf0085 100644
--- a/apex/com.android.conscrypt-file_contexts
+++ b/apex/com.android.conscrypt-file_contexts
@@ -1,5 +1,6 @@
#############################
# System files
#
-(/.*)? u:object_r:system_file:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
diff --git a/apex/com.android.cronet-file_contexts b/apex/com.android.cronet-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.cronet-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.extservices-file_contexts b/apex/com.android.extservices-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.extservices-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.i18n-file_contexts b/apex/com.android.i18n-file_contexts
new file mode 100644
index 0000000..c8b6ba1
--- /dev/null
+++ b/apex/com.android.i18n-file_contexts
@@ -0,0 +1,4 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.ipsec-file_contexts b/apex/com.android.ipsec-file_contexts
new file mode 100644
index 0000000..270f0e1
--- /dev/null
+++ b/apex/com.android.ipsec-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.mediaprovider-file_contexts b/apex/com.android.mediaprovider-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.mediaprovider-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.neuralnetworks-file_contexts b/apex/com.android.neuralnetworks-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.neuralnetworks-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.os.statsd-file_contexts b/apex/com.android.os.statsd-file_contexts
new file mode 100644
index 0000000..040441a
--- /dev/null
+++ b/apex/com.android.os.statsd-file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
+/bin/statsd u:object_r:statsd_exec:s0
diff --git a/apex/com.android.permission-file_contexts b/apex/com.android.permission-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.permission-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.runtime-file_contexts b/apex/com.android.runtime-file_contexts
new file mode 100644
index 0000000..7878b20
--- /dev/null
+++ b/apex/com.android.runtime-file_contexts
@@ -0,0 +1,6 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/linker(64)? u:object_r:system_linker_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.runtime.debug-file_contexts b/apex/com.android.runtime.debug-file_contexts
deleted file mode 100644
index 592975d..0000000
--- a/apex/com.android.runtime.debug-file_contexts
+++ /dev/null
@@ -1,12 +0,0 @@
-#############################
-# System files
-#
-(/.*)? u:object_r:system_file:s0
-/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
-/bin/profman(d)? u:object_r:profman_exec:s0
-/bin/linker(64)? u:object_r:system_linker_exec:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
-/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
-/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
-/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0
diff --git a/apex/com.android.runtime.release-file_contexts b/apex/com.android.runtime.release-file_contexts
deleted file mode 100644
index 286d698..0000000
--- a/apex/com.android.runtime.release-file_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-#############################
-# System files
-#
-(/.*)? u:object_r:system_file:s0
-/bin/dex2oat u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
-/bin/profman u:object_r:profman_exec:s0
-/bin/linker(64)? u:object_r:system_linker_exec:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
-/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
diff --git a/apex/com.android.sdkext-file_contexts b/apex/com.android.sdkext-file_contexts
new file mode 100644
index 0000000..2d59dda
--- /dev/null
+++ b/apex/com.android.sdkext-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/derive_sdk u:object_r:derive_sdk_exec:s0
diff --git a/apex/com.android.telephony-file_contexts b/apex/com.android.telephony-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.telephony-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.tethering-file_contexts b/apex/com.android.tethering-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.tethering-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.vndk-file_contexts b/apex/com.android.vndk-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.vndk-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.wifi-file_contexts b/apex/com.android.wifi-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.wifi-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
index bcd33b3..ae2bdd6 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -23,7 +23,9 @@
],
srcs: [
"cil_compat_map.go",
- "filegroup.go"
+ "filegroup.go",
+ "selinux.go",
+ "selinux_contexts.go",
],
pluginFor: ["soong_build"],
}
diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go
index 9d01d93..f304e62 100644
--- a/build/soong/cil_compat_map.go
+++ b/build/soong/cil_compat_map.go
@@ -27,8 +27,6 @@
)
var (
- pctx = android.NewPackageContext("android/soong/selinux")
-
combine_maps = pctx.HostBinToolVariable("combine_maps", "combine_maps")
combineMapsCmd = "${combine_maps} -t ${topHalf} -b ${bottomHalf} -o $out"
combineMapsRule = pctx.StaticRule(
@@ -53,7 +51,7 @@
func cilCompatMapFactory() android.Module {
c := &cilCompatMap{}
c.AddProperties(&c.properties)
- android.InitAndroidModule(c)
+ android.InitAndroidArchModule(c, android.DeviceSupported, android.MultilibCommon)
return c
}
@@ -67,6 +65,8 @@
// other modules that produce source files like genrule or filegroup using
// the syntax ":module". srcs has to be non-empty.
Bottom_half []string
+ // name of the output
+ Stem *string
}
type cilCompatMap struct {
@@ -74,17 +74,13 @@
properties cilCompatMapProperties
// (.intermediate) module output path as installation source.
installSource android.Path
+ installPath android.InstallPath
}
type CilCompatMapGenerator interface {
GeneratedMapFile() android.Path
}
-type dependencyTag struct {
- blueprint.BaseDependencyTag
- name string
-}
-
func expandTopHalf(ctx android.ModuleContext) android.OptionalPath {
var topHalf android.OptionalPath
ctx.VisitDirectDeps(func(dep android.Module) {
@@ -107,11 +103,13 @@
continue
}
if fg, ok := module.(*fileGroup); ok {
- // Core compatibility mapping files are under system/sepolicy/private.
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
- // Partner extensions to the compatibility mapping in must be located in
- // BOARD_PLAT_PRIVATE_SEPOLICY_DIR
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+ if ctx.ProductSpecific() {
+ expandedSrcFiles = append(expandedSrcFiles, fg.ProductPrivateSrcs()...)
+ } else if ctx.SystemExtSpecific() {
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+ } else {
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
+ }
} else {
ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup", m)
}
@@ -124,6 +122,8 @@
}
func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux", "mapping")
+
srcFiles := expandSeSources(ctx, c.properties.Bottom_half)
for _, src := range srcFiles {
@@ -173,7 +173,10 @@
Class: "ETC",
}
ret.Extra = append(ret.Extra, func(w io.Writer, outputFile android.Path) {
- fmt.Fprintln(w, "LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping")
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", c.installPath.ToMakePath().String())
+ if c.properties.Stem != nil {
+ fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", String(c.properties.Stem))
+ }
})
return ret
}
diff --git a/build/soong/filegroup.go b/build/soong/filegroup.go
index 7f75e48..a45b427 100644
--- a/build/soong/filegroup.go
+++ b/build/soong/filegroup.go
@@ -52,6 +52,9 @@
systemExtPublicSrcs android.Paths
systemExtPrivateSrcs android.Paths
+ productPublicSrcs android.Paths
+ productPrivateSrcs android.Paths
+
vendorSrcs android.Paths
odmSrcs android.Paths
}
@@ -86,7 +89,17 @@
return fg.systemExtPrivateSrcs
}
-// Source files from BOARD_SEPOLICY_DIRS
+// Source files from PRODUCT_PUBLIC_SEPOLICY_DIRS
+func (fg *fileGroup) ProductPublicSrcs() android.Paths {
+ return fg.productPublicSrcs
+}
+
+// Source files from PRODUCT_PRIVATE_SEPOLICY_DIRS
+func (fg *fileGroup) ProductPrivateSrcs() android.Paths {
+ return fg.productPrivateSrcs
+}
+
+// Source files from BOARD_VENDOR_SEPOLICY_DIRS
func (fg *fileGroup) VendorSrcs() android.Paths {
return fg.vendorSrcs
}
@@ -125,6 +138,9 @@
fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPublicSepolicyDirs())
fg.systemExtPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPrivateSepolicyDirs())
+ fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs())
+ fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs())
+
fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
}
diff --git a/build/soong/selinux.go b/build/soong/selinux.go
new file mode 100644
index 0000000..7ad4776
--- /dev/null
+++ b/build/soong/selinux.go
@@ -0,0 +1,30 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "github.com/google/blueprint"
+
+ "android/soong/android"
+)
+
+type dependencyTag struct {
+ blueprint.BaseDependencyTag
+ name string
+}
+
+var (
+ pctx = android.NewPackageContext("android/soong/selinux")
+)
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
new file mode 100644
index 0000000..03f8f19
--- /dev/null
+++ b/build/soong/selinux_contexts.go
@@ -0,0 +1,374 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "fmt"
+ "io"
+ "strings"
+
+ "github.com/google/blueprint/proptools"
+
+ "android/soong/android"
+)
+
+const (
+ coreMode = "core"
+ recoveryMode = "recovery"
+)
+
+type selinuxContextsProperties struct {
+ // Filenames under sepolicy directories, which will be used to generate contexts file.
+ Srcs []string `android:"path"`
+
+ Product_variables struct {
+ Debuggable struct {
+ Srcs []string
+ }
+
+ Address_sanitize struct {
+ Srcs []string
+ }
+ }
+
+ // Whether reqd_mask directory is included to sepolicy directories or not.
+ Reqd_mask *bool
+
+ // Whether the comments in generated contexts file will be removed or not.
+ Remove_comment *bool
+
+ // Whether the result context file is sorted with fc_sort or not.
+ Fc_sort *bool
+
+ // Make this module available when building for recovery
+ Recovery_available *bool
+
+ InRecovery bool `blueprint:"mutated"`
+}
+
+type fileContextsProperties struct {
+ // flatten_apex can be used to specify additional sources of file_contexts.
+ // Apex paths, /system/apex/{apex_name}, will be amended to the paths of file_contexts
+ // entries.
+ Flatten_apex struct {
+ Srcs []string
+ }
+}
+
+type selinuxContextsModule struct {
+ android.ModuleBase
+
+ properties selinuxContextsProperties
+ fileContextsProperties fileContextsProperties
+ build func(ctx android.ModuleContext, inputs android.Paths)
+ outputPath android.ModuleGenPath
+ installPath android.InstallPath
+}
+
+var (
+ reuseContextsDepTag = dependencyTag{name: "reuseContexts"}
+)
+
+func init() {
+ pctx.HostBinToolVariable("fc_sort", "fc_sort")
+
+ android.RegisterModuleType("file_contexts", fileFactory)
+ android.RegisterModuleType("hwservice_contexts", hwServiceFactory)
+ android.RegisterModuleType("property_contexts", propertyFactory)
+ android.RegisterModuleType("service_contexts", serviceFactory)
+
+ android.PreDepsMutators(func(ctx android.RegisterMutatorsContext) {
+ ctx.BottomUp("selinux_contexts", selinuxContextsMutator).Parallel()
+ })
+}
+
+func (m *selinuxContextsModule) inRecovery() bool {
+ return m.properties.InRecovery || m.ModuleBase.InstallInRecovery()
+}
+
+func (m *selinuxContextsModule) onlyInRecovery() bool {
+ return m.ModuleBase.InstallInRecovery()
+}
+
+func (m *selinuxContextsModule) InstallInRecovery() bool {
+ return m.inRecovery()
+}
+
+func (m *selinuxContextsModule) InstallInRoot() bool {
+ return m.inRecovery()
+}
+
+func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ if m.inRecovery() {
+ // Installing context files at the root of the recovery partition
+ m.installPath = android.PathForModuleInstall(ctx)
+ } else {
+ m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+ }
+
+ if m.inRecovery() && !m.onlyInRecovery() {
+ dep := ctx.GetDirectDepWithTag(m.Name(), reuseContextsDepTag)
+
+ if reuseDeps, ok := dep.(*selinuxContextsModule); ok {
+ m.outputPath = reuseDeps.outputPath
+ ctx.InstallFile(m.installPath, m.Name(), m.outputPath)
+ return
+ }
+ }
+
+ var inputs android.Paths
+
+ ctx.VisitDirectDepsWithTag(android.SourceDepTag, func(dep android.Module) {
+ segroup, ok := dep.(*fileGroup)
+ if !ok {
+ ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup",
+ ctx.OtherModuleName(dep))
+ return
+ }
+
+ if ctx.ProductSpecific() {
+ inputs = append(inputs, segroup.ProductPrivateSrcs()...)
+ } else if ctx.SocSpecific() {
+ inputs = append(inputs, segroup.SystemVendorSrcs()...)
+ inputs = append(inputs, segroup.VendorSrcs()...)
+ } else if ctx.DeviceSpecific() {
+ inputs = append(inputs, segroup.OdmSrcs()...)
+ } else if ctx.SystemExtSpecific() {
+ inputs = append(inputs, segroup.SystemExtPrivateSrcs()...)
+ } else {
+ inputs = append(inputs, segroup.SystemPrivateSrcs()...)
+
+ if ctx.Config().ProductCompatibleProperty() {
+ inputs = append(inputs, segroup.SystemPublicSrcs()...)
+ }
+ }
+
+ if proptools.Bool(m.properties.Reqd_mask) {
+ inputs = append(inputs, segroup.SystemReqdMaskSrcs()...)
+ }
+ })
+
+ for _, src := range m.properties.Srcs {
+ // Module sources are handled above with VisitDirectDepsWithTag
+ if android.SrcIsModule(src) == "" {
+ inputs = append(inputs, android.PathForModuleSrc(ctx, src))
+ }
+ }
+
+ m.build(ctx, inputs)
+}
+
+func newModule() *selinuxContextsModule {
+ m := &selinuxContextsModule{}
+ m.AddProperties(
+ &m.properties,
+ )
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ android.AddLoadHook(m, func(ctx android.LoadHookContext) {
+ m.selinuxContextsHook(ctx)
+ })
+ return m
+}
+
+func (m *selinuxContextsModule) selinuxContextsHook(ctx android.LoadHookContext) {
+ // TODO: clean this up to use build/soong/android/variable.go after b/79249983
+ var srcs []string
+
+ if ctx.Config().Debuggable() {
+ srcs = append(srcs, m.properties.Product_variables.Debuggable.Srcs...)
+ }
+
+ for _, sanitize := range ctx.Config().SanitizeDevice() {
+ if sanitize == "address" {
+ srcs = append(srcs, m.properties.Product_variables.Address_sanitize.Srcs...)
+ break
+ }
+ }
+
+ m.properties.Srcs = append(m.properties.Srcs, srcs...)
+}
+
+func (m *selinuxContextsModule) AndroidMk() android.AndroidMkData {
+ return android.AndroidMkData{
+ Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
+ nameSuffix := ""
+ if m.inRecovery() && !m.onlyInRecovery() {
+ nameSuffix = ".recovery"
+ }
+ fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)")
+ fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
+ fmt.Fprintln(w, "LOCAL_MODULE :=", name+nameSuffix)
+ fmt.Fprintln(w, "LOCAL_MODULE_CLASS := ETC")
+ if m.Owner() != "" {
+ fmt.Fprintln(w, "LOCAL_MODULE_OWNER :=", m.Owner())
+ }
+ fmt.Fprintln(w, "LOCAL_MODULE_TAGS := optional")
+ fmt.Fprintln(w, "LOCAL_PREBUILT_MODULE_FILE :=", m.outputPath.String())
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.ToMakePath().String())
+ fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", name)
+ fmt.Fprintln(w, "include $(BUILD_PREBUILT)")
+ },
+ }
+}
+
+func selinuxContextsMutator(ctx android.BottomUpMutatorContext) {
+ m, ok := ctx.Module().(*selinuxContextsModule)
+ if !ok {
+ return
+ }
+
+ var coreVariantNeeded bool = true
+ var recoveryVariantNeeded bool = false
+ if proptools.Bool(m.properties.Recovery_available) {
+ recoveryVariantNeeded = true
+ }
+
+ if m.ModuleBase.InstallInRecovery() {
+ recoveryVariantNeeded = true
+ coreVariantNeeded = false
+ }
+
+ var variants []string
+ if coreVariantNeeded {
+ variants = append(variants, coreMode)
+ }
+ if recoveryVariantNeeded {
+ variants = append(variants, recoveryMode)
+ }
+ mod := ctx.CreateVariations(variants...)
+
+ for i, v := range variants {
+ if v == recoveryMode {
+ m := mod[i].(*selinuxContextsModule)
+ m.properties.InRecovery = true
+
+ if coreVariantNeeded {
+ ctx.AddInterVariantDependency(reuseContextsDepTag, m, mod[i-1])
+ }
+ }
+ }
+}
+
+func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) {
+ m.outputPath = android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
+
+ rule := android.NewRuleBuilder()
+
+ rule.Command().
+ Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
+ Text("--fatal-warnings -s").
+ FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
+ Inputs(inputs).
+ FlagWithOutput("> ", m.outputPath)
+
+ if proptools.Bool(m.properties.Remove_comment) {
+ rule.Temporary(m.outputPath)
+
+ remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
+
+ rule.Command().
+ Text("sed -e 's/#.*$//' -e '/^$/d'").
+ Input(m.outputPath).
+ FlagWithOutput("> ", remove_comment_output)
+
+ m.outputPath = remove_comment_output
+ }
+
+ if proptools.Bool(m.properties.Fc_sort) {
+ rule.Temporary(m.outputPath)
+
+ sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
+
+ rule.Command().
+ Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
+ FlagWithInput("-i ", m.outputPath).
+ FlagWithOutput("-o ", sorted_output)
+
+ m.outputPath = sorted_output
+ }
+
+ rule.Build(pctx, ctx, "selinux_contexts", m.Name())
+
+ rule.DeleteTemporaryFiles()
+
+ ctx.InstallFile(m.installPath, ctx.ModuleName(), m.outputPath)
+}
+
+func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inputs android.Paths) {
+ if m.properties.Fc_sort == nil {
+ m.properties.Fc_sort = proptools.BoolPtr(true)
+ }
+
+ rule := android.NewRuleBuilder()
+
+ if ctx.Config().FlattenApex() {
+ for _, src := range m.fileContextsProperties.Flatten_apex.Srcs {
+ if m := android.SrcIsModule(src); m != "" {
+ ctx.ModuleErrorf(
+ "Module srcs dependency %q is not supported for flatten_apex.srcs", m)
+ return
+ }
+ for _, path := range android.PathsForModuleSrcExcludes(ctx, []string{src}, nil) {
+ out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
+ apex_path := "/system/apex/" + strings.Replace(
+ strings.TrimSuffix(path.Base(), "-file_contexts"),
+ ".", "\\\\.", -1)
+
+ rule.Command().
+ Text("awk '/object_r/{printf(\""+apex_path+"%s\\n\",$0)}'").
+ Input(path).
+ FlagWithOutput("> ", out)
+
+ inputs = append(inputs, out)
+ }
+ }
+ }
+
+ rule.Build(pctx, ctx, m.Name(), "flattened_apex_file_contexts")
+ m.buildGeneralContexts(ctx, inputs)
+}
+
+func fileFactory() android.Module {
+ m := newModule()
+ m.AddProperties(&m.fileContextsProperties)
+ m.build = m.buildFileContexts
+ return m
+}
+
+func (m *selinuxContextsModule) buildHwServiceContexts(ctx android.ModuleContext, inputs android.Paths) {
+ if m.properties.Remove_comment == nil {
+ m.properties.Remove_comment = proptools.BoolPtr(true)
+ }
+
+ m.buildGeneralContexts(ctx, inputs)
+}
+
+func hwServiceFactory() android.Module {
+ m := newModule()
+ m.build = m.buildHwServiceContexts
+ return m
+}
+
+func propertyFactory() android.Module {
+ m := newModule()
+ m.build = m.buildGeneralContexts
+ return m
+}
+
+func serviceFactory() android.Module {
+ m := newModule()
+ m.build = m.buildGeneralContexts
+ return m
+}
diff --git a/compat.mk b/compat.mk
new file mode 100644
index 0000000..5e6dc41
--- /dev/null
+++ b/compat.mk
@@ -0,0 +1,48 @@
+version := $(version_under_treble_tests)
+
+include $(CLEAR_VARS)
+#################################
+# build this target to ensure the compat permissions files all build against the current policy
+#
+LOCAL_MODULE := $(version)_compat_test
+LOCAL_REQUIRED_MODULES := $(version).compat.cil
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+all_cil_files := \
+ $(built_plat_cil) \
+ $(built_plat_mapping_cil) \
+ $(built_pub_vers_cil) \
+ $(built_vendor_cil) \
+ $(ALL_MODULES.$(version).compat.cil.BUILT) \
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
+endif
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+all_cil_files += $(built_odm_cil)
+endif
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
+ @mkdir -p $(dir $@)
+ $(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@ -f /dev/null
+
+all_cil_files :=
+version :=
+version_under_treble_tests :=
diff --git a/contexts_tests.mk b/contexts_tests.mk
new file mode 100644
index 0000000..da5dd83
--- /dev/null
+++ b/contexts_tests.mk
@@ -0,0 +1,289 @@
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include $(CLEAR_VARS)
+
+# TODO: move tests into Soong after refactoring sepolicy module (b/130693869)
+
+# Run host-side test with contexts files and the sepolicy file.
+# $(1): paths to contexts files
+# $(2): path to the host tool
+# $(3): additional argument to be passed to the tool
+define run_contexts_test
+$$(LOCAL_BUILT_MODULE): PRIVATE_CONTEXTS := $(1)
+$$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $$(built_sepolicy)
+$$(LOCAL_BUILT_MODULE): $(2) $(1) $$(built_sepolicy)
+ $$(hide) $$< $(3) $$(PRIVATE_SEPOLICY) $$(PRIVATE_CONTEXTS)
+ $$(hide) mkdir -p $$(dir $$@)
+ $$(hide) touch $$@
+endef
+
+system_out := $(TARGET_OUT)/etc/selinux
+system_ext_out := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+product_out := $(TARGET_OUT_PRODUCT)/etc/selinux
+vendor_out := $(TARGET_OUT_VENDOR)/etc/selinux
+odm_out := $(TARGET_OUT_ODM)/etc/selinux
+
+checkfc := $(HOST_OUT_EXECUTABLES)/checkfc
+property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker
+
+##################################
+LOCAL_MODULE := plat_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(odm_out)/odm_file_contexts, $(checkfc),))
+
+##################################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(odm_out)/odm_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+
+pc_files := $(system_out)/plat_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+##################################
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+
+pc_files += $(system_ext_out)/system_ext_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+##################################
+
+pc_files += $(vendor_out)/vendor_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+##################################
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+
+pc_files += $(odm_out)/odm_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+##################################
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+
+pc_files += $(product_out)/product_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+pc_files :=
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_service_contexts, $(checkfc), -s))
+
+##################################
+# nonplat_service_contexts is only allowed on non-full-treble devices
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_service_contexts, $(checkfc), -s))
+
+endif
+
+system_out :=
+product_out :=
+vendor_out :=
+odm_out :=
+checkfc :=
+property_info_checker :=
+run_contexts_test :=
diff --git a/definitions.mk b/definitions.mk
index 16c8bd6..2ecdbdc 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -2,7 +2,7 @@
# processed by checkpolicy
define transform-policy-to-conf
@mkdir -p $(dir $@)
-$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
+$(hide) $(M4) --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
@@ -11,8 +11,10 @@
-D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
+ -D target_treble_sysprop_neverallow=$(PRIVATE_TREBLE_SYSPROP_NEVERALLOW) \
-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
+ -D target_requires_insecure_execmem_for_swiftshader=$(PRODUCT_REQUIRES_INSECURE_EXECMEM_FOR_SWIFTSHADER) \
$(PRIVATE_TGT_RECOVERY) \
- -s $^ > $@
+ -s $(PRIVATE_POLICY_FILES) > $@
endef
.KATI_READONLY := transform-policy-to-conf
diff --git a/file_contexts.mk b/file_contexts.mk
deleted file mode 100644
index 267b68f..0000000
--- a/file_contexts.mk
+++ /dev/null
@@ -1,177 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
-ifneq ($(filter address,$(SANITIZE_TARGET)),)
- local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
-endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
- local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
-endif
-ifeq ($(TARGET_FLATTEN_APEX),true)
- apex_fc_files := $(wildcard $(LOCAL_PATH)/apex/*-file_contexts)
- $(foreach _input,$(apex_fc_files),\
- $(eval _output := $(intermediates)/$(notdir $(_input))-flattened)\
- $(eval _apex_name := $(patsubst %-file_contexts,%,$(notdir $(_input))))\
- $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_name),$(_output),local_fc_files))\
- )
-endif
-local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(local_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_plat_fc := $(LOCAL_BUILT_MODULE)
-local_fc_files :=
-local_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_fc_files := $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
-product_fcfiles_with_nl := $(call add_nl, $(product_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(product_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(product_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_product_fc := $(LOCAL_BUILT_MODULE)
-product_fc_files :=
-product_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_fc_files := $(call build_vendor_policy, file_contexts)
-vendor_fcfiles_with_nl := $(call add_nl, $(vendor_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(vendor_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(vendor_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_vendor_fc := $(LOCAL_BUILT_MODULE)
-vendor_fc_files :=
-vendor_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := odm_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-odm_fc_files := $(call build_odm_policy, file_contexts)
-odm_fcfiles_with_nl := $(call add_nl, $(odm_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(odm_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(odm_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_odm_fc := $(LOCAL_BUILT_MODULE)
-odm_fc_files :=
-odm_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_file_contexts.recovery
-LOCAL_MODULE_STEM := plat_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_plat_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_file_contexts.recovery
-LOCAL_MODULE_STEM := product_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_product_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := vendor_file_contexts.recovery
-LOCAL_MODULE_STEM := vendor_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_vendor_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := odm_file_contexts.recovery
-LOCAL_MODULE_STEM := odm_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_odm_fc)
- $(hide) cp -f $< $@
diff --git a/hwservice_contexts.mk b/hwservice_contexts.mk
deleted file mode 100644
index 15f404d..0000000
--- a/hwservice_contexts.mk
+++ /dev/null
@@ -1,110 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-plat_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_PRIVATE_POLICY))
-
-plat_hwservice_contexts.tmp := $(intermediates)/plat_hwservice_contexts.tmp
-$(plat_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(plat_hwsvcfiles)
-$(plat_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_hwservice_contexts.tmp): $(plat_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(plat_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-plat_hwsvcfiles :=
-plat_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PRODUCT_PRIVATE_POLICY))
-
-product_hwservice_contexts.tmp := $(intermediates)/product_hwservice_contexts.tmp
-$(product_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(product_hwsvcfiles)
-$(product_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_hwservice_contexts.tmp): $(product_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(product_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-product_hwsvcfiles :=
-product_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-
-vendor_hwservice_contexts.tmp := $(intermediates)/vendor_hwservice_contexts.tmp
-$(vendor_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_hwsvcfiles)
-$(vendor_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_hwservice_contexts.tmp): $(vendor_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(vendor_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-vendor_hwsvcfiles :=
-vendor_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := odm_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-odm_hwsvcfiles := $(call build_policy, hwservice_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
-
-odm_hwservice_contexts.tmp := $(intermediates)/odm_hwservice_contexts.tmp
-$(odm_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(odm_hwsvcfiles)
-$(odm_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_hwservice_contexts.tmp): $(odm_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(odm_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-odm_hwsvcfiles :=
-odm_hwservice_contexts.tmp :=
diff --git a/mac_permissions.mk b/mac_permissions.mk
index 889795c..3cc0151 100644
--- a/mac_permissions.mk
+++ b/mac_permissions.mk
@@ -7,33 +7,68 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_plat_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
+
# Build keys.conf
plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp
$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+$(plat_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_plat_mac_perms_keys)
+$(plat_mac_perms_keys.tmp): $(all_plat_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
# Should be synced with keys.conf.
-all_plat_keys := platform media shared testkey
-all_plat_keys := $(all_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
+all_plat_keys := platform media networkstack shared testkey
+all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_plat_mac_perms_files) $(all_plat_keys)
@mkdir -p $(dir $@)
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-all_mac_perms_files :=
all_plat_keys :=
+all_plat_mac_perms_files :=
+all_plat_mac_perms_keys :=
plat_mac_perms_keys.tmp :=
##################################
include $(CLEAR_VARS)
+LOCAL_MODULE := system_ext_mac_permissions.xml
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+all_system_ext_mac_perms_keys := $(call build_policy, keys.conf, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+all_system_ext_mac_perms_files := $(call build_policy, mac_permissions.xml, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+
+# Build keys.conf
+system_ext_mac_perms_keys.tmp := $(intermediates)/system_ext_keys.tmp
+$(system_ext_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_system_ext_mac_perms_keys)
+$(system_ext_mac_perms_keys.tmp): $(all_system_ext_mac_perms_keys)
+ @mkdir -p $(dir $@)
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+
+$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_system_ext_mac_perms_files)
+$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
+$(all_system_ext_mac_perms_files)
+ @mkdir -p $(dir $@)
+ $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+
+system_ext_mac_perms_keys.tmp :=
+all_system_ext_mac_perms_files :=
+all_system_ext_mac_perms_keys :=
+
+##################################
+include $(CLEAR_VARS)
+
LOCAL_MODULE := product_mac_permissions.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -41,14 +76,16 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_product_mac_perms_keys := $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+
# Build keys.conf
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+$(product_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_product_mac_perms_keys)
+$(product_mac_perms_keys.tmp): $(all_product_mac_perms_keys)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
@@ -58,6 +95,7 @@
product_mac_perms_keys.tmp :=
all_product_mac_perms_files :=
+all_product_mac_perms_keys :=
##################################
include $(CLEAR_VARS)
@@ -69,23 +107,27 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
# Build keys.conf
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+$(vendor_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_vendor_mac_perms_keys)
+$(vendor_mac_perms_keys.tmp): $(all_vendor_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_vendor_mac_perms_files)
@mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+ $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
vendor_mac_perms_keys.tmp :=
all_vendor_mac_perms_files :=
+all_vendor_mac_perms_keys :=
##################################
include $(CLEAR_VARS)
@@ -97,14 +139,16 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_odm_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
# Build keys.conf
odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+$(odm_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_odm_mac_perms_keys)
+$(odm_mac_perms_keys.tmp): $(all_odm_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te
index d6fa868..232872c 100644
--- a/prebuilts/api/26.0/public/property.te
+++ b/prebuilts/api/26.0/public/property.te
@@ -1,6 +1,7 @@
type asan_reboot_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te
index 95efcaa..2c716c5 100644
--- a/prebuilts/api/27.0/public/property.te
+++ b/prebuilts/api/27.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index b0397e9..a4f0d87 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_prop, property_type;
type bootloader_boot_reason_prop, property_type;
diff --git a/prebuilts/api/29.0/plat_pub_versioned.cil b/prebuilts/api/29.0/plat_pub_versioned.cil
new file mode 100644
index 0000000..b80abeb
--- /dev/null
+++ b/prebuilts/api/29.0/plat_pub_versioned.cil
@@ -0,0 +1,2208 @@
+(type DockObserver_service)
+(type IProxyService_service)
+(type accessibility_service)
+(type account_service)
+(type activity_service)
+(type activity_task_service)
+(type adb_data_file)
+(type adb_keys_file)
+(type adb_service)
+(type adbd)
+(type adbd_exec)
+(type adbd_socket)
+(type alarm_service)
+(type anr_data_file)
+(type apex_data_file)
+(type apex_metadata_file)
+(type apex_mnt_dir)
+(type apex_service)
+(type apexd)
+(type apexd_exec)
+(type apexd_prop)
+(type apk_data_file)
+(type apk_private_data_file)
+(type apk_private_tmp_file)
+(type apk_tmp_file)
+(type app_binding_service)
+(type app_data_file)
+(type app_fuse_file)
+(type app_fusefs)
+(type app_prediction_service)
+(type app_zygote)
+(type app_zygote_tmpfs)
+(type appdomain_tmpfs)
+(type appops_service)
+(type appwidget_service)
+(type asec_apk_file)
+(type asec_image_file)
+(type asec_public_file)
+(type ashmem_device)
+(type ashmemd)
+(type assetatlas_service)
+(type audio_data_file)
+(type audio_device)
+(type audio_prop)
+(type audio_service)
+(type audiohal_data_file)
+(type audioserver)
+(type audioserver_data_file)
+(type audioserver_service)
+(type audioserver_tmpfs)
+(type autofill_service)
+(type backup_data_file)
+(type backup_service)
+(type battery_service)
+(type batteryproperties_service)
+(type batterystats_service)
+(type binder_calls_stats_service)
+(type binder_device)
+(type binfmt_miscfs)
+(type biometric_service)
+(type blkid)
+(type blkid_untrusted)
+(type block_device)
+(type bluetooth)
+(type bluetooth_a2dp_offload_prop)
+(type bluetooth_audio_hal_prop)
+(type bluetooth_data_file)
+(type bluetooth_efs_file)
+(type bluetooth_logs_data_file)
+(type bluetooth_manager_service)
+(type bluetooth_prop)
+(type bluetooth_service)
+(type bluetooth_socket)
+(type boot_block_device)
+(type bootanim)
+(type bootanim_exec)
+(type bootchart_data_file)
+(type bootloader_boot_reason_prop)
+(type bootstat)
+(type bootstat_data_file)
+(type bootstat_exec)
+(type boottime_prop)
+(type boottrace_data_file)
+(type bpf_progs_loaded_prop)
+(type broadcastradio_service)
+(type bufferhubd)
+(type bufferhubd_exec)
+(type bugreport_service)
+(type cache_backup_file)
+(type cache_block_device)
+(type cache_file)
+(type cache_private_backup_file)
+(type cache_recovery_file)
+(type camera_data_file)
+(type camera_device)
+(type cameraproxy_service)
+(type cameraserver)
+(type cameraserver_exec)
+(type cameraserver_service)
+(type cameraserver_tmpfs)
+(type cgroup)
+(type cgroup_bpf)
+(type cgroup_desc_file)
+(type cgroup_rc_file)
+(type charger)
+(type charger_exec)
+(type clatd)
+(type clatd_exec)
+(type clipboard_service)
+(type color_display_service)
+(type companion_device_service)
+(type config_prop)
+(type configfs)
+(type connectivity_service)
+(type connmetrics_service)
+(type console_device)
+(type consumer_ir_service)
+(type content_capture_service)
+(type content_service)
+(type content_suggestions_service)
+(type contexthub_service)
+(type coredump_file)
+(type country_detector_service)
+(type coverage_service)
+(type cppreopt_prop)
+(type cpu_variant_prop)
+(type cpuinfo_service)
+(type crash_dump)
+(type crash_dump_exec)
+(type crossprofileapps_service)
+(type ctl_adbd_prop)
+(type ctl_bootanim_prop)
+(type ctl_bugreport_prop)
+(type ctl_console_prop)
+(type ctl_default_prop)
+(type ctl_dumpstate_prop)
+(type ctl_fuse_prop)
+(type ctl_gsid_prop)
+(type ctl_interface_restart_prop)
+(type ctl_interface_start_prop)
+(type ctl_interface_stop_prop)
+(type ctl_mdnsd_prop)
+(type ctl_restart_prop)
+(type ctl_rildaemon_prop)
+(type ctl_sigstop_prop)
+(type ctl_start_prop)
+(type ctl_stop_prop)
+(type dalvik_prop)
+(type dalvikcache_data_file)
+(type dbinfo_service)
+(type debug_prop)
+(type debugfs)
+(type debugfs_mmc)
+(type debugfs_trace_marker)
+(type debugfs_tracing)
+(type debugfs_tracing_debug)
+(type debugfs_tracing_instances)
+(type debugfs_wakeup_sources)
+(type debugfs_wifi_tracing)
+(type debuggerd_prop)
+(type default_android_hwservice)
+(type default_android_service)
+(type default_android_vndservice)
+(type default_prop)
+(type dev_cpu_variant)
+(type device)
+(type device_config_activity_manager_native_boot_prop)
+(type device_config_boot_count_prop)
+(type device_config_input_native_boot_prop)
+(type device_config_media_native_prop)
+(type device_config_netd_native_prop)
+(type device_config_reset_performed_prop)
+(type device_config_runtime_native_boot_prop)
+(type device_config_runtime_native_prop)
+(type device_config_service)
+(type device_identifiers_service)
+(type device_logging_prop)
+(type device_policy_service)
+(type deviceidle_service)
+(type devicestoragemonitor_service)
+(type devpts)
+(type dhcp)
+(type dhcp_data_file)
+(type dhcp_exec)
+(type dhcp_prop)
+(type diskstats_service)
+(type display_service)
+(type dm_device)
+(type dnsmasq)
+(type dnsmasq_exec)
+(type dnsproxyd_socket)
+(type dnsresolver_service)
+(type dreams_service)
+(type drm_data_file)
+(type drmserver)
+(type drmserver_exec)
+(type drmserver_service)
+(type drmserver_socket)
+(type dropbox_data_file)
+(type dropbox_service)
+(type dumpstate)
+(type dumpstate_exec)
+(type dumpstate_options_prop)
+(type dumpstate_prop)
+(type dumpstate_service)
+(type dumpstate_socket)
+(type dynamic_system_prop)
+(type e2fs)
+(type e2fs_exec)
+(type efs_file)
+(type ephemeral_app)
+(type ethernet_service)
+(type exfat)
+(type exported2_config_prop)
+(type exported2_default_prop)
+(type exported2_radio_prop)
+(type exported2_system_prop)
+(type exported2_vold_prop)
+(type exported3_default_prop)
+(type exported3_radio_prop)
+(type exported3_system_prop)
+(type exported_audio_prop)
+(type exported_bluetooth_prop)
+(type exported_config_prop)
+(type exported_dalvik_prop)
+(type exported_default_prop)
+(type exported_dumpstate_prop)
+(type exported_ffs_prop)
+(type exported_fingerprint_prop)
+(type exported_overlay_prop)
+(type exported_pm_prop)
+(type exported_radio_prop)
+(type exported_secure_prop)
+(type exported_system_prop)
+(type exported_system_radio_prop)
+(type exported_vold_prop)
+(type exported_wifi_prop)
+(type external_vibrator_service)
+(type face_service)
+(type face_vendor_data_file)
+(type fastbootd)
+(type ffs_prop)
+(type file_contexts_file)
+(type fingerprint_prop)
+(type fingerprint_service)
+(type fingerprint_vendor_data_file)
+(type fingerprintd)
+(type fingerprintd_data_file)
+(type fingerprintd_exec)
+(type fingerprintd_service)
+(type firstboot_prop)
+(type flags_health_check)
+(type flags_health_check_exec)
+(type font_service)
+(type frp_block_device)
+(type fs_bpf)
+(type fsck)
+(type fsck_exec)
+(type fsck_untrusted)
+(type fscklogs)
+(type functionfs)
+(type fuse)
+(type fuse_device)
+(type fwk_bufferhub_hwservice)
+(type fwk_camera_hwservice)
+(type fwk_display_hwservice)
+(type fwk_scheduler_hwservice)
+(type fwk_sensor_hwservice)
+(type fwk_stats_hwservice)
+(type fwmarkd_socket)
+(type gatekeeper_data_file)
+(type gatekeeper_service)
+(type gatekeeperd)
+(type gatekeeperd_exec)
+(type gfxinfo_service)
+(type gps_control)
+(type gpu_device)
+(type gpu_service)
+(type gpuservice)
+(type graphics_device)
+(type graphicsstats_service)
+(type gsi_data_file)
+(type gsi_metadata_file)
+(type gsid_prop)
+(type hal_atrace_hwservice)
+(type hal_audio_hwservice)
+(type hal_audiocontrol_hwservice)
+(type hal_authsecret_hwservice)
+(type hal_bluetooth_hwservice)
+(type hal_bootctl_hwservice)
+(type hal_broadcastradio_hwservice)
+(type hal_camera_hwservice)
+(type hal_cas_hwservice)
+(type hal_codec2_hwservice)
+(type hal_configstore_ISurfaceFlingerConfigs)
+(type hal_confirmationui_hwservice)
+(type hal_contexthub_hwservice)
+(type hal_drm_hwservice)
+(type hal_dumpstate_hwservice)
+(type hal_evs_hwservice)
+(type hal_face_hwservice)
+(type hal_fingerprint_hwservice)
+(type hal_fingerprint_service)
+(type hal_gatekeeper_hwservice)
+(type hal_gnss_hwservice)
+(type hal_graphics_allocator_hwservice)
+(type hal_graphics_composer_hwservice)
+(type hal_graphics_composer_server_tmpfs)
+(type hal_graphics_mapper_hwservice)
+(type hal_health_hwservice)
+(type hal_health_storage_hwservice)
+(type hal_input_classifier_hwservice)
+(type hal_ir_hwservice)
+(type hal_keymaster_hwservice)
+(type hal_light_hwservice)
+(type hal_lowpan_hwservice)
+(type hal_memtrack_hwservice)
+(type hal_neuralnetworks_hwservice)
+(type hal_nfc_hwservice)
+(type hal_oemlock_hwservice)
+(type hal_omx_hwservice)
+(type hal_power_hwservice)
+(type hal_power_stats_hwservice)
+(type hal_renderscript_hwservice)
+(type hal_secure_element_hwservice)
+(type hal_sensors_hwservice)
+(type hal_telephony_hwservice)
+(type hal_tetheroffload_hwservice)
+(type hal_thermal_hwservice)
+(type hal_tv_cec_hwservice)
+(type hal_tv_input_hwservice)
+(type hal_usb_gadget_hwservice)
+(type hal_usb_hwservice)
+(type hal_vehicle_hwservice)
+(type hal_vibrator_hwservice)
+(type hal_vr_hwservice)
+(type hal_weaver_hwservice)
+(type hal_wifi_hostapd_hwservice)
+(type hal_wifi_hwservice)
+(type hal_wifi_offload_hwservice)
+(type hal_wifi_supplicant_hwservice)
+(type hardware_properties_service)
+(type hardware_service)
+(type hci_attach_dev)
+(type hdmi_control_service)
+(type healthd)
+(type healthd_exec)
+(type heapdump_data_file)
+(type heapprofd)
+(type heapprofd_enabled_prop)
+(type heapprofd_prop)
+(type heapprofd_socket)
+(type hidl_allocator_hwservice)
+(type hidl_base_hwservice)
+(type hidl_manager_hwservice)
+(type hidl_memory_hwservice)
+(type hidl_token_hwservice)
+(type hw_random_device)
+(type hwbinder_device)
+(type hwservice_contexts_file)
+(type hwservicemanager)
+(type hwservicemanager_exec)
+(type hwservicemanager_prop)
+(type icon_file)
+(type idmap)
+(type idmap_exec)
+(type idmap_service)
+(type iio_device)
+(type imms_service)
+(type incident)
+(type incident_data_file)
+(type incident_helper)
+(type incident_service)
+(type incidentd)
+(type init)
+(type init_exec)
+(type init_tmpfs)
+(type inotify)
+(type input_device)
+(type input_method_service)
+(type input_service)
+(type inputflinger)
+(type inputflinger_exec)
+(type inputflinger_service)
+(type install_data_file)
+(type install_recovery)
+(type install_recovery_exec)
+(type installd)
+(type installd_exec)
+(type installd_service)
+(type ion_device)
+(type iorapd)
+(type iorapd_data_file)
+(type iorapd_exec)
+(type iorapd_service)
+(type iorapd_tmpfs)
+(type ipsec_service)
+(type iris_service)
+(type iris_vendor_data_file)
+(type isolated_app)
+(type jobscheduler_service)
+(type kernel)
+(type keychain_data_file)
+(type keychord_device)
+(type keystore)
+(type keystore_data_file)
+(type keystore_exec)
+(type keystore_service)
+(type kmsg_debug_device)
+(type kmsg_device)
+(type labeledfs)
+(type last_boot_reason_prop)
+(type launcherapps_service)
+(type llkd)
+(type llkd_exec)
+(type llkd_prop)
+(type lmkd)
+(type lmkd_exec)
+(type lmkd_socket)
+(type location_service)
+(type lock_settings_service)
+(type log_prop)
+(type log_tag_prop)
+(type logcat_exec)
+(type logd)
+(type logd_exec)
+(type logd_prop)
+(type logd_socket)
+(type logdr_socket)
+(type logdw_socket)
+(type logpersist)
+(type logpersistd_logging_prop)
+(type loop_control_device)
+(type loop_device)
+(type looper_stats_service)
+(type lowpan_device)
+(type lowpan_prop)
+(type lowpan_service)
+(type lpdump_service)
+(type lpdumpd_prop)
+(type mac_perms_file)
+(type mdns_socket)
+(type mdnsd)
+(type mdnsd_socket)
+(type media_data_file)
+(type media_projection_service)
+(type media_router_service)
+(type media_rw_data_file)
+(type media_session_service)
+(type mediacodec_service)
+(type mediadrmserver)
+(type mediadrmserver_exec)
+(type mediadrmserver_service)
+(type mediaextractor)
+(type mediaextractor_exec)
+(type mediaextractor_service)
+(type mediaextractor_tmpfs)
+(type mediametrics)
+(type mediametrics_exec)
+(type mediametrics_service)
+(type mediaprovider)
+(type mediaserver)
+(type mediaserver_exec)
+(type mediaserver_service)
+(type mediaserver_tmpfs)
+(type mediaswcodec)
+(type mediaswcodec_exec)
+(type meminfo_service)
+(type metadata_block_device)
+(type metadata_file)
+(type method_trace_data_file)
+(type midi_service)
+(type misc_block_device)
+(type misc_logd_file)
+(type misc_user_data_file)
+(type mmc_prop)
+(type mnt_expand_file)
+(type mnt_media_rw_file)
+(type mnt_media_rw_stub_file)
+(type mnt_product_file)
+(type mnt_user_file)
+(type mnt_vendor_file)
+(type modprobe)
+(type mount_service)
+(type mqueue)
+(type mtp)
+(type mtp_device)
+(type mtp_exec)
+(type mtpd_socket)
+(type nativetest_data_file)
+(type net_data_file)
+(type net_dns_prop)
+(type net_radio_prop)
+(type netd)
+(type netd_exec)
+(type netd_listener_service)
+(type netd_service)
+(type netd_stable_secret_prop)
+(type netif)
+(type netpolicy_service)
+(type netstats_service)
+(type netutils_wrapper)
+(type netutils_wrapper_exec)
+(type network_management_service)
+(type network_score_service)
+(type network_stack)
+(type network_stack_service)
+(type network_time_update_service)
+(type network_watchlist_data_file)
+(type network_watchlist_service)
+(type nfc)
+(type nfc_data_file)
+(type nfc_device)
+(type nfc_prop)
+(type nfc_service)
+(type nnapi_ext_deny_product_prop)
+(type node)
+(type nonplat_service_contexts_file)
+(type notification_service)
+(type null_device)
+(type oem_lock_service)
+(type oemfs)
+(type ota_data_file)
+(type ota_package_file)
+(type otadexopt_service)
+(type overlay_prop)
+(type overlay_service)
+(type overlayfs_file)
+(type owntty_device)
+(type package_native_service)
+(type package_service)
+(type packages_list_file)
+(type pan_result_prop)
+(type password_slot_metadata_file)
+(type pdx_bufferhub_client_channel_socket)
+(type pdx_bufferhub_client_endpoint_socket)
+(type pdx_bufferhub_dir)
+(type pdx_display_client_channel_socket)
+(type pdx_display_client_endpoint_socket)
+(type pdx_display_dir)
+(type pdx_display_manager_channel_socket)
+(type pdx_display_manager_endpoint_socket)
+(type pdx_display_screenshot_channel_socket)
+(type pdx_display_screenshot_endpoint_socket)
+(type pdx_display_vsync_channel_socket)
+(type pdx_display_vsync_endpoint_socket)
+(type pdx_performance_client_channel_socket)
+(type pdx_performance_client_endpoint_socket)
+(type pdx_performance_dir)
+(type perfetto)
+(type performanced)
+(type performanced_exec)
+(type perfprofd)
+(type perfprofd_data_file)
+(type perfprofd_exec)
+(type perfprofd_service)
+(type permission_service)
+(type permissionmgr_service)
+(type persist_debug_prop)
+(type persistent_data_block_service)
+(type persistent_properties_ready_prop)
+(type pinner_service)
+(type pipefs)
+(type platform_app)
+(type pm_prop)
+(type pmsg_device)
+(type port)
+(type port_device)
+(type postinstall)
+(type postinstall_apex_mnt_dir)
+(type postinstall_file)
+(type postinstall_mnt_dir)
+(type power_service)
+(type powerctl_prop)
+(type ppp)
+(type ppp_device)
+(type ppp_exec)
+(type preloads_data_file)
+(type preloads_media_file)
+(type print_service)
+(type priv_app)
+(type privapp_data_file)
+(type proc)
+(type proc_abi)
+(type proc_asound)
+(type proc_bluetooth_writable)
+(type proc_buddyinfo)
+(type proc_cmdline)
+(type proc_cpuinfo)
+(type proc_dirty)
+(type proc_diskstats)
+(type proc_drop_caches)
+(type proc_extra_free_kbytes)
+(type proc_filesystems)
+(type proc_fs_verity)
+(type proc_hostname)
+(type proc_hung_task)
+(type proc_interrupts)
+(type proc_iomem)
+(type proc_keys)
+(type proc_kmsg)
+(type proc_loadavg)
+(type proc_max_map_count)
+(type proc_meminfo)
+(type proc_min_free_order_shift)
+(type proc_misc)
+(type proc_modules)
+(type proc_mounts)
+(type proc_net)
+(type proc_net_tcp_udp)
+(type proc_overcommit_memory)
+(type proc_page_cluster)
+(type proc_pagetypeinfo)
+(type proc_panic)
+(type proc_perf)
+(type proc_pid_max)
+(type proc_pipe_conf)
+(type proc_pressure_cpu)
+(type proc_pressure_io)
+(type proc_pressure_mem)
+(type proc_qtaguid_ctrl)
+(type proc_qtaguid_stat)
+(type proc_random)
+(type proc_sched)
+(type proc_security)
+(type proc_slabinfo)
+(type proc_stat)
+(type proc_swaps)
+(type proc_sysrq)
+(type proc_timer)
+(type proc_tty_drivers)
+(type proc_uid_concurrent_active_time)
+(type proc_uid_concurrent_policy_time)
+(type proc_uid_cpupower)
+(type proc_uid_cputime_removeuid)
+(type proc_uid_cputime_showstat)
+(type proc_uid_io_stats)
+(type proc_uid_procstat_set)
+(type proc_uid_time_in_state)
+(type proc_uptime)
+(type proc_version)
+(type proc_vmallocinfo)
+(type proc_vmstat)
+(type proc_zoneinfo)
+(type processinfo_service)
+(type procstats_service)
+(type profman)
+(type profman_dump_data_file)
+(type profman_exec)
+(type properties_device)
+(type properties_serial)
+(type property_contexts_file)
+(type property_data_file)
+(type property_info)
+(type property_socket)
+(type pstorefs)
+(type ptmx_device)
+(type qtaguid_device)
+(type racoon)
+(type racoon_exec)
+(type racoon_socket)
+(type radio)
+(type radio_data_file)
+(type radio_device)
+(type radio_prop)
+(type radio_service)
+(type ram_device)
+(type random_device)
+(type recovery)
+(type recovery_block_device)
+(type recovery_data_file)
+(type recovery_persist)
+(type recovery_persist_exec)
+(type recovery_refresh)
+(type recovery_refresh_exec)
+(type recovery_service)
+(type recovery_socket)
+(type registry_service)
+(type resourcecache_data_file)
+(type restorecon_prop)
+(type restrictions_service)
+(type rild_debug_socket)
+(type rild_socket)
+(type ringtone_file)
+(type role_service)
+(type rollback_service)
+(type root_block_device)
+(type rootfs)
+(type rpmsg_device)
+(type rs)
+(type rs_exec)
+(type rss_hwm_reset)
+(type rtc_device)
+(type rttmanager_service)
+(type runas)
+(type runas_app)
+(type runas_exec)
+(type runtime_event_log_tags_file)
+(type runtime_service)
+(type safemode_prop)
+(type same_process_hal_file)
+(type samplingprofiler_service)
+(type scheduling_policy_service)
+(type sdcard_block_device)
+(type sdcardd)
+(type sdcardd_exec)
+(type sdcardfs)
+(type seapp_contexts_file)
+(type search_service)
+(type sec_key_att_app_id_provider_service)
+(type secure_element)
+(type secure_element_device)
+(type secure_element_service)
+(type selinuxfs)
+(type sensor_privacy_service)
+(type sensors_device)
+(type sensorservice_service)
+(type sepolicy_file)
+(type serial_device)
+(type serial_service)
+(type serialno_prop)
+(type server_configurable_flags_data_file)
+(type service_contexts_file)
+(type servicediscovery_service)
+(type servicemanager)
+(type servicemanager_exec)
+(type settings_service)
+(type sgdisk)
+(type sgdisk_exec)
+(type shared_relro)
+(type shared_relro_file)
+(type shell)
+(type shell_data_file)
+(type shell_exec)
+(type shell_prop)
+(type shm)
+(type shortcut_manager_icons)
+(type shortcut_service)
+(type simpleperf_app_runner)
+(type simpleperf_app_runner_exec)
+(type slice_service)
+(type slideshow)
+(type socket_device)
+(type sockfs)
+(type staging_data_file)
+(type stats_data_file)
+(type statsd)
+(type statsd_exec)
+(type statsdw_socket)
+(type statusbar_service)
+(type storage_file)
+(type storage_stub_file)
+(type storaged_service)
+(type storagestats_service)
+(type su)
+(type su_exec)
+(type super_block_device)
+(type surfaceflinger)
+(type surfaceflinger_service)
+(type surfaceflinger_tmpfs)
+(type swap_block_device)
+(type sysfs)
+(type sysfs_android_usb)
+(type sysfs_batteryinfo)
+(type sysfs_bluetooth_writable)
+(type sysfs_devices_block)
+(type sysfs_devices_system_cpu)
+(type sysfs_dm)
+(type sysfs_dt_firmware_android)
+(type sysfs_extcon)
+(type sysfs_fs_ext4_features)
+(type sysfs_fs_f2fs)
+(type sysfs_hwrandom)
+(type sysfs_ipv4)
+(type sysfs_kernel_notes)
+(type sysfs_leds)
+(type sysfs_loop)
+(type sysfs_lowmemorykiller)
+(type sysfs_mac_address)
+(type sysfs_net)
+(type sysfs_nfc_power_writable)
+(type sysfs_power)
+(type sysfs_rtc)
+(type sysfs_switch)
+(type sysfs_thermal)
+(type sysfs_transparent_hugepage)
+(type sysfs_uio)
+(type sysfs_usb)
+(type sysfs_usermodehelper)
+(type sysfs_vibrator)
+(type sysfs_wake_lock)
+(type sysfs_wakeup_reasons)
+(type sysfs_wlan_fwpath)
+(type sysfs_zram)
+(type sysfs_zram_uevent)
+(type system_app)
+(type system_app_data_file)
+(type system_app_service)
+(type system_asan_options_file)
+(type system_block_device)
+(type system_boot_reason_prop)
+(type system_bootstrap_lib_file)
+(type system_data_file)
+(type system_event_log_tags_file)
+(type system_file)
+(type system_lib_file)
+(type system_linker_config_file)
+(type system_linker_exec)
+(type system_lmk_prop)
+(type system_ndebug_socket)
+(type system_net_netd_hwservice)
+(type system_prop)
+(type system_radio_prop)
+(type system_seccomp_policy_file)
+(type system_security_cacerts_file)
+(type system_server)
+(type system_server_tmpfs)
+(type system_suspend_control_service)
+(type system_suspend_hwservice)
+(type system_trace_prop)
+(type system_update_service)
+(type system_wifi_keystore_hwservice)
+(type system_wpa_socket)
+(type system_zoneinfo_file)
+(type systemkeys_data_file)
+(type task_profiles_file)
+(type task_service)
+(type tcpdump_exec)
+(type tee)
+(type tee_data_file)
+(type tee_device)
+(type telecom_service)
+(type test_boot_reason_prop)
+(type test_harness_prop)
+(type testharness_service)
+(type textclassification_service)
+(type textclassifier_data_file)
+(type textservices_service)
+(type thermal_service)
+(type thermalcallback_hwservice)
+(type time_prop)
+(type timedetector_service)
+(type timezone_service)
+(type tmpfs)
+(type tombstone_data_file)
+(type tombstone_wifi_data_file)
+(type tombstoned)
+(type tombstoned_crash_socket)
+(type tombstoned_exec)
+(type tombstoned_intercept_socket)
+(type tombstoned_java_trace_socket)
+(type toolbox)
+(type toolbox_exec)
+(type trace_data_file)
+(type traced)
+(type traced_consumer_socket)
+(type traced_enabled_prop)
+(type traced_lazy_prop)
+(type traced_probes)
+(type traced_producer_socket)
+(type traceur_app)
+(type trust_service)
+(type tty_device)
+(type tun_device)
+(type tv_input_service)
+(type tzdatacheck)
+(type tzdatacheck_exec)
+(type ueventd)
+(type ueventd_tmpfs)
+(type uhid_device)
+(type uimode_service)
+(type uio_device)
+(type uncrypt)
+(type uncrypt_exec)
+(type uncrypt_socket)
+(type unencrypted_data_file)
+(type unlabeled)
+(type untrusted_app)
+(type untrusted_app_25)
+(type untrusted_app_27)
+(type update_engine)
+(type update_engine_data_file)
+(type update_engine_exec)
+(type update_engine_log_data_file)
+(type update_engine_service)
+(type update_verifier)
+(type update_verifier_exec)
+(type updatelock_service)
+(type uri_grants_service)
+(type usagestats_service)
+(type usb_device)
+(type usb_service)
+(type usbaccessory_device)
+(type usbd)
+(type usbd_exec)
+(type usbfs)
+(type use_memfd_prop)
+(type user_profile_data_file)
+(type user_service)
+(type userdata_block_device)
+(type usermodehelper)
+(type vdc)
+(type vdc_exec)
+(type vendor_app_file)
+(type vendor_cgroup_desc_file)
+(type vendor_configs_file)
+(type vendor_data_file)
+(type vendor_default_prop)
+(type vendor_file)
+(type vendor_framework_file)
+(type vendor_hal_file)
+(type vendor_idc_file)
+(type vendor_init)
+(type vendor_keychars_file)
+(type vendor_keylayout_file)
+(type vendor_overlay_file)
+(type vendor_public_lib_file)
+(type vendor_security_patch_level_prop)
+(type vendor_shell)
+(type vendor_shell_exec)
+(type vendor_task_profiles_file)
+(type vendor_toolbox_exec)
+(type vfat)
+(type vibrator_service)
+(type video_device)
+(type virtual_touchpad)
+(type virtual_touchpad_exec)
+(type virtual_touchpad_service)
+(type vndbinder_device)
+(type vndk_sp_file)
+(type vndservice_contexts_file)
+(type vndservicemanager)
+(type voiceinteraction_service)
+(type vold)
+(type vold_data_file)
+(type vold_device)
+(type vold_exec)
+(type vold_metadata_file)
+(type vold_prepare_subdirs)
+(type vold_prepare_subdirs_exec)
+(type vold_prop)
+(type vold_service)
+(type vpn_data_file)
+(type vr_hwc)
+(type vr_hwc_exec)
+(type vr_hwc_service)
+(type vr_manager_service)
+(type vrflinger_vsync_service)
+(type wallpaper_file)
+(type wallpaper_service)
+(type watchdog_device)
+(type watchdogd)
+(type watchdogd_exec)
+(type webview_zygote)
+(type webview_zygote_exec)
+(type webview_zygote_tmpfs)
+(type webviewupdate_service)
+(type wifi_data_file)
+(type wifi_log_prop)
+(type wifi_prop)
+(type wifi_service)
+(type wifiaware_service)
+(type wificond)
+(type wificond_exec)
+(type wificond_service)
+(type wifip2p_service)
+(type wifiscanner_service)
+(type window_service)
+(type wpa_socket)
+(type wpantund)
+(type wpantund_exec)
+(type wpantund_service)
+(type zero_device)
+(type zoneinfo_data_file)
+(type zygote)
+(type zygote_exec)
+(type zygote_socket)
+(type zygote_tmpfs)
+(typeattribute DockObserver_service_29_0)
+(typeattribute IProxyService_service_29_0)
+(typeattribute accessibility_service_29_0)
+(typeattribute account_service_29_0)
+(typeattribute activity_service_29_0)
+(typeattribute activity_task_service_29_0)
+(typeattribute adb_data_file_29_0)
+(typeattribute adb_keys_file_29_0)
+(typeattribute adb_service_29_0)
+(typeattribute adbd_29_0)
+(typeattribute adbd_exec_29_0)
+(typeattribute adbd_socket_29_0)
+(typeattribute alarm_service_29_0)
+(typeattribute anr_data_file_29_0)
+(typeattribute apex_data_file_29_0)
+(typeattribute apex_metadata_file_29_0)
+(typeattribute apex_mnt_dir_29_0)
+(typeattribute apex_service_29_0)
+(typeattribute apexd_29_0)
+(typeattribute apexd_exec_29_0)
+(typeattribute apexd_prop_29_0)
+(typeattribute apk_data_file_29_0)
+(typeattribute apk_private_data_file_29_0)
+(typeattribute apk_private_tmp_file_29_0)
+(typeattribute apk_tmp_file_29_0)
+(typeattribute app_api_service)
+(typeattribute app_binding_service_29_0)
+(typeattribute app_data_file_29_0)
+(typeattribute app_fuse_file_29_0)
+(typeattribute app_fusefs_29_0)
+(typeattribute app_prediction_service_29_0)
+(typeattribute app_zygote_29_0)
+(typeattribute app_zygote_tmpfs_29_0)
+(typeattribute appdomain)
+(typeattribute appdomain_tmpfs_29_0)
+(typeattribute appops_service_29_0)
+(typeattribute appwidget_service_29_0)
+(typeattribute asec_apk_file_29_0)
+(typeattribute asec_image_file_29_0)
+(typeattribute asec_public_file_29_0)
+(typeattribute ashmem_device_29_0)
+(typeattribute ashmemd_29_0)
+(typeattribute assetatlas_service_29_0)
+(typeattribute audio_data_file_29_0)
+(typeattribute audio_device_29_0)
+(typeattribute audio_prop_29_0)
+(typeattribute audio_service_29_0)
+(typeattribute audiohal_data_file_29_0)
+(typeattribute audioserver_29_0)
+(typeattribute audioserver_data_file_29_0)
+(typeattribute audioserver_service_29_0)
+(typeattribute audioserver_tmpfs_29_0)
+(typeattribute autofill_service_29_0)
+(typeattribute backup_data_file_29_0)
+(typeattribute backup_service_29_0)
+(typeattribute battery_service_29_0)
+(typeattribute batteryproperties_service_29_0)
+(typeattribute batterystats_service_29_0)
+(typeattribute binder_calls_stats_service_29_0)
+(typeattribute binder_device_29_0)
+(typeattribute binder_in_vendor_violators)
+(typeattribute binderservicedomain)
+(typeattribute binfmt_miscfs_29_0)
+(typeattribute biometric_service_29_0)
+(typeattribute blkid_29_0)
+(typeattribute blkid_untrusted_29_0)
+(typeattribute block_device_29_0)
+(typeattribute bluetooth_29_0)
+(typeattribute bluetooth_a2dp_offload_prop_29_0)
+(typeattribute bluetooth_audio_hal_prop_29_0)
+(typeattribute bluetooth_data_file_29_0)
+(typeattribute bluetooth_efs_file_29_0)
+(typeattribute bluetooth_logs_data_file_29_0)
+(typeattribute bluetooth_manager_service_29_0)
+(typeattribute bluetooth_prop_29_0)
+(typeattribute bluetooth_service_29_0)
+(typeattribute bluetooth_socket_29_0)
+(typeattribute bluetoothdomain)
+(typeattribute boot_block_device_29_0)
+(typeattribute bootanim_29_0)
+(typeattribute bootanim_exec_29_0)
+(typeattribute bootchart_data_file_29_0)
+(typeattribute bootloader_boot_reason_prop_29_0)
+(typeattribute bootstat_29_0)
+(typeattribute bootstat_data_file_29_0)
+(typeattribute bootstat_exec_29_0)
+(typeattribute boottime_prop_29_0)
+(typeattribute boottrace_data_file_29_0)
+(typeattribute bpf_progs_loaded_prop_29_0)
+(typeattribute broadcastradio_service_29_0)
+(typeattribute bufferhubd_29_0)
+(typeattribute bufferhubd_exec_29_0)
+(typeattribute bugreport_service_29_0)
+(typeattribute cache_backup_file_29_0)
+(typeattribute cache_block_device_29_0)
+(typeattribute cache_file_29_0)
+(typeattribute cache_private_backup_file_29_0)
+(typeattribute cache_recovery_file_29_0)
+(typeattribute camera_data_file_29_0)
+(typeattribute camera_device_29_0)
+(typeattribute camera_service_server)
+(typeattribute cameraproxy_service_29_0)
+(typeattribute cameraserver_29_0)
+(typeattribute cameraserver_exec_29_0)
+(typeattribute cameraserver_service_29_0)
+(typeattribute cameraserver_tmpfs_29_0)
+(typeattribute cgroup_29_0)
+(typeattribute cgroup_bpf_29_0)
+(typeattribute cgroup_desc_file_29_0)
+(typeattribute cgroup_rc_file_29_0)
+(typeattribute charger_29_0)
+(typeattribute charger_exec_29_0)
+(typeattribute clatd_29_0)
+(typeattribute clatd_exec_29_0)
+(typeattribute clipboard_service_29_0)
+(typeattribute color_display_service_29_0)
+(typeattribute companion_device_service_29_0)
+(typeattribute config_prop_29_0)
+(typeattribute configfs_29_0)
+(typeattribute connectivity_service_29_0)
+(typeattribute connmetrics_service_29_0)
+(typeattribute console_device_29_0)
+(typeattribute consumer_ir_service_29_0)
+(typeattribute content_capture_service_29_0)
+(typeattribute content_service_29_0)
+(typeattribute content_suggestions_service_29_0)
+(typeattribute contexthub_service_29_0)
+(typeattribute contextmount_type)
+(typeattribute core_data_file_type)
+(typeattribute core_property_type)
+(typeattribute coredomain)
+(typeattribute coredomain_hwservice)
+(typeattribute coredomain_socket)
+(typeattribute coredump_file_29_0)
+(typeattribute country_detector_service_29_0)
+(typeattribute coverage_service_29_0)
+(typeattribute cppreopt_prop_29_0)
+(typeattribute cpu_variant_prop_29_0)
+(typeattribute cpuinfo_service_29_0)
+(typeattribute crash_dump_29_0)
+(typeattribute crash_dump_exec_29_0)
+(typeattribute crossprofileapps_service_29_0)
+(typeattribute ctl_adbd_prop_29_0)
+(typeattribute ctl_bootanim_prop_29_0)
+(typeattribute ctl_bugreport_prop_29_0)
+(typeattribute ctl_console_prop_29_0)
+(typeattribute ctl_default_prop_29_0)
+(typeattribute ctl_dumpstate_prop_29_0)
+(typeattribute ctl_fuse_prop_29_0)
+(typeattribute ctl_gsid_prop_29_0)
+(typeattribute ctl_interface_restart_prop_29_0)
+(typeattribute ctl_interface_start_prop_29_0)
+(typeattribute ctl_interface_stop_prop_29_0)
+(typeattribute ctl_mdnsd_prop_29_0)
+(typeattribute ctl_restart_prop_29_0)
+(typeattribute ctl_rildaemon_prop_29_0)
+(typeattribute ctl_sigstop_prop_29_0)
+(typeattribute ctl_start_prop_29_0)
+(typeattribute ctl_stop_prop_29_0)
+(typeattribute dalvik_prop_29_0)
+(typeattribute dalvikcache_data_file_29_0)
+(typeattribute data_between_core_and_vendor_violators)
+(typeattribute data_file_type)
+(typeattribute dbinfo_service_29_0)
+(typeattribute debug_prop_29_0)
+(typeattribute debugfs_29_0)
+(typeattribute debugfs_mmc_29_0)
+(typeattribute debugfs_trace_marker_29_0)
+(typeattribute debugfs_tracing_29_0)
+(typeattribute debugfs_tracing_debug_29_0)
+(typeattribute debugfs_tracing_instances_29_0)
+(typeattribute debugfs_type)
+(typeattribute debugfs_wakeup_sources_29_0)
+(typeattribute debugfs_wifi_tracing_29_0)
+(typeattribute debuggerd_prop_29_0)
+(typeattribute default_android_hwservice_29_0)
+(typeattribute default_android_service_29_0)
+(typeattribute default_android_vndservice_29_0)
+(typeattribute default_prop_29_0)
+(typeattribute dev_cpu_variant_29_0)
+(typeattribute dev_type)
+(typeattribute device_29_0)
+(typeattribute device_config_activity_manager_native_boot_prop_29_0)
+(typeattribute device_config_boot_count_prop_29_0)
+(typeattribute device_config_input_native_boot_prop_29_0)
+(typeattribute device_config_media_native_prop_29_0)
+(typeattribute device_config_netd_native_prop_29_0)
+(typeattribute device_config_reset_performed_prop_29_0)
+(typeattribute device_config_runtime_native_boot_prop_29_0)
+(typeattribute device_config_runtime_native_prop_29_0)
+(typeattribute device_config_service_29_0)
+(typeattribute device_identifiers_service_29_0)
+(typeattribute device_logging_prop_29_0)
+(typeattribute device_policy_service_29_0)
+(typeattribute deviceidle_service_29_0)
+(typeattribute devicestoragemonitor_service_29_0)
+(typeattribute devpts_29_0)
+(typeattribute dhcp_29_0)
+(typeattribute dhcp_data_file_29_0)
+(typeattribute dhcp_exec_29_0)
+(typeattribute dhcp_prop_29_0)
+(typeattribute diskstats_service_29_0)
+(typeattribute display_service_29_0)
+(typeattribute display_service_server)
+(typeattribute dm_device_29_0)
+(typeattribute dnsmasq_29_0)
+(typeattribute dnsmasq_exec_29_0)
+(typeattribute dnsproxyd_socket_29_0)
+(typeattribute dnsresolver_service_29_0)
+(typeattribute domain)
+(typeattribute dreams_service_29_0)
+(typeattribute drm_data_file_29_0)
+(typeattribute drmserver_29_0)
+(typeattribute drmserver_exec_29_0)
+(typeattribute drmserver_service_29_0)
+(typeattribute drmserver_socket_29_0)
+(typeattribute dropbox_data_file_29_0)
+(typeattribute dropbox_service_29_0)
+(typeattribute dumpstate_29_0)
+(typeattribute dumpstate_exec_29_0)
+(typeattribute dumpstate_options_prop_29_0)
+(typeattribute dumpstate_prop_29_0)
+(typeattribute dumpstate_service_29_0)
+(typeattribute dumpstate_socket_29_0)
+(typeattribute dynamic_system_prop_29_0)
+(typeattribute e2fs_29_0)
+(typeattribute e2fs_exec_29_0)
+(typeattribute efs_file_29_0)
+(typeattribute ephemeral_app_29_0)
+(typeattribute ephemeral_app_api_service)
+(typeattribute ethernet_service_29_0)
+(typeattribute exec_type)
+(typeattribute exfat_29_0)
+(typeattribute exported2_config_prop_29_0)
+(typeattribute exported2_default_prop_29_0)
+(typeattribute exported2_radio_prop_29_0)
+(typeattribute exported2_system_prop_29_0)
+(typeattribute exported2_vold_prop_29_0)
+(typeattribute exported3_default_prop_29_0)
+(typeattribute exported3_radio_prop_29_0)
+(typeattribute exported3_system_prop_29_0)
+(typeattribute exported_audio_prop_29_0)
+(typeattribute exported_bluetooth_prop_29_0)
+(typeattribute exported_config_prop_29_0)
+(typeattribute exported_dalvik_prop_29_0)
+(typeattribute exported_default_prop_29_0)
+(typeattribute exported_dumpstate_prop_29_0)
+(typeattribute exported_ffs_prop_29_0)
+(typeattribute exported_fingerprint_prop_29_0)
+(typeattribute exported_overlay_prop_29_0)
+(typeattribute exported_pm_prop_29_0)
+(typeattribute exported_radio_prop_29_0)
+(typeattribute exported_secure_prop_29_0)
+(typeattribute exported_system_prop_29_0)
+(typeattribute exported_system_radio_prop_29_0)
+(typeattribute exported_vold_prop_29_0)
+(typeattribute exported_wifi_prop_29_0)
+(typeattribute extended_core_property_type)
+(typeattribute external_vibrator_service_29_0)
+(typeattribute face_service_29_0)
+(typeattribute face_vendor_data_file_29_0)
+(typeattribute fastbootd_29_0)
+(typeattribute ffs_prop_29_0)
+(typeattribute file_contexts_file_29_0)
+(typeattribute file_type)
+(typeattribute fingerprint_prop_29_0)
+(typeattribute fingerprint_service_29_0)
+(typeattribute fingerprint_vendor_data_file_29_0)
+(typeattribute fingerprintd_29_0)
+(typeattribute fingerprintd_data_file_29_0)
+(typeattribute fingerprintd_exec_29_0)
+(typeattribute fingerprintd_service_29_0)
+(typeattribute firstboot_prop_29_0)
+(typeattribute flags_health_check_29_0)
+(typeattribute flags_health_check_exec_29_0)
+(typeattribute font_service_29_0)
+(typeattribute frp_block_device_29_0)
+(typeattribute fs_bpf_29_0)
+(typeattribute fs_type)
+(typeattribute fsck_29_0)
+(typeattribute fsck_exec_29_0)
+(typeattribute fsck_untrusted_29_0)
+(typeattribute fscklogs_29_0)
+(typeattribute functionfs_29_0)
+(typeattribute fuse_29_0)
+(typeattribute fuse_device_29_0)
+(typeattribute fwk_bufferhub_hwservice_29_0)
+(typeattribute fwk_camera_hwservice_29_0)
+(typeattribute fwk_display_hwservice_29_0)
+(typeattribute fwk_scheduler_hwservice_29_0)
+(typeattribute fwk_sensor_hwservice_29_0)
+(typeattribute fwk_stats_hwservice_29_0)
+(typeattribute fwmarkd_socket_29_0)
+(typeattribute gatekeeper_data_file_29_0)
+(typeattribute gatekeeper_service_29_0)
+(typeattribute gatekeeperd_29_0)
+(typeattribute gatekeeperd_exec_29_0)
+(typeattribute gfxinfo_service_29_0)
+(typeattribute gps_control_29_0)
+(typeattribute gpu_device_29_0)
+(typeattribute gpu_service_29_0)
+(typeattribute gpuservice_29_0)
+(typeattribute graphics_device_29_0)
+(typeattribute graphicsstats_service_29_0)
+(typeattribute gsi_data_file_29_0)
+(typeattribute gsi_metadata_file_29_0)
+(typeattribute gsid_prop_29_0)
+(typeattribute hal_allocator)
+(typeattribute hal_allocator_client)
+(typeattribute hal_allocator_server)
+(typeattribute hal_atrace)
+(typeattribute hal_atrace_client)
+(typeattribute hal_atrace_hwservice_29_0)
+(typeattribute hal_atrace_server)
+(typeattribute hal_audio)
+(typeattribute hal_audio_client)
+(typeattribute hal_audio_hwservice_29_0)
+(typeattribute hal_audio_server)
+(typeattribute hal_audiocontrol)
+(typeattribute hal_audiocontrol_client)
+(typeattribute hal_audiocontrol_hwservice_29_0)
+(typeattribute hal_audiocontrol_server)
+(typeattribute hal_authsecret)
+(typeattribute hal_authsecret_client)
+(typeattribute hal_authsecret_hwservice_29_0)
+(typeattribute hal_authsecret_server)
+(typeattribute hal_automotive_socket_exemption)
+(typeattribute hal_bluetooth)
+(typeattribute hal_bluetooth_client)
+(typeattribute hal_bluetooth_hwservice_29_0)
+(typeattribute hal_bluetooth_server)
+(typeattribute hal_bootctl)
+(typeattribute hal_bootctl_client)
+(typeattribute hal_bootctl_hwservice_29_0)
+(typeattribute hal_bootctl_server)
+(typeattribute hal_broadcastradio)
+(typeattribute hal_broadcastradio_client)
+(typeattribute hal_broadcastradio_hwservice_29_0)
+(typeattribute hal_broadcastradio_server)
+(typeattribute hal_bufferhub)
+(typeattribute hal_bufferhub_client)
+(typeattribute hal_bufferhub_server)
+(typeattribute hal_camera)
+(typeattribute hal_camera_client)
+(typeattribute hal_camera_hwservice_29_0)
+(typeattribute hal_camera_server)
+(typeattribute hal_cas)
+(typeattribute hal_cas_client)
+(typeattribute hal_cas_hwservice_29_0)
+(typeattribute hal_cas_server)
+(typeattribute hal_codec2_hwservice_29_0)
+(typeattribute hal_configstore)
+(typeattribute hal_configstore_ISurfaceFlingerConfigs_29_0)
+(typeattribute hal_configstore_client)
+(typeattribute hal_configstore_server)
+(typeattribute hal_confirmationui)
+(typeattribute hal_confirmationui_client)
+(typeattribute hal_confirmationui_hwservice_29_0)
+(typeattribute hal_confirmationui_server)
+(typeattribute hal_contexthub)
+(typeattribute hal_contexthub_client)
+(typeattribute hal_contexthub_hwservice_29_0)
+(typeattribute hal_contexthub_server)
+(typeattribute hal_drm)
+(typeattribute hal_drm_client)
+(typeattribute hal_drm_hwservice_29_0)
+(typeattribute hal_drm_server)
+(typeattribute hal_dumpstate)
+(typeattribute hal_dumpstate_client)
+(typeattribute hal_dumpstate_hwservice_29_0)
+(typeattribute hal_dumpstate_server)
+(typeattribute hal_evs)
+(typeattribute hal_evs_client)
+(typeattribute hal_evs_hwservice_29_0)
+(typeattribute hal_evs_server)
+(typeattribute hal_face)
+(typeattribute hal_face_client)
+(typeattribute hal_face_hwservice_29_0)
+(typeattribute hal_face_server)
+(typeattribute hal_fingerprint)
+(typeattribute hal_fingerprint_client)
+(typeattribute hal_fingerprint_hwservice_29_0)
+(typeattribute hal_fingerprint_server)
+(typeattribute hal_fingerprint_service_29_0)
+(typeattribute hal_gatekeeper)
+(typeattribute hal_gatekeeper_client)
+(typeattribute hal_gatekeeper_hwservice_29_0)
+(typeattribute hal_gatekeeper_server)
+(typeattribute hal_gnss)
+(typeattribute hal_gnss_client)
+(typeattribute hal_gnss_hwservice_29_0)
+(typeattribute hal_gnss_server)
+(typeattribute hal_graphics_allocator)
+(typeattribute hal_graphics_allocator_client)
+(typeattribute hal_graphics_allocator_hwservice_29_0)
+(typeattribute hal_graphics_allocator_server)
+(typeattribute hal_graphics_composer)
+(typeattribute hal_graphics_composer_client)
+(typeattribute hal_graphics_composer_client_tmpfs)
+(typeattribute hal_graphics_composer_hwservice_29_0)
+(typeattribute hal_graphics_composer_server)
+(typeattribute hal_graphics_composer_server_tmpfs_29_0)
+(typeattribute hal_graphics_mapper_hwservice_29_0)
+(typeattribute hal_health)
+(typeattribute hal_health_client)
+(typeattribute hal_health_hwservice_29_0)
+(typeattribute hal_health_server)
+(typeattribute hal_health_storage)
+(typeattribute hal_health_storage_client)
+(typeattribute hal_health_storage_hwservice_29_0)
+(typeattribute hal_health_storage_server)
+(typeattribute hal_input_classifier)
+(typeattribute hal_input_classifier_client)
+(typeattribute hal_input_classifier_hwservice_29_0)
+(typeattribute hal_input_classifier_server)
+(typeattribute hal_ir)
+(typeattribute hal_ir_client)
+(typeattribute hal_ir_hwservice_29_0)
+(typeattribute hal_ir_server)
+(typeattribute hal_keymaster)
+(typeattribute hal_keymaster_client)
+(typeattribute hal_keymaster_hwservice_29_0)
+(typeattribute hal_keymaster_server)
+(typeattribute hal_light)
+(typeattribute hal_light_client)
+(typeattribute hal_light_hwservice_29_0)
+(typeattribute hal_light_server)
+(typeattribute hal_lowpan)
+(typeattribute hal_lowpan_client)
+(typeattribute hal_lowpan_hwservice_29_0)
+(typeattribute hal_lowpan_server)
+(typeattribute hal_memtrack)
+(typeattribute hal_memtrack_client)
+(typeattribute hal_memtrack_hwservice_29_0)
+(typeattribute hal_memtrack_server)
+(typeattribute hal_neuralnetworks)
+(typeattribute hal_neuralnetworks_client)
+(typeattribute hal_neuralnetworks_hwservice_29_0)
+(typeattribute hal_neuralnetworks_server)
+(typeattribute hal_nfc)
+(typeattribute hal_nfc_client)
+(typeattribute hal_nfc_hwservice_29_0)
+(typeattribute hal_nfc_server)
+(typeattribute hal_oemlock)
+(typeattribute hal_oemlock_client)
+(typeattribute hal_oemlock_hwservice_29_0)
+(typeattribute hal_oemlock_server)
+(typeattribute hal_omx)
+(typeattribute hal_omx_client)
+(typeattribute hal_omx_hwservice_29_0)
+(typeattribute hal_omx_server)
+(typeattribute hal_power)
+(typeattribute hal_power_client)
+(typeattribute hal_power_hwservice_29_0)
+(typeattribute hal_power_server)
+(typeattribute hal_power_stats)
+(typeattribute hal_power_stats_client)
+(typeattribute hal_power_stats_hwservice_29_0)
+(typeattribute hal_power_stats_server)
+(typeattribute hal_renderscript_hwservice_29_0)
+(typeattribute hal_secure_element)
+(typeattribute hal_secure_element_client)
+(typeattribute hal_secure_element_hwservice_29_0)
+(typeattribute hal_secure_element_server)
+(typeattribute hal_sensors)
+(typeattribute hal_sensors_client)
+(typeattribute hal_sensors_hwservice_29_0)
+(typeattribute hal_sensors_server)
+(typeattribute hal_telephony)
+(typeattribute hal_telephony_client)
+(typeattribute hal_telephony_hwservice_29_0)
+(typeattribute hal_telephony_server)
+(typeattribute hal_tetheroffload)
+(typeattribute hal_tetheroffload_client)
+(typeattribute hal_tetheroffload_hwservice_29_0)
+(typeattribute hal_tetheroffload_server)
+(typeattribute hal_thermal)
+(typeattribute hal_thermal_client)
+(typeattribute hal_thermal_hwservice_29_0)
+(typeattribute hal_thermal_server)
+(typeattribute hal_tv_cec)
+(typeattribute hal_tv_cec_client)
+(typeattribute hal_tv_cec_hwservice_29_0)
+(typeattribute hal_tv_cec_server)
+(typeattribute hal_tv_input)
+(typeattribute hal_tv_input_client)
+(typeattribute hal_tv_input_hwservice_29_0)
+(typeattribute hal_tv_input_server)
+(typeattribute hal_usb)
+(typeattribute hal_usb_client)
+(typeattribute hal_usb_gadget)
+(typeattribute hal_usb_gadget_client)
+(typeattribute hal_usb_gadget_hwservice_29_0)
+(typeattribute hal_usb_gadget_server)
+(typeattribute hal_usb_hwservice_29_0)
+(typeattribute hal_usb_server)
+(typeattribute hal_vehicle)
+(typeattribute hal_vehicle_client)
+(typeattribute hal_vehicle_hwservice_29_0)
+(typeattribute hal_vehicle_server)
+(typeattribute hal_vibrator)
+(typeattribute hal_vibrator_client)
+(typeattribute hal_vibrator_hwservice_29_0)
+(typeattribute hal_vibrator_server)
+(typeattribute hal_vr)
+(typeattribute hal_vr_client)
+(typeattribute hal_vr_hwservice_29_0)
+(typeattribute hal_vr_server)
+(typeattribute hal_weaver)
+(typeattribute hal_weaver_client)
+(typeattribute hal_weaver_hwservice_29_0)
+(typeattribute hal_weaver_server)
+(typeattribute hal_wifi)
+(typeattribute hal_wifi_client)
+(typeattribute hal_wifi_hostapd)
+(typeattribute hal_wifi_hostapd_client)
+(typeattribute hal_wifi_hostapd_hwservice_29_0)
+(typeattribute hal_wifi_hostapd_server)
+(typeattribute hal_wifi_hwservice_29_0)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_hwservice_29_0)
+(typeattribute hal_wifi_offload_server)
+(typeattribute hal_wifi_server)
+(typeattribute hal_wifi_supplicant)
+(typeattribute hal_wifi_supplicant_client)
+(typeattribute hal_wifi_supplicant_hwservice_29_0)
+(typeattribute hal_wifi_supplicant_server)
+(typeattribute halclientdomain)
+(typeattribute halserverdomain)
+(typeattribute hardware_properties_service_29_0)
+(typeattribute hardware_service_29_0)
+(typeattribute hci_attach_dev_29_0)
+(typeattribute hdmi_control_service_29_0)
+(typeattribute healthd_29_0)
+(typeattribute healthd_exec_29_0)
+(typeattribute heapdump_data_file_29_0)
+(typeattribute heapprofd_29_0)
+(typeattribute heapprofd_enabled_prop_29_0)
+(typeattribute heapprofd_prop_29_0)
+(typeattribute heapprofd_socket_29_0)
+(typeattribute hidl_allocator_hwservice_29_0)
+(typeattribute hidl_base_hwservice_29_0)
+(typeattribute hidl_manager_hwservice_29_0)
+(typeattribute hidl_memory_hwservice_29_0)
+(typeattribute hidl_token_hwservice_29_0)
+(typeattribute hw_random_device_29_0)
+(typeattribute hwbinder_device_29_0)
+(typeattribute hwservice_contexts_file_29_0)
+(typeattribute hwservice_manager_type)
+(typeattribute hwservicemanager_29_0)
+(typeattribute hwservicemanager_exec_29_0)
+(typeattribute hwservicemanager_prop_29_0)
+(typeattribute icon_file_29_0)
+(typeattribute idmap_29_0)
+(typeattribute idmap_exec_29_0)
+(typeattribute idmap_service_29_0)
+(typeattribute iio_device_29_0)
+(typeattribute imms_service_29_0)
+(typeattribute incident_29_0)
+(typeattribute incident_data_file_29_0)
+(typeattribute incident_helper_29_0)
+(typeattribute incident_service_29_0)
+(typeattribute incidentd_29_0)
+(typeattribute init_29_0)
+(typeattribute init_exec_29_0)
+(typeattribute init_tmpfs_29_0)
+(typeattribute inotify_29_0)
+(typeattribute input_device_29_0)
+(typeattribute input_method_service_29_0)
+(typeattribute input_service_29_0)
+(typeattribute inputflinger_29_0)
+(typeattribute inputflinger_exec_29_0)
+(typeattribute inputflinger_service_29_0)
+(typeattribute install_data_file_29_0)
+(typeattribute install_recovery_29_0)
+(typeattribute install_recovery_exec_29_0)
+(typeattribute installd_29_0)
+(typeattribute installd_exec_29_0)
+(typeattribute installd_service_29_0)
+(typeattribute ion_device_29_0)
+(typeattribute iorapd_29_0)
+(typeattribute iorapd_data_file_29_0)
+(typeattribute iorapd_exec_29_0)
+(typeattribute iorapd_service_29_0)
+(typeattribute iorapd_tmpfs_29_0)
+(typeattribute ipsec_service_29_0)
+(typeattribute iris_service_29_0)
+(typeattribute iris_vendor_data_file_29_0)
+(typeattribute isolated_app_29_0)
+(typeattribute jobscheduler_service_29_0)
+(typeattribute kernel_29_0)
+(typeattribute keychain_data_file_29_0)
+(typeattribute keychord_device_29_0)
+(typeattribute keystore_29_0)
+(typeattribute keystore_data_file_29_0)
+(typeattribute keystore_exec_29_0)
+(typeattribute keystore_service_29_0)
+(typeattribute kmsg_debug_device_29_0)
+(typeattribute kmsg_device_29_0)
+(typeattribute labeledfs_29_0)
+(typeattribute last_boot_reason_prop_29_0)
+(typeattribute launcherapps_service_29_0)
+(typeattribute llkd_29_0)
+(typeattribute llkd_exec_29_0)
+(typeattribute llkd_prop_29_0)
+(typeattribute lmkd_29_0)
+(typeattribute lmkd_exec_29_0)
+(typeattribute lmkd_socket_29_0)
+(typeattribute location_service_29_0)
+(typeattribute lock_settings_service_29_0)
+(typeattribute log_prop_29_0)
+(typeattribute log_property_type)
+(typeattribute log_tag_prop_29_0)
+(typeattribute logcat_exec_29_0)
+(typeattribute logd_29_0)
+(typeattribute logd_exec_29_0)
+(typeattribute logd_prop_29_0)
+(typeattribute logd_socket_29_0)
+(typeattribute logdr_socket_29_0)
+(typeattribute logdw_socket_29_0)
+(typeattribute logpersist_29_0)
+(typeattribute logpersistd_logging_prop_29_0)
+(typeattribute loop_control_device_29_0)
+(typeattribute loop_device_29_0)
+(typeattribute looper_stats_service_29_0)
+(typeattribute lowpan_device_29_0)
+(typeattribute lowpan_prop_29_0)
+(typeattribute lowpan_service_29_0)
+(typeattribute lpdump_service_29_0)
+(typeattribute lpdumpd_prop_29_0)
+(typeattribute mac_perms_file_29_0)
+(typeattribute mdns_socket_29_0)
+(typeattribute mdnsd_29_0)
+(typeattribute mdnsd_socket_29_0)
+(typeattribute media_data_file_29_0)
+(typeattribute media_projection_service_29_0)
+(typeattribute media_router_service_29_0)
+(typeattribute media_rw_data_file_29_0)
+(typeattribute media_session_service_29_0)
+(typeattribute mediacodec_service_29_0)
+(typeattribute mediadrmserver_29_0)
+(typeattribute mediadrmserver_exec_29_0)
+(typeattribute mediadrmserver_service_29_0)
+(typeattribute mediaextractor_29_0)
+(typeattribute mediaextractor_exec_29_0)
+(typeattribute mediaextractor_service_29_0)
+(typeattribute mediaextractor_tmpfs_29_0)
+(typeattribute mediametrics_29_0)
+(typeattribute mediametrics_exec_29_0)
+(typeattribute mediametrics_service_29_0)
+(typeattribute mediaprovider_29_0)
+(typeattribute mediaserver_29_0)
+(typeattribute mediaserver_exec_29_0)
+(typeattribute mediaserver_service_29_0)
+(typeattribute mediaserver_tmpfs_29_0)
+(typeattribute mediaswcodec_29_0)
+(typeattribute mediaswcodec_exec_29_0)
+(typeattribute mediaswcodec_server)
+(typeattribute meminfo_service_29_0)
+(typeattribute metadata_block_device_29_0)
+(typeattribute metadata_file_29_0)
+(typeattribute method_trace_data_file_29_0)
+(typeattribute midi_service_29_0)
+(typeattribute misc_block_device_29_0)
+(typeattribute misc_logd_file_29_0)
+(typeattribute misc_user_data_file_29_0)
+(typeattribute mlstrustedobject)
+(typeattribute mlstrustedsubject)
+(typeattribute mmc_prop_29_0)
+(typeattribute mnt_expand_file_29_0)
+(typeattribute mnt_media_rw_file_29_0)
+(typeattribute mnt_media_rw_stub_file_29_0)
+(typeattribute mnt_product_file_29_0)
+(typeattribute mnt_user_file_29_0)
+(typeattribute mnt_vendor_file_29_0)
+(typeattribute modprobe_29_0)
+(typeattribute mount_service_29_0)
+(typeattribute mqueue_29_0)
+(typeattribute mtp_29_0)
+(typeattribute mtp_device_29_0)
+(typeattribute mtp_exec_29_0)
+(typeattribute mtpd_socket_29_0)
+(typeattribute nativetest_data_file_29_0)
+(typeattribute net_data_file_29_0)
+(typeattribute net_dns_prop_29_0)
+(typeattribute net_radio_prop_29_0)
+(typeattribute netd_29_0)
+(typeattribute netd_exec_29_0)
+(typeattribute netd_listener_service_29_0)
+(typeattribute netd_service_29_0)
+(typeattribute netd_stable_secret_prop_29_0)
+(typeattribute netdomain)
+(typeattribute netif_29_0)
+(typeattribute netif_type)
+(typeattribute netpolicy_service_29_0)
+(typeattribute netstats_service_29_0)
+(typeattribute netutils_wrapper_29_0)
+(typeattribute netutils_wrapper_exec_29_0)
+(typeattribute network_management_service_29_0)
+(typeattribute network_score_service_29_0)
+(typeattribute network_stack_29_0)
+(typeattribute network_stack_service_29_0)
+(typeattribute network_time_update_service_29_0)
+(typeattribute network_watchlist_data_file_29_0)
+(typeattribute network_watchlist_service_29_0)
+(typeattribute nfc_29_0)
+(typeattribute nfc_data_file_29_0)
+(typeattribute nfc_device_29_0)
+(typeattribute nfc_prop_29_0)
+(typeattribute nfc_service_29_0)
+(typeattribute nnapi_ext_deny_product_prop_29_0)
+(typeattribute node_29_0)
+(typeattribute node_type)
+(typeattribute nonplat_service_contexts_file_29_0)
+(typeattribute notification_service_29_0)
+(typeattribute null_device_29_0)
+(typeattribute oem_lock_service_29_0)
+(typeattribute oemfs_29_0)
+(typeattribute ota_data_file_29_0)
+(typeattribute ota_package_file_29_0)
+(typeattribute otadexopt_service_29_0)
+(typeattribute overlay_prop_29_0)
+(typeattribute overlay_service_29_0)
+(typeattribute overlayfs_file_29_0)
+(typeattribute owntty_device_29_0)
+(typeattribute package_native_service_29_0)
+(typeattribute package_service_29_0)
+(typeattribute packages_list_file_29_0)
+(typeattribute pan_result_prop_29_0)
+(typeattribute password_slot_metadata_file_29_0)
+(typeattribute pdx_bufferhub_client_channel_socket_29_0)
+(typeattribute pdx_bufferhub_client_channel_socket_type)
+(typeattribute pdx_bufferhub_client_endpoint_dir_type)
+(typeattribute pdx_bufferhub_client_endpoint_socket_29_0)
+(typeattribute pdx_bufferhub_client_endpoint_socket_type)
+(typeattribute pdx_bufferhub_client_server_type)
+(typeattribute pdx_bufferhub_dir_29_0)
+(typeattribute pdx_channel_socket_type)
+(typeattribute pdx_display_client_channel_socket_29_0)
+(typeattribute pdx_display_client_channel_socket_type)
+(typeattribute pdx_display_client_endpoint_dir_type)
+(typeattribute pdx_display_client_endpoint_socket_29_0)
+(typeattribute pdx_display_client_endpoint_socket_type)
+(typeattribute pdx_display_client_server_type)
+(typeattribute pdx_display_dir_29_0)
+(typeattribute pdx_display_manager_channel_socket_29_0)
+(typeattribute pdx_display_manager_channel_socket_type)
+(typeattribute pdx_display_manager_endpoint_dir_type)
+(typeattribute pdx_display_manager_endpoint_socket_29_0)
+(typeattribute pdx_display_manager_endpoint_socket_type)
+(typeattribute pdx_display_manager_server_type)
+(typeattribute pdx_display_screenshot_channel_socket_29_0)
+(typeattribute pdx_display_screenshot_channel_socket_type)
+(typeattribute pdx_display_screenshot_endpoint_dir_type)
+(typeattribute pdx_display_screenshot_endpoint_socket_29_0)
+(typeattribute pdx_display_screenshot_endpoint_socket_type)
+(typeattribute pdx_display_screenshot_server_type)
+(typeattribute pdx_display_vsync_channel_socket_29_0)
+(typeattribute pdx_display_vsync_channel_socket_type)
+(typeattribute pdx_display_vsync_endpoint_dir_type)
+(typeattribute pdx_display_vsync_endpoint_socket_29_0)
+(typeattribute pdx_display_vsync_endpoint_socket_type)
+(typeattribute pdx_display_vsync_server_type)
+(typeattribute pdx_endpoint_dir_type)
+(typeattribute pdx_endpoint_socket_type)
+(typeattribute pdx_performance_client_channel_socket_29_0)
+(typeattribute pdx_performance_client_channel_socket_type)
+(typeattribute pdx_performance_client_endpoint_dir_type)
+(typeattribute pdx_performance_client_endpoint_socket_29_0)
+(typeattribute pdx_performance_client_endpoint_socket_type)
+(typeattribute pdx_performance_client_server_type)
+(typeattribute pdx_performance_dir_29_0)
+(typeattribute perfetto_29_0)
+(typeattribute performanced_29_0)
+(typeattribute performanced_exec_29_0)
+(typeattribute perfprofd_29_0)
+(typeattribute perfprofd_data_file_29_0)
+(typeattribute perfprofd_exec_29_0)
+(typeattribute perfprofd_service_29_0)
+(typeattribute permission_service_29_0)
+(typeattribute permissionmgr_service_29_0)
+(typeattribute persist_debug_prop_29_0)
+(typeattribute persistent_data_block_service_29_0)
+(typeattribute persistent_properties_ready_prop_29_0)
+(typeattribute pinner_service_29_0)
+(typeattribute pipefs_29_0)
+(typeattribute platform_app_29_0)
+(typeattribute pm_prop_29_0)
+(typeattribute pmsg_device_29_0)
+(typeattribute port_29_0)
+(typeattribute port_device_29_0)
+(typeattribute port_type)
+(typeattribute postinstall_29_0)
+(typeattribute postinstall_apex_mnt_dir_29_0)
+(typeattribute postinstall_file_29_0)
+(typeattribute postinstall_mnt_dir_29_0)
+(typeattribute power_service_29_0)
+(typeattribute powerctl_prop_29_0)
+(typeattribute ppp_29_0)
+(typeattribute ppp_device_29_0)
+(typeattribute ppp_exec_29_0)
+(typeattribute preloads_data_file_29_0)
+(typeattribute preloads_media_file_29_0)
+(typeattribute print_service_29_0)
+(typeattribute priv_app_29_0)
+(typeattribute privapp_data_file_29_0)
+(typeattribute proc_29_0)
+(typeattribute proc_abi_29_0)
+(typeattribute proc_asound_29_0)
+(typeattribute proc_bluetooth_writable_29_0)
+(typeattribute proc_buddyinfo_29_0)
+(typeattribute proc_cmdline_29_0)
+(typeattribute proc_cpuinfo_29_0)
+(typeattribute proc_dirty_29_0)
+(typeattribute proc_diskstats_29_0)
+(typeattribute proc_drop_caches_29_0)
+(typeattribute proc_extra_free_kbytes_29_0)
+(typeattribute proc_filesystems_29_0)
+(typeattribute proc_fs_verity_29_0)
+(typeattribute proc_hostname_29_0)
+(typeattribute proc_hung_task_29_0)
+(typeattribute proc_interrupts_29_0)
+(typeattribute proc_iomem_29_0)
+(typeattribute proc_keys_29_0)
+(typeattribute proc_kmsg_29_0)
+(typeattribute proc_loadavg_29_0)
+(typeattribute proc_max_map_count_29_0)
+(typeattribute proc_meminfo_29_0)
+(typeattribute proc_min_free_order_shift_29_0)
+(typeattribute proc_misc_29_0)
+(typeattribute proc_modules_29_0)
+(typeattribute proc_mounts_29_0)
+(typeattribute proc_net_29_0)
+(typeattribute proc_net_tcp_udp_29_0)
+(typeattribute proc_net_type)
+(typeattribute proc_overcommit_memory_29_0)
+(typeattribute proc_page_cluster_29_0)
+(typeattribute proc_pagetypeinfo_29_0)
+(typeattribute proc_panic_29_0)
+(typeattribute proc_perf_29_0)
+(typeattribute proc_pid_max_29_0)
+(typeattribute proc_pipe_conf_29_0)
+(typeattribute proc_pressure_cpu_29_0)
+(typeattribute proc_pressure_io_29_0)
+(typeattribute proc_pressure_mem_29_0)
+(typeattribute proc_qtaguid_ctrl_29_0)
+(typeattribute proc_qtaguid_stat_29_0)
+(typeattribute proc_random_29_0)
+(typeattribute proc_sched_29_0)
+(typeattribute proc_security_29_0)
+(typeattribute proc_slabinfo_29_0)
+(typeattribute proc_stat_29_0)
+(typeattribute proc_swaps_29_0)
+(typeattribute proc_sysrq_29_0)
+(typeattribute proc_timer_29_0)
+(typeattribute proc_tty_drivers_29_0)
+(typeattribute proc_type)
+(typeattribute proc_uid_concurrent_active_time_29_0)
+(typeattribute proc_uid_concurrent_policy_time_29_0)
+(typeattribute proc_uid_cpupower_29_0)
+(typeattribute proc_uid_cputime_removeuid_29_0)
+(typeattribute proc_uid_cputime_showstat_29_0)
+(typeattribute proc_uid_io_stats_29_0)
+(typeattribute proc_uid_procstat_set_29_0)
+(typeattribute proc_uid_time_in_state_29_0)
+(typeattribute proc_uptime_29_0)
+(typeattribute proc_version_29_0)
+(typeattribute proc_vmallocinfo_29_0)
+(typeattribute proc_vmstat_29_0)
+(typeattribute proc_zoneinfo_29_0)
+(typeattribute processinfo_service_29_0)
+(typeattribute procstats_service_29_0)
+(typeattribute profman_29_0)
+(typeattribute profman_dump_data_file_29_0)
+(typeattribute profman_exec_29_0)
+(typeattribute properties_device_29_0)
+(typeattribute properties_serial_29_0)
+(typeattribute property_contexts_file_29_0)
+(typeattribute property_data_file_29_0)
+(typeattribute property_info_29_0)
+(typeattribute property_socket_29_0)
+(typeattribute property_type)
+(typeattribute pstorefs_29_0)
+(typeattribute ptmx_device_29_0)
+(typeattribute qtaguid_device_29_0)
+(typeattribute racoon_29_0)
+(typeattribute racoon_exec_29_0)
+(typeattribute racoon_socket_29_0)
+(typeattribute radio_29_0)
+(typeattribute radio_data_file_29_0)
+(typeattribute radio_device_29_0)
+(typeattribute radio_prop_29_0)
+(typeattribute radio_service_29_0)
+(typeattribute ram_device_29_0)
+(typeattribute random_device_29_0)
+(typeattribute recovery_29_0)
+(typeattribute recovery_block_device_29_0)
+(typeattribute recovery_data_file_29_0)
+(typeattribute recovery_persist_29_0)
+(typeattribute recovery_persist_exec_29_0)
+(typeattribute recovery_refresh_29_0)
+(typeattribute recovery_refresh_exec_29_0)
+(typeattribute recovery_service_29_0)
+(typeattribute recovery_socket_29_0)
+(typeattribute registry_service_29_0)
+(typeattribute resourcecache_data_file_29_0)
+(typeattribute restorecon_prop_29_0)
+(typeattribute restrictions_service_29_0)
+(typeattribute rild_debug_socket_29_0)
+(typeattribute rild_socket_29_0)
+(typeattribute ringtone_file_29_0)
+(typeattribute role_service_29_0)
+(typeattribute rollback_service_29_0)
+(typeattribute root_block_device_29_0)
+(typeattribute rootfs_29_0)
+(typeattribute rpmsg_device_29_0)
+(typeattribute rs_29_0)
+(typeattribute rs_exec_29_0)
+(typeattribute rss_hwm_reset_29_0)
+(typeattribute rtc_device_29_0)
+(typeattribute rttmanager_service_29_0)
+(typeattribute runas_29_0)
+(typeattribute runas_app_29_0)
+(typeattribute runas_exec_29_0)
+(typeattribute runtime_event_log_tags_file_29_0)
+(typeattribute runtime_service_29_0)
+(typeattribute safemode_prop_29_0)
+(typeattribute same_process_hal_file_29_0)
+(typeattribute same_process_hwservice)
+(typeattribute samplingprofiler_service_29_0)
+(typeattribute scheduler_service_server)
+(typeattribute scheduling_policy_service_29_0)
+(typeattribute sdcard_block_device_29_0)
+(typeattribute sdcard_type)
+(typeattribute sdcardd_29_0)
+(typeattribute sdcardd_exec_29_0)
+(typeattribute sdcardfs_29_0)
+(typeattribute seapp_contexts_file_29_0)
+(typeattribute search_service_29_0)
+(typeattribute sec_key_att_app_id_provider_service_29_0)
+(typeattribute secure_element_29_0)
+(typeattribute secure_element_device_29_0)
+(typeattribute secure_element_service_29_0)
+(typeattribute selinuxfs_29_0)
+(typeattribute sensor_privacy_service_29_0)
+(typeattribute sensor_service_server)
+(typeattribute sensors_device_29_0)
+(typeattribute sensorservice_service_29_0)
+(typeattribute sepolicy_file_29_0)
+(typeattribute serial_device_29_0)
+(typeattribute serial_service_29_0)
+(typeattribute serialno_prop_29_0)
+(typeattribute server_configurable_flags_data_file_29_0)
+(typeattribute service_contexts_file_29_0)
+(typeattribute service_manager_type)
+(typeattribute servicediscovery_service_29_0)
+(typeattribute servicemanager_29_0)
+(typeattribute servicemanager_exec_29_0)
+(typeattribute settings_service_29_0)
+(typeattribute sgdisk_29_0)
+(typeattribute sgdisk_exec_29_0)
+(typeattribute shared_relro_29_0)
+(typeattribute shared_relro_file_29_0)
+(typeattribute shell_29_0)
+(typeattribute shell_data_file_29_0)
+(typeattribute shell_exec_29_0)
+(typeattribute shell_prop_29_0)
+(typeattribute shm_29_0)
+(typeattribute shortcut_manager_icons_29_0)
+(typeattribute shortcut_service_29_0)
+(typeattribute simpleperf_app_runner_29_0)
+(typeattribute simpleperf_app_runner_exec_29_0)
+(typeattribute slice_service_29_0)
+(typeattribute slideshow_29_0)
+(typeattribute socket_between_core_and_vendor_violators)
+(typeattribute socket_device_29_0)
+(typeattribute sockfs_29_0)
+(typeattribute staging_data_file_29_0)
+(typeattribute stats_data_file_29_0)
+(typeattribute stats_service_server)
+(typeattribute statsd_29_0)
+(typeattribute statsd_exec_29_0)
+(typeattribute statsdw_socket_29_0)
+(typeattribute statusbar_service_29_0)
+(typeattribute storage_file_29_0)
+(typeattribute storage_stub_file_29_0)
+(typeattribute storaged_service_29_0)
+(typeattribute storagestats_service_29_0)
+(typeattribute su_29_0)
+(typeattribute su_exec_29_0)
+(typeattribute super_block_device_29_0)
+(typeattribute super_block_device_type)
+(typeattribute surfaceflinger_29_0)
+(typeattribute surfaceflinger_service_29_0)
+(typeattribute surfaceflinger_tmpfs_29_0)
+(typeattribute swap_block_device_29_0)
+(typeattribute sysfs_29_0)
+(typeattribute sysfs_android_usb_29_0)
+(typeattribute sysfs_batteryinfo_29_0)
+(typeattribute sysfs_bluetooth_writable_29_0)
+(typeattribute sysfs_devices_block_29_0)
+(typeattribute sysfs_devices_system_cpu_29_0)
+(typeattribute sysfs_dm_29_0)
+(typeattribute sysfs_dt_firmware_android_29_0)
+(typeattribute sysfs_extcon_29_0)
+(typeattribute sysfs_fs_ext4_features_29_0)
+(typeattribute sysfs_fs_f2fs_29_0)
+(typeattribute sysfs_hwrandom_29_0)
+(typeattribute sysfs_ipv4_29_0)
+(typeattribute sysfs_kernel_notes_29_0)
+(typeattribute sysfs_leds_29_0)
+(typeattribute sysfs_loop_29_0)
+(typeattribute sysfs_lowmemorykiller_29_0)
+(typeattribute sysfs_mac_address_29_0)
+(typeattribute sysfs_net_29_0)
+(typeattribute sysfs_nfc_power_writable_29_0)
+(typeattribute sysfs_power_29_0)
+(typeattribute sysfs_rtc_29_0)
+(typeattribute sysfs_switch_29_0)
+(typeattribute sysfs_thermal_29_0)
+(typeattribute sysfs_transparent_hugepage_29_0)
+(typeattribute sysfs_type)
+(typeattribute sysfs_uio_29_0)
+(typeattribute sysfs_usb_29_0)
+(typeattribute sysfs_usermodehelper_29_0)
+(typeattribute sysfs_vibrator_29_0)
+(typeattribute sysfs_wake_lock_29_0)
+(typeattribute sysfs_wakeup_reasons_29_0)
+(typeattribute sysfs_wlan_fwpath_29_0)
+(typeattribute sysfs_zram_29_0)
+(typeattribute sysfs_zram_uevent_29_0)
+(typeattribute system_api_service)
+(typeattribute system_app_29_0)
+(typeattribute system_app_data_file_29_0)
+(typeattribute system_app_service_29_0)
+(typeattribute system_asan_options_file_29_0)
+(typeattribute system_block_device_29_0)
+(typeattribute system_boot_reason_prop_29_0)
+(typeattribute system_bootstrap_lib_file_29_0)
+(typeattribute system_data_file_29_0)
+(typeattribute system_event_log_tags_file_29_0)
+(typeattribute system_executes_vendor_violators)
+(typeattribute system_file_29_0)
+(typeattribute system_file_type)
+(typeattribute system_lib_file_29_0)
+(typeattribute system_linker_config_file_29_0)
+(typeattribute system_linker_exec_29_0)
+(typeattribute system_lmk_prop_29_0)
+(typeattribute system_ndebug_socket_29_0)
+(typeattribute system_net_netd_hwservice_29_0)
+(typeattribute system_prop_29_0)
+(typeattribute system_radio_prop_29_0)
+(typeattribute system_seccomp_policy_file_29_0)
+(typeattribute system_security_cacerts_file_29_0)
+(typeattribute system_server_29_0)
+(typeattribute system_server_service)
+(typeattribute system_server_tmpfs_29_0)
+(typeattribute system_suspend_control_service_29_0)
+(typeattribute system_suspend_hwservice_29_0)
+(typeattribute system_suspend_server)
+(typeattribute system_trace_prop_29_0)
+(typeattribute system_update_service_29_0)
+(typeattribute system_wifi_keystore_hwservice_29_0)
+(typeattribute system_wpa_socket_29_0)
+(typeattribute system_writes_mnt_vendor_violators)
+(typeattribute system_writes_vendor_properties_violators)
+(typeattribute system_zoneinfo_file_29_0)
+(typeattribute systemkeys_data_file_29_0)
+(typeattribute task_profiles_file_29_0)
+(typeattribute task_service_29_0)
+(typeattribute tcpdump_exec_29_0)
+(typeattribute tee_29_0)
+(typeattribute tee_data_file_29_0)
+(typeattribute tee_device_29_0)
+(typeattribute telecom_service_29_0)
+(typeattribute test_boot_reason_prop_29_0)
+(typeattribute test_harness_prop_29_0)
+(typeattribute testharness_service_29_0)
+(typeattribute textclassification_service_29_0)
+(typeattribute textclassifier_data_file_29_0)
+(typeattribute textservices_service_29_0)
+(typeattribute thermal_service_29_0)
+(typeattribute thermalcallback_hwservice_29_0)
+(typeattribute time_prop_29_0)
+(typeattribute timedetector_service_29_0)
+(typeattribute timezone_service_29_0)
+(typeattribute tmpfs_29_0)
+(typeattribute tombstone_data_file_29_0)
+(typeattribute tombstone_wifi_data_file_29_0)
+(typeattribute tombstoned_29_0)
+(typeattribute tombstoned_crash_socket_29_0)
+(typeattribute tombstoned_exec_29_0)
+(typeattribute tombstoned_intercept_socket_29_0)
+(typeattribute tombstoned_java_trace_socket_29_0)
+(typeattribute toolbox_29_0)
+(typeattribute toolbox_exec_29_0)
+(typeattribute trace_data_file_29_0)
+(typeattribute traced_29_0)
+(typeattribute traced_consumer_socket_29_0)
+(typeattribute traced_enabled_prop_29_0)
+(typeattribute traced_lazy_prop_29_0)
+(typeattribute traced_probes_29_0)
+(typeattribute traced_producer_socket_29_0)
+(typeattribute traceur_app_29_0)
+(typeattribute trust_service_29_0)
+(typeattribute tty_device_29_0)
+(typeattribute tun_device_29_0)
+(typeattribute tv_input_service_29_0)
+(typeattribute tzdatacheck_29_0)
+(typeattribute tzdatacheck_exec_29_0)
+(typeattribute ueventd_29_0)
+(typeattribute ueventd_tmpfs_29_0)
+(typeattribute uhid_device_29_0)
+(typeattribute uimode_service_29_0)
+(typeattribute uio_device_29_0)
+(typeattribute uncrypt_29_0)
+(typeattribute uncrypt_exec_29_0)
+(typeattribute uncrypt_socket_29_0)
+(typeattribute unencrypted_data_file_29_0)
+(typeattribute unlabeled_29_0)
+(typeattribute untrusted_app_25_29_0)
+(typeattribute untrusted_app_27_29_0)
+(typeattribute untrusted_app_29_0)
+(typeattribute untrusted_app_all)
+(typeattribute untrusted_app_visible_halserver_violators)
+(typeattribute untrusted_app_visible_hwservice_violators)
+(typeattribute update_engine_29_0)
+(typeattribute update_engine_common)
+(typeattribute update_engine_data_file_29_0)
+(typeattribute update_engine_exec_29_0)
+(typeattribute update_engine_log_data_file_29_0)
+(typeattribute update_engine_service_29_0)
+(typeattribute update_verifier_29_0)
+(typeattribute update_verifier_exec_29_0)
+(typeattribute updatelock_service_29_0)
+(typeattribute uri_grants_service_29_0)
+(typeattribute usagestats_service_29_0)
+(typeattribute usb_device_29_0)
+(typeattribute usb_service_29_0)
+(typeattribute usbaccessory_device_29_0)
+(typeattribute usbd_29_0)
+(typeattribute usbd_exec_29_0)
+(typeattribute usbfs_29_0)
+(typeattribute use_memfd_prop_29_0)
+(typeattribute user_profile_data_file_29_0)
+(typeattribute user_service_29_0)
+(typeattribute userdata_block_device_29_0)
+(typeattribute usermodehelper_29_0)
+(typeattribute vdc_29_0)
+(typeattribute vdc_exec_29_0)
+(typeattribute vendor_app_file_29_0)
+(typeattribute vendor_cgroup_desc_file_29_0)
+(typeattribute vendor_configs_file_29_0)
+(typeattribute vendor_data_file_29_0)
+(typeattribute vendor_default_prop_29_0)
+(typeattribute vendor_executes_system_violators)
+(typeattribute vendor_file_29_0)
+(typeattribute vendor_file_type)
+(typeattribute vendor_framework_file_29_0)
+(typeattribute vendor_hal_file_29_0)
+(typeattribute vendor_idc_file_29_0)
+(typeattribute vendor_init_29_0)
+(typeattribute vendor_keychars_file_29_0)
+(typeattribute vendor_keylayout_file_29_0)
+(typeattribute vendor_overlay_file_29_0)
+(typeattribute vendor_public_lib_file_29_0)
+(typeattribute vendor_security_patch_level_prop_29_0)
+(typeattribute vendor_shell_29_0)
+(typeattribute vendor_shell_exec_29_0)
+(typeattribute vendor_task_profiles_file_29_0)
+(typeattribute vendor_toolbox_exec_29_0)
+(typeattribute vfat_29_0)
+(typeattribute vibrator_service_29_0)
+(typeattribute video_device_29_0)
+(typeattribute virtual_touchpad_29_0)
+(typeattribute virtual_touchpad_exec_29_0)
+(typeattribute virtual_touchpad_service_29_0)
+(typeattribute vndbinder_device_29_0)
+(typeattribute vndk_sp_file_29_0)
+(typeattribute vndservice_contexts_file_29_0)
+(typeattribute vndservice_manager_type)
+(typeattribute vndservicemanager_29_0)
+(typeattribute voiceinteraction_service_29_0)
+(typeattribute vold_29_0)
+(typeattribute vold_data_file_29_0)
+(typeattribute vold_device_29_0)
+(typeattribute vold_exec_29_0)
+(typeattribute vold_metadata_file_29_0)
+(typeattribute vold_prepare_subdirs_29_0)
+(typeattribute vold_prepare_subdirs_exec_29_0)
+(typeattribute vold_prop_29_0)
+(typeattribute vold_service_29_0)
+(typeattribute vpn_data_file_29_0)
+(typeattribute vr_hwc_29_0)
+(typeattribute vr_hwc_exec_29_0)
+(typeattribute vr_hwc_service_29_0)
+(typeattribute vr_manager_service_29_0)
+(typeattribute vrflinger_vsync_service_29_0)
+(typeattribute wallpaper_file_29_0)
+(typeattribute wallpaper_service_29_0)
+(typeattribute watchdog_device_29_0)
+(typeattribute watchdogd_29_0)
+(typeattribute watchdogd_exec_29_0)
+(typeattribute webview_zygote_29_0)
+(typeattribute webview_zygote_exec_29_0)
+(typeattribute webview_zygote_tmpfs_29_0)
+(typeattribute webviewupdate_service_29_0)
+(typeattribute wifi_data_file_29_0)
+(typeattribute wifi_keystore_service_server)
+(typeattribute wifi_log_prop_29_0)
+(typeattribute wifi_prop_29_0)
+(typeattribute wifi_service_29_0)
+(typeattribute wifiaware_service_29_0)
+(typeattribute wificond_29_0)
+(typeattribute wificond_exec_29_0)
+(typeattribute wificond_service_29_0)
+(typeattribute wifip2p_service_29_0)
+(typeattribute wifiscanner_service_29_0)
+(typeattribute window_service_29_0)
+(typeattribute wpa_socket_29_0)
+(typeattribute wpantund_29_0)
+(typeattribute wpantund_exec_29_0)
+(typeattribute wpantund_service_29_0)
+(typeattribute zero_device_29_0)
+(typeattribute zoneinfo_data_file_29_0)
+(typeattribute zygote_29_0)
+(typeattribute zygote_exec_29_0)
+(typeattribute zygote_socket_29_0)
+(typeattribute zygote_tmpfs_29_0)
diff --git a/prebuilts/api/29.0/private/adbd.te b/prebuilts/api/29.0/private/adbd.te
index 2fa4af6..ec5c57e 100644
--- a/prebuilts/api/29.0/private/adbd.te
+++ b/prebuilts/api/29.0/private/adbd.te
@@ -23,6 +23,10 @@
unix_socket_connect(adbd, recovery, recovery)
')
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
diff --git a/prebuilts/api/29.0/private/atrace.te b/prebuilts/api/29.0/private/atrace.te
index 75be787..0cdd35a 100644
--- a/prebuilts/api/29.0/private/atrace.te
+++ b/prebuilts/api/29.0/private/atrace.te
@@ -24,7 +24,16 @@
# atrace pokes all the binder-enabled processes at startup with a
# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
-# Allow discovery of binder services.
+binder_use(atrace)
+allow atrace healthd:binder call;
+allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+
+get_prop(atrace, hwservicemanager_prop)
+
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
allow atrace {
service_manager_type
-apex_service
@@ -40,33 +49,6 @@
}:service_manager { find };
allow atrace servicemanager:service_manager list;
-# Allow notifying the processes hosting specific binder services that
-# trace-related system properties have changed.
-binder_use(atrace)
-allow atrace healthd:binder call;
-allow atrace surfaceflinger:binder call;
-allow atrace system_server:binder call;
-allow atrace cameraserver:binder call;
-
-# Similarly, on debug builds, allow specific HALs to be notified that
-# trace-related system properties have changed.
-userdebug_or_eng(`
- # List HAL interfaces.
- allow atrace hwservicemanager:hwservice_manager list;
- # Notify the camera HAL.
- hal_client_domain(atrace, hal_camera)
-')
-
-# Remove logspam from notification attempts to non-whitelisted services.
-dontaudit atrace hwservice_manager_type:hwservice_manager find;
-dontaudit atrace service_manager_type:service_manager find;
-dontaudit atrace domain:binder call;
-
-# atrace can call atrace HAL
-hal_client_domain(atrace, hal_atrace)
-
-get_prop(atrace, hwservicemanager_prop)
-
userdebug_or_eng(`
# atrace is generally invoked as a standalone binary from shell or perf
# daemons like Perfetto traced_probes. However, in userdebug builds, there is
diff --git a/prebuilts/api/29.0/private/compat/26.0/26.0.cil b/prebuilts/api/29.0/private/compat/26.0/26.0.cil
index 3b3dae1..60f42b9 100644
--- a/prebuilts/api/29.0/private/compat/26.0/26.0.cil
+++ b/prebuilts/api/29.0/private/compat/26.0/26.0.cil
@@ -336,6 +336,7 @@
(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
(typeattributeset mdns_socket_26_0 (mdns_socket))
(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset hal_omx_server (mediacodec_26_0))
(typeattributeset mediacodec_26_0 (mediacodec))
(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
(typeattributeset mediacodec_service_26_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/27.0/27.0.cil b/prebuilts/api/29.0/private/compat/27.0/27.0.cil
index 365d791..8c8f82f 100644
--- a/prebuilts/api/29.0/private/compat/27.0/27.0.cil
+++ b/prebuilts/api/29.0/private/compat/27.0/27.0.cil
@@ -1047,6 +1047,7 @@
(typeattributeset mdnsd_27_0 (mdnsd))
(typeattributeset mdnsd_socket_27_0 (mdnsd_socket))
(typeattributeset mdns_socket_27_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_27_0))
(typeattributeset mediacodec_27_0 (mediacodec))
(typeattributeset mediacodec_exec_27_0 (mediacodec_exec))
(typeattributeset mediacodec_service_27_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.cil
index 305cb3a..338cbd0 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.cil
@@ -1242,6 +1242,7 @@
(typeattributeset mdnsd_28_0 (mdnsd))
(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_28_0))
(typeattributeset mediacodec_28_0 (mediacodec))
(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
(typeattributeset mediacodec_service_28_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
index 98c4b9c..ed3671f 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
@@ -49,6 +49,7 @@
dynamic_system_prop
face_service
face_vendor_data_file
+ sota_prop
fastbootd
flags_health_check
flags_health_check_exec
diff --git a/prebuilts/api/29.0/private/dexoptanalyzer.te b/prebuilts/api/29.0/private/dexoptanalyzer.te
index 59554c8..2c0e1a4 100644
--- a/prebuilts/api/29.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/29.0/private/dexoptanalyzer.te
@@ -22,7 +22,7 @@
# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
-allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index 202d1b3..380d4a0 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -213,6 +213,7 @@
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -233,6 +234,8 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
@@ -255,6 +258,7 @@
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -275,6 +279,8 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
diff --git a/prebuilts/api/29.0/private/gpuservice.te b/prebuilts/api/29.0/private/gpuservice.te
index ebfff76..9e17d06 100644
--- a/prebuilts/api/29.0/private/gpuservice.te
+++ b/prebuilts/api/29.0/private/gpuservice.te
@@ -31,6 +31,10 @@
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/prebuilts/api/29.0/private/gsid.te b/prebuilts/api/29.0/private/gsid.te
index 1a35a4b..5dcf746 100644
--- a/prebuilts/api/29.0/private/gsid.te
+++ b/prebuilts/api/29.0/private/gsid.te
@@ -118,7 +118,6 @@
neverallow {
domain
-gsid
- -init
} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
neverallow {
diff --git a/prebuilts/api/29.0/private/incidentd.te b/prebuilts/api/29.0/private/incidentd.te
index 0c57f0f..b93f1b2 100644
--- a/prebuilts/api/29.0/private/incidentd.te
+++ b/prebuilts/api/29.0/private/incidentd.te
@@ -49,13 +49,6 @@
allow incidentd stats_service:service_manager find;
binder_call(incidentd, statsd)
-# section id 3026, allow reading /data/misc/perfetto-traces.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow incidentd perfetto_traces_data_file:dir r_dir_perms;
- allow incidentd perfetto_traces_data_file:file r_file_perms;
-');
-
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
@@ -154,14 +147,12 @@
### neverallow rules
###
-# only specific domains can find the incident service
-# TODO(b/134706389): remove "perfetto" when no longer used.
+# only dumpstate, system_server, system_app and incident command can find the incident service
neverallow {
domain
-dumpstate
-incident
-incidentd
- userdebug_or_eng(`-perfetto')
-priv_app
-statsd
-system_app
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
index 4bc1e2c..b2a1fb1 100644
--- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
+++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
@@ -10,6 +10,14 @@
allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
# TODO: This should not be necessary. We don't deliberately hand over
# any open file descriptors to this domain, so anything that triggers this
# should be a candidate for O_CLOEXEC.
diff --git a/prebuilts/api/29.0/private/perfetto.te b/prebuilts/api/29.0/private/perfetto.te
index 419c4b9..60a6250 100644
--- a/prebuilts/api/29.0/private/perfetto.te
+++ b/prebuilts/api/29.0/private/perfetto.te
@@ -37,19 +37,12 @@
allow perfetto adbd:fd use;
allow perfetto adbd:unix_stream_socket { read write };
-# Allow adbd to reap perfetto
+# allow adbd to reap perfetto
allow perfetto adbd:process { sigchld };
# Allow to access /dev/pts when launched in an adb shell.
allow perfetto devpts:chr_file rw_file_perms;
-# Allow perfetto to ask incidentd to start a report.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow perfetto incident_service:service_manager find;
- binder_call(perfetto, incidentd)
-');
-
###
### Neverallow rules
###
diff --git a/prebuilts/api/29.0/private/property_contexts b/prebuilts/api/29.0/private/property_contexts
index 8456fdb..cb81ba6 100644
--- a/prebuilts/api/29.0/private/property_contexts
+++ b/prebuilts/api/29.0/private/property_contexts
@@ -107,7 +107,6 @@
# ctl properties
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
-ctl.android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
@@ -136,6 +135,9 @@
ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
+# Restrict access to restart dumpstate
+ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
+
# NFC properties
nfc. u:object_r:nfc_prop:s0
diff --git a/prebuilts/api/29.0/private/statsd.te b/prebuilts/api/29.0/private/statsd.te
index 9d250bd..99548a0 100644
--- a/prebuilts/api/29.0/private/statsd.te
+++ b/prebuilts/api/29.0/private/statsd.te
@@ -18,6 +18,3 @@
# Allow incidentd to obtain the statsd incident section.
allow statsd incidentd:fifo_file write;
-
-# Allow StatsCompanionService to pipe data to statsd.
-allow statsd system_server:fifo_file { read getattr };
diff --git a/prebuilts/api/29.0/private/system_server.te b/prebuilts/api/29.0/private/system_server.te
index 5bec849..73891c9 100644
--- a/prebuilts/api/29.0/private/system_server.te
+++ b/prebuilts/api/29.0/private/system_server.te
@@ -283,6 +283,7 @@
hal_graphics_composer_server
hal_health_server
hal_omx_server
+ hal_power_stats_server
hal_sensors_server
hal_vr_server
}:process { signal };
@@ -846,6 +847,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
diff --git a/prebuilts/api/29.0/public/adbd.te b/prebuilts/api/29.0/public/adbd.te
index 68a176c..4a1f633 100644
--- a/prebuilts/api/29.0/public/adbd.te
+++ b/prebuilts/api/29.0/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/29.0/public/domain.te b/prebuilts/api/29.0/public/domain.te
index f348701..987bb9f 100644
--- a/prebuilts/api/29.0/public/domain.te
+++ b/prebuilts/api/29.0/public/domain.te
@@ -1154,7 +1154,6 @@
-system_server
-system_app
-init
- -toolbox # TODO(b/141108496) We want to remove toolbox
-installd # for relabelfrom and unlink, check for this in explicit neverallow
-vold_prepare_subdirs # For unlink
with_asan(`-asan_extract')
@@ -1408,3 +1407,4 @@
-hal_codec2_server
-hal_omx_server
} hal_codec2_hwservice:hwservice_manager add;
+
diff --git a/prebuilts/api/29.0/public/init.te b/prebuilts/api/29.0/public/init.te
index 6857ff9..2d52f59 100644
--- a/prebuilts/api/29.0/public/init.te
+++ b/prebuilts/api/29.0/public/init.te
@@ -46,8 +46,6 @@
userdata_block_device
}:{ blk_file lnk_file } relabelto;
-allow init super_block_device:lnk_file relabelto;
-
# setrlimit
allow init self:global_capability_class_set sys_resource;
@@ -167,6 +165,7 @@
file_type
-app_data_file
-exec_type
+ -gsi_data_file
-iorapd_data_file
-keystore_data_file
-misc_logd_file
@@ -364,6 +363,7 @@
sysfs_leds
sysfs_power
sysfs_fs_f2fs
+ sysfs_dm
}:file w_file_perms;
allow init {
diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te
index e166c00..4ccd8ac 100644
--- a/prebuilts/api/29.0/public/property.te
+++ b/prebuilts/api/29.0/public/property.te
@@ -1,6 +1,7 @@
type apexd_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_audio_hal_prop, property_type;
type bluetooth_prop, property_type;
@@ -44,6 +45,7 @@
type dumpstate_prop, property_type, core_property_type;
type dynamic_system_prop, property_type;
type exported_secure_prop, property_type;
+type sota_prop, property_type;
type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
@@ -360,6 +362,7 @@
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
+ -boottime_public_prop
-bpf_progs_loaded_prop
-config_prop
-cppreopt_prop
@@ -412,6 +415,7 @@
-exported_vold_prop
-exported_wifi_prop
-extended_core_property_type
+ -sota_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 803a959..865502e 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -11,11 +11,13 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -89,6 +92,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
@@ -111,7 +115,11 @@
ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
@@ -207,6 +215,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
@@ -392,5 +402,7 @@
ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
diff --git a/prebuilts/api/29.0/public/recovery.te b/prebuilts/api/29.0/public/recovery.te
index 2b77bc3..35964ef 100644
--- a/prebuilts/api/29.0/public/recovery.te
+++ b/prebuilts/api/29.0/public/recovery.te
@@ -138,10 +138,6 @@
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched;
-
- # These are needed to update dynamic partitions in recovery.
- r_dir_file(recovery, sysfs_dm)
- allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
')
###
diff --git a/prebuilts/api/29.0/public/service.te b/prebuilts/api/29.0/public/service.te
index 92f8a09..a2193d0 100644
--- a/prebuilts/api/29.0/public/service.te
+++ b/prebuilts/api/29.0/public/service.te
@@ -10,7 +10,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
diff --git a/prebuilts/api/29.0/public/toolbox.te b/prebuilts/api/29.0/public/toolbox.te
index fcf0ec3..19cc3b6 100644
--- a/prebuilts/api/29.0/public/toolbox.te
+++ b/prebuilts/api/29.0/public/toolbox.te
@@ -22,7 +22,3 @@
neverallow { domain -init } toolbox:process transition;
neverallow * toolbox:process dyntransition;
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
-
-# rm -rf directories in /data
-allow toolbox system_data_file:dir { rmdir rw_dir_perms };
-allow toolbox system_data_file:file { getattr unlink };
diff --git a/prebuilts/api/29.0/public/vendor_misc_writer.te b/prebuilts/api/29.0/public/vendor_misc_writer.te
index 7093fec..dee9941 100644
--- a/prebuilts/api/29.0/public/vendor_misc_writer.te
+++ b/prebuilts/api/29.0/public/vendor_misc_writer.te
@@ -6,6 +6,8 @@
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
allow vendor_misc_writer block_device:dir r_dir_perms;
-# Silence the denial when calling libfstab's ReadDefaultFstab.
+# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to
+# load DT fstab.
dontaudit vendor_misc_writer proc_cmdline:file read;
dontaudit vendor_misc_writer metadata_file:dir search;
+dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search;
diff --git a/prebuilts/api/29.0/vendor_sepolicy.cil b/prebuilts/api/29.0/vendor_sepolicy.cil
new file mode 100644
index 0000000..4a3aac3
--- /dev/null
+++ b/prebuilts/api/29.0/vendor_sepolicy.cil
@@ -0,0 +1 @@
+;; empty stub
diff --git a/prebuilts/api/30.0/private/access_vectors b/prebuilts/api/30.0/private/access_vectors
new file mode 100644
index 0000000..4144be8
--- /dev/null
+++ b/prebuilts/api/30.0/private/access_vectors
@@ -0,0 +1,741 @@
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ map
+ unlink
+ link
+ rename
+ execute
+ quotaon
+ mounton
+ audit_access
+ open
+ execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ map
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define a common for capability access vectors.
+#
+common cap
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Capabilities >= 32 are defined in the cap2 common.
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+ audit_write
+ audit_control
+ setfcap
+}
+
+common cap2
+{
+ mac_override # unused by SELinux
+ mac_admin
+ syslog
+ wake_alarm
+ block_suspend
+ audit_read
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ associate
+ quotamod
+ quotaget
+ watch
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+}
+
+class udp_socket
+inherits socket
+{
+ node_bind
+}
+
+class rawip_socket
+inherits socket
+{
+ node_bind
+}
+
+class node
+{
+ recvfrom
+ sendto
+}
+
+class netif
+{
+ ingress
+ egress
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+}
+
+class unix_dgram_socket
+inherits socket
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+ getattr
+ setexec
+ setfscreate
+ noatsecure
+ siginh
+ setrlimit
+ rlimitinh
+ dyntransition
+ setcurrent
+ execmem
+ execstack
+ execheap
+ setkeycreate
+ setsockcreate
+ getrlimit
+}
+
+class process2
+{
+ nnp_transition
+ nosuid_transition
+}
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ compute_create
+ compute_member
+ check_context
+ load_policy
+ compute_relabel
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
+ setsecparam
+ setcheckreqprot
+ read_policy
+ validate_trans
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ syslog_read
+ syslog_mod
+ syslog_console
+ module_request
+ module_load
+}
+
+#
+# Define the access vector interpretation for controlling capabilities
+#
+
+class capability
+inherits cap
+
+class capability2
+inherits cap2
+
+#
+# Extended Netlink classes
+#
+class netlink_route_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+ nlmsg_readpriv
+}
+
+class netlink_tcpdiag_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+
+class netlink_nflog_socket
+inherits socket
+
+class netlink_xfrm_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+
+class netlink_selinux_socket
+inherits socket
+
+class netlink_audit_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+ nlmsg_relay
+ nlmsg_readpriv
+ nlmsg_tty_audit
+}
+
+class netlink_dnrt_socket
+inherits socket
+
+# Define the access vector interpretation for controlling
+# access to IPSec network data by association
+#
+class association
+{
+ sendto
+ recvfrom
+ setcontext
+ polmatch
+}
+
+# Updated Netlink class for KOBJECT_UEVENT family.
+class netlink_kobject_uevent_socket
+inherits socket
+
+class appletalk_socket
+inherits socket
+
+class packet
+{
+ send
+ recv
+ relabelto
+ forward_in
+ forward_out
+}
+
+class key
+{
+ view
+ read
+ write
+ search
+ link
+ setattr
+ create
+}
+
+class dccp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+}
+
+class memprotect
+{
+ mmap_zero
+}
+
+# network peer labels
+class peer
+{
+ recv
+}
+
+class kernel_service
+{
+ use_as_override
+ create_files_as
+}
+
+class tun_socket
+inherits socket
+{
+ attach_queue
+}
+
+class binder
+{
+ impersonate
+ call
+ set_context_mgr
+ transfer
+}
+
+class netlink_iscsi_socket
+inherits socket
+
+class netlink_fib_lookup_socket
+inherits socket
+
+class netlink_connector_socket
+inherits socket
+
+class netlink_netfilter_socket
+inherits socket
+
+class netlink_generic_socket
+inherits socket
+
+class netlink_scsitransport_socket
+inherits socket
+
+class netlink_rdma_socket
+inherits socket
+
+class netlink_crypto_socket
+inherits socket
+
+class infiniband_pkey
+{
+ access
+}
+
+class infiniband_endport
+{
+ manage_subnet
+}
+
+#
+# Define the access vector interpretation for controlling capabilities
+# in user namespaces
+#
+
+class cap_userns
+inherits cap
+
+class cap2_userns
+inherits cap2
+
+
+#
+# Define the access vector interpretation for the new socket classes
+# enabled by the extended_socket_class policy capability.
+#
+
+#
+# The next two classes were previously mapped to rawip_socket and therefore
+# have the same definition as rawip_socket (until further permissions
+# are defined).
+#
+class sctp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+ association
+}
+
+class icmp_socket
+inherits socket
+{
+ node_bind
+}
+
+#
+# The remaining network socket classes were previously
+# mapped to the socket class and therefore have the
+# same definition as socket.
+#
+
+class ax25_socket
+inherits socket
+
+class ipx_socket
+inherits socket
+
+class netrom_socket
+inherits socket
+
+class atmpvc_socket
+inherits socket
+
+class x25_socket
+inherits socket
+
+class rose_socket
+inherits socket
+
+class decnet_socket
+inherits socket
+
+class atmsvc_socket
+inherits socket
+
+class rds_socket
+inherits socket
+
+class irda_socket
+inherits socket
+
+class pppox_socket
+inherits socket
+
+class llc_socket
+inherits socket
+
+class can_socket
+inherits socket
+
+class tipc_socket
+inherits socket
+
+class bluetooth_socket
+inherits socket
+
+class iucv_socket
+inherits socket
+
+class rxrpc_socket
+inherits socket
+
+class isdn_socket
+inherits socket
+
+class phonet_socket
+inherits socket
+
+class ieee802154_socket
+inherits socket
+
+class caif_socket
+inherits socket
+
+class alg_socket
+inherits socket
+
+class nfc_socket
+inherits socket
+
+class vsock_socket
+inherits socket
+
+class kcm_socket
+inherits socket
+
+class qipcrtr_socket
+inherits socket
+
+class smc_socket
+inherits socket
+
+class bpf
+{
+ map_create
+ map_read
+ map_write
+ prog_load
+ prog_run
+}
+
+class property_service
+{
+ set
+}
+
+class service_manager
+{
+ add
+ find
+ list
+}
+
+class hwservice_manager
+{
+ add
+ find
+ list
+}
+
+class keystore_key
+{
+ get_state
+ get
+ insert
+ delete
+ exist
+ list
+ reset
+ password
+ lock
+ unlock
+ is_empty
+ sign
+ verify
+ grant
+ duplicate
+ clear_uid
+ add_auth
+ user_changed
+ gen_unique_id
+}
+
+class drmservice {
+ consumeRights
+ setPlaybackStatus
+ openDecryptSession
+ closeDecryptSession
+ initializeDecryptUnit
+ decrypt
+ finalizeDecryptUnit
+ pread
+}
+
+class xdp_socket
+inherits socket
+
+class perf_event
+{
+ open
+ cpu
+ kernel
+ tracepoint
+ read
+ write
+}
+
+class lockdown
+{
+ integrity
+ confidentiality
+}
diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te
new file mode 100644
index 0000000..be4f0f7
--- /dev/null
+++ b/prebuilts/api/30.0/private/adbd.te
@@ -0,0 +1,205 @@
+### ADB daemon
+
+typeattribute adbd coredomain;
+typeattribute adbd mlstrustedsubject;
+
+init_daemon_domain(adbd)
+
+domain_auto_trans(adbd, shell_exec, shell)
+
+userdebug_or_eng(`
+ allow adbd self:process setcurrent;
+ allow adbd su:process dyntransition;
+')
+
+# When 'adb shell' is executed in recovery mode, adbd explicitly
+# switches into shell domain using setcon() because the shell executable
+# is not labeled as shell but as rootfs.
+recovery_only(`
+ domain_trans(adbd, rootfs, shell)
+ allow adbd shell:process dyntransition;
+
+ # Allows reboot fastboot to enter fastboot directly
+ unix_socket_connect(adbd, recovery, recovery)
+')
+
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
+# Do not sanitize the environment or open fds of the shell. Allow signaling
+# created processes.
+allow adbd shell:process { noatsecure signal };
+
+# Set UID and GID to shell. Set supplementary groups.
+allow adbd self:global_capability_class_set { setuid setgid };
+
+# Drop capabilities from bounding set on user builds.
+allow adbd self:global_capability_class_set setpcap;
+
+# ignore spurious denials for adbd when disk space is low.
+dontaudit adbd self:global_capability_class_set sys_resource;
+
+# adbd probes for vsock support. Do not generate denials when
+# this occurs. (b/123569840)
+dontaudit adbd self:{ socket vsock_socket } create;
+
+# Create and use network sockets.
+net_domain(adbd)
+
+# Access /dev/usb-ffs/adb/ep0
+allow adbd functionfs:dir search;
+allow adbd functionfs:file rw_file_perms;
+allowxperm adbd functionfs:file ioctl {
+ FUNCTIONFS_ENDPOINT_DESC
+ FUNCTIONFS_CLEAR_HALT
+};
+
+# Use a pseudo tty.
+allow adbd devpts:chr_file rw_file_perms;
+
+# adb push/pull /data/local/tmp.
+allow adbd shell_data_file:dir create_dir_perms;
+allow adbd shell_data_file:file create_file_perms;
+
+# adb pull /data/local/traces/*
+allow adbd trace_data_file:dir r_dir_perms;
+allow adbd trace_data_file:file r_file_perms;
+
+# adb pull /data/misc/profman.
+allow adbd profman_dump_data_file:dir r_dir_perms;
+allow adbd profman_dump_data_file:file r_file_perms;
+
+# adb push/pull sdcard.
+allow adbd tmpfs:dir search;
+allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
+allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
+allow adbd sdcard_type:dir create_dir_perms;
+allow adbd sdcard_type:file create_file_perms;
+
+# adb pull /data/anr/traces.txt
+allow adbd anr_data_file:dir r_dir_perms;
+allow adbd anr_data_file:file r_file_perms;
+
+# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
+set_prop(adbd, shell_prop)
+set_prop(adbd, powerctl_prop)
+set_prop(adbd, ffs_prop)
+set_prop(adbd, exported_ffs_prop)
+
+# Set service.adb.tls.port, persist.adb.wifi. properties
+set_prop(adbd, adbd_prop)
+
+# Access device logging gating property
+get_prop(adbd, device_logging_prop)
+
+# Read device's serial number from system properties
+get_prop(adbd, serialno_prop)
+
+# Read whether or not Test Harness Mode is enabled
+get_prop(adbd, test_harness_prop)
+
+# Read persist.adb.tls_server.enable property
+get_prop(adbd, system_adbd_prop)
+
+# Read device's overlayfs related properties and files
+userdebug_or_eng(`
+ get_prop(adbd, persistent_properties_ready_prop)
+ r_dir_file(adbd, sysfs_dt_firmware_android)
+')
+
+# Run /system/bin/bu
+allow adbd system_file:file rx_file_perms;
+
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+binder_call(adbd, gpuservice)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
+
+# Needed for various screenshots
+hal_client_domain(adbd, hal_graphics_allocator)
+
+# Read /data/misc/adb/adb_keys.
+allow adbd adb_keys_file:dir search;
+allow adbd adb_keys_file:file r_file_perms;
+
+userdebug_or_eng(`
+ # Write debugging information to /data/adb
+ # when persist.adb.trace_mask is set
+ # https://code.google.com/p/android/issues/detail?id=72895
+ allow adbd adb_data_file:dir rw_dir_perms;
+ allow adbd adb_data_file:file create_file_perms;
+')
+
+# ndk-gdb invokes adb forward to forward the gdbserver socket.
+allow adbd app_data_file:dir search;
+allow adbd app_data_file:sock_file write;
+allow adbd appdomain:unix_stream_socket connectto;
+
+# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
+allow adbd zygote_exec:file r_file_perms;
+allow adbd system_file:file r_file_perms;
+
+# Allow pulling the SELinux policy for CTS purposes
+allow adbd selinuxfs:dir r_dir_perms;
+allow adbd selinuxfs:file r_file_perms;
+allow adbd kernel:security read_policy;
+allow adbd service_contexts_file:file r_file_perms;
+allow adbd file_contexts_file:file r_file_perms;
+allow adbd seapp_contexts_file:file r_file_perms;
+allow adbd property_contexts_file:file r_file_perms;
+allow adbd sepolicy_file:file r_file_perms;
+
+# Allow pulling config.gz for CTS purposes
+allow adbd config_gz:file r_file_perms;
+
+allow adbd gpu_service:service_manager find;
+allow adbd surfaceflinger_service:service_manager find;
+allow adbd bootchart_data_file:dir search;
+allow adbd bootchart_data_file:file r_file_perms;
+
+# Allow access to external storage; we have several visible mount points under /storage
+# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
+allow adbd storage_file:dir r_dir_perms;
+allow adbd storage_file:lnk_file r_file_perms;
+allow adbd mnt_user_file:dir r_dir_perms;
+allow adbd mnt_user_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow adbd media_rw_data_file:dir create_dir_perms;
+allow adbd media_rw_data_file:file create_file_perms;
+
+r_dir_file(adbd, apk_data_file)
+
+allow adbd rootfs:dir r_dir_perms;
+
+# Allow killing child "perfetto" binary processes, which auto-transition to
+# their own domain. Allows propagating termination of "adb shell perfetto ..."
+# invocations.
+allow adbd perfetto:process signal;
+
+# Allow to pull Perfetto traces.
+allow adbd perfetto_traces_data_file:file r_file_perms;
+allow adbd perfetto_traces_data_file:dir r_dir_perms;
+
+# Connect to shell and use a socket transferred from it.
+# Used for e.g. abb.
+allow adbd shell:unix_stream_socket { read write shutdown };
+allow adbd shell:fd use;
+
+###
+### Neverallow rules
+###
+
+# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
+# transitions to the shell domain (except when it crashes). In particular, we
+# never want to see a transition from adbd to su (aka "adb root")
+neverallow adbd { domain -crash_dump -shell }:process transition;
+neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition;
diff --git a/prebuilts/api/30.0/private/aidl_lazy_test_server.te b/prebuilts/api/30.0/private/aidl_lazy_test_server.te
new file mode 100644
index 0000000..33efde0
--- /dev/null
+++ b/prebuilts/api/30.0/private/aidl_lazy_test_server.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ typeattribute aidl_lazy_test_server coredomain;
+
+ init_daemon_domain(aidl_lazy_test_server)
+')
diff --git a/prebuilts/api/30.0/private/apex_test_prepostinstall.te b/prebuilts/api/30.0/private/apex_test_prepostinstall.te
new file mode 100644
index 0000000..f1bc214
--- /dev/null
+++ b/prebuilts/api/30.0/private/apex_test_prepostinstall.te
@@ -0,0 +1,20 @@
+# APEX pre- & post-install test.
+#
+# Allow to run pre- and post-install hooks for APEX test modules
+# in debuggable builds.
+
+type apex_test_prepostinstall, domain, coredomain;
+type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ # /dev/zero
+ allow apex_test_prepostinstall apexd:fd use;
+ # Logwrapper.
+ create_pty(apex_test_prepostinstall)
+ # Logwrapper executing sh.
+ allow apex_test_prepostinstall shell_exec:file rx_file_perms;
+ # Logwrapper exec.
+ allow apex_test_prepostinstall system_file:file execute_no_trans;
+ # Ls.
+ allow apex_test_prepostinstall toolbox_exec:file rx_file_perms;
+')
diff --git a/prebuilts/api/30.0/private/apexd.te b/prebuilts/api/30.0/private/apexd.te
new file mode 100644
index 0000000..9e702dd
--- /dev/null
+++ b/prebuilts/api/30.0/private/apexd.te
@@ -0,0 +1,157 @@
+typeattribute apexd coredomain;
+
+init_daemon_domain(apexd)
+
+# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
+allow apexd apex_data_file:dir create_dir_perms;
+allow apexd apex_data_file:file create_file_perms;
+
+# Allow creating, reading and writing of APEX files/dirs in the APEX metadata dir
+allow apexd metadata_file:dir search;
+allow apexd apex_metadata_file:dir create_dir_perms;
+allow apexd apex_metadata_file:file create_file_perms;
+
+# Allow apexd to create files and directories for snapshots of apex data
+allow apexd apex_permission_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_permission_data_file:file { create_file_perms relabelto };
+allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom };
+allow apexd apex_module_data_file:file { create_file_perms relabelfrom };
+allow apexd apex_rollback_data_file:dir create_dir_perms;
+allow apexd apex_rollback_data_file:file create_file_perms;
+allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_wifi_data_file:file { create_file_perms relabelto };
+
+# Allow apexd to read directories under /data/misc_de in order to snapshot and
+# restore apex data for all users.
+allow apexd system_data_file:dir r_dir_perms;
+
+# allow apexd to create loop devices with /dev/loop-control
+allow apexd loop_control_device:chr_file rw_file_perms;
+# allow apexd to access loop devices
+allow apexd loop_device:blk_file rw_file_perms;
+allowxperm apexd loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+ BLKFLSBUF
+};
+# allow apexd to access /dev/block
+allow apexd block_device:dir r_dir_perms;
+
+# allow apexd to access /dev/block/dm-* (device-mapper entries)
+allow apexd dm_device:chr_file rw_file_perms;
+allow apexd dm_device:blk_file rw_file_perms;
+
+# sys_admin is required to access the device-mapper and mount
+# dac_override, chown, and fowner are needed for snapshot and restore
+allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner };
+
+# Note: fsetid is deliberately not included above. fsetid checks are
+# triggered by chmod on a directory or file owned by a group other
+# than one of the groups assigned to the current process to see if
+# the setgid bit should be cleared, regardless of whether the setgid
+# bit was even set. We do not appear to truly need this capability
+# for apexd to operate.
+dontaudit apexd self:global_capability_class_set fsetid;
+
+# allow apexd to create a mount point in /apex
+allow apexd apex_mnt_dir:dir create_dir_perms;
+# allow apexd to mount in /apex
+allow apexd apex_mnt_dir:filesystem { mount unmount };
+allow apexd apex_mnt_dir:dir mounton;
+# allow apexd to create symlinks in /apex
+allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to unlink apex files in /data/apex/active
+# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
+# because it doesn't have write permission for staging_data_file object.
+allow apexd staging_data_file:file unlink;
+
+# allow apexd to read files from /data/app-staging and hardlink them to /data/apex.
+allow apexd staging_data_file:dir r_dir_perms;
+allow apexd staging_data_file:file { r_file_perms link };
+
+# allow apexd to read files from /vendor/apex
+allow apexd vendor_apex_file:dir r_dir_perms;
+allow apexd vendor_apex_file:file r_file_perms;
+
+# Unmount and mount filesystems
+allow apexd labeledfs:filesystem { mount unmount };
+
+# /sys directory tree traversal
+allow apexd sysfs_type:dir search;
+# Configure read-ahead of dm-verity and loop devices
+# for dm-X
+allow apexd sysfs_dm:dir r_dir_perms;
+allow apexd sysfs_dm:file rw_file_perms;
+# for loopX
+allow apexd sysfs_loop:dir r_dir_perms;
+allow apexd sysfs_loop:file rw_file_perms;
+
+# Allow apexd to log to the kernel.
+allow apexd kmsg_device:chr_file w_file_perms;
+
+# Allow apexd to reboot device. Required for rollbacks of apexes that are
+# not covered by rollback manager.
+set_prop(apexd, powerctl_prop)
+
+# Allow apexd to stop itself
+set_prop(apexd, ctl_apexd_prop)
+
+# Find the vold service, and call into vold to manage FS checkpoints
+allow apexd vold_service:service_manager find;
+binder_call(apexd, vold)
+
+# Apex pre- & post-install permission.
+
+# Allow self-execute for the fork mount helper.
+allow apexd apexd_exec:file execute_no_trans;
+
+# Unshare and make / private so that hooks cannot influence the
+# running system.
+allow apexd rootfs:dir mounton;
+
+# Allow to execute shell for pre- and postinstall scripts. A transition
+# rule is required, thus restricted to execute and not execute_no_trans.
+allow apexd shell_exec:file { r_file_perms execute };
+
+# apexd is using bootstrap bionic
+allow apexd system_bootstrap_lib_file:dir r_dir_perms;
+allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
+
+# Allow transition to ART APEX preinstall domain.
+domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
+# Allow transition to ART APEX postinstall domain.
+domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall)
+
+# Allow transition to test APEX preinstall domain.
+userdebug_or_eng(`
+ domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
+')
+
+# Allow apexd to be invoked with logwrapper from init during userspace reboot.
+allow apexd devpts:chr_file { read write };
+
+# Allow apexd to create pts files via logwrap_fork_exec for its own use, to pass to
+# other processes
+create_pty(apexd)
+
+# Allow apexd to read file contexts when performing restorecon of snapshots.
+allow apexd file_contexts_file:file r_file_perms;
+
+# Allow apexd to execute toybox for snapshot & restore
+allow apexd toolbox_exec:file rx_file_perms;
+
+neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
+neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
+neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te
new file mode 100644
index 0000000..9882d8f
--- /dev/null
+++ b/prebuilts/api/30.0/private/app.te
@@ -0,0 +1,43 @@
+# Allow apps to read the Test Harness Mode property. This property is used in
+# the implementation of ActivityManager.isDeviceInTestHarnessMode()
+get_prop(appdomain, test_harness_prop)
+
+userdebug_or_eng(`perfetto_producer({ appdomain })')
+
+# Prevent apps from causing presubmit failures.
+# Apps can cause selinux denials by accessing CE storage
+# and/or external storage. In either case, the selinux denial is
+# not the cause of the failure, but just a symptom that
+# storage isn't ready. Many apps handle the failure appropriately.
+#
+# Apps cannot access external storage before it becomes available.
+dontaudit appdomain storage_stub_file:dir getattr;
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
+# allowed to write to CE storage before it's available.
+# Attempting to do so will be blocked by both selinux and unix
+# permissions.
+dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
+
+neverallow appdomain system_server:udp_socket {
+ accept append bind create ioctl listen lock name_bind
+ relabelfrom relabelto setattr shutdown };
+
+# Transition to a non-app domain.
+# Exception for the shell and su domains, can transition to runas, etc.
+# Exception for crash_dump to allow for app crash reporting.
+# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
+# to allow renderscript to create privileged executable files.
+neverallow { appdomain -shell userdebug_or_eng(`-su') }
+ { domain -appdomain -crash_dump -rs }:process { transition };
+neverallow { appdomain -shell userdebug_or_eng(`-su') }
+ { domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)
diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te
new file mode 100644
index 0000000..1157187
--- /dev/null
+++ b/prebuilts/api/30.0/private/app_neverallows.te
@@ -0,0 +1,262 @@
+###
+### neverallow rules for untrusted app domains
+###
+
+define(`all_untrusted_apps',`{
+ ephemeral_app
+ isolated_app
+ mediaprovider
+ mediaprovider_app
+ untrusted_app
+ untrusted_app_25
+ untrusted_app_27
+ untrusted_app_29
+ untrusted_app_all
+}')
+# Receive or send uevent messages.
+neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow all_untrusted_apps domain:netlink_socket *;
+
+# Too much leaky information in debugfs. It's a security
+# best practice to ensure these files aren't readable.
+neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
+neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:{ file lnk_file } read;
+
+# Do not allow untrusted apps to register services.
+# Only trusted components of Android should be registering
+# services.
+neverallow all_untrusted_apps service_manager_type:service_manager add;
+
+# Do not allow untrusted apps to use VendorBinder
+neverallow all_untrusted_apps vndbinder_device:chr_file *;
+neverallow all_untrusted_apps vndservice_manager_type:service_manager *;
+
+# Do not allow untrusted apps to connect to the property service
+# or set properties. b/10243159
+neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write;
+neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
+neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
+
+# net.dns properties are not a public API. Disallow untrusted apps from reading this property.
+neverallow { all_untrusted_apps } net_dns_prop:file read;
+
+# Shared libraries created by trusted components within an app home
+# directory can be dlopen()ed. To maintain the W^X property, these files
+# must never be writable to the app.
+neverallow all_untrusted_apps app_exec_data_file:file
+ { append create link relabelfrom relabelto rename setattr write };
+
+# Block calling execve() on files in an apps home directory.
+# This is a W^X violation (loading executable code from a writable
+# home directory). For compatibility, allow for targetApi <= 28.
+# b/112357170
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -runas_app
+} { app_data_file privapp_data_file }:file execute_no_trans;
+
+# Do not allow untrusted apps to invoke dex2oat. This was historically required
+# by ART for compiling secondary dex files but has been removed in Q.
+# Exempt legacy apps (targetApi<=28) for compatibility.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} dex2oat_exec:file no_x_file_perms;
+
+# Do not allow untrusted apps to be assigned mlstrustedsubject.
+# This would undermine the per-user isolation model being
+# enforced via levelFrom=user in seapp_contexts and the mls
+# constraints. As there is no direct way to specify a neverallow
+# on attribute assignment, this relies on the fact that fork
+# permission only makes sense within a domain (hence should
+# never be granted to any other domain within mlstrustedsubject)
+# and an untrusted app is allowed fork permission to itself.
+neverallow all_untrusted_apps mlstrustedsubject:process fork;
+
+# Do not allow untrusted apps to hard link to any files.
+# In particular, if an untrusted app links to other app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure untrusted apps never have this
+# capability.
+neverallow all_untrusted_apps file_type:file link;
+
+# Do not allow untrusted apps to access network MAC address file
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
+
+# Do not allow any write access to files in /sys
+neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
+
+# Apps may never access the default sysfs label.
+neverallow all_untrusted_apps sysfs:file no_rw_file_perms;
+
+# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
+# ioctl permission, or 3. disallow the socket class.
+neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+neverallow all_untrusted_apps *:{
+ socket netlink_socket packet_socket key_socket appletalk_socket
+ netlink_tcpdiag_socket netlink_nflog_socket
+ netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
+ netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
+ netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
+ netlink_rdma_socket netlink_crypto_socket sctp_socket
+ ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
+ atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
+} *;
+
+# Disallow sending RTM_GETLINK messages on netlink sockets.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -untrusted_app_29
+} domain:netlink_route_socket { bind nlmsg_readpriv };
+
+# Do not allow untrusted apps access to /cache
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
+
+# Do not allow untrusted apps to create/unlink files outside of its sandbox,
+# internal storage or sdcard.
+# World accessible data locations allow application to fill the device
+# with unaccounted for data. This data will not get removed during
+# application un-installation.
+neverallow { all_untrusted_apps -mediaprovider } {
+ fs_type
+ -sdcard_type
+ file_type
+ -app_data_file # The apps sandbox itself
+ -privapp_data_file
+ -app_exec_data_file # stored within the app sandbox directory
+ -media_rw_data_file # Internal storage. Known that apps can
+ # leave artfacts here after uninstall.
+ -user_profile_data_file # Access to profile files
+ userdebug_or_eng(`
+ -method_trace_data_file # only on ro.debuggable=1
+ -coredump_file # userdebug/eng only
+ ')
+}:dir_file_class_set { create unlink };
+
+# No untrusted component except mediaprovider_app should be touching /dev/fuse
+neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *;
+
+# Do not allow untrusted apps to directly open the tun_device
+neverallow all_untrusted_apps tun_device:chr_file open;
+# The tun_device ioctls below are not allowed, to prove equivalence
+# to the kernel patch at
+# https://android.googlesource.com/kernel/common/+/11cee2be0c2062ba88f04eb51196506f870a3b5d%5E%21
+neverallowxperm all_untrusted_apps tun_device:chr_file ioctl {
+ SIOCGIFHWADDR
+ SIOCSIFHWADDR
+ TUNATTACHFILTER
+ TUNDETACHFILTER
+ TUNGETFEATURES
+ TUNGETFILTER
+ TUNGETSNDBUF
+ TUNGETVNETHDRSZ
+ TUNSETDEBUG
+ TUNSETGROUP
+ TUNSETIFF
+ TUNSETLINK
+ TUNSETNOCSUM
+ TUNSETOFFLOAD
+ TUNSETOWNER
+ TUNSETPERSIST
+ TUNSETQUEUE
+ TUNSETSNDBUF
+ TUNSETTXFILTER
+ TUNSETVNETHDRSZ
+};
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+neverallow all_untrusted_apps anr_data_file:file ~{ open append };
+neverallow all_untrusted_apps anr_data_file:dir ~search;
+
+# Avoid reads from generically labeled /proc files
+# Create a more specific label if needed
+neverallow all_untrusted_apps {
+ proc
+ proc_asound
+ proc_kmsg
+ proc_loadavg
+ proc_mounts
+ proc_pagetypeinfo
+ proc_slabinfo
+ proc_stat
+ proc_swaps
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat
+}:file { no_rw_file_perms no_x_file_perms };
+
+# /proc/filesystems is accessible to mediaprovider_app only since it handles
+# external storage
+neverallow { all_untrusted_apps - mediaprovider_app } proc_filesystems:file { no_rw_file_perms no_x_file_perms };
+
+# Avoid all access to kernel configuration
+neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
+
+# Do not allow untrusted apps access to preloads data files
+neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
+
+# Locking of files on /system could lead to denial of service attacks
+# against privileged system components
+neverallow all_untrusted_apps system_file:file lock;
+
+# Do not permit untrusted apps to perform actions on HwBinder service_manager
+# other than find actions for services listed below
+neverallow all_untrusted_apps *:hwservice_manager ~find;
+
+# Do not permit access from apps which host arbitrary code to the protected HwBinder
+# services.
+# The two main reasons for this are:
+# 1. Protected HwBinder servers do not perform client authentication because HIDL
+# currently does not expose caller UID information and, even if it did, those
+# HwBinder services either operate at a level below that of apps (e.g., HALs)
+# or must not rely on app identity for authorization. Thus, to be safe, the
+# default assumption is that every HwBinder service treats all its clients as
+# equally authorized to perform operations offered by the service.
+# 2. HAL servers (a subset of HwBinder services) contain code with higher
+# incidence rate of security issues than system/core components and have
+# access to lower layes of the stack (all the way down to hardware) thus
+# increasing opportunities for bypassing the Android security model.
+neverallow all_untrusted_apps protected_hwservice:hwservice_manager find;
+
+neverallow all_untrusted_apps {
+ vendor_service
+}:service_manager find;
+
+# SELinux is not an API for untrusted apps to use
+neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
+neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
+
+# Untrusted apps are not allowed to use cgroups.
+neverallow all_untrusted_apps cgroup:file *;
+
+# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps
+# must not use it.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te
new file mode 100644
index 0000000..9285323
--- /dev/null
+++ b/prebuilts/api/30.0/private/app_zygote.te
@@ -0,0 +1,166 @@
+typeattribute app_zygote coredomain;
+
+######
+###### Policy below is different from regular zygote-spawned apps
+######
+
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
+tmpfs_domain(app_zygote);
+
+# Set the UID/GID of the process.
+# This will be further limited to a range of isolated UIDs with seccomp.
+allow app_zygote self:global_capability_class_set { setgid setuid };
+# Drop capabilities from bounding set.
+allow app_zygote self:global_capability_class_set setpcap;
+# Switch SELinux context to isolated app domain.
+allow app_zygote self:process setcurrent;
+allow app_zygote isolated_app:process dyntransition;
+
+# For JIT
+allow app_zygote self:process execmem;
+
+# Allow app_zygote to stat the files that it opens. It must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384.
+allow app_zygote debugfs_trace_marker:file getattr;
+
+# get system_server process group
+allow app_zygote system_server:process getpgid;
+
+# Interaction between the app_zygote and its children.
+allow app_zygote isolated_app:process setpgid;
+
+# TODO (b/63631799) fix this access
+dontaudit app_zygote mnt_expand_file:dir getattr;
+
+# Get seapp_contexts
+allow app_zygote seapp_contexts_file:file r_file_perms;
+# Check validity of SELinux context before use.
+selinux_check_context(app_zygote)
+# Check SELinux permissions.
+selinux_check_access(app_zygote)
+
+######
+###### Policy below is shared with regular zygote-spawned apps
+######
+
+# Child of zygote.
+allow app_zygote zygote:fd use;
+allow app_zygote zygote:process sigchld;
+
+# For ART (read /data/dalvik-cache).
+r_dir_file(app_zygote, dalvikcache_data_file);
+allow app_zygote dalvikcache_data_file:file execute;
+
+# Allow reading/executing installed binaries to enable preloading
+# application data
+allow app_zygote apk_data_file:dir r_dir_perms;
+allow app_zygote apk_data_file:file { r_file_perms execute };
+
+# /oem accesses.
+allow app_zygote oemfs:dir search;
+
+# Allow app_zygote access to /vendor/overlay
+r_dir_file(app_zygote, vendor_overlay_file)
+
+allow app_zygote system_data_file:lnk_file r_file_perms;
+allow app_zygote system_data_file:file { getattr read map };
+
+# Send unsolicited message to system_server
+unix_socket_send(app_zygote, system_unsolzygote, system_server)
+
+#####
+##### Neverallow
+#####
+
+# Only permit transition to isolated_app.
+neverallow app_zygote { domain -isolated_app }:process dyntransition;
+
+# Only setcon() transitions, no exec() based transitions, except for crash_dump.
+neverallow app_zygote { domain -crash_dump }:process transition;
+
+# Must not exec() a program without changing domains.
+# Having said that, exec() above is not allowed.
+neverallow app_zygote *:file execute_no_trans;
+
+# The only way to enter this domain is for the zygote to fork a new
+# app_zygote child.
+neverallow { domain -zygote } app_zygote:process dyntransition;
+
+# Disallow write access to properties.
+neverallow app_zygote property_socket:sock_file write;
+neverallow app_zygote property_type:property_service set;
+
+# Should not have any access to data files.
+neverallow app_zygote {
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { rwx_file_perms };
+
+neverallow app_zygote {
+ service_manager_type
+ -activity_service
+ -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps should not be able to access the driver directly.
+neverallow app_zygote gpu_device:chr_file { rwx_file_perms };
+
+# Do not allow app_zygote access to /cache.
+neverallow app_zygote cache_file:dir ~{ r_dir_perms };
+neverallow app_zygote cache_file:file ~{ read getattr };
+
+# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket,
+# unix_stream_socket, and netlink_selinux_socket.
+neverallow app_zygote domain:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket
+ appletalk_socket netlink_route_socket netlink_tcpdiag_socket
+ netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket
+ sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket
+ x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket
+ pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
+ rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+} *;
+
+# Only allow app_zygote to talk to the logd socket, and
+# su/heapprofd/traced_perf on eng/userdebug. This is because
+# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
+# Think twice before changing.
+neverallow app_zygote {
+ domain
+ -app_zygote
+ -logd
+ -system_server
+ userdebug_or_eng(`-su')
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+}:unix_dgram_socket *;
+
+neverallow app_zygote {
+ domain
+ -app_zygote
+ userdebug_or_eng(`-su')
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+}:unix_stream_socket *;
+
+# Never allow ptrace
+neverallow app_zygote *:process ptrace;
+
+# Do not allow access to Bluetooth-related system properties.
+# neverallow rules for Bluetooth-related data files are listed above.
+neverallow app_zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/prebuilts/api/30.0/private/art_apex_boot_integrity.te b/prebuilts/api/30.0/private/art_apex_boot_integrity.te
new file mode 100644
index 0000000..ba02083
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_boot_integrity.te
@@ -0,0 +1,28 @@
+# This command set checks the integrity of boot classpath ART
+# artifacts in /data, potentially removing them.
+
+type art_apex_boot_integrity, domain, coredomain;
+type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type;
+
+# Technically not a daemon but we do want the transition from init domain to
+# art_apex_boot_integrity to occur.
+init_daemon_domain(art_apex_boot_integrity)
+
+# Read dalvik cache directories, remove entries.
+allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name };
+# Read and possibly delete dalvik cache files.
+allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink };
+
+# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh
+allow art_apex_boot_integrity shell_exec:file rx_file_perms;
+
+# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity
+# permissions.
+allow art_apex_boot_integrity toolbox_exec:file rx_file_perms;
+
+# Fsverity in the same domain.
+allow art_apex_boot_integrity system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/art_apex_postinstall.te b/prebuilts/api/30.0/private/art_apex_postinstall.te
new file mode 100644
index 0000000..576ed20
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_postinstall.te
@@ -0,0 +1,31 @@
+# ART APEX postinstall.
+#
+
+type art_apex_postinstall, domain, coredomain;
+type art_apex_postinstall_exec, system_file_type, exec_type, file_type;
+
+# /system/bin/sh (see b/126787589).
+allow art_apex_postinstall apexd:fd use;
+
+# Read temp dirs and files. Move directories.
+allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent };
+allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom };
+# We're deleting the old /data/dalvik-cache/* and move the new ones
+# over.
+allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto };
+allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto };
+
+# Required for relabel.
+allow art_apex_postinstall file_contexts_file:file r_file_perms;
+allow art_apex_postinstall self:global_capability_class_set sys_admin;
+
+# Script helpers.
+allow art_apex_postinstall shell_exec:file rx_file_perms;
+allow art_apex_postinstall toolbox_exec:file rx_file_perms;
+
+# Fsverity in the same domain.
+allow art_apex_postinstall system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_postinstall ota_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/art_apex_preinstall.te b/prebuilts/api/30.0/private/art_apex_preinstall.te
new file mode 100644
index 0000000..12b1020
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_preinstall.te
@@ -0,0 +1,33 @@
+# ART APEX preinstall.
+#
+
+type art_apex_preinstall, domain, coredomain;
+type art_apex_preinstall_exec, system_file_type, exec_type, file_type;
+
+# /system/bin/sh (see b/126787589).
+allow art_apex_preinstall apexd:fd use;
+
+# Create temp dirs and files under /data/ota.
+allow art_apex_preinstall ota_data_file:dir create_dir_perms;
+allow art_apex_preinstall ota_data_file:file create_file_perms;
+# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our
+# mount namespace.
+allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton };
+allow art_apex_preinstall self:capability sys_admin;
+
+# Script helpers.
+allow art_apex_preinstall shell_exec:file rx_file_perms;
+allow art_apex_preinstall toolbox_exec:file rx_file_perms;
+
+# Execute subscripts in the same domain.
+allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans;
+
+# Run dex2oat.
+domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat)
+
+# Fsverity in the same domain.
+allow art_apex_preinstall system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_preinstall ota_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/asan_extract.te b/prebuilts/api/30.0/private/asan_extract.te
new file mode 100644
index 0000000..1c20d78
--- /dev/null
+++ b/prebuilts/api/30.0/private/asan_extract.te
@@ -0,0 +1,8 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+# Technically not a daemon but we do want the transition from init domain to
+# asan_extract to occur.
+with_asan(`
+typeattribute asan_extract coredomain;
+init_daemon_domain(asan_extract)
+')
diff --git a/prebuilts/api/30.0/private/atrace.te b/prebuilts/api/30.0/private/atrace.te
new file mode 100644
index 0000000..ad7d177
--- /dev/null
+++ b/prebuilts/api/30.0/private/atrace.te
@@ -0,0 +1,80 @@
+# Domain for atrace process.
+# It is spawned either by traced_probes or by init for the boottrace service.
+
+type atrace, domain, coredomain;
+type atrace_exec, exec_type, file_type, system_file_type;
+
+# boottrace services uses /data/misc/boottrace/categories
+allow atrace boottrace_data_file:dir search;
+allow atrace boottrace_data_file:file r_file_perms;
+
+# Allow atrace to access tracefs.
+allow atrace debugfs_tracing:dir r_dir_perms;
+allow atrace debugfs_tracing:file rw_file_perms;
+allow atrace debugfs_trace_marker:file getattr;
+
+# Allow atrace to write data when a pipe is used for stdout/stderr
+# This is used by Perfetto to capture the output on error in atrace.
+allow atrace traced_probes:fd use;
+allow atrace traced_probes:fifo_file write;
+
+# atrace sets debug.atrace.* properties
+set_prop(atrace, debug_prop)
+
+# atrace pokes all the binder-enabled processes at startup with a
+# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
+
+# Allow discovery of binder services.
+allow atrace {
+ service_manager_type
+ -apex_service
+ -incident_service
+ -iorapd_service
+ -netd_service
+ -dnsresolver_service
+ -stats_service
+ -dumpstate_service
+ -installd_service
+ -vold_service
+ -lpdump_service
+ -default_android_service
+}:service_manager { find };
+allow atrace servicemanager:service_manager list;
+
+# Allow notifying the processes hosting specific binder services that
+# trace-related system properties have changed.
+binder_use(atrace)
+allow atrace healthd:binder call;
+allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+allow atrace cameraserver:binder call;
+
+# Similarly, on debug builds, allow specific HALs to be notified that
+# trace-related system properties have changed.
+userdebug_or_eng(`
+ # List HAL interfaces.
+ allow atrace hwservicemanager:hwservice_manager list;
+ # Notify the camera HAL.
+ hal_client_domain(atrace, hal_camera)
+ hal_client_domain(atrace, hal_vibrator)
+')
+
+# Remove logspam from notification attempts to non-whitelisted services.
+dontaudit atrace hwservice_manager_type:hwservice_manager find;
+dontaudit atrace service_manager_type:service_manager find;
+dontaudit atrace domain:binder call;
+
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
+get_prop(atrace, hwservicemanager_prop)
+
+userdebug_or_eng(`
+ # atrace is generally invoked as a standalone binary from shell or perf
+ # daemons like Perfetto traced_probes. However, in userdebug builds, there is
+ # a further option to run atrace as an init daemon for boot tracing.
+ init_daemon_domain(atrace)
+
+ allow atrace debugfs_tracing_debug:dir r_dir_perms;
+ allow atrace debugfs_tracing_debug:file rw_file_perms;
+')
diff --git a/prebuilts/api/30.0/private/attributes b/prebuilts/api/30.0/private/attributes
new file mode 100644
index 0000000..e01b212
--- /dev/null
+++ b/prebuilts/api/30.0/private/attributes
@@ -0,0 +1 @@
+hal_attribute(lazy_test);
diff --git a/prebuilts/api/30.0/private/audioserver.te b/prebuilts/api/30.0/private/audioserver.te
new file mode 100644
index 0000000..067152f
--- /dev/null
+++ b/prebuilts/api/30.0/private/audioserver.te
@@ -0,0 +1,100 @@
+# audioserver - audio services daemon
+
+typeattribute audioserver coredomain;
+
+type audioserver_exec, exec_type, file_type, system_file_type;
+init_daemon_domain(audioserver)
+tmpfs_domain(audioserver)
+
+r_dir_file(audioserver, sdcard_type)
+
+binder_use(audioserver)
+binder_call(audioserver, binderservicedomain)
+binder_call(audioserver, appdomain)
+binder_service(audioserver)
+
+hal_client_domain(audioserver, hal_allocator)
+# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so
+r_dir_file(audioserver, system_file)
+
+hal_client_domain(audioserver, hal_audio)
+
+userdebug_or_eng(`
+ # used for TEE sink - pcm capture for debug.
+ allow audioserver media_data_file:dir create_dir_perms;
+ allow audioserver audioserver_data_file:dir create_dir_perms;
+ allow audioserver audioserver_data_file:file create_file_perms;
+
+ # ptrace to processes in the same domain for memory leak detection
+ allow audioserver self:process ptrace;
+')
+
+add_service(audioserver, audioserver_service)
+allow audioserver activity_service:service_manager find;
+allow audioserver appops_service:service_manager find;
+allow audioserver batterystats_service:service_manager find;
+allow audioserver external_vibrator_service:service_manager find;
+allow audioserver package_native_service:service_manager find;
+allow audioserver permission_service:service_manager find;
+allow audioserver power_service:service_manager find;
+allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
+allow audioserver sensor_privacy_service:service_manager find;
+allow audioserver soundtrigger_middleware_service:service_manager find;
+
+# Allow read/write access to bluetooth-specific properties
+set_prop(audioserver, bluetooth_a2dp_offload_prop)
+set_prop(audioserver, bluetooth_audio_hal_prop)
+set_prop(audioserver, bluetooth_prop)
+set_prop(audioserver, exported_bluetooth_prop)
+
+# Grant access to audio files to audioserver
+allow audioserver audio_data_file:dir ra_dir_perms;
+allow audioserver audio_data_file:file create_file_perms;
+
+# allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_device:chr_file { read write };
+
+not_full_treble(`allow audioserver audio_device:dir r_dir_perms;')
+not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;')
+
+# For A2DP bridge which is loaded directly into audioserver
+unix_socket_connect(audioserver, bluetooth, bluetooth)
+
+# Allow shell commands from ADB and shell for CTS testing/dumping
+allow audioserver adbd:fd use;
+allow audioserver adbd:unix_stream_socket { read write };
+allow audioserver shell:fifo_file { read write };
+
+# Allow shell commands from ADB for CTS testing/dumping
+userdebug_or_eng(`
+ allow audioserver su:fd use;
+ allow audioserver su:fifo_file { read write };
+ allow audioserver su:unix_stream_socket { read write };
+')
+
+# Allow write access to log tag property
+set_prop(audioserver, log_tag_prop);
+
+###
+### neverallow rules
+###
+
+# audioserver should never execute any executable without a
+# domain transition
+neverallow audioserver { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Allow using wake locks
+wakelock_use(audioserver)
diff --git a/prebuilts/api/30.0/private/auditctl.te b/prebuilts/api/30.0/private/auditctl.te
new file mode 100644
index 0000000..f634d3d
--- /dev/null
+++ b/prebuilts/api/30.0/private/auditctl.te
@@ -0,0 +1,18 @@
+#
+# /system/bin/auditctl executed for logd
+#
+# Performs maintenance of the kernel auditing system, including
+# setting rate limits on SELinux denials.
+#
+
+type auditctl, domain, coredomain;
+type auditctl_exec, file_type, system_file_type, exec_type;
+
+# Uncomment the line below to put this domain into permissive
+# mode. This helps speed SELinux policy development.
+# userdebug_or_eng(`permissive auditctl;')
+
+init_daemon_domain(auditctl)
+
+allow auditctl self:global_capability_class_set audit_control;
+allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
diff --git a/prebuilts/api/30.0/private/automotive_display_service.te b/prebuilts/api/30.0/private/automotive_display_service.te
new file mode 100644
index 0000000..fa11ca4
--- /dev/null
+++ b/prebuilts/api/30.0/private/automotive_display_service.te
@@ -0,0 +1,33 @@
+# Display proxy service for Automotive
+type automotive_display_service, domain, coredomain;
+type automotive_display_service_exec, system_file_type, exec_type, file_type;
+
+typeattribute automotive_display_service automotive_display_service_server;
+
+# Allow to add a display service to the manager
+add_hwservice(automotive_display_service, fwk_automotive_display_hwservice);
+
+# Allow init to launch automotive display service
+init_daemon_domain(automotive_display_service)
+
+# Allow to use Binder IPC for SurfaceFlinger.
+binder_use(automotive_display_service)
+
+# Allow to use HwBinder IPC for HAL implementations.
+hwbinder_use(automotive_display_service)
+hal_client_domain(automotive_display_service, hal_graphics_composer)
+
+# Allow to read the target property.
+get_prop(automotive_display_service, hwservicemanager_prop)
+
+# Allow to find SurfaceFlinger.
+allow automotive_display_service surfaceflinger_service:service_manager find;
+
+# Allow client domain to do binder IPC to serverdomain.
+binder_call(automotive_display_service, surfaceflinger)
+
+# Allow to use a graphics mapper
+allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# Allow to use hidl token service
+allow automotive_display_service hidl_token_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/30.0/private/binder_in_vendor_violators.te b/prebuilts/api/30.0/private/binder_in_vendor_violators.te
new file mode 100644
index 0000000..4a1218e
--- /dev/null
+++ b/prebuilts/api/30.0/private/binder_in_vendor_violators.te
@@ -0,0 +1 @@
+allow binder_in_vendor_violators binder_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/private/binderservicedomain.te b/prebuilts/api/30.0/private/binderservicedomain.te
new file mode 100644
index 0000000..0891ee5
--- /dev/null
+++ b/prebuilts/api/30.0/private/binderservicedomain.te
@@ -0,0 +1,22 @@
+# Rules common to all binder service domains
+
+# Allow dumpstate and incidentd to collect information from binder services
+allow binderservicedomain { dumpstate incidentd }:fd use;
+allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
+allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
+allow binderservicedomain shell_data_file:file { getattr write };
+
+# Allow dumpsys to work from adb shell or the serial console
+allow binderservicedomain devpts:chr_file rw_file_perms;
+allow binderservicedomain console_device:chr_file rw_file_perms;
+
+# Receive and write to a pipe received over Binder from an app.
+allow binderservicedomain appdomain:fd use;
+allow binderservicedomain appdomain:fifo_file write;
+
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
+allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
+
+use_keystore(binderservicedomain)
diff --git a/prebuilts/api/30.0/private/blank_screen.te b/prebuilts/api/30.0/private/blank_screen.te
new file mode 100644
index 0000000..51310d1
--- /dev/null
+++ b/prebuilts/api/30.0/private/blank_screen.te
@@ -0,0 +1,6 @@
+type blank_screen, domain, coredomain;
+type blank_screen_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(blank_screen)
+
+hal_client_domain(blank_screen, hal_light)
diff --git a/prebuilts/api/30.0/private/blkid.te b/prebuilts/api/30.0/private/blkid.te
new file mode 100644
index 0000000..4e972ab
--- /dev/null
+++ b/prebuilts/api/30.0/private/blkid.te
@@ -0,0 +1,22 @@
+# blkid called from vold
+
+typeattribute blkid coredomain;
+
+type blkid_exec, system_file_type, exec_type, file_type;
+
+# Allowed read-only access to encrypted devices to extract UUID/label
+allow blkid block_device:dir search;
+allow blkid userdata_block_device:blk_file r_file_perms;
+allow blkid dm_device:blk_file r_file_perms;
+
+# Allow stdin/out back to vold
+allow blkid vold:fd use;
+allow blkid vold:fifo_file { read write getattr };
+
+# For blkid launched through popen()
+allow blkid blkid_exec:file rx_file_perms;
+
+# Only allow entry from vold
+neverallow { domain -vold } blkid:process transition;
+neverallow * blkid:process dyntransition;
+neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/private/blkid_untrusted.te b/prebuilts/api/30.0/private/blkid_untrusted.te
new file mode 100644
index 0000000..1256771
--- /dev/null
+++ b/prebuilts/api/30.0/private/blkid_untrusted.te
@@ -0,0 +1,37 @@
+# blkid for untrusted block devices
+
+typeattribute blkid_untrusted coredomain;
+
+# Allowed read-only access to vold block devices to extract UUID/label
+allow blkid_untrusted block_device:dir search;
+allow blkid_untrusted vold_device:blk_file r_file_perms;
+
+# Allow stdin/out back to vold
+allow blkid_untrusted vold:fd use;
+allow blkid_untrusted vold:fifo_file { read write getattr };
+
+# For blkid launched through popen()
+allow blkid_untrusted blkid_exec:file rx_file_perms;
+
+###
+### neverallow rules
+###
+
+# Untrusted blkid should never be run on block devices holding sensitive data
+neverallow blkid_untrusted {
+ boot_block_device
+ frp_block_device
+ metadata_block_device
+ recovery_block_device
+ root_block_device
+ swap_block_device
+ system_block_device
+ userdata_block_device
+ cache_block_device
+ dm_device
+}:blk_file no_rw_file_perms;
+
+# Only allow entry from vold via blkid binary
+neverallow { domain -vold } blkid_untrusted:process transition;
+neverallow * blkid_untrusted:process dyntransition;
+neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/private/bluetooth.te b/prebuilts/api/30.0/private/bluetooth.te
new file mode 100644
index 0000000..1680361
--- /dev/null
+++ b/prebuilts/api/30.0/private/bluetooth.te
@@ -0,0 +1,86 @@
+# bluetooth app
+
+typeattribute bluetooth coredomain;
+
+app_domain(bluetooth)
+net_domain(bluetooth)
+
+# Socket creation under /data/misc/bluedroid.
+type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
+
+# Allow access to net_admin ioctls
+allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
+
+wakelock_use(bluetooth);
+
+# Data file accesses.
+allow bluetooth bluetooth_data_file:dir create_dir_perms;
+allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
+allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
+allow bluetooth bluetooth_logs_data_file:file create_file_perms;
+
+# Socket creation under /data/misc/bluedroid.
+allow bluetooth bluetooth_socket:sock_file create_file_perms;
+
+allow bluetooth self:global_capability_class_set net_admin;
+allow bluetooth self:global_capability2_class_set wake_alarm;
+
+# tethering
+allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
+allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service };
+allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
+allow bluetooth tun_device:chr_file rw_file_perms;
+allowxperm bluetooth tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
+allow bluetooth efs_file:dir search;
+
+# allow Bluetooth to access uhid device for HID profile
+allow bluetooth uhid_device:chr_file rw_file_perms;
+
+# proc access.
+allow bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# Allow write access to bluetooth specific properties
+set_prop(bluetooth, binder_cache_bluetooth_server_prop);
+neverallow { domain -bluetooth -init }
+ binder_cache_bluetooth_server_prop:property_service set;
+set_prop(bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(bluetooth, bluetooth_audio_hal_prop)
+set_prop(bluetooth, bluetooth_prop)
+set_prop(bluetooth, exported_bluetooth_prop)
+set_prop(bluetooth, pan_result_prop)
+
+allow bluetooth audioserver_service:service_manager find;
+allow bluetooth bluetooth_service:service_manager find;
+allow bluetooth drmserver_service:service_manager find;
+allow bluetooth mediaserver_service:service_manager find;
+allow bluetooth radio_service:service_manager find;
+allow bluetooth app_api_service:service_manager find;
+allow bluetooth system_api_service:service_manager find;
+allow bluetooth network_stack_service:service_manager find;
+
+# already open bugreport file descriptors may be shared with
+# the bluetooth process, from a file in
+# /data/data/com.android.shell/files/bugreports/bugreport-*.
+allow bluetooth shell_data_file:file read;
+
+# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
+allow bluetooth self:global_capability_class_set sys_nice;
+
+hal_client_domain(bluetooth, hal_bluetooth)
+hal_client_domain(bluetooth, hal_telephony)
+
+# Bluetooth A2DP offload requires binding with audio HAL
+hal_client_domain(bluetooth, hal_audio)
+
+read_runtime_log_tags(bluetooth)
+
+###
+### Neverallow rules
+###
+### These are things that the bluetooth app should NEVER be able to do
+###
+
+# Superuser capabilities.
+# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
+neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice};
+neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend };
diff --git a/prebuilts/api/30.0/private/bluetoothdomain.te b/prebuilts/api/30.0/private/bluetoothdomain.te
new file mode 100644
index 0000000..fe4f0e6
--- /dev/null
+++ b/prebuilts/api/30.0/private/bluetoothdomain.te
@@ -0,0 +1,2 @@
+# Allow clients to use a socket provided by the bluetooth app.
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
diff --git a/prebuilts/api/30.0/private/bootanim.te b/prebuilts/api/30.0/private/bootanim.te
new file mode 100644
index 0000000..4740560
--- /dev/null
+++ b/prebuilts/api/30.0/private/bootanim.te
@@ -0,0 +1,9 @@
+typeattribute bootanim coredomain;
+
+init_daemon_domain(bootanim)
+
+# b/68864350
+dontaudit bootanim unlabeled:dir search;
+
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;
diff --git a/prebuilts/api/30.0/private/bootstat.te b/prebuilts/api/30.0/private/bootstat.te
new file mode 100644
index 0000000..806144c
--- /dev/null
+++ b/prebuilts/api/30.0/private/bootstat.te
@@ -0,0 +1,3 @@
+typeattribute bootstat coredomain;
+
+init_daemon_domain(bootstat)
diff --git a/prebuilts/api/30.0/private/boringssl_self_test.te b/prebuilts/api/30.0/private/boringssl_self_test.te
new file mode 100644
index 0000000..50fc1fc
--- /dev/null
+++ b/prebuilts/api/30.0/private/boringssl_self_test.te
@@ -0,0 +1,74 @@
+# System and vendor domains for BoringSSL self test binaries.
+#
+# For FIPS compliance, all processes linked against libcrypto perform a startup
+# self test which computes a hash of the BoringSSL Crypto Module (BCM) and, at least once
+# per device boot, also run a series of Known Answer Tests (KAT) to verify functionality.
+#
+# The KATs are expensive, and to ensure they are run as few times as possible, they
+# are skipped if a marker file exists in /dev/boringssl/selftest whose name is
+# the hash of the BCM that was computed earlier. The files are zero length and their contents
+# should never be read or written. To avoid giving arbitrary processes access to /dev/boringssl
+# to create these marker files, there are dedicated self test binaries which this policy
+# gives access to and which are run during early-init.
+#
+# Due to build skew, the version of libcrypto in /vendor may have a different hash than
+# the system one. To cater for this there are vendor variants of the self test binaries
+# which also have permission to write to the same files in /dev/boringssl. In the case where
+# vendor and system libcrypto have the same hash, there will be a race to create the file,
+# but this is harmless.
+#
+# If the self tests fail, then the device should reboot into firmware and for this reason
+# the system boringssl_self_test domain needs to be in coredomain. As vendor domains
+# are not allowed in coredomain, this means that the vendor self tests cannot trigger a
+# reboot. However every binary linked against the vendor libcrypto will abort on startup,
+# so in practice the device will crash anyway in this unlikely scenario.
+
+# System boringssl_self_test domain
+type boringssl_self_test, domain, coredomain;
+type boringssl_self_test_exec, system_file_type, exec_type, file_type;
+
+# Vendor boringssl_self_test domain
+type vendor_boringssl_self_test, domain;
+type vendor_boringssl_self_test_exec, vendor_file_type, exec_type, file_type;
+
+# Switch to boringssl_self_test security domain when running boringssl_self_test_exec
+init_daemon_domain(boringssl_self_test)
+
+# Switch to vendor_boringssl_self_test security domain when running vendor_boringssl_self_test_exec
+init_daemon_domain(vendor_boringssl_self_test)
+
+# Marker files, common to both domains, indicating KAT have been performed on a particular libcrypto
+#
+# The files are zero length so there is no issue if both vendor and system code
+# try to create the same file simultaneously. One will succeed and the other will fail
+# silently, i.e. still indicate success. Similar harmless naming collisions will happen in the
+# system domain e.g. when system and APEX copies of libcrypto are identical.
+type boringssl_self_test_marker, file_type;
+
+# Allow self test binaries to create/check for the existence of boringssl_self_test_marker files
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:file create_file_perms;
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:dir ra_dir_perms;
+
+# Allow self test binaries to write their stdout/stderr messages to kmsg_debug
+allow { boringssl_self_test vendor_boringssl_self_test }
+ kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
+
+# No other process should be able to create marker files because their existence causes the
+# boringssl KAT to be skipped.
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:dir write;
diff --git a/prebuilts/api/30.0/private/bpfloader.te b/prebuilts/api/30.0/private/bpfloader.te
new file mode 100644
index 0000000..74a8e25
--- /dev/null
+++ b/prebuilts/api/30.0/private/bpfloader.te
@@ -0,0 +1,40 @@
+# bpf program loader
+type bpfloader, domain;
+type bpfloader_exec, system_file_type, exec_type, file_type;
+typeattribute bpfloader coredomain;
+
+# These permissions are required to pin ebpf maps & programs.
+allow bpfloader fs_bpf:dir { search write add_name };
+allow bpfloader fs_bpf:file { create setattr read };
+
+# Allow bpfloader to create bpf maps and programs.
+allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run };
+
+allow bpfloader self:capability { chown sys_admin };
+
+###
+### Neverallow rules
+###
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -init -vendor_init } fs_bpf:dir setattr;
+neverallow { domain -bpfloader } fs_bpf:dir { write add_name };
+neverallow domain fs_bpf:dir { reparent rename rmdir };
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr;
+neverallow { domain -bpfloader } fs_bpf:file create;
+neverallow domain fs_bpf:file { rename unlink };
+
+neverallow { domain -bpfloader } *:bpf { map_create prog_load };
+neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
+neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
+
+neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
+
+neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# No domain should be allowed to ptrace bpfloader
+neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
+
+set_prop(bpfloader, bpf_progs_loaded_prop)
diff --git a/prebuilts/api/30.0/private/bufferhubd.te b/prebuilts/api/30.0/private/bufferhubd.te
new file mode 100644
index 0000000..012eb20
--- /dev/null
+++ b/prebuilts/api/30.0/private/bufferhubd.te
@@ -0,0 +1,3 @@
+typeattribute bufferhubd coredomain;
+
+init_daemon_domain(bufferhubd)
diff --git a/prebuilts/api/30.0/private/bug_map b/prebuilts/api/30.0/private/bug_map
new file mode 100644
index 0000000..60c2f15
--- /dev/null
+++ b/prebuilts/api/30.0/private/bug_map
@@ -0,0 +1,33 @@
+dnsmasq netd fifo_file b/77868789
+dnsmasq netd unix_stream_socket b/77868789
+gmscore_app system_data_file dir b/146166941
+init app_data_file file b/77873135
+init cache_file blk_file b/77873135
+init logpersist file b/77873135
+init nativetest_data_file dir b/77873135
+init pstorefs dir b/77873135
+init shell_data_file dir b/77873135
+init shell_data_file file b/77873135
+init shell_data_file lnk_file b/77873135
+init shell_data_file sock_file b/77873135
+init system_data_file chr_file b/77873135
+isolated_app privapp_data_file dir b/119596573
+isolated_app app_data_file dir b/120394782
+mediaextractor app_data_file file b/77923736
+mediaextractor radio_data_file file b/77923736
+mediaprovider cache_file blk_file b/77925342
+mediaprovider mnt_media_rw_file dir b/77925342
+mediaprovider shell_data_file dir b/77925342
+mediaswcodec ashmem_device chr_file b/142679232
+netd priv_app unix_stream_socket b/77870037
+netd untrusted_app unix_stream_socket b/77870037
+netd untrusted_app_25 unix_stream_socket b/77870037
+netd untrusted_app_27 unix_stream_socket b/77870037
+platform_app nfc_data_file dir b/74331887
+system_server crash_dump process b/73128755
+system_server overlayfs_file file b/142390309
+system_server sdcardfs file b/77856826
+system_server storage_stub_file dir b/145267097
+system_server zygote process b/77856826
+vold system_data_file file b/124108085
+zygote untrusted_app_25 process b/77925912
diff --git a/prebuilts/api/30.0/private/cameraserver.te b/prebuilts/api/30.0/private/cameraserver.te
new file mode 100644
index 0000000..2be3c9e
--- /dev/null
+++ b/prebuilts/api/30.0/private/cameraserver.te
@@ -0,0 +1,6 @@
+typeattribute cameraserver coredomain;
+
+typeattribute cameraserver camera_service_server;
+
+init_daemon_domain(cameraserver)
+tmpfs_domain(cameraserver)
diff --git a/prebuilts/api/30.0/private/charger.te b/prebuilts/api/30.0/private/charger.te
new file mode 100644
index 0000000..65109de
--- /dev/null
+++ b/prebuilts/api/30.0/private/charger.te
@@ -0,0 +1 @@
+typeattribute charger coredomain;
diff --git a/prebuilts/api/30.0/private/clatd.te b/prebuilts/api/30.0/private/clatd.te
new file mode 100644
index 0000000..0fa774a
--- /dev/null
+++ b/prebuilts/api/30.0/private/clatd.te
@@ -0,0 +1,36 @@
+# 464xlat daemon
+type clatd, domain, coredomain;
+type clatd_exec, system_file_type, exec_type, file_type;
+
+net_domain(clatd)
+
+r_dir_file(clatd, proc_net_type)
+userdebug_or_eng(`
+ auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+# Access objects inherited from netd.
+allow clatd netd:fd use;
+allow clatd netd:fifo_file { read write };
+# TODO: Check whether some or all of these sockets should be close-on-exec.
+allow clatd netd:netlink_kobject_uevent_socket { read write };
+allow clatd netd:netlink_nflog_socket { read write };
+allow clatd netd:netlink_route_socket { read write };
+allow clatd netd:udp_socket { read write };
+allow clatd netd:unix_stream_socket { read write };
+allow clatd netd:unix_dgram_socket { read write };
+
+allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
+
+# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
+# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
+# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have
+# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices
+# so we permit any requests we see from clatd asking for this capability.
+# See https://android-review.googlesource.com/127940 and
+# https://b.corp.google.com/issues/21736319
+allow clatd self:global_capability_class_set ipc_lock;
+
+allow clatd self:netlink_route_socket nlmsg_write;
+allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
+allow clatd tun_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.cil
new file mode 100644
index 0000000..498bca5
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.cil
@@ -0,0 +1,786 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_keystore)
+(typeattribute hal_wifi_keystore_client)
+(typeattribute hal_wifi_keystore_server)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type untrusted_v2_app)
+(type asan_reboot_prop)
+(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
+(type log_device)
+(type mediacasserver_service)
+(type mediacodec)
+(type mediacodec_exec)
+(type qtaguid_proc)
+(type reboot_data_file)
+(type tracing_shell_writable)
+(type tracing_shell_writable_debug)
+(type vold_socket)
+(type webview_zygote_socket)
+(type rild)
+(type netd_socket)
+
+(typeattributeset accessibility_service_26_0 (accessibility_service))
+(typeattributeset account_service_26_0 (account_service))
+(typeattributeset activity_service_26_0 (activity_service))
+(typeattributeset adbd_26_0 (adbd))
+(typeattributeset adb_data_file_26_0 (adb_data_file))
+(typeattributeset adbd_socket_26_0 (adbd_socket))
+(typeattributeset adb_keys_file_26_0 (adb_keys_file))
+(typeattributeset alarm_device_26_0 (alarm_device))
+(typeattributeset alarm_service_26_0 (alarm_service))
+(typeattributeset anr_data_file_26_0 (anr_data_file))
+(typeattributeset apk_data_file_26_0 (apk_data_file))
+(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
+(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_26_0 (app_fuse_file))
+(typeattributeset app_fusefs_26_0 (app_fusefs))
+(typeattributeset appops_service_26_0 (appops_service))
+(typeattributeset appwidget_service_26_0 (appwidget_service))
+(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
+(typeattributeset asec_apk_file_26_0 (asec_apk_file))
+(typeattributeset asec_image_file_26_0 (asec_image_file))
+(typeattributeset asec_public_file_26_0 (asec_public_file))
+(typeattributeset ashmem_device_26_0 (ashmem_device))
+(typeattributeset assetatlas_service_26_0 (assetatlas_service))
+(typeattributeset audio_data_file_26_0 (audio_data_file))
+(typeattributeset audio_device_26_0 (audio_device))
+(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
+(typeattributeset audio_prop_26_0 (audio_prop))
+(typeattributeset audio_seq_device_26_0 (audio_seq_device))
+(typeattributeset audioserver_26_0 (audioserver))
+(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
+(typeattributeset audioserver_service_26_0 (audioserver_service))
+(typeattributeset audio_service_26_0 (audio_service))
+(typeattributeset audio_timer_device_26_0 (audio_timer_device))
+(typeattributeset autofill_service_26_0 (autofill_service))
+(typeattributeset backup_data_file_26_0 (backup_data_file))
+(typeattributeset backup_service_26_0 (backup_service))
+(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
+(typeattributeset battery_service_26_0 (battery_service))
+(typeattributeset batterystats_service_26_0 (batterystats_service))
+(typeattributeset binder_device_26_0 (binder_device))
+(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
+(typeattributeset blkid_26_0 (blkid))
+(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
+(typeattributeset block_device_26_0 (block_device))
+(typeattributeset bluetooth_26_0 (bluetooth))
+(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_26_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
+(typeattributeset bootanim_26_0 (bootanim))
+(typeattributeset bootanim_exec_26_0 (bootanim_exec))
+(typeattributeset boot_block_device_26_0 (boot_block_device))
+(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
+(typeattributeset bootstat_26_0 (bootstat))
+(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_26_0 (bootstat_exec))
+(typeattributeset boottime_prop_26_0 (boottime_prop))
+(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
+(typeattributeset bufferhubd_26_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_26_0 (cache_backup_file))
+(typeattributeset cache_block_device_26_0 (cache_block_device))
+(typeattributeset cache_file_26_0 (cache_file))
+(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
+(typeattributeset camera_data_file_26_0 (camera_data_file))
+(typeattributeset camera_device_26_0 (camera_device))
+(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
+(typeattributeset cameraserver_26_0 (cameraserver))
+(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_26_0 (cameraserver_service))
+(typeattributeset cgroup_26_0 (cgroup))
+(typeattributeset charger_26_0 (charger))
+(typeattributeset clatd_26_0 (clatd))
+(typeattributeset clatd_exec_26_0 (clatd_exec))
+(typeattributeset clipboard_service_26_0 (clipboard_service))
+(typeattributeset commontime_management_service_26_0 (commontime_management_service))
+(typeattributeset companion_device_service_26_0 (companion_device_service))
+(typeattributeset configfs_26_0 (configfs))
+(typeattributeset config_prop_26_0 (config_prop))
+(typeattributeset connectivity_service_26_0 (connectivity_service))
+(typeattributeset connmetrics_service_26_0 (connmetrics_service))
+(typeattributeset console_device_26_0 (console_device))
+(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
+(typeattributeset content_service_26_0 (content_service))
+(typeattributeset contexthub_service_26_0 (contexthub_service))
+(typeattributeset coredump_file_26_0 (coredump_file))
+(typeattributeset country_detector_service_26_0 (country_detector_service))
+(typeattributeset coverage_service_26_0 (coverage_service))
+(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
+(typeattributeset cppreopts_26_0 (cppreopts))
+(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_26_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
+(typeattributeset crash_dump_26_0 (crash_dump))
+(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_26_0 (dalvik_prop))
+(typeattributeset dbinfo_service_26_0 (dbinfo_service))
+(typeattributeset debugfs_26_0
+ ( debugfs
+ debugfs_wakeup_sources
+ ))
+(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
+(typeattributeset debug_prop_26_0 (debug_prop))
+(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
+(typeattributeset default_android_service_26_0 (default_android_service))
+(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
+(typeattributeset default_prop_26_0
+ ( default_prop pm_prop))
+(typeattributeset device_26_0 (device))
+(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_26_0 (deviceidle_service))
+(typeattributeset device_logging_prop_26_0 (device_logging_prop))
+(typeattributeset device_policy_service_26_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
+(typeattributeset devpts_26_0 (devpts))
+(typeattributeset dex2oat_26_0 (dex2oat))
+(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
+(typeattributeset dhcp_26_0 (dhcp))
+(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_26_0 (dhcp_exec))
+(typeattributeset dhcp_prop_26_0 (dhcp_prop))
+(typeattributeset diskstats_service_26_0 (diskstats_service))
+(typeattributeset display_service_26_0 (display_service))
+(typeattributeset dm_device_26_0 (dm_device))
+(typeattributeset dnsmasq_26_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_26_0 (DockObserver_service))
+(typeattributeset dreams_service_26_0 (dreams_service))
+(typeattributeset drm_data_file_26_0 (drm_data_file))
+(typeattributeset drmserver_26_0 (drmserver))
+(typeattributeset drmserver_exec_26_0 (drmserver_exec))
+(typeattributeset drmserver_service_26_0 (drmserver_service))
+(typeattributeset drmserver_socket_26_0 (drmserver_socket))
+(typeattributeset dropbox_service_26_0 (dropbox_service))
+(typeattributeset dumpstate_26_0 (dumpstate))
+(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_26_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
+(typeattributeset efs_file_26_0 (efs_file))
+(typeattributeset ephemeral_app_26_0 (ephemeral_app))
+(typeattributeset ethernet_service_26_0 (ethernet_service))
+(typeattributeset ffs_prop_26_0 (ffs_prop))
+(typeattributeset file_contexts_file_26_0 (file_contexts_file))
+(typeattributeset fingerprintd_26_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_26_0 (fingerprint_service))
+(typeattributeset firstboot_prop_26_0 (firstboot_prop))
+(typeattributeset font_service_26_0 (font_service))
+(typeattributeset frp_block_device_26_0 (frp_block_device))
+(typeattributeset fsck_26_0 (fsck))
+(typeattributeset fsck_exec_26_0 (fsck_exec))
+(typeattributeset fscklogs_26_0 (fscklogs))
+(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
+(typeattributeset full_device_26_0 (full_device))
+(typeattributeset functionfs_26_0 (functionfs))
+(typeattributeset fuse_26_0 (fuse))
+(typeattributeset fuse_device_26_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_26_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
+(typeattributeset gps_control_26_0 (gps_control))
+(typeattributeset gpu_device_26_0 (gpu_device))
+(typeattributeset gpu_service_26_0 (gpu_service))
+(typeattributeset graphics_device_26_0 (graphics_device))
+(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
+(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
+(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
+(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
+(typeattributeset hardware_service_26_0 (hardware_service))
+(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
+(typeattributeset healthd_26_0 (healthd))
+(typeattributeset healthd_exec_26_0 (healthd_exec))
+(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_26_0 (hwbinder_device))
+(typeattributeset hw_random_device_26_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_26_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_26_0 (i2c_device))
+(typeattributeset icon_file_26_0 (icon_file))
+(typeattributeset idmap_26_0 (idmap))
+(typeattributeset idmap_exec_26_0 (idmap_exec))
+(typeattributeset iio_device_26_0 (iio_device))
+(typeattributeset imms_service_26_0 (imms_service))
+(typeattributeset incident_26_0 (incident))
+(typeattributeset incidentd_26_0 (incidentd))
+(typeattributeset incident_data_file_26_0 (incident_data_file))
+(typeattributeset incident_service_26_0 (incident_service))
+(typeattributeset init_26_0 (init))
+(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_26_0 (inotify))
+(typeattributeset input_device_26_0 (input_device))
+(typeattributeset inputflinger_26_0 (inputflinger))
+(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_26_0 (inputflinger_service))
+(typeattributeset input_method_service_26_0 (input_method_service))
+(typeattributeset input_service_26_0 (input_service))
+(typeattributeset installd_26_0 (installd))
+(typeattributeset install_data_file_26_0 (install_data_file))
+(typeattributeset installd_exec_26_0 (installd_exec))
+(typeattributeset installd_service_26_0 (installd_service))
+(typeattributeset install_recovery_26_0 (install_recovery))
+(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
+(typeattributeset ion_device_26_0 (ion_device))
+(typeattributeset IProxyService_service_26_0 (IProxyService_service))
+(typeattributeset ipsec_service_26_0 (ipsec_service))
+(typeattributeset isolated_app_26_0 (isolated_app))
+(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
+(typeattributeset kernel_26_0 (kernel))
+(typeattributeset keychain_data_file_26_0 (keychain_data_file))
+(typeattributeset keychord_device_26_0 (keychord_device))
+(typeattributeset keystore_26_0 (keystore))
+(typeattributeset keystore_data_file_26_0 (keystore_data_file))
+(typeattributeset keystore_exec_26_0 (keystore_exec))
+(typeattributeset keystore_service_26_0 (keystore_service))
+(typeattributeset kmem_device_26_0 (kmem_device))
+(typeattributeset kmsg_device_26_0 (kmsg_device))
+(typeattributeset labeledfs_26_0 (labeledfs))
+(typeattributeset launcherapps_service_26_0 (launcherapps_service))
+(typeattributeset lmkd_26_0 (lmkd))
+(typeattributeset lmkd_exec_26_0 (lmkd_exec))
+(typeattributeset lmkd_socket_26_0 (lmkd_socket))
+(typeattributeset location_service_26_0 (location_service))
+(typeattributeset lock_settings_service_26_0 (lock_settings_service))
+(typeattributeset logcat_exec_26_0 (logcat_exec))
+(typeattributeset logd_26_0 (logd))
+(typeattributeset log_device_26_0 (log_device))
+(typeattributeset logd_exec_26_0 (logd_exec))
+(typeattributeset logd_prop_26_0 (logd_prop))
+(typeattributeset logdr_socket_26_0 (logdr_socket))
+(typeattributeset logd_socket_26_0 (logd_socket))
+(typeattributeset logdw_socket_26_0 (logdw_socket))
+(typeattributeset logpersist_26_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_26_0 (log_prop))
+(typeattributeset log_tag_prop_26_0 (log_tag_prop))
+(typeattributeset loop_control_device_26_0 (loop_control_device))
+(typeattributeset loop_device_26_0 (loop_device))
+(typeattributeset mac_perms_file_26_0 (mac_perms_file))
+(typeattributeset mdnsd_26_0 (mdnsd))
+(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
+(typeattributeset mdns_socket_26_0 (mdns_socket))
+(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset hal_omx_server (mediacodec_26_0))
+(typeattributeset mediacodec_26_0 (mediacodec))
+(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_26_0 (mediacodec_service))
+(typeattributeset media_data_file_26_0 (media_data_file))
+(typeattributeset mediadrmserver_26_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_26_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
+(typeattributeset mediametrics_26_0 (mediametrics))
+(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_26_0 (mediametrics_service))
+(typeattributeset media_projection_service_26_0 (media_projection_service))
+(typeattributeset media_router_service_26_0 (media_router_service))
+(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
+(typeattributeset mediaserver_26_0 (mediaserver))
+(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_26_0 (mediaserver_service))
+(typeattributeset media_session_service_26_0 (media_session_service))
+(typeattributeset meminfo_service_26_0 (meminfo_service))
+(typeattributeset metadata_block_device_26_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
+(typeattributeset midi_service_26_0 (midi_service))
+(typeattributeset misc_block_device_26_0 (misc_block_device))
+(typeattributeset misc_logd_file_26_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
+(typeattributeset mmc_prop_26_0 (mmc_prop))
+(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_26_0 (mnt_user_file))
+(typeattributeset modprobe_26_0 (modprobe))
+(typeattributeset mount_service_26_0 (mount_service))
+(typeattributeset mqueue_26_0 (mqueue))
+(typeattributeset mtd_device_26_0 (mtd_device))
+(typeattributeset mtp_26_0 (mtp))
+(typeattributeset mtp_device_26_0 (mtp_device))
+(typeattributeset mtpd_socket_26_0 (mtpd_socket))
+(typeattributeset mtp_exec_26_0 (mtp_exec))
+(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
+(typeattributeset netd_26_0 (netd))
+(typeattributeset net_data_file_26_0 (net_data_file))
+(typeattributeset netd_exec_26_0 (netd_exec))
+(typeattributeset netd_listener_service_26_0 (netd_listener_service))
+(typeattributeset net_dns_prop_26_0 (net_dns_prop))
+(typeattributeset netd_service_26_0 (netd_service))
+(typeattributeset netd_socket_26_0 (netd_socket))
+(typeattributeset netif_26_0 (netif))
+(typeattributeset netpolicy_service_26_0 (netpolicy_service))
+(typeattributeset net_radio_prop_26_0 (net_radio_prop))
+(typeattributeset netstats_service_26_0 (netstats_service))
+(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_26_0 (network_management_service))
+(typeattributeset network_score_service_26_0 (network_score_service))
+(typeattributeset network_time_update_service_26_0 (network_time_update_service))
+(typeattributeset nfc_26_0 (nfc))
+(typeattributeset nfc_data_file_26_0 (nfc_data_file))
+(typeattributeset nfc_device_26_0 (nfc_device))
+(typeattributeset nfc_prop_26_0 (nfc_prop))
+(typeattributeset nfc_service_26_0 (nfc_service))
+(typeattributeset node_26_0 (node))
+(typeattributeset notification_service_26_0 (notification_service))
+(typeattributeset null_device_26_0 (null_device))
+(typeattributeset oemfs_26_0 (oemfs))
+(typeattributeset oem_lock_service_26_0 (oem_lock_service))
+(typeattributeset ota_data_file_26_0 (ota_data_file))
+(typeattributeset otadexopt_service_26_0 (otadexopt_service))
+(typeattributeset ota_package_file_26_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_26_0 (overlay_prop))
+(typeattributeset overlay_service_26_0 (overlay_service))
+(typeattributeset owntty_device_26_0 (owntty_device))
+(typeattributeset package_service_26_0 (package_service))
+(typeattributeset pan_result_prop_26_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
+(typeattributeset performanced_26_0 (performanced))
+(typeattributeset performanced_exec_26_0 (performanced_exec))
+(typeattributeset permission_service_26_0 (permission_service))
+(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_26_0 (pinner_service))
+(typeattributeset pipefs_26_0 (pipefs))
+(typeattributeset platform_app_26_0 (platform_app))
+(typeattributeset pmsg_device_26_0 (pmsg_device))
+(typeattributeset port_26_0 (port))
+(typeattributeset port_device_26_0 (port_device))
+(typeattributeset postinstall_26_0 (postinstall))
+(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_26_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_26_0 (powerctl_prop))
+(typeattributeset power_service_26_0 (power_service))
+(typeattributeset ppp_26_0 (ppp))
+(typeattributeset ppp_device_26_0 (ppp_device))
+(typeattributeset ppp_exec_26_0 (ppp_exec))
+(typeattributeset preloads_data_file_26_0 (preloads_data_file))
+(typeattributeset preloads_media_file_26_0 (preloads_media_file))
+(typeattributeset preopt2cachename_26_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
+(typeattributeset print_service_26_0 (print_service))
+(typeattributeset priv_app_26_0 (mediaprovider priv_app))
+(typeattributeset proc_26_0
+ ( proc
+ proc_abi
+ proc_asound
+ proc_buddyinfo
+ proc_cmdline
+ proc_dirty
+ proc_diskstats
+ proc_extra_free_kbytes
+ proc_filesystems
+ proc_hostname
+ proc_hung_task
+ proc_kmsg
+ proc_loadavg
+ proc_max_map_count
+ proc_min_free_order_shift
+ proc_mounts
+ proc_page_cluster
+ proc_pagetypeinfo
+ proc_panic
+ proc_pid_max
+ proc_pipe_conf
+ proc_random
+ proc_sched
+ proc_slabinfo
+ proc_swaps
+ proc_uid_time_in_state
+ proc_uid_concurrent_active_time
+ proc_uid_concurrent_policy_time
+ proc_uid_cpupower
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat))
+(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
+(typeattributeset processinfo_service_26_0 (processinfo_service))
+(typeattributeset proc_interrupts_26_0 (proc_interrupts))
+(typeattributeset proc_iomem_26_0 (proc_iomem))
+(typeattributeset proc_meminfo_26_0 (proc_meminfo))
+(typeattributeset proc_misc_26_0 (proc_misc))
+(typeattributeset proc_modules_26_0 (proc_modules))
+(typeattributeset proc_net_26_0
+ ( proc_net
+ proc_net_tcp_udp
+ proc_qtaguid_stat))
+(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_26_0 (proc_perf))
+(typeattributeset proc_security_26_0 (proc_security))
+(typeattributeset proc_stat_26_0 (proc_stat))
+(typeattributeset procstats_service_26_0 (procstats_service))
+(typeattributeset proc_sysrq_26_0 (proc_sysrq))
+(typeattributeset proc_timer_26_0 (proc_timer))
+(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
+(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
+(typeattributeset profman_26_0 (profman))
+(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
+(typeattributeset profman_exec_26_0 (profman_exec))
+(typeattributeset properties_device_26_0 (properties_device))
+(typeattributeset properties_serial_26_0 (properties_serial))
+(typeattributeset property_contexts_file_26_0 (property_contexts_file))
+(typeattributeset property_data_file_26_0 (property_data_file))
+(typeattributeset property_socket_26_0 (property_socket))
+(typeattributeset pstorefs_26_0 (pstorefs))
+(typeattributeset ptmx_device_26_0 (ptmx_device))
+(typeattributeset qtaguid_device_26_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_26_0
+ ( qtaguid_proc
+ proc_qtaguid_ctrl))
+(typeattributeset racoon_26_0 (racoon))
+(typeattributeset racoon_exec_26_0 (racoon_exec))
+(typeattributeset racoon_socket_26_0 (racoon_socket))
+(typeattributeset radio_26_0 (radio))
+(typeattributeset radio_data_file_26_0 (radio_data_file))
+(typeattributeset radio_device_26_0 (radio_device))
+(typeattributeset radio_prop_26_0 (radio_prop))
+(typeattributeset radio_service_26_0 (radio_service))
+(typeattributeset ram_device_26_0 (ram_device))
+(typeattributeset random_device_26_0 (random_device))
+(typeattributeset reboot_data_file_26_0 (reboot_data_file))
+(typeattributeset recovery_26_0 (recovery))
+(typeattributeset recovery_block_device_26_0 (recovery_block_device))
+(typeattributeset recovery_data_file_26_0 (recovery_data_file))
+(typeattributeset recovery_persist_26_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_26_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_26_0 (recovery_service))
+(typeattributeset registry_service_26_0 (registry_service))
+(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_26_0 (restorecon_prop))
+(typeattributeset restrictions_service_26_0 (restrictions_service))
+(typeattributeset rild_26_0 (rild))
+(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
+(typeattributeset rild_socket_26_0 (rild_socket))
+(typeattributeset ringtone_file_26_0 (ringtone_file))
+(typeattributeset root_block_device_26_0 (root_block_device))
+(typeattributeset rootfs_26_0 (rootfs))
+(typeattributeset rpmsg_device_26_0 (rpmsg_device))
+(typeattributeset rtc_device_26_0 (rtc_device))
+(typeattributeset rttmanager_service_26_0 (rttmanager_service))
+(typeattributeset runas_26_0 (runas))
+(typeattributeset runas_exec_26_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_26_0 (safemode_prop))
+(typeattributeset same_process_hal_file_26_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
+(typeattributeset sdcardd_26_0 (sdcardd))
+(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
+(typeattributeset sdcardfs_26_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
+(typeattributeset search_service_26_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_26_0 (selinuxfs))
+(typeattributeset sensors_device_26_0 (sensors_device))
+(typeattributeset sensorservice_service_26_0 (sensorservice_service))
+(typeattributeset sepolicy_file_26_0 (sepolicy_file))
+(typeattributeset serial_device_26_0 (serial_device))
+(typeattributeset serialno_prop_26_0 (serialno_prop))
+(typeattributeset serial_service_26_0 (serial_service))
+(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file))
+(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
+(typeattributeset servicemanager_26_0 (servicemanager))
+(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
+(typeattributeset settings_service_26_0 (settings_service))
+(typeattributeset sgdisk_26_0 (sgdisk))
+(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
+(typeattributeset shared_relro_26_0 (shared_relro))
+(typeattributeset shared_relro_file_26_0 (shared_relro_file))
+(typeattributeset shell_26_0 (shell))
+(typeattributeset shell_data_file_26_0 (shell_data_file))
+(typeattributeset shell_exec_26_0 (shell_exec))
+(typeattributeset shell_prop_26_0 (shell_prop))
+(typeattributeset shm_26_0 (shm))
+(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_26_0 (shortcut_service))
+(typeattributeset slideshow_26_0 (slideshow))
+(typeattributeset socket_device_26_0 (socket_device))
+(typeattributeset sockfs_26_0 (sockfs))
+(typeattributeset statusbar_service_26_0 (statusbar_service))
+(typeattributeset storaged_service_26_0 (storaged_service))
+(typeattributeset storage_file_26_0 (storage_file))
+(typeattributeset storagestats_service_26_0 (storagestats_service))
+(typeattributeset storage_stub_file_26_0 (storage_stub_file))
+(typeattributeset su_26_0 (su))
+(typeattributeset su_exec_26_0 (su_exec))
+(typeattributeset surfaceflinger_26_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_26_0 (swap_block_device))
+(typeattributeset sysfs_26_0
+ ( sysfs
+ sysfs_android_usb
+ sysfs_dm
+ sysfs_dt_firmware_android
+ sysfs_ipv4
+ sysfs_kernel_notes
+ sysfs_loop
+ sysfs_net
+ sysfs_power
+ sysfs_rtc
+ sysfs_switch
+ sysfs_wakeup_reasons))
+(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_26_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_26_0 (sysfs_uio))
+(typeattributeset sysfs_usb_26_0 (sysfs_usb))
+(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_26_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
+(typeattributeset system_app_26_0 (system_app))
+(typeattributeset system_app_data_file_26_0 (system_app_data_file))
+(typeattributeset system_app_service_26_0 (system_app_service))
+(typeattributeset system_block_device_26_0 (system_block_device))
+(typeattributeset system_data_file_26_0
+ ( system_data_file
+ dropbox_data_file
+ vendor_data_file))
+(typeattributeset system_file_26_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
+(typeattributeset system_prop_26_0 (system_prop))
+(typeattributeset system_radio_prop_26_0 (system_radio_prop))
+(typeattributeset system_server_26_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
+(typeattributeset task_service_26_0 (task_service))
+(typeattributeset tee_26_0 (tee))
+(typeattributeset tee_data_file_26_0 (tee_data_file))
+(typeattributeset tee_device_26_0 (tee_device))
+(typeattributeset telecom_service_26_0 (telecom_service))
+(typeattributeset textclassification_service_26_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
+(typeattributeset textservices_service_26_0 (textservices_service))
+(typeattributeset tmpfs_26_0 (tmpfs))
+(typeattributeset tombstoned_26_0 (tombstoned))
+(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
+(typeattributeset toolbox_26_0 (toolbox))
+(typeattributeset toolbox_exec_26_0 (toolbox_exec))
+(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable))
+(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug))
+(typeattributeset trust_service_26_0 (trust_service))
+(typeattributeset tty_device_26_0 (tty_device))
+(typeattributeset tun_device_26_0 (tun_device))
+(typeattributeset tv_input_service_26_0 (tv_input_service))
+(typeattributeset tzdatacheck_26_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
+(typeattributeset ueventd_26_0 (ueventd))
+(typeattributeset uhid_device_26_0 (uhid_device))
+(typeattributeset uimode_service_26_0 (uimode_service))
+(typeattributeset uio_device_26_0 (uio_device))
+(typeattributeset uncrypt_26_0 (uncrypt))
+(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
+(typeattributeset unlabeled_26_0 (unlabeled))
+(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
+(typeattributeset untrusted_app_26_0
+ ( untrusted_app
+ untrusted_app_27))
+(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
+(typeattributeset update_engine_26_0 (update_engine))
+(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_26_0 (update_engine_exec))
+(typeattributeset update_engine_service_26_0 (update_engine_service))
+(typeattributeset updatelock_service_26_0 (updatelock_service))
+(typeattributeset update_verifier_26_0 (update_verifier))
+(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
+(typeattributeset usagestats_service_26_0 (usagestats_service))
+(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
+(typeattributeset usb_device_26_0 (usb_device))
+(typeattributeset usbfs_26_0 (usbfs))
+(typeattributeset usb_service_26_0 (usb_service))
+(typeattributeset userdata_block_device_26_0 (userdata_block_device))
+(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper))
+(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
+(typeattributeset user_service_26_0 (user_service))
+(typeattributeset vcs_device_26_0 (vcs_device))
+(typeattributeset vdc_26_0 (vdc))
+(typeattributeset vdc_exec_26_0 (vdc_exec))
+(typeattributeset vendor_app_file_26_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
+(typeattributeset vendor_file_26_0 (vendor_file))
+(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
+(typeattributeset vfat_26_0 (vfat))
+(typeattributeset vibrator_service_26_0 (vibrator_service))
+(typeattributeset video_device_26_0 (video_device))
+(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_26_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_26_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
+(typeattributeset vold_26_0 (vold))
+(typeattributeset vold_data_file_26_0 (vold_data_file))
+(typeattributeset vold_device_26_0 (vold_device))
+(typeattributeset vold_exec_26_0 (vold_exec))
+(typeattributeset vold_prop_26_0 (vold_prop))
+(typeattributeset vold_socket_26_0 (vold_socket))
+(typeattributeset vpn_data_file_26_0 (vpn_data_file))
+(typeattributeset vr_hwc_26_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_26_0 (vr_manager_service))
+(typeattributeset wallpaper_file_26_0 (wallpaper_file))
+(typeattributeset wallpaper_service_26_0 (wallpaper_service))
+(typeattributeset watchdogd_26_0 (watchdogd))
+(typeattributeset watchdog_device_26_0 (watchdog_device))
+(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
+(typeattributeset webview_zygote_26_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_26_0 (wifiaware_service))
+(typeattributeset wificond_26_0 (wificond))
+(typeattributeset wificond_exec_26_0 (wificond_exec))
+(typeattributeset wificond_service_26_0 (wificond_service))
+(typeattributeset wifi_data_file_26_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_26_0 (wifip2p_service))
+(typeattributeset wifi_prop_26_0 (wifi_prop))
+(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
+(typeattributeset wifi_service_26_0 (wifi_service))
+(typeattributeset window_service_26_0 (window_service))
+(typeattributeset wpa_socket_26_0 (wpa_socket))
+(typeattributeset zero_device_26_0 (zero_device))
+(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
+(typeattributeset zygote_26_0 (zygote))
+(typeattributeset zygote_exec_26_0 (zygote_exec))
+(typeattributeset zygote_socket_26_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
new file mode 100644
index 0000000..b395855
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
@@ -0,0 +1,229 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ adbd_exec
+ app_binding_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ app_zygote
+ atrace
+ binder_calls_stats_service
+ biometric_service
+ bootloader_boot_reason_prop
+ blank_screen
+ blank_screen_exec
+ blank_screen_tmpfs
+ bluetooth_a2dp_offload_prop
+ bpfloader
+ bpfloader_exec
+ broadcastradio_service
+ cgroup_bpf
+ charger_exec
+ color_display_service
+ content_capture_service
+ crossprofileapps_service
+ ctl_apexd_prop
+ ctl_interface_restart_prop
+ ctl_interface_start_prop
+ ctl_interface_stop_prop
+ ctl_sigstop_prop
+ device_config_boot_count_prop
+ device_config_reset_performed_prop
+ device_config_netd_native_prop
+ dnsresolver_service
+ e2fs
+ e2fs_exec
+ exfat
+ exported_audio_prop
+ exported_bluetooth_prop
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_overlay_prop
+ exported_pm_prop
+ exported_radio_prop
+ exported_secure_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported_wifi_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_radio_prop
+ exported3_system_prop
+ fastbootd
+ fingerprint_vendor_data_file
+ flags_health_check
+ flags_health_check_exec
+ fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
+ hal_audiocontrol_hwservice
+ hal_authsecret_hwservice
+ hal_broadcastradio_hwservice
+ hal_cas_hwservice
+ hal_codec2_hwservice
+ hal_confirmationui_hwservice
+ hal_evs_hwservice
+ hal_health_storage_hwservice
+ hal_lowpan_hwservice
+ hal_neuralnetworks_hwservice
+ hal_secure_element_hwservice
+ hal_tetheroffload_hwservice
+ hal_wifi_hostapd_hwservice
+ hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
+ hal_wifi_offload_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
+ incident_helper
+ incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
+ kmsg_debug_device
+ last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lowpan_device
+ lowpan_prop
+ lowpan_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ mediaextractor_update_service
+ mediaprovider_tmpfs
+ metadata_bootstat_file
+ metadata_file
+ mnt_product_file
+ mnt_vendor_file
+ netd_stable_secret_prop
+ network_stack
+ network_stack_service
+ network_watchlist_data_file
+ network_watchlist_service
+ overlayfs_file
+ package_native_service
+ perfetto
+ perfetto_exec
+ perfetto_tmpfs
+ perfetto_traces_data_file
+ property_info
+ recovery_socket
+ role_service
+ runas_app
+ art_apex_dir
+ runtime_service
+ secure_element
+ secure_element_device
+ secure_element_tmpfs
+ secure_element_service
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ slice_service
+ socket_hook_prop
+ staging_data_file
+ stats
+ stats_data_file
+ stats_exec
+ stats_service
+ statsd
+ statsd_exec
+ statsd_tmpfs
+ statsdw
+ statsdw_socket
+ statscompanion_service
+ storaged_data_file
+ super_block_device
+ sysfs_fs_ext4_features
+ system_boot_reason_prop
+ system_bootstrap_lib_file
+ system_lmk_prop
+ system_net_netd_hwservice
+ system_update_service
+ test_boot_reason_prop
+ thermal_service
+ thermalcallback_hwservice
+ thermalserviced
+ thermalserviced_exec
+ thermalserviced_tmpfs
+ time_prop
+ timedetector_service
+ timezone_service
+ tombstoned_java_trace_socket
+ tombstone_wifi_data_file
+ trace_data_file
+ traceur_app
+ traceur_app_tmpfs
+ traced
+ traced_consumer_socket
+ traced_enabled_prop
+ traced_exec
+ traced_probes
+ traced_probes_exec
+ traced_probes_tmpfs
+ traced_producer_socket
+ traced_tmpfs
+ untrusted_app_all_devpts
+ update_engine_log_data_file
+ vendor_default_prop
+ vendor_security_patch_level_prop
+ uri_grants_service
+ usbd
+ usbd_exec
+ usbd_tmpfs
+ vendor_apex_file
+ vendor_init
+ vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
+ vold_metadata_file
+ vold_prepare_subdirs
+ vold_prepare_subdirs_exec
+ vold_service
+ vrflinger_vsync_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
+ wpantund
+ wpantund_exec
+ wpantund_service
+ wpantund_tmpfs
+ wm_trace_data_file))
+
+;; private_objects - a collection of types that were labeled differently in
+;; older policy, but that should not remain accessible to vendor policy.
+;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
+(typeattribute priv_objects)
+(typeattributeset priv_objects
+ ( priv_objects
+ adbd_tmpfs
+ untrusted_app_27_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.cil
new file mode 100644
index 0000000..0d883c0
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.cil
@@ -0,0 +1,1507 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
+(type mediacodec)
+(type mediacodec_exec)
+(type netd_socket)
+(type qtaguid_proc)
+(type reboot_data_file)
+(type rild)
+(type untrusted_v2_app)
+(type webview_zygote_socket)
+(type vold_socket)
+
+(expandtypeattribute (accessibility_service_27_0) true)
+(expandtypeattribute (account_service_27_0) true)
+(expandtypeattribute (activity_service_27_0) true)
+(expandtypeattribute (adbd_27_0) true)
+(expandtypeattribute (adb_data_file_27_0) true)
+(expandtypeattribute (adbd_exec_27_0) true)
+(expandtypeattribute (adbd_socket_27_0) true)
+(expandtypeattribute (adb_keys_file_27_0) true)
+(expandtypeattribute (alarm_device_27_0) true)
+(expandtypeattribute (alarm_service_27_0) true)
+(expandtypeattribute (anr_data_file_27_0) true)
+(expandtypeattribute (apk_data_file_27_0) true)
+(expandtypeattribute (apk_private_data_file_27_0) true)
+(expandtypeattribute (apk_private_tmp_file_27_0) true)
+(expandtypeattribute (apk_tmp_file_27_0) true)
+(expandtypeattribute (app_data_file_27_0) true)
+(expandtypeattribute (app_fuse_file_27_0) true)
+(expandtypeattribute (app_fusefs_27_0) true)
+(expandtypeattribute (appops_service_27_0) true)
+(expandtypeattribute (appwidget_service_27_0) true)
+(expandtypeattribute (asec_apk_file_27_0) true)
+(expandtypeattribute (asec_image_file_27_0) true)
+(expandtypeattribute (asec_public_file_27_0) true)
+(expandtypeattribute (ashmem_device_27_0) true)
+(expandtypeattribute (assetatlas_service_27_0) true)
+(expandtypeattribute (audio_data_file_27_0) true)
+(expandtypeattribute (audio_device_27_0) true)
+(expandtypeattribute (audiohal_data_file_27_0) true)
+(expandtypeattribute (audio_prop_27_0) true)
+(expandtypeattribute (audio_seq_device_27_0) true)
+(expandtypeattribute (audioserver_27_0) true)
+(expandtypeattribute (audioserver_data_file_27_0) true)
+(expandtypeattribute (audioserver_service_27_0) true)
+(expandtypeattribute (audio_service_27_0) true)
+(expandtypeattribute (audio_timer_device_27_0) true)
+(expandtypeattribute (autofill_service_27_0) true)
+(expandtypeattribute (backup_data_file_27_0) true)
+(expandtypeattribute (backup_service_27_0) true)
+(expandtypeattribute (batteryproperties_service_27_0) true)
+(expandtypeattribute (battery_service_27_0) true)
+(expandtypeattribute (batterystats_service_27_0) true)
+(expandtypeattribute (binder_device_27_0) true)
+(expandtypeattribute (binfmt_miscfs_27_0) true)
+(expandtypeattribute (blkid_27_0) true)
+(expandtypeattribute (blkid_untrusted_27_0) true)
+(expandtypeattribute (block_device_27_0) true)
+(expandtypeattribute (bluetooth_27_0) true)
+(expandtypeattribute (bluetooth_data_file_27_0) true)
+(expandtypeattribute (bluetooth_efs_file_27_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_27_0) true)
+(expandtypeattribute (bluetooth_manager_service_27_0) true)
+(expandtypeattribute (bluetooth_prop_27_0) true)
+(expandtypeattribute (bluetooth_service_27_0) true)
+(expandtypeattribute (bluetooth_socket_27_0) true)
+(expandtypeattribute (bootanim_27_0) true)
+(expandtypeattribute (bootanim_exec_27_0) true)
+(expandtypeattribute (boot_block_device_27_0) true)
+(expandtypeattribute (bootchart_data_file_27_0) true)
+(expandtypeattribute (bootstat_27_0) true)
+(expandtypeattribute (bootstat_data_file_27_0) true)
+(expandtypeattribute (bootstat_exec_27_0) true)
+(expandtypeattribute (boottime_prop_27_0) true)
+(expandtypeattribute (boottrace_data_file_27_0) true)
+(expandtypeattribute (broadcastradio_service_27_0) true)
+(expandtypeattribute (bufferhubd_27_0) true)
+(expandtypeattribute (bufferhubd_exec_27_0) true)
+(expandtypeattribute (cache_backup_file_27_0) true)
+(expandtypeattribute (cache_block_device_27_0) true)
+(expandtypeattribute (cache_file_27_0) true)
+(expandtypeattribute (cache_private_backup_file_27_0) true)
+(expandtypeattribute (cache_recovery_file_27_0) true)
+(expandtypeattribute (camera_data_file_27_0) true)
+(expandtypeattribute (camera_device_27_0) true)
+(expandtypeattribute (cameraproxy_service_27_0) true)
+(expandtypeattribute (cameraserver_27_0) true)
+(expandtypeattribute (cameraserver_exec_27_0) true)
+(expandtypeattribute (cameraserver_service_27_0) true)
+(expandtypeattribute (cgroup_27_0) true)
+(expandtypeattribute (charger_27_0) true)
+(expandtypeattribute (clatd_27_0) true)
+(expandtypeattribute (clatd_exec_27_0) true)
+(expandtypeattribute (clipboard_service_27_0) true)
+(expandtypeattribute (commontime_management_service_27_0) true)
+(expandtypeattribute (companion_device_service_27_0) true)
+(expandtypeattribute (configfs_27_0) true)
+(expandtypeattribute (config_prop_27_0) true)
+(expandtypeattribute (connectivity_service_27_0) true)
+(expandtypeattribute (connmetrics_service_27_0) true)
+(expandtypeattribute (console_device_27_0) true)
+(expandtypeattribute (consumer_ir_service_27_0) true)
+(expandtypeattribute (content_service_27_0) true)
+(expandtypeattribute (contexthub_service_27_0) true)
+(expandtypeattribute (coredump_file_27_0) true)
+(expandtypeattribute (country_detector_service_27_0) true)
+(expandtypeattribute (coverage_service_27_0) true)
+(expandtypeattribute (cppreopt_prop_27_0) true)
+(expandtypeattribute (cppreopts_27_0) true)
+(expandtypeattribute (cppreopts_exec_27_0) true)
+(expandtypeattribute (cpuctl_device_27_0) true)
+(expandtypeattribute (cpuinfo_service_27_0) true)
+(expandtypeattribute (crash_dump_27_0) true)
+(expandtypeattribute (crash_dump_exec_27_0) true)
+(expandtypeattribute (ctl_bootanim_prop_27_0) true)
+(expandtypeattribute (ctl_bugreport_prop_27_0) true)
+(expandtypeattribute (ctl_console_prop_27_0) true)
+(expandtypeattribute (ctl_default_prop_27_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_27_0) true)
+(expandtypeattribute (ctl_fuse_prop_27_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_27_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_27_0) true)
+(expandtypeattribute (dalvikcache_data_file_27_0) true)
+(expandtypeattribute (dalvik_prop_27_0) true)
+(expandtypeattribute (dbinfo_service_27_0) true)
+(expandtypeattribute (debugfs_27_0) true)
+(expandtypeattribute (debugfs_mmc_27_0) true)
+(expandtypeattribute (debugfs_trace_marker_27_0) true)
+(expandtypeattribute (debugfs_tracing_27_0) true)
+(expandtypeattribute (debugfs_tracing_debug_27_0) true)
+(expandtypeattribute (debugfs_tracing_instances_27_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_27_0) true)
+(expandtypeattribute (debuggerd_prop_27_0) true)
+(expandtypeattribute (debug_prop_27_0) true)
+(expandtypeattribute (default_android_hwservice_27_0) true)
+(expandtypeattribute (default_android_service_27_0) true)
+(expandtypeattribute (default_android_vndservice_27_0) true)
+(expandtypeattribute (default_prop_27_0) true)
+(expandtypeattribute (device_27_0) true)
+(expandtypeattribute (device_identifiers_service_27_0) true)
+(expandtypeattribute (deviceidle_service_27_0) true)
+(expandtypeattribute (device_logging_prop_27_0) true)
+(expandtypeattribute (device_policy_service_27_0) true)
+(expandtypeattribute (devicestoragemonitor_service_27_0) true)
+(expandtypeattribute (devpts_27_0) true)
+(expandtypeattribute (dex2oat_27_0) true)
+(expandtypeattribute (dex2oat_exec_27_0) true)
+(expandtypeattribute (dhcp_27_0) true)
+(expandtypeattribute (dhcp_data_file_27_0) true)
+(expandtypeattribute (dhcp_exec_27_0) true)
+(expandtypeattribute (dhcp_prop_27_0) true)
+(expandtypeattribute (diskstats_service_27_0) true)
+(expandtypeattribute (display_service_27_0) true)
+(expandtypeattribute (dm_device_27_0) true)
+(expandtypeattribute (dnsmasq_27_0) true)
+(expandtypeattribute (dnsmasq_exec_27_0) true)
+(expandtypeattribute (dnsproxyd_socket_27_0) true)
+(expandtypeattribute (DockObserver_service_27_0) true)
+(expandtypeattribute (dreams_service_27_0) true)
+(expandtypeattribute (drm_data_file_27_0) true)
+(expandtypeattribute (drmserver_27_0) true)
+(expandtypeattribute (drmserver_exec_27_0) true)
+(expandtypeattribute (drmserver_service_27_0) true)
+(expandtypeattribute (drmserver_socket_27_0) true)
+(expandtypeattribute (dropbox_service_27_0) true)
+(expandtypeattribute (dumpstate_27_0) true)
+(expandtypeattribute (dumpstate_exec_27_0) true)
+(expandtypeattribute (dumpstate_options_prop_27_0) true)
+(expandtypeattribute (dumpstate_prop_27_0) true)
+(expandtypeattribute (dumpstate_service_27_0) true)
+(expandtypeattribute (dumpstate_socket_27_0) true)
+(expandtypeattribute (e2fs_27_0) true)
+(expandtypeattribute (e2fs_exec_27_0) true)
+(expandtypeattribute (efs_file_27_0) true)
+(expandtypeattribute (ephemeral_app_27_0) true)
+(expandtypeattribute (ethernet_service_27_0) true)
+(expandtypeattribute (ffs_prop_27_0) true)
+(expandtypeattribute (file_contexts_file_27_0) true)
+(expandtypeattribute (fingerprintd_27_0) true)
+(expandtypeattribute (fingerprintd_data_file_27_0) true)
+(expandtypeattribute (fingerprintd_exec_27_0) true)
+(expandtypeattribute (fingerprintd_service_27_0) true)
+(expandtypeattribute (fingerprint_prop_27_0) true)
+(expandtypeattribute (fingerprint_service_27_0) true)
+(expandtypeattribute (firstboot_prop_27_0) true)
+(expandtypeattribute (font_service_27_0) true)
+(expandtypeattribute (frp_block_device_27_0) true)
+(expandtypeattribute (fsck_27_0) true)
+(expandtypeattribute (fsck_exec_27_0) true)
+(expandtypeattribute (fscklogs_27_0) true)
+(expandtypeattribute (fsck_untrusted_27_0) true)
+(expandtypeattribute (full_device_27_0) true)
+(expandtypeattribute (functionfs_27_0) true)
+(expandtypeattribute (fuse_27_0) true)
+(expandtypeattribute (fuse_device_27_0) true)
+(expandtypeattribute (fwk_display_hwservice_27_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_27_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_27_0) true)
+(expandtypeattribute (fwmarkd_socket_27_0) true)
+(expandtypeattribute (gatekeeperd_27_0) true)
+(expandtypeattribute (gatekeeper_data_file_27_0) true)
+(expandtypeattribute (gatekeeperd_exec_27_0) true)
+(expandtypeattribute (gatekeeper_service_27_0) true)
+(expandtypeattribute (gfxinfo_service_27_0) true)
+(expandtypeattribute (gps_control_27_0) true)
+(expandtypeattribute (gpu_device_27_0) true)
+(expandtypeattribute (gpu_service_27_0) true)
+(expandtypeattribute (graphics_device_27_0) true)
+(expandtypeattribute (graphicsstats_service_27_0) true)
+(expandtypeattribute (hal_audio_hwservice_27_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_27_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_27_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_27_0) true)
+(expandtypeattribute (hal_camera_hwservice_27_0) true)
+(expandtypeattribute (hal_cas_hwservice_27_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_27_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_27_0) true)
+(expandtypeattribute (hal_drm_hwservice_27_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_27_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_27_0) true)
+(expandtypeattribute (hal_fingerprint_service_27_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_27_0) true)
+(expandtypeattribute (hal_gnss_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_27_0) true)
+(expandtypeattribute (hal_health_hwservice_27_0) true)
+(expandtypeattribute (hal_ir_hwservice_27_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_27_0) true)
+(expandtypeattribute (hal_light_hwservice_27_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_27_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_27_0) true)
+(expandtypeattribute (hal_nfc_hwservice_27_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_27_0) true)
+(expandtypeattribute (hal_omx_hwservice_27_0) true)
+(expandtypeattribute (hal_power_hwservice_27_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_27_0) true)
+(expandtypeattribute (hal_sensors_hwservice_27_0) true)
+(expandtypeattribute (hal_telephony_hwservice_27_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_27_0) true)
+(expandtypeattribute (hal_thermal_hwservice_27_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_27_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_27_0) true)
+(expandtypeattribute (hal_usb_hwservice_27_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_27_0) true)
+(expandtypeattribute (hal_vr_hwservice_27_0) true)
+(expandtypeattribute (hal_weaver_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_27_0) true)
+(expandtypeattribute (hardware_properties_service_27_0) true)
+(expandtypeattribute (hardware_service_27_0) true)
+(expandtypeattribute (hci_attach_dev_27_0) true)
+(expandtypeattribute (hdmi_control_service_27_0) true)
+(expandtypeattribute (healthd_27_0) true)
+(expandtypeattribute (healthd_exec_27_0) true)
+(expandtypeattribute (heapdump_data_file_27_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_27_0) true)
+(expandtypeattribute (hidl_base_hwservice_27_0) true)
+(expandtypeattribute (hidl_manager_hwservice_27_0) true)
+(expandtypeattribute (hidl_memory_hwservice_27_0) true)
+(expandtypeattribute (hidl_token_hwservice_27_0) true)
+(expandtypeattribute (hwbinder_device_27_0) true)
+(expandtypeattribute (hw_random_device_27_0) true)
+(expandtypeattribute (hwservice_contexts_file_27_0) true)
+(expandtypeattribute (hwservicemanager_27_0) true)
+(expandtypeattribute (hwservicemanager_exec_27_0) true)
+(expandtypeattribute (hwservicemanager_prop_27_0) true)
+(expandtypeattribute (i2c_device_27_0) true)
+(expandtypeattribute (icon_file_27_0) true)
+(expandtypeattribute (idmap_27_0) true)
+(expandtypeattribute (idmap_exec_27_0) true)
+(expandtypeattribute (iio_device_27_0) true)
+(expandtypeattribute (imms_service_27_0) true)
+(expandtypeattribute (incident_27_0) true)
+(expandtypeattribute (incidentd_27_0) true)
+(expandtypeattribute (incident_data_file_27_0) true)
+(expandtypeattribute (incident_service_27_0) true)
+(expandtypeattribute (init_27_0) true)
+(expandtypeattribute (init_exec_27_0) true)
+(expandtypeattribute (inotify_27_0) true)
+(expandtypeattribute (input_device_27_0) true)
+(expandtypeattribute (inputflinger_27_0) true)
+(expandtypeattribute (inputflinger_exec_27_0) true)
+(expandtypeattribute (inputflinger_service_27_0) true)
+(expandtypeattribute (input_method_service_27_0) true)
+(expandtypeattribute (input_service_27_0) true)
+(expandtypeattribute (installd_27_0) true)
+(expandtypeattribute (install_data_file_27_0) true)
+(expandtypeattribute (installd_exec_27_0) true)
+(expandtypeattribute (installd_service_27_0) true)
+(expandtypeattribute (install_recovery_27_0) true)
+(expandtypeattribute (install_recovery_exec_27_0) true)
+(expandtypeattribute (ion_device_27_0) true)
+(expandtypeattribute (IProxyService_service_27_0) true)
+(expandtypeattribute (ipsec_service_27_0) true)
+(expandtypeattribute (isolated_app_27_0) true)
+(expandtypeattribute (jobscheduler_service_27_0) true)
+(expandtypeattribute (kernel_27_0) true)
+(expandtypeattribute (keychain_data_file_27_0) true)
+(expandtypeattribute (keychord_device_27_0) true)
+(expandtypeattribute (keystore_27_0) true)
+(expandtypeattribute (keystore_data_file_27_0) true)
+(expandtypeattribute (keystore_exec_27_0) true)
+(expandtypeattribute (keystore_service_27_0) true)
+(expandtypeattribute (kmem_device_27_0) true)
+(expandtypeattribute (kmsg_debug_device_27_0) true)
+(expandtypeattribute (kmsg_device_27_0) true)
+(expandtypeattribute (labeledfs_27_0) true)
+(expandtypeattribute (launcherapps_service_27_0) true)
+(expandtypeattribute (lmkd_27_0) true)
+(expandtypeattribute (lmkd_exec_27_0) true)
+(expandtypeattribute (lmkd_socket_27_0) true)
+(expandtypeattribute (location_service_27_0) true)
+(expandtypeattribute (lock_settings_service_27_0) true)
+(expandtypeattribute (logcat_exec_27_0) true)
+(expandtypeattribute (logd_27_0) true)
+(expandtypeattribute (logd_exec_27_0) true)
+(expandtypeattribute (logd_prop_27_0) true)
+(expandtypeattribute (logdr_socket_27_0) true)
+(expandtypeattribute (logd_socket_27_0) true)
+(expandtypeattribute (logdw_socket_27_0) true)
+(expandtypeattribute (logpersist_27_0) true)
+(expandtypeattribute (logpersistd_logging_prop_27_0) true)
+(expandtypeattribute (log_prop_27_0) true)
+(expandtypeattribute (log_tag_prop_27_0) true)
+(expandtypeattribute (loop_control_device_27_0) true)
+(expandtypeattribute (loop_device_27_0) true)
+(expandtypeattribute (mac_perms_file_27_0) true)
+(expandtypeattribute (mdnsd_27_0) true)
+(expandtypeattribute (mdnsd_socket_27_0) true)
+(expandtypeattribute (mdns_socket_27_0) true)
+(expandtypeattribute (mediacodec_27_0) true)
+(expandtypeattribute (mediacodec_exec_27_0) true)
+(expandtypeattribute (mediacodec_service_27_0) true)
+(expandtypeattribute (media_data_file_27_0) true)
+(expandtypeattribute (mediadrmserver_27_0) true)
+(expandtypeattribute (mediadrmserver_exec_27_0) true)
+(expandtypeattribute (mediadrmserver_service_27_0) true)
+(expandtypeattribute (mediaextractor_27_0) true)
+(expandtypeattribute (mediaextractor_exec_27_0) true)
+(expandtypeattribute (mediaextractor_service_27_0) true)
+(expandtypeattribute (mediametrics_27_0) true)
+(expandtypeattribute (mediametrics_exec_27_0) true)
+(expandtypeattribute (mediametrics_service_27_0) true)
+(expandtypeattribute (media_projection_service_27_0) true)
+(expandtypeattribute (mediaprovider_27_0) true)
+(expandtypeattribute (media_router_service_27_0) true)
+(expandtypeattribute (media_rw_data_file_27_0) true)
+(expandtypeattribute (mediaserver_27_0) true)
+(expandtypeattribute (mediaserver_exec_27_0) true)
+(expandtypeattribute (mediaserver_service_27_0) true)
+(expandtypeattribute (media_session_service_27_0) true)
+(expandtypeattribute (meminfo_service_27_0) true)
+(expandtypeattribute (metadata_block_device_27_0) true)
+(expandtypeattribute (method_trace_data_file_27_0) true)
+(expandtypeattribute (midi_service_27_0) true)
+(expandtypeattribute (misc_block_device_27_0) true)
+(expandtypeattribute (misc_logd_file_27_0) true)
+(expandtypeattribute (misc_user_data_file_27_0) true)
+(expandtypeattribute (mmc_prop_27_0) true)
+(expandtypeattribute (mnt_expand_file_27_0) true)
+(expandtypeattribute (mnt_media_rw_file_27_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_27_0) true)
+(expandtypeattribute (mnt_user_file_27_0) true)
+(expandtypeattribute (modprobe_27_0) true)
+(expandtypeattribute (mount_service_27_0) true)
+(expandtypeattribute (mqueue_27_0) true)
+(expandtypeattribute (mtd_device_27_0) true)
+(expandtypeattribute (mtp_27_0) true)
+(expandtypeattribute (mtp_device_27_0) true)
+(expandtypeattribute (mtpd_socket_27_0) true)
+(expandtypeattribute (mtp_exec_27_0) true)
+(expandtypeattribute (nativetest_data_file_27_0) true)
+(expandtypeattribute (netd_27_0) true)
+(expandtypeattribute (net_data_file_27_0) true)
+(expandtypeattribute (netd_exec_27_0) true)
+(expandtypeattribute (netd_listener_service_27_0) true)
+(expandtypeattribute (net_dns_prop_27_0) true)
+(expandtypeattribute (netd_service_27_0) true)
+(expandtypeattribute (netd_socket_27_0) true)
+(expandtypeattribute (netd_stable_secret_prop_27_0) true)
+(expandtypeattribute (netif_27_0) true)
+(expandtypeattribute (netpolicy_service_27_0) true)
+(expandtypeattribute (net_radio_prop_27_0) true)
+(expandtypeattribute (netstats_service_27_0) true)
+(expandtypeattribute (netutils_wrapper_27_0) true)
+(expandtypeattribute (netutils_wrapper_exec_27_0) true)
+(expandtypeattribute (network_management_service_27_0) true)
+(expandtypeattribute (network_score_service_27_0) true)
+(expandtypeattribute (network_time_update_service_27_0) true)
+(expandtypeattribute (nfc_27_0) true)
+(expandtypeattribute (nfc_data_file_27_0) true)
+(expandtypeattribute (nfc_device_27_0) true)
+(expandtypeattribute (nfc_prop_27_0) true)
+(expandtypeattribute (nfc_service_27_0) true)
+(expandtypeattribute (node_27_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_27_0) true)
+(expandtypeattribute (notification_service_27_0) true)
+(expandtypeattribute (null_device_27_0) true)
+(expandtypeattribute (oemfs_27_0) true)
+(expandtypeattribute (oem_lock_service_27_0) true)
+(expandtypeattribute (ota_data_file_27_0) true)
+(expandtypeattribute (otadexopt_service_27_0) true)
+(expandtypeattribute (ota_package_file_27_0) true)
+(expandtypeattribute (otapreopt_chroot_27_0) true)
+(expandtypeattribute (otapreopt_chroot_exec_27_0) true)
+(expandtypeattribute (otapreopt_slot_27_0) true)
+(expandtypeattribute (otapreopt_slot_exec_27_0) true)
+(expandtypeattribute (overlay_prop_27_0) true)
+(expandtypeattribute (overlay_service_27_0) true)
+(expandtypeattribute (owntty_device_27_0) true)
+(expandtypeattribute (package_native_service_27_0) true)
+(expandtypeattribute (package_service_27_0) true)
+(expandtypeattribute (pan_result_prop_27_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_27_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_dir_27_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_performance_dir_27_0) true)
+(expandtypeattribute (performanced_27_0) true)
+(expandtypeattribute (performanced_exec_27_0) true)
+(expandtypeattribute (permission_service_27_0) true)
+(expandtypeattribute (persist_debug_prop_27_0) true)
+(expandtypeattribute (persistent_data_block_service_27_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_27_0) true)
+(expandtypeattribute (pinner_service_27_0) true)
+(expandtypeattribute (pipefs_27_0) true)
+(expandtypeattribute (platform_app_27_0) true)
+(expandtypeattribute (pmsg_device_27_0) true)
+(expandtypeattribute (port_27_0) true)
+(expandtypeattribute (port_device_27_0) true)
+(expandtypeattribute (postinstall_27_0) true)
+(expandtypeattribute (postinstall_dexopt_27_0) true)
+(expandtypeattribute (postinstall_file_27_0) true)
+(expandtypeattribute (postinstall_mnt_dir_27_0) true)
+(expandtypeattribute (powerctl_prop_27_0) true)
+(expandtypeattribute (power_service_27_0) true)
+(expandtypeattribute (ppp_27_0) true)
+(expandtypeattribute (ppp_device_27_0) true)
+(expandtypeattribute (ppp_exec_27_0) true)
+(expandtypeattribute (preloads_data_file_27_0) true)
+(expandtypeattribute (preloads_media_file_27_0) true)
+(expandtypeattribute (preopt2cachename_27_0) true)
+(expandtypeattribute (preopt2cachename_exec_27_0) true)
+(expandtypeattribute (print_service_27_0) true)
+(expandtypeattribute (priv_app_27_0) true)
+(expandtypeattribute (proc_27_0) true)
+(expandtypeattribute (proc_bluetooth_writable_27_0) true)
+(expandtypeattribute (proc_cpuinfo_27_0) true)
+(expandtypeattribute (proc_drop_caches_27_0) true)
+(expandtypeattribute (processinfo_service_27_0) true)
+(expandtypeattribute (proc_interrupts_27_0) true)
+(expandtypeattribute (proc_iomem_27_0) true)
+(expandtypeattribute (proc_meminfo_27_0) true)
+(expandtypeattribute (proc_misc_27_0) true)
+(expandtypeattribute (proc_modules_27_0) true)
+(expandtypeattribute (proc_net_27_0) true)
+(expandtypeattribute (proc_overcommit_memory_27_0) true)
+(expandtypeattribute (proc_perf_27_0) true)
+(expandtypeattribute (proc_security_27_0) true)
+(expandtypeattribute (proc_stat_27_0) true)
+(expandtypeattribute (procstats_service_27_0) true)
+(expandtypeattribute (proc_sysrq_27_0) true)
+(expandtypeattribute (proc_timer_27_0) true)
+(expandtypeattribute (proc_tty_drivers_27_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_27_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_27_0) true)
+(expandtypeattribute (proc_uid_io_stats_27_0) true)
+(expandtypeattribute (proc_uid_procstat_set_27_0) true)
+(expandtypeattribute (proc_uid_time_in_state_27_0) true)
+(expandtypeattribute (proc_zoneinfo_27_0) true)
+(expandtypeattribute (profman_27_0) true)
+(expandtypeattribute (profman_dump_data_file_27_0) true)
+(expandtypeattribute (profman_exec_27_0) true)
+(expandtypeattribute (properties_device_27_0) true)
+(expandtypeattribute (properties_serial_27_0) true)
+(expandtypeattribute (property_contexts_file_27_0) true)
+(expandtypeattribute (property_data_file_27_0) true)
+(expandtypeattribute (property_socket_27_0) true)
+(expandtypeattribute (pstorefs_27_0) true)
+(expandtypeattribute (ptmx_device_27_0) true)
+(expandtypeattribute (qtaguid_device_27_0) true)
+(expandtypeattribute (qtaguid_proc_27_0) true)
+(expandtypeattribute (racoon_27_0) true)
+(expandtypeattribute (racoon_exec_27_0) true)
+(expandtypeattribute (racoon_socket_27_0) true)
+(expandtypeattribute (radio_27_0) true)
+(expandtypeattribute (radio_data_file_27_0) true)
+(expandtypeattribute (radio_device_27_0) true)
+(expandtypeattribute (radio_prop_27_0) true)
+(expandtypeattribute (radio_service_27_0) true)
+(expandtypeattribute (ram_device_27_0) true)
+(expandtypeattribute (random_device_27_0) true)
+(expandtypeattribute (reboot_data_file_27_0) true)
+(expandtypeattribute (recovery_27_0) true)
+(expandtypeattribute (recovery_block_device_27_0) true)
+(expandtypeattribute (recovery_data_file_27_0) true)
+(expandtypeattribute (recovery_persist_27_0) true)
+(expandtypeattribute (recovery_persist_exec_27_0) true)
+(expandtypeattribute (recovery_refresh_27_0) true)
+(expandtypeattribute (recovery_refresh_exec_27_0) true)
+(expandtypeattribute (recovery_service_27_0) true)
+(expandtypeattribute (registry_service_27_0) true)
+(expandtypeattribute (resourcecache_data_file_27_0) true)
+(expandtypeattribute (restorecon_prop_27_0) true)
+(expandtypeattribute (restrictions_service_27_0) true)
+(expandtypeattribute (rild_27_0) true)
+(expandtypeattribute (rild_debug_socket_27_0) true)
+(expandtypeattribute (rild_socket_27_0) true)
+(expandtypeattribute (ringtone_file_27_0) true)
+(expandtypeattribute (root_block_device_27_0) true)
+(expandtypeattribute (rootfs_27_0) true)
+(expandtypeattribute (rpmsg_device_27_0) true)
+(expandtypeattribute (rtc_device_27_0) true)
+(expandtypeattribute (rttmanager_service_27_0) true)
+(expandtypeattribute (runas_27_0) true)
+(expandtypeattribute (runas_exec_27_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_27_0) true)
+(expandtypeattribute (safemode_prop_27_0) true)
+(expandtypeattribute (same_process_hal_file_27_0) true)
+(expandtypeattribute (samplingprofiler_service_27_0) true)
+(expandtypeattribute (scheduling_policy_service_27_0) true)
+(expandtypeattribute (sdcardd_27_0) true)
+(expandtypeattribute (sdcardd_exec_27_0) true)
+(expandtypeattribute (sdcardfs_27_0) true)
+(expandtypeattribute (seapp_contexts_file_27_0) true)
+(expandtypeattribute (search_service_27_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_27_0) true)
+(expandtypeattribute (selinuxfs_27_0) true)
+(expandtypeattribute (sensors_device_27_0) true)
+(expandtypeattribute (sensorservice_service_27_0) true)
+(expandtypeattribute (sepolicy_file_27_0) true)
+(expandtypeattribute (serial_device_27_0) true)
+(expandtypeattribute (serialno_prop_27_0) true)
+(expandtypeattribute (serial_service_27_0) true)
+(expandtypeattribute (service_contexts_file_27_0) true)
+(expandtypeattribute (servicediscovery_service_27_0) true)
+(expandtypeattribute (servicemanager_27_0) true)
+(expandtypeattribute (servicemanager_exec_27_0) true)
+(expandtypeattribute (settings_service_27_0) true)
+(expandtypeattribute (sgdisk_27_0) true)
+(expandtypeattribute (sgdisk_exec_27_0) true)
+(expandtypeattribute (shared_relro_27_0) true)
+(expandtypeattribute (shared_relro_file_27_0) true)
+(expandtypeattribute (shell_27_0) true)
+(expandtypeattribute (shell_data_file_27_0) true)
+(expandtypeattribute (shell_exec_27_0) true)
+(expandtypeattribute (shell_prop_27_0) true)
+(expandtypeattribute (shm_27_0) true)
+(expandtypeattribute (shortcut_manager_icons_27_0) true)
+(expandtypeattribute (shortcut_service_27_0) true)
+(expandtypeattribute (slideshow_27_0) true)
+(expandtypeattribute (socket_device_27_0) true)
+(expandtypeattribute (sockfs_27_0) true)
+(expandtypeattribute (statusbar_service_27_0) true)
+(expandtypeattribute (storaged_service_27_0) true)
+(expandtypeattribute (storage_file_27_0) true)
+(expandtypeattribute (storagestats_service_27_0) true)
+(expandtypeattribute (storage_stub_file_27_0) true)
+(expandtypeattribute (su_27_0) true)
+(expandtypeattribute (su_exec_27_0) true)
+(expandtypeattribute (surfaceflinger_27_0) true)
+(expandtypeattribute (surfaceflinger_service_27_0) true)
+(expandtypeattribute (swap_block_device_27_0) true)
+(expandtypeattribute (sysfs_27_0) true)
+(expandtypeattribute (sysfs_batteryinfo_27_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_27_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_27_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_27_0) true)
+(expandtypeattribute (sysfs_hwrandom_27_0) true)
+(expandtypeattribute (sysfs_leds_27_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_27_0) true)
+(expandtypeattribute (sysfs_mac_address_27_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_27_0) true)
+(expandtypeattribute (sysfs_thermal_27_0) true)
+(expandtypeattribute (sysfs_uio_27_0) true)
+(expandtypeattribute (sysfs_usb_27_0) true)
+(expandtypeattribute (sysfs_usermodehelper_27_0) true)
+(expandtypeattribute (sysfs_vibrator_27_0) true)
+(expandtypeattribute (sysfs_wake_lock_27_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_27_0) true)
+(expandtypeattribute (sysfs_zram_27_0) true)
+(expandtypeattribute (sysfs_zram_uevent_27_0) true)
+(expandtypeattribute (system_app_27_0) true)
+(expandtypeattribute (system_app_data_file_27_0) true)
+(expandtypeattribute (system_app_service_27_0) true)
+(expandtypeattribute (system_block_device_27_0) true)
+(expandtypeattribute (system_data_file_27_0) true)
+(expandtypeattribute (system_file_27_0) true)
+(expandtypeattribute (systemkeys_data_file_27_0) true)
+(expandtypeattribute (system_ndebug_socket_27_0) true)
+(expandtypeattribute (system_net_netd_hwservice_27_0) true)
+(expandtypeattribute (system_prop_27_0) true)
+(expandtypeattribute (system_radio_prop_27_0) true)
+(expandtypeattribute (system_server_27_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_27_0) true)
+(expandtypeattribute (system_wpa_socket_27_0) true)
+(expandtypeattribute (task_service_27_0) true)
+(expandtypeattribute (tee_27_0) true)
+(expandtypeattribute (tee_data_file_27_0) true)
+(expandtypeattribute (tee_device_27_0) true)
+(expandtypeattribute (telecom_service_27_0) true)
+(expandtypeattribute (textclassification_service_27_0) true)
+(expandtypeattribute (textclassifier_data_file_27_0) true)
+(expandtypeattribute (textservices_service_27_0) true)
+(expandtypeattribute (thermalcallback_hwservice_27_0) true)
+(expandtypeattribute (thermal_service_27_0) true)
+(expandtypeattribute (thermalserviced_27_0) true)
+(expandtypeattribute (thermalserviced_exec_27_0) true)
+(expandtypeattribute (timezone_service_27_0) true)
+(expandtypeattribute (tmpfs_27_0) true)
+(expandtypeattribute (tombstoned_27_0) true)
+(expandtypeattribute (tombstone_data_file_27_0) true)
+(expandtypeattribute (tombstoned_crash_socket_27_0) true)
+(expandtypeattribute (tombstoned_exec_27_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_27_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_27_0) true)
+(expandtypeattribute (toolbox_27_0) true)
+(expandtypeattribute (toolbox_exec_27_0) true)
+(expandtypeattribute (trust_service_27_0) true)
+(expandtypeattribute (tty_device_27_0) true)
+(expandtypeattribute (tun_device_27_0) true)
+(expandtypeattribute (tv_input_service_27_0) true)
+(expandtypeattribute (tzdatacheck_27_0) true)
+(expandtypeattribute (tzdatacheck_exec_27_0) true)
+(expandtypeattribute (ueventd_27_0) true)
+(expandtypeattribute (uhid_device_27_0) true)
+(expandtypeattribute (uimode_service_27_0) true)
+(expandtypeattribute (uio_device_27_0) true)
+(expandtypeattribute (uncrypt_27_0) true)
+(expandtypeattribute (uncrypt_exec_27_0) true)
+(expandtypeattribute (uncrypt_socket_27_0) true)
+(expandtypeattribute (unencrypted_data_file_27_0) true)
+(expandtypeattribute (unlabeled_27_0) true)
+(expandtypeattribute (untrusted_app_25_27_0) true)
+(expandtypeattribute (untrusted_app_27_0) true)
+(expandtypeattribute (untrusted_v2_app_27_0) true)
+(expandtypeattribute (update_engine_27_0) true)
+(expandtypeattribute (update_engine_data_file_27_0) true)
+(expandtypeattribute (update_engine_exec_27_0) true)
+(expandtypeattribute (update_engine_service_27_0) true)
+(expandtypeattribute (updatelock_service_27_0) true)
+(expandtypeattribute (update_verifier_27_0) true)
+(expandtypeattribute (update_verifier_exec_27_0) true)
+(expandtypeattribute (usagestats_service_27_0) true)
+(expandtypeattribute (usbaccessory_device_27_0) true)
+(expandtypeattribute (usb_device_27_0) true)
+(expandtypeattribute (usbfs_27_0) true)
+(expandtypeattribute (usb_service_27_0) true)
+(expandtypeattribute (userdata_block_device_27_0) true)
+(expandtypeattribute (usermodehelper_27_0) true)
+(expandtypeattribute (user_profile_data_file_27_0) true)
+(expandtypeattribute (user_service_27_0) true)
+(expandtypeattribute (vcs_device_27_0) true)
+(expandtypeattribute (vdc_27_0) true)
+(expandtypeattribute (vdc_exec_27_0) true)
+(expandtypeattribute (vendor_app_file_27_0) true)
+(expandtypeattribute (vendor_configs_file_27_0) true)
+(expandtypeattribute (vendor_file_27_0) true)
+(expandtypeattribute (vendor_framework_file_27_0) true)
+(expandtypeattribute (vendor_hal_file_27_0) true)
+(expandtypeattribute (vendor_overlay_file_27_0) true)
+(expandtypeattribute (vendor_shell_exec_27_0) true)
+(expandtypeattribute (vendor_toolbox_exec_27_0) true)
+(expandtypeattribute (vfat_27_0) true)
+(expandtypeattribute (vibrator_service_27_0) true)
+(expandtypeattribute (video_device_27_0) true)
+(expandtypeattribute (virtual_touchpad_27_0) true)
+(expandtypeattribute (virtual_touchpad_exec_27_0) true)
+(expandtypeattribute (virtual_touchpad_service_27_0) true)
+(expandtypeattribute (vndbinder_device_27_0) true)
+(expandtypeattribute (vndk_sp_file_27_0) true)
+(expandtypeattribute (vndservice_contexts_file_27_0) true)
+(expandtypeattribute (vndservicemanager_27_0) true)
+(expandtypeattribute (voiceinteraction_service_27_0) true)
+(expandtypeattribute (vold_27_0) true)
+(expandtypeattribute (vold_data_file_27_0) true)
+(expandtypeattribute (vold_device_27_0) true)
+(expandtypeattribute (vold_exec_27_0) true)
+(expandtypeattribute (vold_prop_27_0) true)
+(expandtypeattribute (vold_socket_27_0) true)
+(expandtypeattribute (vpn_data_file_27_0) true)
+(expandtypeattribute (vr_hwc_27_0) true)
+(expandtypeattribute (vr_hwc_exec_27_0) true)
+(expandtypeattribute (vr_hwc_service_27_0) true)
+(expandtypeattribute (vr_manager_service_27_0) true)
+(expandtypeattribute (wallpaper_file_27_0) true)
+(expandtypeattribute (wallpaper_service_27_0) true)
+(expandtypeattribute (watchdogd_27_0) true)
+(expandtypeattribute (watchdog_device_27_0) true)
+(expandtypeattribute (webviewupdate_service_27_0) true)
+(expandtypeattribute (webview_zygote_27_0) true)
+(expandtypeattribute (webview_zygote_exec_27_0) true)
+(expandtypeattribute (webview_zygote_socket_27_0) true)
+(expandtypeattribute (wifiaware_service_27_0) true)
+(expandtypeattribute (wificond_27_0) true)
+(expandtypeattribute (wificond_exec_27_0) true)
+(expandtypeattribute (wificond_service_27_0) true)
+(expandtypeattribute (wifi_data_file_27_0) true)
+(expandtypeattribute (wifi_log_prop_27_0) true)
+(expandtypeattribute (wifip2p_service_27_0) true)
+(expandtypeattribute (wifi_prop_27_0) true)
+(expandtypeattribute (wifiscanner_service_27_0) true)
+(expandtypeattribute (wifi_service_27_0) true)
+(expandtypeattribute (window_service_27_0) true)
+(expandtypeattribute (wpa_socket_27_0) true)
+(expandtypeattribute (zero_device_27_0) true)
+(expandtypeattribute (zoneinfo_data_file_27_0) true)
+(expandtypeattribute (zygote_27_0) true)
+(expandtypeattribute (zygote_exec_27_0) true)
+(expandtypeattribute (zygote_socket_27_0) true)
+(typeattributeset accessibility_service_27_0 (accessibility_service))
+(typeattributeset account_service_27_0 (account_service))
+(typeattributeset activity_service_27_0 (activity_service))
+(typeattributeset adbd_27_0 (adbd))
+(typeattributeset adb_data_file_27_0 (adb_data_file))
+(typeattributeset adbd_exec_27_0 (adbd_exec))
+(typeattributeset adbd_socket_27_0 (adbd_socket))
+(typeattributeset adb_keys_file_27_0 (adb_keys_file))
+(typeattributeset alarm_device_27_0 (alarm_device))
+(typeattributeset alarm_service_27_0 (alarm_service))
+(typeattributeset anr_data_file_27_0 (anr_data_file))
+(typeattributeset apk_data_file_27_0 (apk_data_file))
+(typeattributeset apk_private_data_file_27_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_27_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_27_0 (apk_tmp_file))
+(typeattributeset app_data_file_27_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_27_0 (app_fuse_file))
+(typeattributeset app_fusefs_27_0 (app_fusefs))
+(typeattributeset appops_service_27_0 (appops_service))
+(typeattributeset appwidget_service_27_0 (appwidget_service))
+(typeattributeset asec_apk_file_27_0 (asec_apk_file))
+(typeattributeset asec_image_file_27_0 (asec_image_file))
+(typeattributeset asec_public_file_27_0 (asec_public_file))
+(typeattributeset ashmem_device_27_0 (ashmem_device))
+(typeattributeset assetatlas_service_27_0 (assetatlas_service))
+(typeattributeset audio_data_file_27_0 (audio_data_file))
+(typeattributeset audio_device_27_0 (audio_device))
+(typeattributeset audiohal_data_file_27_0 (audiohal_data_file))
+(typeattributeset audio_prop_27_0 (audio_prop))
+(typeattributeset audio_seq_device_27_0 (audio_seq_device))
+(typeattributeset audioserver_27_0 (audioserver))
+(typeattributeset audioserver_data_file_27_0 (audioserver_data_file))
+(typeattributeset audioserver_service_27_0 (audioserver_service))
+(typeattributeset audio_service_27_0 (audio_service))
+(typeattributeset audio_timer_device_27_0 (audio_timer_device))
+(typeattributeset autofill_service_27_0 (autofill_service))
+(typeattributeset backup_data_file_27_0 (backup_data_file))
+(typeattributeset backup_service_27_0 (backup_service))
+(typeattributeset batteryproperties_service_27_0 (batteryproperties_service))
+(typeattributeset battery_service_27_0 (battery_service))
+(typeattributeset batterystats_service_27_0 (batterystats_service))
+(typeattributeset binder_device_27_0 (binder_device))
+(typeattributeset binfmt_miscfs_27_0 (binfmt_miscfs))
+(typeattributeset blkid_27_0 (blkid))
+(typeattributeset blkid_untrusted_27_0 (blkid_untrusted))
+(typeattributeset block_device_27_0 (block_device))
+(typeattributeset bluetooth_27_0 (bluetooth))
+(typeattributeset bluetooth_data_file_27_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_27_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_27_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_27_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_27_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_27_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_27_0 (bluetooth_socket))
+(typeattributeset bootanim_27_0 (bootanim))
+(typeattributeset bootanim_exec_27_0 (bootanim_exec))
+(typeattributeset boot_block_device_27_0 (boot_block_device))
+(typeattributeset bootchart_data_file_27_0 (bootchart_data_file))
+(typeattributeset bootstat_27_0 (bootstat))
+(typeattributeset bootstat_data_file_27_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_27_0 (bootstat_exec))
+(typeattributeset boottime_prop_27_0 (boottime_prop))
+(typeattributeset boottrace_data_file_27_0 (boottrace_data_file))
+(typeattributeset broadcastradio_service_27_0 (broadcastradio_service))
+(typeattributeset bufferhubd_27_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_27_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_27_0 (cache_backup_file))
+(typeattributeset cache_block_device_27_0 (cache_block_device))
+(typeattributeset cache_file_27_0 (cache_file))
+(typeattributeset cache_private_backup_file_27_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_27_0 (cache_recovery_file))
+(typeattributeset camera_data_file_27_0 (camera_data_file))
+(typeattributeset camera_device_27_0 (camera_device))
+(typeattributeset cameraproxy_service_27_0 (cameraproxy_service))
+(typeattributeset cameraserver_27_0 (cameraserver))
+(typeattributeset cameraserver_exec_27_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_27_0 (cameraserver_service))
+(typeattributeset cgroup_27_0 (cgroup))
+(typeattributeset charger_27_0 (charger))
+(typeattributeset clatd_27_0 (clatd))
+(typeattributeset clatd_exec_27_0 (clatd_exec))
+(typeattributeset clipboard_service_27_0 (clipboard_service))
+(typeattributeset commontime_management_service_27_0 (commontime_management_service))
+(typeattributeset companion_device_service_27_0 (companion_device_service))
+(typeattributeset configfs_27_0 (configfs))
+(typeattributeset config_prop_27_0 (config_prop))
+(typeattributeset connectivity_service_27_0 (connectivity_service))
+(typeattributeset connmetrics_service_27_0 (connmetrics_service))
+(typeattributeset console_device_27_0 (console_device))
+(typeattributeset consumer_ir_service_27_0 (consumer_ir_service))
+(typeattributeset content_service_27_0 (content_service))
+(typeattributeset contexthub_service_27_0 (contexthub_service))
+(typeattributeset coredump_file_27_0 (coredump_file))
+(typeattributeset country_detector_service_27_0 (country_detector_service))
+(typeattributeset coverage_service_27_0 (coverage_service))
+(typeattributeset cppreopt_prop_27_0 (cppreopt_prop))
+(typeattributeset cppreopts_27_0 (cppreopts))
+(typeattributeset cppreopts_exec_27_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_27_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_27_0 (cpuinfo_service))
+(typeattributeset crash_dump_27_0 (crash_dump))
+(typeattributeset crash_dump_exec_27_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_27_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_27_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_27_0 (dalvik_prop))
+(typeattributeset dbinfo_service_27_0 (dbinfo_service))
+(typeattributeset debugfs_27_0
+ ( debugfs
+ debugfs_wakeup_sources))
+(typeattributeset debugfs_mmc_27_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_27_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_27_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_27_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_27_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_27_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_27_0 (debuggerd_prop))
+(typeattributeset debug_prop_27_0 (debug_prop))
+(typeattributeset default_android_hwservice_27_0 (default_android_hwservice))
+(typeattributeset default_android_service_27_0 (default_android_service))
+(typeattributeset default_android_vndservice_27_0 (default_android_vndservice))
+(typeattributeset default_prop_27_0
+ ( default_prop
+ pm_prop))
+(typeattributeset device_27_0 (device))
+(typeattributeset device_identifiers_service_27_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_27_0 (deviceidle_service))
+(typeattributeset device_logging_prop_27_0 (device_logging_prop))
+(typeattributeset device_policy_service_27_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_27_0 (devicestoragemonitor_service))
+(typeattributeset devpts_27_0 (devpts))
+(typeattributeset dex2oat_27_0 (dex2oat))
+(typeattributeset dex2oat_exec_27_0 (dex2oat_exec))
+(typeattributeset dhcp_27_0 (dhcp))
+(typeattributeset dhcp_data_file_27_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_27_0 (dhcp_exec))
+(typeattributeset dhcp_prop_27_0 (dhcp_prop))
+(typeattributeset diskstats_service_27_0 (diskstats_service))
+(typeattributeset display_service_27_0 (display_service))
+(typeattributeset dm_device_27_0 (dm_device))
+(typeattributeset dnsmasq_27_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_27_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_27_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_27_0 (DockObserver_service))
+(typeattributeset dreams_service_27_0 (dreams_service))
+(typeattributeset drm_data_file_27_0 (drm_data_file))
+(typeattributeset drmserver_27_0 (drmserver))
+(typeattributeset drmserver_exec_27_0 (drmserver_exec))
+(typeattributeset drmserver_service_27_0 (drmserver_service))
+(typeattributeset drmserver_socket_27_0 (drmserver_socket))
+(typeattributeset dropbox_service_27_0 (dropbox_service))
+(typeattributeset dumpstate_27_0 (dumpstate))
+(typeattributeset dumpstate_exec_27_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_27_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_27_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_27_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_27_0 (dumpstate_socket))
+(typeattributeset e2fs_27_0 (e2fs))
+(typeattributeset e2fs_exec_27_0 (e2fs_exec))
+(typeattributeset efs_file_27_0 (efs_file))
+(typeattributeset ephemeral_app_27_0 (ephemeral_app))
+(typeattributeset ethernet_service_27_0 (ethernet_service))
+(typeattributeset ffs_prop_27_0 (ffs_prop))
+(typeattributeset file_contexts_file_27_0 (file_contexts_file))
+(typeattributeset fingerprintd_27_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_27_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_27_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_27_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_27_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_27_0 (fingerprint_service))
+(typeattributeset firstboot_prop_27_0 (firstboot_prop))
+(typeattributeset font_service_27_0 (font_service))
+(typeattributeset frp_block_device_27_0 (frp_block_device))
+(typeattributeset fsck_27_0 (fsck))
+(typeattributeset fsck_exec_27_0 (fsck_exec))
+(typeattributeset fscklogs_27_0 (fscklogs))
+(typeattributeset fsck_untrusted_27_0 (fsck_untrusted))
+(typeattributeset full_device_27_0 (full_device))
+(typeattributeset functionfs_27_0 (functionfs))
+(typeattributeset fuse_27_0 (fuse))
+(typeattributeset fuse_device_27_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_27_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_27_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_27_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_27_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_27_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_27_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_27_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_27_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_27_0 (gfxinfo_service))
+(typeattributeset gps_control_27_0 (gps_control))
+(typeattributeset gpu_device_27_0 (gpu_device))
+(typeattributeset gpu_service_27_0 (gpu_service))
+(typeattributeset graphics_device_27_0 (graphics_device))
+(typeattributeset graphicsstats_service_27_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_27_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_27_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_27_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_27_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_27_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_27_0 (hal_cas_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_27_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_27_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_27_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_27_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_27_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_27_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_27_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_27_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_27_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_27_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_27_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_27_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_27_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_27_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_27_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_27_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_27_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_27_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_27_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_27_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_27_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_27_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_27_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_27_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_27_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_27_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_27_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_27_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_27_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_27_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_27_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_27_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_27_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_27_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_27_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_27_0 (hardware_properties_service))
+(typeattributeset hardware_service_27_0 (hardware_service))
+(typeattributeset hci_attach_dev_27_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_27_0 (hdmi_control_service))
+(typeattributeset healthd_27_0 (healthd))
+(typeattributeset healthd_exec_27_0 (healthd_exec))
+(typeattributeset heapdump_data_file_27_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_27_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_27_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_27_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_27_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_27_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_27_0 (hwbinder_device))
+(typeattributeset hw_random_device_27_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_27_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_27_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_27_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_27_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_27_0 (i2c_device))
+(typeattributeset icon_file_27_0 (icon_file))
+(typeattributeset idmap_27_0 (idmap))
+(typeattributeset idmap_exec_27_0 (idmap_exec))
+(typeattributeset iio_device_27_0 (iio_device))
+(typeattributeset imms_service_27_0 (imms_service))
+(typeattributeset incident_27_0 (incident))
+(typeattributeset incidentd_27_0 (incidentd))
+(typeattributeset incident_data_file_27_0 (incident_data_file))
+(typeattributeset incident_service_27_0 (incident_service))
+(typeattributeset init_27_0 (init))
+(typeattributeset init_exec_27_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_27_0 (inotify))
+(typeattributeset input_device_27_0 (input_device))
+(typeattributeset inputflinger_27_0 (inputflinger))
+(typeattributeset inputflinger_exec_27_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_27_0 (inputflinger_service))
+(typeattributeset input_method_service_27_0 (input_method_service))
+(typeattributeset input_service_27_0 (input_service))
+(typeattributeset installd_27_0 (installd))
+(typeattributeset install_data_file_27_0 (install_data_file))
+(typeattributeset installd_exec_27_0 (installd_exec))
+(typeattributeset installd_service_27_0 (installd_service))
+(typeattributeset install_recovery_27_0 (install_recovery))
+(typeattributeset install_recovery_exec_27_0 (install_recovery_exec))
+(typeattributeset ion_device_27_0 (ion_device))
+(typeattributeset IProxyService_service_27_0 (IProxyService_service))
+(typeattributeset ipsec_service_27_0 (ipsec_service))
+(typeattributeset isolated_app_27_0 (isolated_app))
+(typeattributeset jobscheduler_service_27_0 (jobscheduler_service))
+(typeattributeset kernel_27_0 (kernel))
+(typeattributeset keychain_data_file_27_0 (keychain_data_file))
+(typeattributeset keychord_device_27_0 (keychord_device))
+(typeattributeset keystore_27_0 (keystore))
+(typeattributeset keystore_data_file_27_0 (keystore_data_file))
+(typeattributeset keystore_exec_27_0 (keystore_exec))
+(typeattributeset keystore_service_27_0 (keystore_service))
+(typeattributeset kmem_device_27_0 (kmem_device))
+(typeattributeset kmsg_debug_device_27_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_27_0 (kmsg_device))
+(typeattributeset labeledfs_27_0 (labeledfs))
+(typeattributeset launcherapps_service_27_0 (launcherapps_service))
+(typeattributeset lmkd_27_0 (lmkd))
+(typeattributeset lmkd_exec_27_0 (lmkd_exec))
+(typeattributeset lmkd_socket_27_0 (lmkd_socket))
+(typeattributeset location_service_27_0 (location_service))
+(typeattributeset lock_settings_service_27_0 (lock_settings_service))
+(typeattributeset logcat_exec_27_0 (logcat_exec))
+(typeattributeset logd_27_0 (logd))
+(typeattributeset logd_exec_27_0 (logd_exec))
+(typeattributeset logd_prop_27_0 (logd_prop))
+(typeattributeset logdr_socket_27_0 (logdr_socket))
+(typeattributeset logd_socket_27_0 (logd_socket))
+(typeattributeset logdw_socket_27_0 (logdw_socket))
+(typeattributeset logpersist_27_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_27_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_27_0 (log_prop))
+(typeattributeset log_tag_prop_27_0 (log_tag_prop))
+(typeattributeset loop_control_device_27_0 (loop_control_device))
+(typeattributeset loop_device_27_0 (loop_device))
+(typeattributeset mac_perms_file_27_0 (mac_perms_file))
+(typeattributeset mdnsd_27_0 (mdnsd))
+(typeattributeset mdnsd_socket_27_0 (mdnsd_socket))
+(typeattributeset mdns_socket_27_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_27_0))
+(typeattributeset mediacodec_27_0 (mediacodec))
+(typeattributeset mediacodec_exec_27_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_27_0 (mediacodec_service))
+(typeattributeset media_data_file_27_0 (media_data_file))
+(typeattributeset mediadrmserver_27_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_27_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_27_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_27_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_27_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_27_0 (mediaextractor_service))
+(typeattributeset mediametrics_27_0 (mediametrics))
+(typeattributeset mediametrics_exec_27_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_27_0 (mediametrics_service))
+(typeattributeset media_projection_service_27_0 (media_projection_service))
+(typeattributeset mediaprovider_27_0 (mediaprovider))
+(typeattributeset media_router_service_27_0 (media_router_service))
+(typeattributeset media_rw_data_file_27_0 (media_rw_data_file))
+(typeattributeset mediaserver_27_0 (mediaserver))
+(typeattributeset mediaserver_exec_27_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_27_0 (mediaserver_service))
+(typeattributeset media_session_service_27_0 (media_session_service))
+(typeattributeset meminfo_service_27_0 (meminfo_service))
+(typeattributeset metadata_block_device_27_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_27_0 (method_trace_data_file))
+(typeattributeset midi_service_27_0 (midi_service))
+(typeattributeset misc_block_device_27_0 (misc_block_device))
+(typeattributeset misc_logd_file_27_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_27_0 (misc_user_data_file))
+(typeattributeset mmc_prop_27_0 (mmc_prop))
+(typeattributeset mnt_expand_file_27_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_27_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_27_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_27_0 (mnt_user_file))
+(typeattributeset modprobe_27_0 (modprobe))
+(typeattributeset mount_service_27_0 (mount_service))
+(typeattributeset mqueue_27_0 (mqueue))
+(typeattributeset mtd_device_27_0 (mtd_device))
+(typeattributeset mtp_27_0 (mtp))
+(typeattributeset mtp_device_27_0 (mtp_device))
+(typeattributeset mtpd_socket_27_0 (mtpd_socket))
+(typeattributeset mtp_exec_27_0 (mtp_exec))
+(typeattributeset nativetest_data_file_27_0 (nativetest_data_file))
+(typeattributeset netd_27_0 (netd))
+(typeattributeset net_data_file_27_0 (net_data_file))
+(typeattributeset netd_exec_27_0 (netd_exec))
+(typeattributeset netd_listener_service_27_0 (netd_listener_service))
+(typeattributeset net_dns_prop_27_0 (net_dns_prop))
+(typeattributeset netd_service_27_0 (netd_service))
+(typeattributeset netd_socket_27_0 (netd_socket))
+(typeattributeset netd_stable_secret_prop_27_0 (netd_stable_secret_prop))
+(typeattributeset netif_27_0 (netif))
+(typeattributeset netpolicy_service_27_0 (netpolicy_service))
+(typeattributeset net_radio_prop_27_0 (net_radio_prop))
+(typeattributeset netstats_service_27_0 (netstats_service))
+(typeattributeset netutils_wrapper_27_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_27_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_27_0 (network_management_service))
+(typeattributeset network_score_service_27_0 (network_score_service))
+(typeattributeset network_time_update_service_27_0 (network_time_update_service))
+(typeattributeset nfc_27_0 (nfc))
+(typeattributeset nfc_data_file_27_0 (nfc_data_file))
+(typeattributeset nfc_device_27_0 (nfc_device))
+(typeattributeset nfc_prop_27_0 (nfc_prop))
+(typeattributeset nfc_service_27_0 (nfc_service))
+(typeattributeset node_27_0 (node))
+(typeattributeset nonplat_service_contexts_file_27_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_27_0 (notification_service))
+(typeattributeset null_device_27_0 (null_device))
+(typeattributeset oemfs_27_0 (oemfs))
+(typeattributeset oem_lock_service_27_0 (oem_lock_service))
+(typeattributeset ota_data_file_27_0 (ota_data_file))
+(typeattributeset otadexopt_service_27_0 (otadexopt_service))
+(typeattributeset ota_package_file_27_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_27_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_27_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_27_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_27_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_27_0 (overlay_prop))
+(typeattributeset overlay_service_27_0 (overlay_service))
+(typeattributeset owntty_device_27_0 (owntty_device))
+(typeattributeset package_native_service_27_0 (package_native_service))
+(typeattributeset package_service_27_0 (package_service))
+(typeattributeset pan_result_prop_27_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_27_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_27_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_27_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_27_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_27_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_27_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_27_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_27_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_27_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_27_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_27_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_27_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_27_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_27_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_27_0 (pdx_performance_dir))
+(typeattributeset performanced_27_0 (performanced))
+(typeattributeset performanced_exec_27_0 (performanced_exec))
+(typeattributeset permission_service_27_0 (permission_service))
+(typeattributeset persist_debug_prop_27_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_27_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_27_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_27_0 (pinner_service))
+(typeattributeset pipefs_27_0 (pipefs))
+(typeattributeset platform_app_27_0 (platform_app))
+(typeattributeset pmsg_device_27_0 (pmsg_device))
+(typeattributeset port_27_0 (port))
+(typeattributeset port_device_27_0 (port_device))
+(typeattributeset postinstall_27_0 (postinstall))
+(typeattributeset postinstall_dexopt_27_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_27_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_27_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_27_0 (powerctl_prop))
+(typeattributeset power_service_27_0 (power_service))
+(typeattributeset ppp_27_0 (ppp))
+(typeattributeset ppp_device_27_0 (ppp_device))
+(typeattributeset ppp_exec_27_0 (ppp_exec))
+(typeattributeset preloads_data_file_27_0 (preloads_data_file))
+(typeattributeset preloads_media_file_27_0 (preloads_media_file))
+(typeattributeset preopt2cachename_27_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_27_0 (preopt2cachename_exec))
+(typeattributeset print_service_27_0 (print_service))
+(typeattributeset priv_app_27_0 (priv_app))
+(typeattributeset proc_27_0
+ ( proc
+ proc_abi
+ proc_asound
+ proc_buddyinfo
+ proc_cmdline
+ proc_dirty
+ proc_diskstats
+ proc_extra_free_kbytes
+ proc_filesystems
+ proc_hostname
+ proc_hung_task
+ proc_kmsg
+ proc_loadavg
+ proc_max_map_count
+ proc_min_free_order_shift
+ proc_mounts
+ proc_page_cluster
+ proc_pagetypeinfo
+ proc_panic
+ proc_pid_max
+ proc_pipe_conf
+ proc_random
+ proc_sched
+ proc_slabinfo
+ proc_swaps
+ proc_uid_concurrent_active_time
+ proc_uid_concurrent_policy_time
+ proc_uid_cpupower
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat))
+(typeattributeset proc_bluetooth_writable_27_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_27_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_27_0 (proc_drop_caches))
+(typeattributeset processinfo_service_27_0 (processinfo_service))
+(typeattributeset proc_interrupts_27_0 (proc_interrupts))
+(typeattributeset proc_iomem_27_0 (proc_iomem))
+(typeattributeset proc_meminfo_27_0 (proc_meminfo))
+(typeattributeset proc_misc_27_0 (proc_misc))
+(typeattributeset proc_modules_27_0 (proc_modules))
+(typeattributeset proc_net_27_0
+ ( proc_net
+ proc_net_tcp_udp
+ proc_qtaguid_stat))
+(typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_27_0 (proc_perf))
+(typeattributeset proc_security_27_0 (proc_security))
+(typeattributeset proc_stat_27_0 (proc_stat))
+(typeattributeset procstats_service_27_0 (procstats_service))
+(typeattributeset proc_sysrq_27_0 (proc_sysrq))
+(typeattributeset proc_timer_27_0 (proc_timer))
+(typeattributeset proc_tty_drivers_27_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_27_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_27_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_27_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_27_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_27_0 (proc_uid_time_in_state))
+(typeattributeset proc_zoneinfo_27_0 (proc_zoneinfo))
+(typeattributeset profman_27_0 (profman))
+(typeattributeset profman_dump_data_file_27_0 (profman_dump_data_file))
+(typeattributeset profman_exec_27_0 (profman_exec))
+(typeattributeset properties_device_27_0 (properties_device))
+(typeattributeset properties_serial_27_0 (properties_serial))
+(typeattributeset property_contexts_file_27_0 (property_contexts_file))
+(typeattributeset property_data_file_27_0 (property_data_file))
+(typeattributeset property_socket_27_0 (property_socket))
+(typeattributeset pstorefs_27_0 (pstorefs))
+(typeattributeset ptmx_device_27_0 (ptmx_device))
+(typeattributeset qtaguid_device_27_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_27_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
+(typeattributeset racoon_27_0 (racoon))
+(typeattributeset racoon_exec_27_0 (racoon_exec))
+(typeattributeset racoon_socket_27_0 (racoon_socket))
+(typeattributeset radio_27_0 (radio))
+(typeattributeset radio_data_file_27_0 (radio_data_file))
+(typeattributeset radio_device_27_0 (radio_device))
+(typeattributeset radio_prop_27_0 (radio_prop))
+(typeattributeset radio_service_27_0 (radio_service))
+(typeattributeset ram_device_27_0 (ram_device))
+(typeattributeset random_device_27_0 (random_device))
+(typeattributeset reboot_data_file_27_0 (reboot_data_file))
+(typeattributeset recovery_27_0 (recovery))
+(typeattributeset recovery_block_device_27_0 (recovery_block_device))
+(typeattributeset recovery_data_file_27_0 (recovery_data_file))
+(typeattributeset recovery_persist_27_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_27_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_27_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_27_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_27_0 (recovery_service))
+(typeattributeset registry_service_27_0 (registry_service))
+(typeattributeset resourcecache_data_file_27_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_27_0 (restorecon_prop))
+(typeattributeset restrictions_service_27_0 (restrictions_service))
+(typeattributeset rild_27_0 (rild))
+(typeattributeset rild_debug_socket_27_0 (rild_debug_socket))
+(typeattributeset rild_socket_27_0 (rild_socket))
+(typeattributeset ringtone_file_27_0 (ringtone_file))
+(typeattributeset root_block_device_27_0 (root_block_device))
+(typeattributeset rootfs_27_0 (rootfs))
+(typeattributeset rpmsg_device_27_0 (rpmsg_device))
+(typeattributeset rtc_device_27_0 (rtc_device))
+(typeattributeset rttmanager_service_27_0 (rttmanager_service))
+(typeattributeset runas_27_0 (runas))
+(typeattributeset runas_exec_27_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_27_0 (safemode_prop))
+(typeattributeset same_process_hal_file_27_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service))
+(typeattributeset sdcardd_27_0 (sdcardd))
+(typeattributeset sdcardd_exec_27_0 (sdcardd_exec))
+(typeattributeset sdcardfs_27_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_27_0 (seapp_contexts_file))
+(typeattributeset search_service_27_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_27_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_27_0 (selinuxfs))
+(typeattributeset sensors_device_27_0 (sensors_device))
+(typeattributeset sensorservice_service_27_0 (sensorservice_service))
+(typeattributeset sepolicy_file_27_0 (sepolicy_file))
+(typeattributeset serial_device_27_0 (serial_device))
+(typeattributeset serialno_prop_27_0 (serialno_prop))
+(typeattributeset serial_service_27_0 (serial_service))
+(typeattributeset service_contexts_file_27_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_27_0 (servicediscovery_service))
+(typeattributeset servicemanager_27_0 (servicemanager))
+(typeattributeset servicemanager_exec_27_0 (servicemanager_exec))
+(typeattributeset settings_service_27_0 (settings_service))
+(typeattributeset sgdisk_27_0 (sgdisk))
+(typeattributeset sgdisk_exec_27_0 (sgdisk_exec))
+(typeattributeset shared_relro_27_0 (shared_relro))
+(typeattributeset shared_relro_file_27_0 (shared_relro_file))
+(typeattributeset shell_27_0 (shell))
+(typeattributeset shell_data_file_27_0 (shell_data_file))
+(typeattributeset shell_exec_27_0 (shell_exec))
+(typeattributeset shell_prop_27_0 (shell_prop))
+(typeattributeset shm_27_0 (shm))
+(typeattributeset shortcut_manager_icons_27_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_27_0 (shortcut_service))
+(typeattributeset slideshow_27_0 (slideshow))
+(typeattributeset socket_device_27_0 (socket_device))
+(typeattributeset sockfs_27_0 (sockfs))
+(typeattributeset statusbar_service_27_0 (statusbar_service))
+(typeattributeset storaged_service_27_0 (storaged_service))
+(typeattributeset storage_file_27_0 (storage_file))
+(typeattributeset storagestats_service_27_0 (storagestats_service))
+(typeattributeset storage_stub_file_27_0 (storage_stub_file))
+(typeattributeset su_27_0 (su))
+(typeattributeset su_exec_27_0 (su_exec))
+(typeattributeset surfaceflinger_27_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_27_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_27_0 (swap_block_device))
+(typeattributeset sysfs_27_0
+ ( sysfs
+ sysfs_android_usb
+ sysfs_dm
+ sysfs_dt_firmware_android
+ sysfs_ipv4
+ sysfs_kernel_notes
+ sysfs_loop
+ sysfs_net
+ sysfs_power
+ sysfs_rtc
+ sysfs_switch
+ sysfs_wakeup_reasons))
+(typeattributeset sysfs_batteryinfo_27_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_27_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_27_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_fs_ext4_features_27_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_hwrandom_27_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_27_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_27_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_27_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_27_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_27_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_27_0 (sysfs_uio))
+(typeattributeset sysfs_usb_27_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_27_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_27_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_27_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_27_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_27_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_27_0 (sysfs_zram_uevent))
+(typeattributeset system_app_27_0 (system_app))
+(typeattributeset system_app_data_file_27_0 (system_app_data_file))
+(typeattributeset system_app_service_27_0 (system_app_service))
+(typeattributeset system_block_device_27_0 (system_block_device))
+(typeattributeset system_data_file_27_0
+ ( system_data_file
+ dropbox_data_file
+ vendor_data_file))
+(typeattributeset system_file_27_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_27_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_27_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_27_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_27_0 (system_prop))
+(typeattributeset system_radio_prop_27_0 (system_radio_prop))
+(typeattributeset system_server_27_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_27_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_27_0 (system_wpa_socket))
+(typeattributeset task_service_27_0 (task_service))
+(typeattributeset tee_27_0 (tee))
+(typeattributeset tee_data_file_27_0 (tee_data_file))
+(typeattributeset tee_device_27_0 (tee_device))
+(typeattributeset telecom_service_27_0 (telecom_service))
+(typeattributeset textclassification_service_27_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_27_0 (textclassifier_data_file))
+(typeattributeset textservices_service_27_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_27_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_27_0 (thermal_service))
+(typeattributeset thermalserviced_27_0 (thermalserviced))
+(typeattributeset thermalserviced_exec_27_0 (thermalserviced_exec))
+(typeattributeset timezone_service_27_0 (timezone_service))
+(typeattributeset tmpfs_27_0 (tmpfs))
+(typeattributeset tombstoned_27_0 (tombstoned))
+(typeattributeset tombstone_data_file_27_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_27_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_27_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_27_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_27_0 (tombstoned_java_trace_socket))
+(typeattributeset toolbox_27_0 (toolbox))
+(typeattributeset toolbox_exec_27_0 (toolbox_exec))
+(typeattributeset trust_service_27_0 (trust_service))
+(typeattributeset tty_device_27_0 (tty_device))
+(typeattributeset tun_device_27_0 (tun_device))
+(typeattributeset tv_input_service_27_0 (tv_input_service))
+(typeattributeset tzdatacheck_27_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_27_0 (tzdatacheck_exec))
+(typeattributeset ueventd_27_0 (ueventd))
+(typeattributeset uhid_device_27_0 (uhid_device))
+(typeattributeset uimode_service_27_0 (uimode_service))
+(typeattributeset uio_device_27_0 (uio_device))
+(typeattributeset uncrypt_27_0 (uncrypt))
+(typeattributeset uncrypt_exec_27_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_27_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_27_0 (unencrypted_data_file))
+(typeattributeset unlabeled_27_0 (unlabeled))
+(typeattributeset untrusted_app_25_27_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_0
+ ( untrusted_app
+ untrusted_app_27))
+(typeattributeset untrusted_v2_app_27_0 (untrusted_v2_app))
+(typeattributeset update_engine_27_0 (update_engine))
+(typeattributeset update_engine_data_file_27_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_27_0 (update_engine_exec))
+(typeattributeset update_engine_service_27_0 (update_engine_service))
+(typeattributeset updatelock_service_27_0 (updatelock_service))
+(typeattributeset update_verifier_27_0 (update_verifier))
+(typeattributeset update_verifier_exec_27_0 (update_verifier_exec))
+(typeattributeset usagestats_service_27_0 (usagestats_service))
+(typeattributeset usbaccessory_device_27_0 (usbaccessory_device))
+(typeattributeset usb_device_27_0 (usb_device))
+(typeattributeset usbfs_27_0 (usbfs))
+(typeattributeset usb_service_27_0 (usb_service))
+(typeattributeset userdata_block_device_27_0 (userdata_block_device))
+(typeattributeset usermodehelper_27_0 (usermodehelper))
+(typeattributeset user_profile_data_file_27_0 (user_profile_data_file))
+(typeattributeset user_service_27_0 (user_service))
+(typeattributeset vcs_device_27_0 (vcs_device))
+(typeattributeset vdc_27_0 (vdc))
+(typeattributeset vdc_exec_27_0 (vdc_exec))
+(typeattributeset vendor_app_file_27_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_27_0 (vendor_configs_file))
+(typeattributeset vendor_file_27_0 (vendor_file))
+(typeattributeset vendor_framework_file_27_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_27_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_27_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_27_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_27_0 (vendor_toolbox_exec))
+(typeattributeset vfat_27_0 (vfat))
+(typeattributeset vibrator_service_27_0 (vibrator_service))
+(typeattributeset video_device_27_0 (video_device))
+(typeattributeset virtual_touchpad_27_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_27_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_27_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_27_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_27_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_27_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_27_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_27_0 (voiceinteraction_service))
+(typeattributeset vold_27_0 (vold))
+(typeattributeset vold_data_file_27_0 (vold_data_file))
+(typeattributeset vold_device_27_0 (vold_device))
+(typeattributeset vold_exec_27_0 (vold_exec))
+(typeattributeset vold_prop_27_0 (vold_prop))
+(typeattributeset vold_socket_27_0 (vold_socket))
+(typeattributeset vpn_data_file_27_0 (vpn_data_file))
+(typeattributeset vr_hwc_27_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_27_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_27_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_27_0 (vr_manager_service))
+(typeattributeset wallpaper_file_27_0 (wallpaper_file))
+(typeattributeset wallpaper_service_27_0 (wallpaper_service))
+(typeattributeset watchdogd_27_0 (watchdogd))
+(typeattributeset watchdog_device_27_0 (watchdog_device))
+(typeattributeset webviewupdate_service_27_0 (webviewupdate_service))
+(typeattributeset webview_zygote_27_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_27_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_27_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_27_0 (wifiaware_service))
+(typeattributeset wificond_27_0 (wificond))
+(typeattributeset wificond_exec_27_0 (wificond_exec))
+(typeattributeset wificond_service_27_0 (wificond_service))
+(typeattributeset wifi_data_file_27_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_27_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_27_0 (wifip2p_service))
+(typeattributeset wifi_prop_27_0 (wifi_prop))
+(typeattributeset wifiscanner_service_27_0 (wifiscanner_service))
+(typeattributeset wifi_service_27_0 (wifi_service))
+(typeattributeset window_service_27_0 (window_service))
+(typeattributeset wpa_socket_27_0 (wpa_socket))
+(typeattributeset zero_device_27_0 (zero_device))
+(typeattributeset zoneinfo_data_file_27_0 (zoneinfo_data_file))
+(typeattributeset zygote_27_0 (zygote))
+(typeattributeset zygote_exec_27_0 (zygote_exec))
+(typeattributeset zygote_socket_27_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
new file mode 100644
index 0000000..cb500c9
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
@@ -0,0 +1,206 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ app_binding_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ app_zygote
+ atrace
+ binder_calls_stats_service
+ biometric_service
+ blank_screen
+ blank_screen_exec
+ blank_screen_tmpfs
+ bootloader_boot_reason_prop
+ bluetooth_a2dp_offload_prop
+ bpfloader
+ bpfloader_exec
+ cgroup_bpf
+ charger_exec
+ color_display_service
+ content_capture_service
+ crossprofileapps_service
+ ctl_apexd_prop
+ ctl_interface_restart_prop
+ ctl_interface_start_prop
+ ctl_interface_stop_prop
+ ctl_sigstop_prop
+ device_config_boot_count_prop
+ device_config_reset_performed_prop
+ device_config_netd_native_prop
+ dnsresolver_service
+ exfat
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_radio_prop
+ exported3_system_prop
+ exported_audio_prop
+ exported_bluetooth_prop
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_overlay_prop
+ exported_pm_prop
+ exported_radio_prop
+ exported_secure_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported_wifi_prop
+ fastbootd
+ flags_health_check
+ flags_health_check_exec
+ fingerprint_vendor_data_file
+ fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
+ hal_audiocontrol_hwservice
+ hal_authsecret_hwservice
+ hal_codec2_hwservice
+ hal_confirmationui_hwservice
+ hal_evs_hwservice
+ hal_health_storage_hwservice
+ hal_lowpan_hwservice
+ hal_secure_element_hwservice
+ hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
+ hal_wifi_hostapd_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
+ incident_helper
+ incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
+ last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lowpan_device
+ lowpan_prop
+ lowpan_service
+ mediaextractor_update_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ metadata_bootstat_file
+ metadata_file
+ mnt_product_file
+ mnt_vendor_file
+ network_stack
+ network_stack_service
+ network_watchlist_data_file
+ network_watchlist_service
+ overlayfs_file
+ perfetto
+ perfetto_exec
+ perfetto_tmpfs
+ perfetto_traces_data_file
+ property_info
+ recovery_socket
+ role_service
+ runas_app
+ art_apex_dir
+ runtime_service
+ secure_element
+ secure_element_device
+ secure_element_service
+ secure_element_tmpfs
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ slice_service
+ socket_hook_prop
+ stats
+ stats_data_file
+ stats_exec
+ stats_service
+ statscompanion_service
+ statsd
+ statsd_exec
+ statsd_tmpfs
+ statsdw
+ statsdw_socket
+ storaged_data_file
+ super_block_device
+ staging_data_file
+ system_boot_reason_prop
+ system_bootstrap_lib_file
+ system_lmk_prop
+ system_update_service
+ test_boot_reason_prop
+ time_prop
+ timedetector_service
+ tombstone_wifi_data_file
+ trace_data_file
+ traced
+ traced_consumer_socket
+ traced_enabled_prop
+ traced_exec
+ traced_probes
+ traced_probes_exec
+ traced_probes_tmpfs
+ traced_producer_socket
+ traced_tmpfs
+ traceur_app
+ traceur_app_tmpfs
+ untrusted_app_all_devpts
+ update_engine_log_data_file
+ uri_grants_service
+ usbd
+ usbd_exec
+ usbd_tmpfs
+ vendor_apex_file
+ vendor_default_prop
+ vendor_init
+ vendor_security_patch_level_prop
+ vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
+ vold_metadata_file
+ vold_prepare_subdirs
+ vold_prepare_subdirs_exec
+ vold_service
+ vrflinger_vsync_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
+ wm_trace_data_file
+ wpantund
+ wpantund_exec
+ wpantund_service
+ wpantund_tmpfs))
+
+;; private_objects - a collection of types that were labeled differently in
+;; older policy, but that should not remain accessible to vendor policy.
+;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
+(typeattribute priv_objects)
+(typeattributeset priv_objects
+ ( priv_objects
+ untrusted_app_27_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.cil
new file mode 100644
index 0000000..321e938
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.cil
@@ -0,0 +1,1744 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type alarm_device)
+(type audio_seq_device)
+(type audio_timer_device)
+(type commontime_management_service)
+(type cpuctl_device)
+(type full_device)
+(type hal_wifi_offload_hwservice)
+(type i2c_device)
+(type kmem_device)
+(type mediacodec)
+(type mediacodec_exec)
+(type mediaextractor_update_service)
+(type mtd_device)
+(type netd_socket)
+(type qtaguid_proc)
+(type thermalcallback_hwservice)
+(type thermalserviced)
+(type thermalserviced_exec)
+(type untrusted_v2_app)
+(type vcs_device)
+
+;; Public 28.0 SEPolicy is divergent on different devices w.r.t
+;; exported_audio_prop type. We need this typeattribute declaration so that the
+;; mapping file compiles with vendor policies without exported_audio_prop type.
+(typeattribute exported_audio_prop_28_0)
+
+(expandtypeattribute (accessibility_service_28_0) true)
+(expandtypeattribute (account_service_28_0) true)
+(expandtypeattribute (activity_service_28_0) true)
+(expandtypeattribute (adbd_28_0) true)
+(expandtypeattribute (adb_data_file_28_0) true)
+(expandtypeattribute (adbd_exec_28_0) true)
+(expandtypeattribute (adbd_socket_28_0) true)
+(expandtypeattribute (adb_keys_file_28_0) true)
+(expandtypeattribute (alarm_device_28_0) true)
+(expandtypeattribute (alarm_service_28_0) true)
+(expandtypeattribute (anr_data_file_28_0) true)
+(expandtypeattribute (apk_data_file_28_0) true)
+(expandtypeattribute (apk_private_data_file_28_0) true)
+(expandtypeattribute (apk_private_tmp_file_28_0) true)
+(expandtypeattribute (apk_tmp_file_28_0) true)
+(expandtypeattribute (app_data_file_28_0) true)
+(expandtypeattribute (app_fuse_file_28_0) true)
+(expandtypeattribute (app_fusefs_28_0) true)
+(expandtypeattribute (appops_service_28_0) true)
+(expandtypeattribute (appwidget_service_28_0) true)
+(expandtypeattribute (asec_apk_file_28_0) true)
+(expandtypeattribute (asec_image_file_28_0) true)
+(expandtypeattribute (asec_public_file_28_0) true)
+(expandtypeattribute (ashmem_device_28_0) true)
+(expandtypeattribute (assetatlas_service_28_0) true)
+(expandtypeattribute (audio_data_file_28_0) true)
+(expandtypeattribute (audio_device_28_0) true)
+(expandtypeattribute (audiohal_data_file_28_0) true)
+(expandtypeattribute (audio_prop_28_0) true)
+(expandtypeattribute (audio_seq_device_28_0) true)
+(expandtypeattribute (audioserver_28_0) true)
+(expandtypeattribute (audioserver_data_file_28_0) true)
+(expandtypeattribute (audioserver_service_28_0) true)
+(expandtypeattribute (audio_service_28_0) true)
+(expandtypeattribute (audio_timer_device_28_0) true)
+(expandtypeattribute (autofill_service_28_0) true)
+(expandtypeattribute (backup_data_file_28_0) true)
+(expandtypeattribute (backup_service_28_0) true)
+(expandtypeattribute (batteryproperties_service_28_0) true)
+(expandtypeattribute (battery_service_28_0) true)
+(expandtypeattribute (batterystats_service_28_0) true)
+(expandtypeattribute (binder_calls_stats_service_28_0) true)
+(expandtypeattribute (binder_device_28_0) true)
+(expandtypeattribute (binfmt_miscfs_28_0) true)
+(expandtypeattribute (blkid_28_0) true)
+(expandtypeattribute (blkid_untrusted_28_0) true)
+(expandtypeattribute (block_device_28_0) true)
+(expandtypeattribute (bluetooth_28_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_28_0) true)
+(expandtypeattribute (bluetooth_data_file_28_0) true)
+(expandtypeattribute (bluetooth_efs_file_28_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_28_0) true)
+(expandtypeattribute (bluetooth_manager_service_28_0) true)
+(expandtypeattribute (bluetooth_prop_28_0) true)
+(expandtypeattribute (bluetooth_service_28_0) true)
+(expandtypeattribute (bluetooth_socket_28_0) true)
+(expandtypeattribute (bootanim_28_0) true)
+(expandtypeattribute (bootanim_exec_28_0) true)
+(expandtypeattribute (boot_block_device_28_0) true)
+(expandtypeattribute (bootchart_data_file_28_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_28_0) true)
+(expandtypeattribute (bootstat_28_0) true)
+(expandtypeattribute (bootstat_data_file_28_0) true)
+(expandtypeattribute (bootstat_exec_28_0) true)
+(expandtypeattribute (boottime_prop_28_0) true)
+(expandtypeattribute (boottrace_data_file_28_0) true)
+(expandtypeattribute (broadcastradio_service_28_0) true)
+(expandtypeattribute (bufferhubd_28_0) true)
+(expandtypeattribute (bufferhubd_exec_28_0) true)
+(expandtypeattribute (cache_backup_file_28_0) true)
+(expandtypeattribute (cache_block_device_28_0) true)
+(expandtypeattribute (cache_file_28_0) true)
+(expandtypeattribute (cache_private_backup_file_28_0) true)
+(expandtypeattribute (cache_recovery_file_28_0) true)
+(expandtypeattribute (camera_data_file_28_0) true)
+(expandtypeattribute (camera_device_28_0) true)
+(expandtypeattribute (cameraproxy_service_28_0) true)
+(expandtypeattribute (cameraserver_28_0) true)
+(expandtypeattribute (cameraserver_exec_28_0) true)
+(expandtypeattribute (cameraserver_service_28_0) true)
+(expandtypeattribute (cgroup_28_0) true)
+(expandtypeattribute (cgroup_bpf_28_0) true)
+(expandtypeattribute (charger_28_0) true)
+(expandtypeattribute (clatd_28_0) true)
+(expandtypeattribute (clatd_exec_28_0) true)
+(expandtypeattribute (clipboard_service_28_0) true)
+(expandtypeattribute (commontime_management_service_28_0) true)
+(expandtypeattribute (companion_device_service_28_0) true)
+(expandtypeattribute (configfs_28_0) true)
+(expandtypeattribute (config_prop_28_0) true)
+(expandtypeattribute (connectivity_service_28_0) true)
+(expandtypeattribute (connmetrics_service_28_0) true)
+(expandtypeattribute (console_device_28_0) true)
+(expandtypeattribute (consumer_ir_service_28_0) true)
+(expandtypeattribute (content_service_28_0) true)
+(expandtypeattribute (contexthub_service_28_0) true)
+(expandtypeattribute (coredump_file_28_0) true)
+(expandtypeattribute (country_detector_service_28_0) true)
+(expandtypeattribute (coverage_service_28_0) true)
+(expandtypeattribute (cppreopt_prop_28_0) true)
+(expandtypeattribute (cppreopts_28_0) true)
+(expandtypeattribute (cppreopts_exec_28_0) true)
+(expandtypeattribute (cpuctl_device_28_0) true)
+(expandtypeattribute (cpuinfo_service_28_0) true)
+(expandtypeattribute (crash_dump_28_0) true)
+(expandtypeattribute (crash_dump_exec_28_0) true)
+(expandtypeattribute (crossprofileapps_service_28_0) true)
+(expandtypeattribute (ctl_bootanim_prop_28_0) true)
+(expandtypeattribute (ctl_bugreport_prop_28_0) true)
+(expandtypeattribute (ctl_console_prop_28_0) true)
+(expandtypeattribute (ctl_default_prop_28_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_28_0) true)
+(expandtypeattribute (ctl_fuse_prop_28_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_28_0) true)
+(expandtypeattribute (ctl_interface_start_prop_28_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_28_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_28_0) true)
+(expandtypeattribute (ctl_restart_prop_28_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_28_0) true)
+(expandtypeattribute (ctl_sigstop_prop_28_0) true)
+(expandtypeattribute (ctl_start_prop_28_0) true)
+(expandtypeattribute (ctl_stop_prop_28_0) true)
+(expandtypeattribute (dalvikcache_data_file_28_0) true)
+(expandtypeattribute (dalvik_prop_28_0) true)
+(expandtypeattribute (dbinfo_service_28_0) true)
+(expandtypeattribute (debugfs_28_0) true)
+(expandtypeattribute (debugfs_mmc_28_0) true)
+(expandtypeattribute (debugfs_trace_marker_28_0) true)
+(expandtypeattribute (debugfs_tracing_28_0) true)
+(expandtypeattribute (debugfs_tracing_debug_28_0) true)
+(expandtypeattribute (debugfs_tracing_instances_28_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_28_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_28_0) true)
+(expandtypeattribute (debuggerd_prop_28_0) true)
+(expandtypeattribute (debug_prop_28_0) true)
+(expandtypeattribute (default_android_hwservice_28_0) true)
+(expandtypeattribute (default_android_service_28_0) true)
+(expandtypeattribute (default_android_vndservice_28_0) true)
+(expandtypeattribute (default_prop_28_0) true)
+(expandtypeattribute (device_28_0) true)
+(expandtypeattribute (device_identifiers_service_28_0) true)
+(expandtypeattribute (deviceidle_service_28_0) true)
+(expandtypeattribute (device_logging_prop_28_0) true)
+(expandtypeattribute (device_policy_service_28_0) true)
+(expandtypeattribute (devicestoragemonitor_service_28_0) true)
+(expandtypeattribute (devpts_28_0) true)
+(expandtypeattribute (dex2oat_28_0) true)
+(expandtypeattribute (dex2oat_exec_28_0) true)
+(expandtypeattribute (dhcp_28_0) true)
+(expandtypeattribute (dhcp_data_file_28_0) true)
+(expandtypeattribute (dhcp_exec_28_0) true)
+(expandtypeattribute (dhcp_prop_28_0) true)
+(expandtypeattribute (diskstats_service_28_0) true)
+(expandtypeattribute (display_service_28_0) true)
+(expandtypeattribute (dm_device_28_0) true)
+(expandtypeattribute (dnsmasq_28_0) true)
+(expandtypeattribute (dnsmasq_exec_28_0) true)
+(expandtypeattribute (dnsproxyd_socket_28_0) true)
+(expandtypeattribute (DockObserver_service_28_0) true)
+(expandtypeattribute (dreams_service_28_0) true)
+(expandtypeattribute (drm_data_file_28_0) true)
+(expandtypeattribute (drmserver_28_0) true)
+(expandtypeattribute (drmserver_exec_28_0) true)
+(expandtypeattribute (drmserver_service_28_0) true)
+(expandtypeattribute (drmserver_socket_28_0) true)
+(expandtypeattribute (dropbox_service_28_0) true)
+(expandtypeattribute (dumpstate_28_0) true)
+(expandtypeattribute (dumpstate_exec_28_0) true)
+(expandtypeattribute (dumpstate_options_prop_28_0) true)
+(expandtypeattribute (dumpstate_prop_28_0) true)
+(expandtypeattribute (dumpstate_service_28_0) true)
+(expandtypeattribute (dumpstate_socket_28_0) true)
+(expandtypeattribute (e2fs_28_0) true)
+(expandtypeattribute (e2fs_exec_28_0) true)
+(expandtypeattribute (efs_file_28_0) true)
+(expandtypeattribute (ephemeral_app_28_0) true)
+(expandtypeattribute (ethernet_service_28_0) true)
+(expandtypeattribute (exfat_28_0) true)
+(expandtypeattribute (exported2_config_prop_28_0) true)
+(expandtypeattribute (exported2_default_prop_28_0) true)
+(expandtypeattribute (exported2_radio_prop_28_0) true)
+(expandtypeattribute (exported2_system_prop_28_0) true)
+(expandtypeattribute (exported2_vold_prop_28_0) true)
+(expandtypeattribute (exported3_default_prop_28_0) true)
+(expandtypeattribute (exported3_radio_prop_28_0) true)
+(expandtypeattribute (exported3_system_prop_28_0) true)
+(expandtypeattribute (exported_audio_prop_28_0) true)
+(expandtypeattribute (exported_bluetooth_prop_28_0) true)
+(expandtypeattribute (exported_config_prop_28_0) true)
+(expandtypeattribute (exported_dalvik_prop_28_0) true)
+(expandtypeattribute (exported_default_prop_28_0) true)
+(expandtypeattribute (exported_dumpstate_prop_28_0) true)
+(expandtypeattribute (exported_ffs_prop_28_0) true)
+(expandtypeattribute (exported_fingerprint_prop_28_0) true)
+(expandtypeattribute (exported_overlay_prop_28_0) true)
+(expandtypeattribute (exported_pm_prop_28_0) true)
+(expandtypeattribute (exported_radio_prop_28_0) true)
+(expandtypeattribute (exported_secure_prop_28_0) true)
+(expandtypeattribute (exported_system_prop_28_0) true)
+(expandtypeattribute (exported_system_radio_prop_28_0) true)
+(expandtypeattribute (exported_vold_prop_28_0) true)
+(expandtypeattribute (exported_wifi_prop_28_0) true)
+(expandtypeattribute (ffs_prop_28_0) true)
+(expandtypeattribute (file_contexts_file_28_0) true)
+(expandtypeattribute (fingerprintd_28_0) true)
+(expandtypeattribute (fingerprintd_data_file_28_0) true)
+(expandtypeattribute (fingerprintd_exec_28_0) true)
+(expandtypeattribute (fingerprintd_service_28_0) true)
+(expandtypeattribute (fingerprint_prop_28_0) true)
+(expandtypeattribute (fingerprint_service_28_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_28_0) true)
+(expandtypeattribute (firstboot_prop_28_0) true)
+(expandtypeattribute (font_service_28_0) true)
+(expandtypeattribute (frp_block_device_28_0) true)
+(expandtypeattribute (fs_bpf_28_0) true)
+(expandtypeattribute (fsck_28_0) true)
+(expandtypeattribute (fsck_exec_28_0) true)
+(expandtypeattribute (fscklogs_28_0) true)
+(expandtypeattribute (fsck_untrusted_28_0) true)
+(expandtypeattribute (full_device_28_0) true)
+(expandtypeattribute (functionfs_28_0) true)
+(expandtypeattribute (fuse_28_0) true)
+(expandtypeattribute (fuse_device_28_0) true)
+(expandtypeattribute (fwk_display_hwservice_28_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_28_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_28_0) true)
+(expandtypeattribute (fwmarkd_socket_28_0) true)
+(expandtypeattribute (gatekeeperd_28_0) true)
+(expandtypeattribute (gatekeeper_data_file_28_0) true)
+(expandtypeattribute (gatekeeperd_exec_28_0) true)
+(expandtypeattribute (gatekeeper_service_28_0) true)
+(expandtypeattribute (gfxinfo_service_28_0) true)
+(expandtypeattribute (gps_control_28_0) true)
+(expandtypeattribute (gpu_device_28_0) true)
+(expandtypeattribute (gpu_service_28_0) true)
+(expandtypeattribute (graphics_device_28_0) true)
+(expandtypeattribute (graphicsstats_service_28_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_28_0) true)
+(expandtypeattribute (hal_audio_hwservice_28_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_28_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_28_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_28_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_28_0) true)
+(expandtypeattribute (hal_camera_hwservice_28_0) true)
+(expandtypeattribute (hal_cas_hwservice_28_0) true)
+(expandtypeattribute (hal_codec2_hwservice_28_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_28_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_28_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_28_0) true)
+(expandtypeattribute (hal_drm_hwservice_28_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_28_0) true)
+(expandtypeattribute (hal_evs_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_service_28_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_28_0) true)
+(expandtypeattribute (hal_gnss_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_28_0) true)
+(expandtypeattribute (hal_health_hwservice_28_0) true)
+(expandtypeattribute (hal_ir_hwservice_28_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_28_0) true)
+(expandtypeattribute (hal_light_hwservice_28_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_28_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_28_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_28_0) true)
+(expandtypeattribute (hal_nfc_hwservice_28_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_28_0) true)
+(expandtypeattribute (hal_omx_hwservice_28_0) true)
+(expandtypeattribute (hal_power_hwservice_28_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_28_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_28_0) true)
+(expandtypeattribute (hal_sensors_hwservice_28_0) true)
+(expandtypeattribute (hal_telephony_hwservice_28_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_28_0) true)
+(expandtypeattribute (hal_thermal_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_hwservice_28_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_28_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_28_0) true)
+(expandtypeattribute (hal_vr_hwservice_28_0) true)
+(expandtypeattribute (hal_weaver_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_28_0) true)
+(expandtypeattribute (hardware_properties_service_28_0) true)
+(expandtypeattribute (hardware_service_28_0) true)
+(expandtypeattribute (hci_attach_dev_28_0) true)
+(expandtypeattribute (hdmi_control_service_28_0) true)
+(expandtypeattribute (healthd_28_0) true)
+(expandtypeattribute (healthd_exec_28_0) true)
+(expandtypeattribute (heapdump_data_file_28_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_28_0) true)
+(expandtypeattribute (hidl_base_hwservice_28_0) true)
+(expandtypeattribute (hidl_manager_hwservice_28_0) true)
+(expandtypeattribute (hidl_memory_hwservice_28_0) true)
+(expandtypeattribute (hidl_token_hwservice_28_0) true)
+(expandtypeattribute (hwbinder_device_28_0) true)
+(expandtypeattribute (hw_random_device_28_0) true)
+(expandtypeattribute (hwservice_contexts_file_28_0) true)
+(expandtypeattribute (hwservicemanager_28_0) true)
+(expandtypeattribute (hwservicemanager_exec_28_0) true)
+(expandtypeattribute (hwservicemanager_prop_28_0) true)
+(expandtypeattribute (i2c_device_28_0) true)
+(expandtypeattribute (icon_file_28_0) true)
+(expandtypeattribute (idmap_28_0) true)
+(expandtypeattribute (idmap_exec_28_0) true)
+(expandtypeattribute (iio_device_28_0) true)
+(expandtypeattribute (imms_service_28_0) true)
+(expandtypeattribute (incident_28_0) true)
+(expandtypeattribute (incidentd_28_0) true)
+(expandtypeattribute (incident_data_file_28_0) true)
+(expandtypeattribute (incident_helper_28_0) true)
+(expandtypeattribute (incident_service_28_0) true)
+(expandtypeattribute (init_28_0) true)
+(expandtypeattribute (init_exec_28_0) true)
+(expandtypeattribute (inotify_28_0) true)
+(expandtypeattribute (input_device_28_0) true)
+(expandtypeattribute (inputflinger_28_0) true)
+(expandtypeattribute (inputflinger_exec_28_0) true)
+(expandtypeattribute (inputflinger_service_28_0) true)
+(expandtypeattribute (input_method_service_28_0) true)
+(expandtypeattribute (input_service_28_0) true)
+(expandtypeattribute (installd_28_0) true)
+(expandtypeattribute (install_data_file_28_0) true)
+(expandtypeattribute (installd_exec_28_0) true)
+(expandtypeattribute (installd_service_28_0) true)
+(expandtypeattribute (install_recovery_28_0) true)
+(expandtypeattribute (install_recovery_exec_28_0) true)
+(expandtypeattribute (ion_device_28_0) true)
+(expandtypeattribute (IProxyService_service_28_0) true)
+(expandtypeattribute (ipsec_service_28_0) true)
+(expandtypeattribute (isolated_app_28_0) true)
+(expandtypeattribute (jobscheduler_service_28_0) true)
+(expandtypeattribute (kernel_28_0) true)
+(expandtypeattribute (keychain_data_file_28_0) true)
+(expandtypeattribute (keychord_device_28_0) true)
+(expandtypeattribute (keystore_28_0) true)
+(expandtypeattribute (keystore_data_file_28_0) true)
+(expandtypeattribute (keystore_exec_28_0) true)
+(expandtypeattribute (keystore_service_28_0) true)
+(expandtypeattribute (kmem_device_28_0) true)
+(expandtypeattribute (kmsg_debug_device_28_0) true)
+(expandtypeattribute (kmsg_device_28_0) true)
+(expandtypeattribute (labeledfs_28_0) true)
+(expandtypeattribute (last_boot_reason_prop_28_0) true)
+(expandtypeattribute (launcherapps_service_28_0) true)
+(expandtypeattribute (lmkd_28_0) true)
+(expandtypeattribute (lmkd_exec_28_0) true)
+(expandtypeattribute (lmkd_socket_28_0) true)
+(expandtypeattribute (location_service_28_0) true)
+(expandtypeattribute (lock_settings_service_28_0) true)
+(expandtypeattribute (logcat_exec_28_0) true)
+(expandtypeattribute (logd_28_0) true)
+(expandtypeattribute (logd_exec_28_0) true)
+(expandtypeattribute (logd_prop_28_0) true)
+(expandtypeattribute (logdr_socket_28_0) true)
+(expandtypeattribute (logd_socket_28_0) true)
+(expandtypeattribute (logdw_socket_28_0) true)
+(expandtypeattribute (logpersist_28_0) true)
+(expandtypeattribute (logpersistd_logging_prop_28_0) true)
+(expandtypeattribute (log_prop_28_0) true)
+(expandtypeattribute (log_tag_prop_28_0) true)
+(expandtypeattribute (loop_control_device_28_0) true)
+(expandtypeattribute (loop_device_28_0) true)
+(expandtypeattribute (lowpan_device_28_0) true)
+(expandtypeattribute (lowpan_prop_28_0) true)
+(expandtypeattribute (lowpan_service_28_0) true)
+(expandtypeattribute (mac_perms_file_28_0) true)
+(expandtypeattribute (mdnsd_28_0) true)
+(expandtypeattribute (mdnsd_socket_28_0) true)
+(expandtypeattribute (mdns_socket_28_0) true)
+(expandtypeattribute (mediacodec_28_0) true)
+(expandtypeattribute (mediacodec_exec_28_0) true)
+(expandtypeattribute (mediacodec_service_28_0) true)
+(expandtypeattribute (media_data_file_28_0) true)
+(expandtypeattribute (mediadrmserver_28_0) true)
+(expandtypeattribute (mediadrmserver_exec_28_0) true)
+(expandtypeattribute (mediadrmserver_service_28_0) true)
+(expandtypeattribute (mediaextractor_28_0) true)
+(expandtypeattribute (mediaextractor_exec_28_0) true)
+(expandtypeattribute (mediaextractor_service_28_0) true)
+(expandtypeattribute (mediaextractor_update_service_28_0) true)
+(expandtypeattribute (mediametrics_28_0) true)
+(expandtypeattribute (mediametrics_exec_28_0) true)
+(expandtypeattribute (mediametrics_service_28_0) true)
+(expandtypeattribute (media_projection_service_28_0) true)
+(expandtypeattribute (mediaprovider_28_0) true)
+(expandtypeattribute (media_router_service_28_0) true)
+(expandtypeattribute (media_rw_data_file_28_0) true)
+(expandtypeattribute (mediaserver_28_0) true)
+(expandtypeattribute (mediaserver_exec_28_0) true)
+(expandtypeattribute (mediaserver_service_28_0) true)
+(expandtypeattribute (media_session_service_28_0) true)
+(expandtypeattribute (meminfo_service_28_0) true)
+(expandtypeattribute (metadata_block_device_28_0) true)
+(expandtypeattribute (metadata_file_28_0) true)
+(expandtypeattribute (method_trace_data_file_28_0) true)
+(expandtypeattribute (midi_service_28_0) true)
+(expandtypeattribute (misc_block_device_28_0) true)
+(expandtypeattribute (misc_logd_file_28_0) true)
+(expandtypeattribute (misc_user_data_file_28_0) true)
+(expandtypeattribute (mmc_prop_28_0) true)
+(expandtypeattribute (mnt_expand_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_28_0) true)
+(expandtypeattribute (mnt_user_file_28_0) true)
+(expandtypeattribute (mnt_vendor_file_28_0) true)
+(expandtypeattribute (modprobe_28_0) true)
+(expandtypeattribute (mount_service_28_0) true)
+(expandtypeattribute (mqueue_28_0) true)
+(expandtypeattribute (mtd_device_28_0) true)
+(expandtypeattribute (mtp_28_0) true)
+(expandtypeattribute (mtp_device_28_0) true)
+(expandtypeattribute (mtpd_socket_28_0) true)
+(expandtypeattribute (mtp_exec_28_0) true)
+(expandtypeattribute (nativetest_data_file_28_0) true)
+(expandtypeattribute (netd_28_0) true)
+(expandtypeattribute (net_data_file_28_0) true)
+(expandtypeattribute (netd_exec_28_0) true)
+(expandtypeattribute (netd_listener_service_28_0) true)
+(expandtypeattribute (net_dns_prop_28_0) true)
+(expandtypeattribute (netd_service_28_0) true)
+(expandtypeattribute (netd_socket_28_0) true)
+(expandtypeattribute (netd_stable_secret_prop_28_0) true)
+(expandtypeattribute (netif_28_0) true)
+(expandtypeattribute (netpolicy_service_28_0) true)
+(expandtypeattribute (net_radio_prop_28_0) true)
+(expandtypeattribute (netstats_service_28_0) true)
+(expandtypeattribute (netutils_wrapper_28_0) true)
+(expandtypeattribute (netutils_wrapper_exec_28_0) true)
+(expandtypeattribute (network_management_service_28_0) true)
+(expandtypeattribute (network_score_service_28_0) true)
+(expandtypeattribute (network_time_update_service_28_0) true)
+(expandtypeattribute (network_watchlist_data_file_28_0) true)
+(expandtypeattribute (network_watchlist_service_28_0) true)
+(expandtypeattribute (nfc_28_0) true)
+(expandtypeattribute (nfc_data_file_28_0) true)
+(expandtypeattribute (nfc_device_28_0) true)
+(expandtypeattribute (nfc_prop_28_0) true)
+(expandtypeattribute (nfc_service_28_0) true)
+(expandtypeattribute (node_28_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_28_0) true)
+(expandtypeattribute (notification_service_28_0) true)
+(expandtypeattribute (null_device_28_0) true)
+(expandtypeattribute (oemfs_28_0) true)
+(expandtypeattribute (oem_lock_service_28_0) true)
+(expandtypeattribute (ota_data_file_28_0) true)
+(expandtypeattribute (otadexopt_service_28_0) true)
+(expandtypeattribute (ota_package_file_28_0) true)
+(expandtypeattribute (otapreopt_chroot_28_0) true)
+(expandtypeattribute (otapreopt_chroot_exec_28_0) true)
+(expandtypeattribute (otapreopt_slot_28_0) true)
+(expandtypeattribute (otapreopt_slot_exec_28_0) true)
+(expandtypeattribute (overlay_prop_28_0) true)
+(expandtypeattribute (overlay_service_28_0) true)
+(expandtypeattribute (owntty_device_28_0) true)
+(expandtypeattribute (package_native_service_28_0) true)
+(expandtypeattribute (package_service_28_0) true)
+(expandtypeattribute (pan_result_prop_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_28_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_dir_28_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_dir_28_0) true)
+(expandtypeattribute (performanced_28_0) true)
+(expandtypeattribute (performanced_exec_28_0) true)
+(expandtypeattribute (permission_service_28_0) true)
+(expandtypeattribute (persist_debug_prop_28_0) true)
+(expandtypeattribute (persistent_data_block_service_28_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_28_0) true)
+(expandtypeattribute (pinner_service_28_0) true)
+(expandtypeattribute (pipefs_28_0) true)
+(expandtypeattribute (platform_app_28_0) true)
+(expandtypeattribute (pm_prop_28_0) true)
+(expandtypeattribute (pmsg_device_28_0) true)
+(expandtypeattribute (port_28_0) true)
+(expandtypeattribute (port_device_28_0) true)
+(expandtypeattribute (postinstall_28_0) true)
+(expandtypeattribute (postinstall_dexopt_28_0) true)
+(expandtypeattribute (postinstall_file_28_0) true)
+(expandtypeattribute (postinstall_mnt_dir_28_0) true)
+(expandtypeattribute (powerctl_prop_28_0) true)
+(expandtypeattribute (power_service_28_0) true)
+(expandtypeattribute (ppp_28_0) true)
+(expandtypeattribute (ppp_device_28_0) true)
+(expandtypeattribute (ppp_exec_28_0) true)
+(expandtypeattribute (preloads_data_file_28_0) true)
+(expandtypeattribute (preloads_media_file_28_0) true)
+(expandtypeattribute (preopt2cachename_28_0) true)
+(expandtypeattribute (preopt2cachename_exec_28_0) true)
+(expandtypeattribute (print_service_28_0) true)
+(expandtypeattribute (priv_app_28_0) true)
+(expandtypeattribute (proc_28_0) true)
+(expandtypeattribute (proc_abi_28_0) true)
+(expandtypeattribute (proc_asound_28_0) true)
+(expandtypeattribute (proc_bluetooth_writable_28_0) true)
+(expandtypeattribute (proc_buddyinfo_28_0) true)
+(expandtypeattribute (proc_cmdline_28_0) true)
+(expandtypeattribute (proc_cpuinfo_28_0) true)
+(expandtypeattribute (proc_dirty_28_0) true)
+(expandtypeattribute (proc_diskstats_28_0) true)
+(expandtypeattribute (proc_drop_caches_28_0) true)
+(expandtypeattribute (processinfo_service_28_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_28_0) true)
+(expandtypeattribute (proc_filesystems_28_0) true)
+(expandtypeattribute (proc_hostname_28_0) true)
+(expandtypeattribute (proc_hung_task_28_0) true)
+(expandtypeattribute (proc_interrupts_28_0) true)
+(expandtypeattribute (proc_iomem_28_0) true)
+(expandtypeattribute (proc_kmsg_28_0) true)
+(expandtypeattribute (proc_loadavg_28_0) true)
+(expandtypeattribute (proc_max_map_count_28_0) true)
+(expandtypeattribute (proc_meminfo_28_0) true)
+(expandtypeattribute (proc_min_free_order_shift_28_0) true)
+(expandtypeattribute (proc_misc_28_0) true)
+(expandtypeattribute (proc_modules_28_0) true)
+(expandtypeattribute (proc_mounts_28_0) true)
+(expandtypeattribute (proc_net_28_0) true)
+(expandtypeattribute (proc_overcommit_memory_28_0) true)
+(expandtypeattribute (proc_page_cluster_28_0) true)
+(expandtypeattribute (proc_pagetypeinfo_28_0) true)
+(expandtypeattribute (proc_panic_28_0) true)
+(expandtypeattribute (proc_perf_28_0) true)
+(expandtypeattribute (proc_pid_max_28_0) true)
+(expandtypeattribute (proc_pipe_conf_28_0) true)
+(expandtypeattribute (proc_qtaguid_stat_28_0) true)
+(expandtypeattribute (proc_random_28_0) true)
+(expandtypeattribute (proc_sched_28_0) true)
+(expandtypeattribute (proc_security_28_0) true)
+(expandtypeattribute (proc_stat_28_0) true)
+(expandtypeattribute (procstats_service_28_0) true)
+(expandtypeattribute (proc_swaps_28_0) true)
+(expandtypeattribute (proc_sysrq_28_0) true)
+(expandtypeattribute (proc_timer_28_0) true)
+(expandtypeattribute (proc_tty_drivers_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_28_0) true)
+(expandtypeattribute (proc_uid_cpupower_28_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_28_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_28_0) true)
+(expandtypeattribute (proc_uid_io_stats_28_0) true)
+(expandtypeattribute (proc_uid_procstat_set_28_0) true)
+(expandtypeattribute (proc_uid_time_in_state_28_0) true)
+(expandtypeattribute (proc_uptime_28_0) true)
+(expandtypeattribute (proc_version_28_0) true)
+(expandtypeattribute (proc_vmallocinfo_28_0) true)
+(expandtypeattribute (proc_vmstat_28_0) true)
+(expandtypeattribute (proc_zoneinfo_28_0) true)
+(expandtypeattribute (profman_28_0) true)
+(expandtypeattribute (profman_dump_data_file_28_0) true)
+(expandtypeattribute (profman_exec_28_0) true)
+(expandtypeattribute (properties_device_28_0) true)
+(expandtypeattribute (properties_serial_28_0) true)
+(expandtypeattribute (property_contexts_file_28_0) true)
+(expandtypeattribute (property_data_file_28_0) true)
+(expandtypeattribute (property_info_28_0) true)
+(expandtypeattribute (property_socket_28_0) true)
+(expandtypeattribute (pstorefs_28_0) true)
+(expandtypeattribute (ptmx_device_28_0) true)
+(expandtypeattribute (qtaguid_device_28_0) true)
+(expandtypeattribute (qtaguid_proc_28_0) true)
+(expandtypeattribute (racoon_28_0) true)
+(expandtypeattribute (racoon_exec_28_0) true)
+(expandtypeattribute (racoon_socket_28_0) true)
+(expandtypeattribute (radio_28_0) true)
+(expandtypeattribute (radio_data_file_28_0) true)
+(expandtypeattribute (radio_device_28_0) true)
+(expandtypeattribute (radio_prop_28_0) true)
+(expandtypeattribute (radio_service_28_0) true)
+(expandtypeattribute (ram_device_28_0) true)
+(expandtypeattribute (random_device_28_0) true)
+(expandtypeattribute (recovery_28_0) true)
+(expandtypeattribute (recovery_block_device_28_0) true)
+(expandtypeattribute (recovery_data_file_28_0) true)
+(expandtypeattribute (recovery_persist_28_0) true)
+(expandtypeattribute (recovery_persist_exec_28_0) true)
+(expandtypeattribute (recovery_refresh_28_0) true)
+(expandtypeattribute (recovery_refresh_exec_28_0) true)
+(expandtypeattribute (recovery_service_28_0) true)
+(expandtypeattribute (registry_service_28_0) true)
+(expandtypeattribute (resourcecache_data_file_28_0) true)
+(expandtypeattribute (restorecon_prop_28_0) true)
+(expandtypeattribute (restrictions_service_28_0) true)
+(expandtypeattribute (rild_debug_socket_28_0) true)
+(expandtypeattribute (rild_socket_28_0) true)
+(expandtypeattribute (ringtone_file_28_0) true)
+(expandtypeattribute (root_block_device_28_0) true)
+(expandtypeattribute (rootfs_28_0) true)
+(expandtypeattribute (rpmsg_device_28_0) true)
+(expandtypeattribute (rtc_device_28_0) true)
+(expandtypeattribute (rttmanager_service_28_0) true)
+(expandtypeattribute (runas_28_0) true)
+(expandtypeattribute (runas_exec_28_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_28_0) true)
+(expandtypeattribute (safemode_prop_28_0) true)
+(expandtypeattribute (same_process_hal_file_28_0) true)
+(expandtypeattribute (samplingprofiler_service_28_0) true)
+(expandtypeattribute (scheduling_policy_service_28_0) true)
+(expandtypeattribute (sdcardd_28_0) true)
+(expandtypeattribute (sdcardd_exec_28_0) true)
+(expandtypeattribute (sdcardfs_28_0) true)
+(expandtypeattribute (seapp_contexts_file_28_0) true)
+(expandtypeattribute (search_service_28_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_28_0) true)
+(expandtypeattribute (secure_element_28_0) true)
+(expandtypeattribute (secure_element_device_28_0) true)
+(expandtypeattribute (secure_element_service_28_0) true)
+(expandtypeattribute (selinuxfs_28_0) true)
+(expandtypeattribute (sensors_device_28_0) true)
+(expandtypeattribute (sensorservice_service_28_0) true)
+(expandtypeattribute (sepolicy_file_28_0) true)
+(expandtypeattribute (serial_device_28_0) true)
+(expandtypeattribute (serialno_prop_28_0) true)
+(expandtypeattribute (serial_service_28_0) true)
+(expandtypeattribute (service_contexts_file_28_0) true)
+(expandtypeattribute (servicediscovery_service_28_0) true)
+(expandtypeattribute (servicemanager_28_0) true)
+(expandtypeattribute (servicemanager_exec_28_0) true)
+(expandtypeattribute (settings_service_28_0) true)
+(expandtypeattribute (sgdisk_28_0) true)
+(expandtypeattribute (sgdisk_exec_28_0) true)
+(expandtypeattribute (shared_relro_28_0) true)
+(expandtypeattribute (shared_relro_file_28_0) true)
+(expandtypeattribute (shell_28_0) true)
+(expandtypeattribute (shell_data_file_28_0) true)
+(expandtypeattribute (shell_exec_28_0) true)
+(expandtypeattribute (shell_prop_28_0) true)
+(expandtypeattribute (shm_28_0) true)
+(expandtypeattribute (shortcut_manager_icons_28_0) true)
+(expandtypeattribute (shortcut_service_28_0) true)
+(expandtypeattribute (slice_service_28_0) true)
+(expandtypeattribute (slideshow_28_0) true)
+(expandtypeattribute (socket_device_28_0) true)
+(expandtypeattribute (sockfs_28_0) true)
+(expandtypeattribute (statusbar_service_28_0) true)
+(expandtypeattribute (storaged_service_28_0) true)
+(expandtypeattribute (storage_file_28_0) true)
+(expandtypeattribute (storagestats_service_28_0) true)
+(expandtypeattribute (storage_stub_file_28_0) true)
+(expandtypeattribute (su_28_0) true)
+(expandtypeattribute (su_exec_28_0) true)
+(expandtypeattribute (surfaceflinger_28_0) true)
+(expandtypeattribute (surfaceflinger_service_28_0) true)
+(expandtypeattribute (swap_block_device_28_0) true)
+(expandtypeattribute (sysfs_28_0) true)
+(expandtypeattribute (sysfs_android_usb_28_0) true)
+(expandtypeattribute (sysfs_batteryinfo_28_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_28_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_28_0) true)
+(expandtypeattribute (sysfs_dm_28_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_28_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_28_0) true)
+(expandtypeattribute (sysfs_hwrandom_28_0) true)
+(expandtypeattribute (sysfs_ipv4_28_0) true)
+(expandtypeattribute (sysfs_kernel_notes_28_0) true)
+(expandtypeattribute (sysfs_leds_28_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_28_0) true)
+(expandtypeattribute (sysfs_mac_address_28_0) true)
+(expandtypeattribute (sysfs_net_28_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_28_0) true)
+(expandtypeattribute (sysfs_power_28_0) true)
+(expandtypeattribute (sysfs_rtc_28_0) true)
+(expandtypeattribute (sysfs_switch_28_0) true)
+(expandtypeattribute (sysfs_thermal_28_0) true)
+(expandtypeattribute (sysfs_uio_28_0) true)
+(expandtypeattribute (sysfs_usb_28_0) true)
+(expandtypeattribute (sysfs_usermodehelper_28_0) true)
+(expandtypeattribute (sysfs_vibrator_28_0) true)
+(expandtypeattribute (sysfs_wake_lock_28_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_28_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_28_0) true)
+(expandtypeattribute (sysfs_zram_28_0) true)
+(expandtypeattribute (sysfs_zram_uevent_28_0) true)
+(expandtypeattribute (system_app_28_0) true)
+(expandtypeattribute (system_app_data_file_28_0) true)
+(expandtypeattribute (system_app_service_28_0) true)
+(expandtypeattribute (system_block_device_28_0) true)
+(expandtypeattribute (system_boot_reason_prop_28_0) true)
+(expandtypeattribute (system_data_file_28_0) true)
+(expandtypeattribute (system_file_28_0) true)
+(expandtypeattribute (systemkeys_data_file_28_0) true)
+(expandtypeattribute (system_ndebug_socket_28_0) true)
+(expandtypeattribute (system_net_netd_hwservice_28_0) true)
+(expandtypeattribute (system_prop_28_0) true)
+(expandtypeattribute (system_radio_prop_28_0) true)
+(expandtypeattribute (system_server_28_0) true)
+(expandtypeattribute (system_update_service_28_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_28_0) true)
+(expandtypeattribute (system_wpa_socket_28_0) true)
+(expandtypeattribute (task_service_28_0) true)
+(expandtypeattribute (tee_28_0) true)
+(expandtypeattribute (tee_data_file_28_0) true)
+(expandtypeattribute (tee_device_28_0) true)
+(expandtypeattribute (telecom_service_28_0) true)
+(expandtypeattribute (test_boot_reason_prop_28_0) true)
+(expandtypeattribute (textclassification_service_28_0) true)
+(expandtypeattribute (textclassifier_data_file_28_0) true)
+(expandtypeattribute (textservices_service_28_0) true)
+(expandtypeattribute (thermalcallback_hwservice_28_0) true)
+(expandtypeattribute (thermal_service_28_0) true)
+(expandtypeattribute (timezone_service_28_0) true)
+(expandtypeattribute (tmpfs_28_0) true)
+(expandtypeattribute (tombstoned_28_0) true)
+(expandtypeattribute (tombstone_data_file_28_0) true)
+(expandtypeattribute (tombstoned_crash_socket_28_0) true)
+(expandtypeattribute (tombstoned_exec_28_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_28_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_28_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_28_0) true)
+(expandtypeattribute (toolbox_28_0) true)
+(expandtypeattribute (toolbox_exec_28_0) true)
+(expandtypeattribute (trace_data_file_28_0) true)
+(expandtypeattribute (traced_consumer_socket_28_0) true)
+(expandtypeattribute (traced_enabled_prop_28_0) true)
+(expandtypeattribute (traced_probes_28_0) true)
+(expandtypeattribute (traced_producer_socket_28_0) true)
+(expandtypeattribute (traceur_app_28_0) true)
+(expandtypeattribute (trust_service_28_0) true)
+(expandtypeattribute (tty_device_28_0) true)
+(expandtypeattribute (tun_device_28_0) true)
+(expandtypeattribute (tv_input_service_28_0) true)
+(expandtypeattribute (tzdatacheck_28_0) true)
+(expandtypeattribute (tzdatacheck_exec_28_0) true)
+(expandtypeattribute (ueventd_28_0) true)
+(expandtypeattribute (uhid_device_28_0) true)
+(expandtypeattribute (uimode_service_28_0) true)
+(expandtypeattribute (uio_device_28_0) true)
+(expandtypeattribute (uncrypt_28_0) true)
+(expandtypeattribute (uncrypt_exec_28_0) true)
+(expandtypeattribute (uncrypt_socket_28_0) true)
+(expandtypeattribute (unencrypted_data_file_28_0) true)
+(expandtypeattribute (unlabeled_28_0) true)
+(expandtypeattribute (untrusted_app_25_28_0) true)
+(expandtypeattribute (untrusted_app_27_28_0) true)
+(expandtypeattribute (untrusted_app_28_0) true)
+(expandtypeattribute (untrusted_v2_app_28_0) true)
+(expandtypeattribute (update_engine_28_0) true)
+(expandtypeattribute (update_engine_data_file_28_0) true)
+(expandtypeattribute (update_engine_exec_28_0) true)
+(expandtypeattribute (update_engine_log_data_file_28_0) true)
+(expandtypeattribute (update_engine_service_28_0) true)
+(expandtypeattribute (updatelock_service_28_0) true)
+(expandtypeattribute (update_verifier_28_0) true)
+(expandtypeattribute (update_verifier_exec_28_0) true)
+(expandtypeattribute (usagestats_service_28_0) true)
+(expandtypeattribute (usbaccessory_device_28_0) true)
+(expandtypeattribute (usbd_28_0) true)
+(expandtypeattribute (usb_device_28_0) true)
+(expandtypeattribute (usbd_exec_28_0) true)
+(expandtypeattribute (usbfs_28_0) true)
+(expandtypeattribute (usb_service_28_0) true)
+(expandtypeattribute (userdata_block_device_28_0) true)
+(expandtypeattribute (usermodehelper_28_0) true)
+(expandtypeattribute (user_profile_data_file_28_0) true)
+(expandtypeattribute (user_service_28_0) true)
+(expandtypeattribute (vcs_device_28_0) true)
+(expandtypeattribute (vdc_28_0) true)
+(expandtypeattribute (vdc_exec_28_0) true)
+(expandtypeattribute (vendor_app_file_28_0) true)
+(expandtypeattribute (vendor_configs_file_28_0) true)
+(expandtypeattribute (vendor_data_file_28_0) true)
+(expandtypeattribute (vendor_default_prop_28_0) true)
+(expandtypeattribute (vendor_file_28_0) true)
+(expandtypeattribute (vendor_framework_file_28_0) true)
+(expandtypeattribute (vendor_hal_file_28_0) true)
+(expandtypeattribute (vendor_init_28_0) true)
+(expandtypeattribute (vendor_overlay_file_28_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_28_0) true)
+(expandtypeattribute (vendor_shell_28_0) true)
+(expandtypeattribute (vendor_shell_exec_28_0) true)
+(expandtypeattribute (vendor_toolbox_exec_28_0) true)
+(expandtypeattribute (vfat_28_0) true)
+(expandtypeattribute (vibrator_service_28_0) true)
+(expandtypeattribute (video_device_28_0) true)
+(expandtypeattribute (virtual_touchpad_28_0) true)
+(expandtypeattribute (virtual_touchpad_exec_28_0) true)
+(expandtypeattribute (virtual_touchpad_service_28_0) true)
+(expandtypeattribute (vndbinder_device_28_0) true)
+(expandtypeattribute (vndk_sp_file_28_0) true)
+(expandtypeattribute (vndservice_contexts_file_28_0) true)
+(expandtypeattribute (vndservicemanager_28_0) true)
+(expandtypeattribute (voiceinteraction_service_28_0) true)
+(expandtypeattribute (vold_28_0) true)
+(expandtypeattribute (vold_data_file_28_0) true)
+(expandtypeattribute (vold_device_28_0) true)
+(expandtypeattribute (vold_exec_28_0) true)
+(expandtypeattribute (vold_metadata_file_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_28_0) true)
+(expandtypeattribute (vold_prop_28_0) true)
+(expandtypeattribute (vold_service_28_0) true)
+(expandtypeattribute (vpn_data_file_28_0) true)
+(expandtypeattribute (vr_hwc_28_0) true)
+(expandtypeattribute (vr_hwc_exec_28_0) true)
+(expandtypeattribute (vr_hwc_service_28_0) true)
+(expandtypeattribute (vr_manager_service_28_0) true)
+(expandtypeattribute (wallpaper_file_28_0) true)
+(expandtypeattribute (wallpaper_service_28_0) true)
+(expandtypeattribute (watchdogd_28_0) true)
+(expandtypeattribute (watchdog_device_28_0) true)
+(expandtypeattribute (webviewupdate_service_28_0) true)
+(expandtypeattribute (webview_zygote_28_0) true)
+(expandtypeattribute (webview_zygote_exec_28_0) true)
+(expandtypeattribute (wifiaware_service_28_0) true)
+(expandtypeattribute (wificond_28_0) true)
+(expandtypeattribute (wificond_exec_28_0) true)
+(expandtypeattribute (wificond_service_28_0) true)
+(expandtypeattribute (wifi_data_file_28_0) true)
+(expandtypeattribute (wifi_log_prop_28_0) true)
+(expandtypeattribute (wifip2p_service_28_0) true)
+(expandtypeattribute (wifi_prop_28_0) true)
+(expandtypeattribute (wifiscanner_service_28_0) true)
+(expandtypeattribute (wifi_service_28_0) true)
+(expandtypeattribute (window_service_28_0) true)
+(expandtypeattribute (wpantund_28_0) true)
+(expandtypeattribute (wpantund_exec_28_0) true)
+(expandtypeattribute (wpantund_service_28_0) true)
+(expandtypeattribute (wpa_socket_28_0) true)
+(expandtypeattribute (zero_device_28_0) true)
+(expandtypeattribute (zoneinfo_data_file_28_0) true)
+(expandtypeattribute (zygote_28_0) true)
+(expandtypeattribute (zygote_exec_28_0) true)
+(expandtypeattribute (zygote_socket_28_0) true)
+(typeattributeset accessibility_service_28_0 (accessibility_service))
+(typeattributeset account_service_28_0 (account_service))
+(typeattributeset activity_service_28_0 (activity_service))
+(typeattributeset adbd_28_0 (adbd))
+(typeattributeset adb_data_file_28_0 (adb_data_file))
+(typeattributeset adbd_exec_28_0 (adbd_exec))
+(typeattributeset adbd_socket_28_0 (adbd_socket))
+(typeattributeset adb_keys_file_28_0 (adb_keys_file))
+(typeattributeset alarm_device_28_0 (alarm_device))
+(typeattributeset alarm_service_28_0 (alarm_service))
+(typeattributeset anr_data_file_28_0 (anr_data_file))
+(typeattributeset apk_data_file_28_0 (apk_data_file))
+(typeattributeset apk_private_data_file_28_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_28_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_28_0 (apk_tmp_file))
+(typeattributeset app_data_file_28_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_28_0 (app_fuse_file))
+(typeattributeset app_fusefs_28_0 (app_fusefs))
+(typeattributeset appops_service_28_0 (appops_service))
+(typeattributeset appwidget_service_28_0 (appwidget_service))
+(typeattributeset asec_apk_file_28_0 (asec_apk_file))
+(typeattributeset asec_image_file_28_0 (asec_image_file))
+(typeattributeset asec_public_file_28_0 (asec_public_file))
+(typeattributeset ashmem_device_28_0 (ashmem_device))
+(typeattributeset assetatlas_service_28_0 (assetatlas_service))
+(typeattributeset audio_data_file_28_0 (audio_data_file))
+(typeattributeset audio_device_28_0 (audio_device))
+(typeattributeset audiohal_data_file_28_0 (audiohal_data_file))
+(typeattributeset audio_prop_28_0 (audio_prop))
+(typeattributeset audio_seq_device_28_0 (audio_seq_device))
+(typeattributeset audioserver_28_0 (audioserver))
+(typeattributeset audioserver_data_file_28_0 (audioserver_data_file))
+(typeattributeset audioserver_service_28_0 (audioserver_service))
+(typeattributeset audio_service_28_0 (audio_service))
+(typeattributeset audio_timer_device_28_0 (audio_timer_device))
+(typeattributeset autofill_service_28_0 (autofill_service))
+(typeattributeset backup_data_file_28_0 (backup_data_file))
+(typeattributeset backup_service_28_0 (backup_service))
+(typeattributeset batteryproperties_service_28_0 (batteryproperties_service))
+(typeattributeset battery_service_28_0 (battery_service))
+(typeattributeset batterystats_service_28_0 (batterystats_service))
+(typeattributeset binder_calls_stats_service_28_0 (binder_calls_stats_service))
+(typeattributeset binder_device_28_0 (binder_device))
+(typeattributeset binfmt_miscfs_28_0 (binfmt_miscfs))
+(typeattributeset blkid_28_0 (blkid))
+(typeattributeset blkid_untrusted_28_0 (blkid_untrusted))
+(typeattributeset block_device_28_0 (block_device))
+(typeattributeset bluetooth_28_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_28_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_data_file_28_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_28_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_28_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_28_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_28_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_28_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_28_0 (bluetooth_socket))
+(typeattributeset bootanim_28_0 (bootanim))
+(typeattributeset bootanim_exec_28_0 (bootanim_exec))
+(typeattributeset boot_block_device_28_0 (boot_block_device))
+(typeattributeset bootchart_data_file_28_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_28_0 (bootloader_boot_reason_prop))
+(typeattributeset bootstat_28_0 (bootstat))
+(typeattributeset bootstat_data_file_28_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_28_0 (bootstat_exec))
+(typeattributeset boottime_prop_28_0 (boottime_prop))
+(typeattributeset boottrace_data_file_28_0 (boottrace_data_file))
+(typeattributeset broadcastradio_service_28_0 (broadcastradio_service))
+(typeattributeset bufferhubd_28_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_28_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_28_0 (cache_backup_file))
+(typeattributeset cache_block_device_28_0 (cache_block_device))
+(typeattributeset cache_file_28_0 (cache_file))
+(typeattributeset cache_private_backup_file_28_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_28_0 (cache_recovery_file))
+(typeattributeset camera_data_file_28_0 (camera_data_file))
+(typeattributeset camera_device_28_0 (camera_device))
+(typeattributeset cameraproxy_service_28_0 (cameraproxy_service))
+(typeattributeset cameraserver_28_0 (cameraserver))
+(typeattributeset cameraserver_exec_28_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_28_0 (cameraserver_service))
+(typeattributeset cgroup_28_0 (cgroup))
+(typeattributeset cgroup_bpf_28_0 (cgroup_bpf))
+(typeattributeset charger_28_0 (charger))
+(typeattributeset clatd_28_0 (clatd))
+(typeattributeset clatd_exec_28_0 (clatd_exec))
+(typeattributeset clipboard_service_28_0 (clipboard_service))
+(typeattributeset commontime_management_service_28_0 (commontime_management_service))
+(typeattributeset companion_device_service_28_0 (companion_device_service))
+(typeattributeset configfs_28_0 (configfs))
+(typeattributeset config_prop_28_0 (config_prop))
+(typeattributeset connectivity_service_28_0 (connectivity_service))
+(typeattributeset connmetrics_service_28_0 (connmetrics_service))
+(typeattributeset console_device_28_0 (console_device))
+(typeattributeset consumer_ir_service_28_0 (consumer_ir_service))
+(typeattributeset content_service_28_0 (content_service))
+(typeattributeset contexthub_service_28_0 (contexthub_service))
+(typeattributeset coredump_file_28_0 (coredump_file))
+(typeattributeset country_detector_service_28_0 (country_detector_service))
+(typeattributeset coverage_service_28_0 (coverage_service))
+(typeattributeset cppreopt_prop_28_0 (cppreopt_prop))
+(typeattributeset cppreopts_28_0 (cppreopts))
+(typeattributeset cppreopts_exec_28_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_28_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_28_0 (cpuinfo_service))
+(typeattributeset crash_dump_28_0 (crash_dump))
+(typeattributeset crash_dump_exec_28_0 (crash_dump_exec))
+(typeattributeset crossprofileapps_service_28_0 (crossprofileapps_service))
+(typeattributeset ctl_bootanim_prop_28_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_28_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_28_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_28_0
+ ( ctl_adbd_prop
+ ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_28_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_28_0 (ctl_fuse_prop))
+(typeattributeset ctl_interface_restart_prop_28_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_28_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_28_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_28_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_28_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_28_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_28_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_28_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_28_0 (ctl_stop_prop))
+(typeattributeset dalvikcache_data_file_28_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_28_0 (dalvik_prop))
+(typeattributeset dbinfo_service_28_0 (dbinfo_service))
+(typeattributeset debugfs_28_0 (debugfs))
+(typeattributeset debugfs_mmc_28_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_28_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_28_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_28_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_28_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wakeup_sources_28_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_28_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_28_0 (debuggerd_prop))
+(typeattributeset debug_prop_28_0 (debug_prop))
+(typeattributeset default_android_hwservice_28_0 (default_android_hwservice))
+(typeattributeset default_android_service_28_0 (default_android_service))
+(typeattributeset default_android_vndservice_28_0 (default_android_vndservice))
+(typeattributeset default_prop_28_0 (default_prop))
+(typeattributeset device_28_0 (device))
+(typeattributeset device_identifiers_service_28_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_28_0 (deviceidle_service))
+(typeattributeset device_logging_prop_28_0 (device_logging_prop))
+(typeattributeset device_policy_service_28_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_28_0 (devicestoragemonitor_service))
+(typeattributeset devpts_28_0 (devpts))
+(typeattributeset dex2oat_28_0 (dex2oat))
+(typeattributeset dex2oat_exec_28_0 (dex2oat_exec))
+(typeattributeset dhcp_28_0 (dhcp))
+(typeattributeset dhcp_data_file_28_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_28_0 (dhcp_exec))
+(typeattributeset dhcp_prop_28_0 (dhcp_prop))
+(typeattributeset diskstats_service_28_0 (diskstats_service))
+(typeattributeset display_service_28_0 (display_service))
+(typeattributeset dm_device_28_0 (dm_device))
+(typeattributeset dnsmasq_28_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_28_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_28_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_28_0 (DockObserver_service))
+(typeattributeset dreams_service_28_0 (dreams_service))
+(typeattributeset drm_data_file_28_0 (drm_data_file))
+(typeattributeset drmserver_28_0 (drmserver))
+(typeattributeset drmserver_exec_28_0 (drmserver_exec))
+(typeattributeset drmserver_service_28_0 (drmserver_service))
+(typeattributeset drmserver_socket_28_0 (drmserver_socket))
+(typeattributeset dropbox_service_28_0 (dropbox_service))
+(typeattributeset dumpstate_28_0 (dumpstate))
+(typeattributeset dumpstate_exec_28_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_28_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_28_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_28_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_28_0 (dumpstate_socket))
+(typeattributeset e2fs_28_0 (e2fs))
+(typeattributeset e2fs_exec_28_0 (e2fs_exec))
+(typeattributeset efs_file_28_0 (efs_file))
+(typeattributeset ephemeral_app_28_0 (ephemeral_app))
+(typeattributeset ethernet_service_28_0 (ethernet_service))
+(typeattributeset exfat_28_0 (exfat))
+(typeattributeset exported2_config_prop_28_0 (exported2_config_prop))
+(typeattributeset exported2_default_prop_28_0 (exported2_default_prop))
+(typeattributeset exported2_radio_prop_28_0 (exported2_radio_prop))
+(typeattributeset exported2_system_prop_28_0 (exported2_system_prop))
+(typeattributeset exported2_vold_prop_28_0 (exported2_vold_prop))
+(typeattributeset exported3_default_prop_28_0 (exported3_default_prop))
+(typeattributeset exported3_radio_prop_28_0 (exported3_radio_prop))
+(typeattributeset exported3_system_prop_28_0 (exported3_system_prop))
+(typeattributeset exported_audio_prop_28_0 (exported_audio_prop))
+(typeattributeset exported_bluetooth_prop_28_0 (exported_bluetooth_prop))
+(typeattributeset exported_config_prop_28_0 (exported_config_prop))
+(typeattributeset exported_dalvik_prop_28_0 (exported_dalvik_prop))
+(typeattributeset exported_default_prop_28_0 (exported_default_prop))
+(typeattributeset exported_dumpstate_prop_28_0 (exported_dumpstate_prop))
+(typeattributeset exported_ffs_prop_28_0 (exported_ffs_prop))
+(typeattributeset exported_fingerprint_prop_28_0 (exported_fingerprint_prop))
+(typeattributeset exported_overlay_prop_28_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_28_0 (exported_pm_prop))
+(typeattributeset exported_radio_prop_28_0 (exported_radio_prop))
+(typeattributeset exported_secure_prop_28_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_28_0 (exported_system_prop))
+(typeattributeset exported_system_radio_prop_28_0 (exported_system_radio_prop))
+(typeattributeset exported_vold_prop_28_0 (exported_vold_prop))
+(typeattributeset exported_wifi_prop_28_0 (exported_wifi_prop))
+(typeattributeset ffs_prop_28_0 (ffs_prop))
+(typeattributeset file_contexts_file_28_0 (file_contexts_file))
+(typeattributeset fingerprintd_28_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_28_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_28_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_28_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
+(typeattributeset firstboot_prop_28_0 (firstboot_prop))
+(typeattributeset font_service_28_0 (font_service))
+(typeattributeset frp_block_device_28_0 (frp_block_device))
+(typeattributeset fs_bpf_28_0 (fs_bpf))
+(typeattributeset fsck_28_0 (fsck))
+(typeattributeset fsck_exec_28_0 (fsck_exec))
+(typeattributeset fscklogs_28_0 (fscklogs))
+(typeattributeset fsck_untrusted_28_0 (fsck_untrusted))
+(typeattributeset full_device_28_0 (full_device))
+(typeattributeset functionfs_28_0 (functionfs))
+(typeattributeset fuse_28_0 (fuse))
+(typeattributeset fuse_device_28_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_28_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_28_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_28_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_28_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_28_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_28_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_28_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_28_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_28_0 (gfxinfo_service))
+(typeattributeset gps_control_28_0 (gps_control))
+(typeattributeset gpu_device_28_0 (gpu_device))
+(typeattributeset gpu_service_28_0 (gpu_service))
+(typeattributeset graphics_device_28_0 (graphics_device))
+(typeattributeset graphicsstats_service_28_0 (graphicsstats_service))
+(typeattributeset hal_audiocontrol_hwservice_28_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audio_hwservice_28_0 (hal_audio_hwservice))
+(typeattributeset hal_authsecret_hwservice_28_0 (hal_authsecret_hwservice))
+(typeattributeset hal_bluetooth_hwservice_28_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_28_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_28_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_28_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_28_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_28_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_28_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_28_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_28_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_28_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_28_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_evs_hwservice_28_0 (hal_evs_hwservice))
+(typeattributeset hal_fingerprint_hwservice_28_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_28_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_28_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_28_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_28_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_28_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_28_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_28_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_28_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_28_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_28_0 (hal_light_hwservice))
+(typeattributeset hal_lowpan_hwservice_28_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_28_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_28_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_28_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_28_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_28_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_28_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_28_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_28_0 (hal_secure_element_hwservice))
+(typeattributeset hal_sensors_hwservice_28_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_28_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_28_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_28_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_28_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_28_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_gadget_hwservice_28_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_28_0 (hal_usb_hwservice))
+(typeattributeset hal_vehicle_hwservice_28_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vibrator_hwservice_28_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_28_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_28_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hostapd_hwservice_28_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hwservice_28_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_28_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_28_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_28_0 (hardware_properties_service))
+(typeattributeset hardware_service_28_0 (hardware_service))
+(typeattributeset hci_attach_dev_28_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_28_0 (hdmi_control_service))
+(typeattributeset healthd_28_0 (healthd))
+(typeattributeset healthd_exec_28_0 (healthd_exec))
+(typeattributeset heapdump_data_file_28_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_28_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_28_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_28_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_28_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_28_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_28_0 (hwbinder_device))
+(typeattributeset hw_random_device_28_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_28_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_28_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_28_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_28_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_28_0 (i2c_device))
+(typeattributeset icon_file_28_0 (icon_file))
+(typeattributeset idmap_28_0 (idmap))
+(typeattributeset idmap_exec_28_0 (idmap_exec))
+(typeattributeset iio_device_28_0 (iio_device))
+(typeattributeset imms_service_28_0 (imms_service))
+(typeattributeset incident_28_0 (incident))
+(typeattributeset incidentd_28_0 (incidentd))
+(typeattributeset incident_data_file_28_0 (incident_data_file))
+(typeattributeset incident_helper_28_0 (incident_helper))
+(typeattributeset incident_service_28_0 (incident_service))
+(typeattributeset init_28_0 (init))
+(typeattributeset init_exec_28_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_28_0 (inotify))
+(typeattributeset input_device_28_0 (input_device))
+(typeattributeset inputflinger_28_0 (inputflinger))
+(typeattributeset inputflinger_exec_28_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_28_0 (inputflinger_service))
+(typeattributeset input_method_service_28_0 (input_method_service))
+(typeattributeset input_service_28_0 (input_service))
+(typeattributeset installd_28_0 (installd))
+(typeattributeset install_data_file_28_0 (install_data_file))
+(typeattributeset installd_exec_28_0 (installd_exec))
+(typeattributeset installd_service_28_0 (installd_service))
+(typeattributeset install_recovery_28_0 (install_recovery))
+(typeattributeset install_recovery_exec_28_0 (install_recovery_exec))
+(typeattributeset ion_device_28_0 (ion_device))
+(typeattributeset IProxyService_service_28_0 (IProxyService_service))
+(typeattributeset ipsec_service_28_0 (ipsec_service))
+(typeattributeset isolated_app_28_0 (isolated_app))
+(typeattributeset jobscheduler_service_28_0 (jobscheduler_service))
+(typeattributeset kernel_28_0 (kernel))
+(typeattributeset keychain_data_file_28_0 (keychain_data_file))
+(typeattributeset keychord_device_28_0 (keychord_device))
+(typeattributeset keystore_28_0 (keystore))
+(typeattributeset keystore_data_file_28_0 (keystore_data_file))
+(typeattributeset keystore_exec_28_0 (keystore_exec))
+(typeattributeset keystore_service_28_0 (keystore_service))
+(typeattributeset kmem_device_28_0 (kmem_device))
+(typeattributeset kmsg_debug_device_28_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_28_0 (kmsg_device))
+(typeattributeset labeledfs_28_0 (labeledfs))
+(typeattributeset last_boot_reason_prop_28_0 (last_boot_reason_prop))
+(typeattributeset launcherapps_service_28_0 (launcherapps_service))
+(typeattributeset lmkd_28_0 (lmkd))
+(typeattributeset lmkd_exec_28_0 (lmkd_exec))
+(typeattributeset lmkd_socket_28_0 (lmkd_socket))
+(typeattributeset location_service_28_0 (location_service))
+(typeattributeset lock_settings_service_28_0 (lock_settings_service))
+(typeattributeset logcat_exec_28_0 (logcat_exec))
+(typeattributeset logd_28_0 (logd))
+(typeattributeset logd_exec_28_0 (logd_exec))
+(typeattributeset logd_prop_28_0 (logd_prop))
+(typeattributeset logdr_socket_28_0 (logdr_socket))
+(typeattributeset logd_socket_28_0 (logd_socket))
+(typeattributeset logdw_socket_28_0 (logdw_socket))
+(typeattributeset logpersist_28_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_28_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_28_0 (log_prop))
+(typeattributeset log_tag_prop_28_0 (log_tag_prop))
+(typeattributeset loop_control_device_28_0 (loop_control_device))
+(typeattributeset loop_device_28_0 (loop_device))
+(typeattributeset lowpan_device_28_0 (lowpan_device))
+(typeattributeset lowpan_prop_28_0 (lowpan_prop))
+(typeattributeset lowpan_service_28_0 (lowpan_service))
+(typeattributeset mac_perms_file_28_0 (mac_perms_file))
+(typeattributeset mdnsd_28_0 (mdnsd))
+(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
+(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_28_0))
+(typeattributeset mediacodec_28_0 (mediacodec))
+(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_28_0 (mediacodec_service))
+(typeattributeset media_data_file_28_0 (media_data_file))
+(typeattributeset mediadrmserver_28_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_28_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_28_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_28_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_28_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_28_0 (mediaextractor_service))
+(typeattributeset mediaextractor_update_service_28_0 (mediaextractor_update_service))
+(typeattributeset mediametrics_28_0 (mediametrics))
+(typeattributeset mediametrics_exec_28_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_28_0 (mediametrics_service))
+(typeattributeset media_projection_service_28_0 (media_projection_service))
+(typeattributeset mediaprovider_28_0 (mediaprovider))
+(typeattributeset media_router_service_28_0 (media_router_service))
+(typeattributeset media_rw_data_file_28_0 (media_rw_data_file))
+(typeattributeset mediaserver_28_0 (mediaserver))
+(typeattributeset mediaserver_exec_28_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_28_0 (mediaserver_service))
+(typeattributeset media_session_service_28_0 (media_session_service))
+(typeattributeset meminfo_service_28_0 (meminfo_service))
+(typeattributeset metadata_block_device_28_0 (metadata_block_device))
+(typeattributeset metadata_file_28_0 (metadata_file))
+(typeattributeset method_trace_data_file_28_0 (method_trace_data_file))
+(typeattributeset midi_service_28_0 (midi_service))
+(typeattributeset misc_block_device_28_0 (misc_block_device))
+(typeattributeset misc_logd_file_28_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_28_0 (misc_user_data_file))
+(typeattributeset mmc_prop_28_0 (mmc_prop))
+(typeattributeset mnt_expand_file_28_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_28_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_28_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_28_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_28_0 (mnt_vendor_file))
+(typeattributeset modprobe_28_0 (modprobe))
+(typeattributeset mount_service_28_0 (mount_service))
+(typeattributeset mqueue_28_0 (mqueue))
+(typeattributeset mtd_device_28_0 (mtd_device))
+(typeattributeset mtp_28_0 (mtp))
+(typeattributeset mtp_device_28_0 (mtp_device))
+(typeattributeset mtpd_socket_28_0 (mtpd_socket))
+(typeattributeset mtp_exec_28_0 (mtp_exec))
+(typeattributeset nativetest_data_file_28_0 (nativetest_data_file))
+(typeattributeset netd_28_0 (netd))
+(typeattributeset net_data_file_28_0 (net_data_file))
+(typeattributeset netd_exec_28_0 (netd_exec))
+(typeattributeset netd_listener_service_28_0 (netd_listener_service))
+(typeattributeset net_dns_prop_28_0 (net_dns_prop))
+(typeattributeset netd_service_28_0 (netd_service))
+(typeattributeset netd_socket_28_0 (netd_socket))
+(typeattributeset netd_stable_secret_prop_28_0 (netd_stable_secret_prop))
+(typeattributeset netif_28_0 (netif))
+(typeattributeset netpolicy_service_28_0 (netpolicy_service))
+(typeattributeset net_radio_prop_28_0 (net_radio_prop))
+(typeattributeset netstats_service_28_0 (netstats_service))
+(typeattributeset netutils_wrapper_28_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_28_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_28_0 (network_management_service))
+(typeattributeset network_score_service_28_0 (network_score_service))
+(typeattributeset network_time_update_service_28_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_28_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_28_0 (network_watchlist_service))
+(typeattributeset nfc_28_0 (nfc))
+(typeattributeset nfc_data_file_28_0 (nfc_data_file))
+(typeattributeset nfc_device_28_0 (nfc_device))
+(typeattributeset nfc_prop_28_0 (nfc_prop))
+(typeattributeset nfc_service_28_0 (nfc_service))
+(typeattributeset node_28_0 (node))
+(typeattributeset nonplat_service_contexts_file_28_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_28_0 (notification_service))
+(typeattributeset null_device_28_0 (null_device))
+(typeattributeset oemfs_28_0 (oemfs))
+(typeattributeset oem_lock_service_28_0 (oem_lock_service))
+(typeattributeset ota_data_file_28_0 (ota_data_file))
+(typeattributeset otadexopt_service_28_0 (otadexopt_service))
+(typeattributeset ota_package_file_28_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_28_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_28_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_28_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_28_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_28_0 (overlay_prop))
+(typeattributeset overlay_service_28_0 (overlay_service))
+(typeattributeset owntty_device_28_0 (owntty_device))
+(typeattributeset package_native_service_28_0 (package_native_service))
+(typeattributeset package_service_28_0 (package_service))
+(typeattributeset pan_result_prop_28_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_28_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_28_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_28_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_28_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_28_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_28_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_28_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_28_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_28_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_28_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_28_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_28_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_28_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_28_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir))
+(typeattributeset performanced_28_0 (performanced))
+(typeattributeset performanced_exec_28_0 (performanced_exec))
+(typeattributeset permission_service_28_0 (permission_service))
+(typeattributeset persist_debug_prop_28_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_28_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_28_0 (pinner_service))
+(typeattributeset pipefs_28_0 (pipefs))
+(typeattributeset platform_app_28_0 (platform_app))
+(typeattributeset pm_prop_28_0 (pm_prop))
+(typeattributeset pmsg_device_28_0 (pmsg_device))
+(typeattributeset port_28_0 (port))
+(typeattributeset port_device_28_0 (port_device))
+(typeattributeset postinstall_28_0 (postinstall))
+(typeattributeset postinstall_dexopt_28_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_28_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_28_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_28_0 (powerctl_prop))
+(typeattributeset power_service_28_0 (power_service))
+(typeattributeset ppp_28_0 (ppp))
+(typeattributeset ppp_device_28_0 (ppp_device))
+(typeattributeset ppp_exec_28_0 (ppp_exec))
+(typeattributeset preloads_data_file_28_0 (preloads_data_file))
+(typeattributeset preloads_media_file_28_0 (preloads_media_file))
+(typeattributeset preopt2cachename_28_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_28_0 (preopt2cachename_exec))
+(typeattributeset print_service_28_0 (print_service))
+(typeattributeset priv_app_28_0 (priv_app))
+(typeattributeset proc_28_0
+ ( proc
+ proc_fs_verity
+ proc_keys
+ proc_kpageflags
+ proc_lowmemorykiller
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
+ proc_slabinfo))
+(typeattributeset proc_abi_28_0 (proc_abi))
+(typeattributeset proc_asound_28_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_28_0 (proc_bluetooth_writable))
+(typeattributeset proc_buddyinfo_28_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_28_0 (proc_cmdline))
+(typeattributeset proc_cpuinfo_28_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_28_0 (proc_dirty))
+(typeattributeset proc_diskstats_28_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_28_0 (proc_drop_caches))
+(typeattributeset processinfo_service_28_0 (processinfo_service))
+(typeattributeset proc_extra_free_kbytes_28_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_28_0 (proc_filesystems))
+(typeattributeset proc_hostname_28_0 (proc_hostname))
+(typeattributeset proc_hung_task_28_0 (proc_hung_task))
+(typeattributeset proc_interrupts_28_0 (proc_interrupts))
+(typeattributeset proc_iomem_28_0 (proc_iomem))
+(typeattributeset proc_kmsg_28_0 (proc_kmsg))
+(typeattributeset proc_loadavg_28_0 (proc_loadavg))
+(typeattributeset proc_max_map_count_28_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_28_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_28_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_28_0 (proc_misc))
+(typeattributeset proc_modules_28_0 (proc_modules))
+(typeattributeset proc_mounts_28_0 (proc_mounts))
+(typeattributeset proc_net_28_0
+ ( proc_net
+ proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_28_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_28_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_28_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_28_0 (proc_panic))
+(typeattributeset proc_perf_28_0 (proc_perf))
+(typeattributeset proc_pid_max_28_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_28_0 (proc_pipe_conf))
+(typeattributeset proc_qtaguid_stat_28_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_28_0 (proc_random))
+(typeattributeset proc_sched_28_0 (proc_sched))
+(typeattributeset proc_security_28_0 (proc_security))
+(typeattributeset proc_stat_28_0 (proc_stat))
+(typeattributeset procstats_service_28_0 (procstats_service))
+(typeattributeset proc_swaps_28_0 (proc_swaps))
+(typeattributeset proc_sysrq_28_0 (proc_sysrq))
+(typeattributeset proc_timer_28_0 (proc_timer))
+(typeattributeset proc_tty_drivers_28_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_28_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_28_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_28_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_28_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_28_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_28_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_28_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_28_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_28_0 (proc_uptime))
+(typeattributeset proc_version_28_0 (proc_version))
+(typeattributeset proc_vmallocinfo_28_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_28_0 (proc_vmstat))
+(typeattributeset proc_zoneinfo_28_0 (proc_zoneinfo))
+(typeattributeset profman_28_0 (profman))
+(typeattributeset profman_dump_data_file_28_0 (profman_dump_data_file))
+(typeattributeset profman_exec_28_0 (profman_exec))
+(typeattributeset properties_device_28_0 (properties_device))
+(typeattributeset properties_serial_28_0 (properties_serial))
+(typeattributeset property_contexts_file_28_0 (property_contexts_file))
+(typeattributeset property_data_file_28_0 (property_data_file))
+(typeattributeset property_info_28_0 (property_info))
+(typeattributeset property_socket_28_0 (property_socket))
+(typeattributeset pstorefs_28_0 (pstorefs))
+(typeattributeset ptmx_device_28_0 (ptmx_device))
+(typeattributeset qtaguid_device_28_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_28_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
+(typeattributeset racoon_28_0 (racoon))
+(typeattributeset racoon_exec_28_0 (racoon_exec))
+(typeattributeset racoon_socket_28_0 (racoon_socket))
+(typeattributeset radio_28_0 (radio))
+(typeattributeset radio_data_file_28_0 (radio_data_file))
+(typeattributeset radio_device_28_0 (radio_device))
+(typeattributeset radio_prop_28_0 (radio_prop))
+(typeattributeset radio_service_28_0 (radio_service))
+(typeattributeset ram_device_28_0 (ram_device))
+(typeattributeset random_device_28_0 (random_device))
+(typeattributeset recovery_28_0 (recovery))
+(typeattributeset recovery_block_device_28_0 (recovery_block_device))
+(typeattributeset recovery_data_file_28_0 (recovery_data_file))
+(typeattributeset recovery_persist_28_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_28_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_28_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_28_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_28_0 (recovery_service))
+(typeattributeset registry_service_28_0 (registry_service))
+(typeattributeset resourcecache_data_file_28_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_28_0 (restorecon_prop))
+(typeattributeset restrictions_service_28_0 (restrictions_service))
+(typeattributeset rild_debug_socket_28_0 (rild_debug_socket))
+(typeattributeset rild_socket_28_0 (rild_socket))
+(typeattributeset ringtone_file_28_0 (ringtone_file))
+(typeattributeset root_block_device_28_0 (root_block_device))
+(typeattributeset rootfs_28_0 (rootfs))
+(typeattributeset rpmsg_device_28_0 (rpmsg_device))
+(typeattributeset rtc_device_28_0 (rtc_device))
+(typeattributeset rttmanager_service_28_0 (rttmanager_service))
+(typeattributeset runas_28_0 (runas))
+(typeattributeset runas_exec_28_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_28_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_28_0 (safemode_prop))
+(typeattributeset same_process_hal_file_28_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_28_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_28_0 (scheduling_policy_service))
+(typeattributeset sdcardd_28_0 (sdcardd))
+(typeattributeset sdcardd_exec_28_0 (sdcardd_exec))
+(typeattributeset sdcardfs_28_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_28_0 (seapp_contexts_file))
+(typeattributeset search_service_28_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_28_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_28_0 (secure_element))
+(typeattributeset secure_element_device_28_0 (secure_element_device))
+(typeattributeset secure_element_service_28_0 (secure_element_service))
+(typeattributeset selinuxfs_28_0 (selinuxfs))
+(typeattributeset sensors_device_28_0 (sensors_device))
+(typeattributeset sensorservice_service_28_0 (sensorservice_service))
+(typeattributeset sepolicy_file_28_0 (sepolicy_file))
+(typeattributeset serial_device_28_0 (serial_device))
+(typeattributeset serialno_prop_28_0 (serialno_prop))
+(typeattributeset serial_service_28_0 (serial_service))
+(typeattributeset service_contexts_file_28_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_28_0 (servicediscovery_service))
+(typeattributeset servicemanager_28_0 (servicemanager))
+(typeattributeset servicemanager_exec_28_0 (servicemanager_exec))
+(typeattributeset settings_service_28_0 (settings_service))
+(typeattributeset sgdisk_28_0 (sgdisk))
+(typeattributeset sgdisk_exec_28_0 (sgdisk_exec))
+(typeattributeset shared_relro_28_0 (shared_relro))
+(typeattributeset shared_relro_file_28_0 (shared_relro_file))
+(typeattributeset shell_28_0 (shell))
+(typeattributeset shell_data_file_28_0 (shell_data_file))
+(typeattributeset shell_exec_28_0 (shell_exec))
+(typeattributeset shell_prop_28_0 (shell_prop))
+(typeattributeset shm_28_0 (shm))
+(typeattributeset shortcut_manager_icons_28_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_28_0 (shortcut_service))
+(typeattributeset slice_service_28_0 (slice_service))
+(typeattributeset slideshow_28_0 (slideshow))
+(typeattributeset socket_device_28_0 (socket_device))
+(typeattributeset sockfs_28_0 (sockfs))
+(typeattributeset statusbar_service_28_0 (statusbar_service))
+(typeattributeset storaged_service_28_0 (storaged_service))
+(typeattributeset storage_file_28_0 (storage_file))
+(typeattributeset storagestats_service_28_0 (storagestats_service))
+(typeattributeset storage_stub_file_28_0 (storage_stub_file))
+(typeattributeset su_28_0 (su))
+(typeattributeset su_exec_28_0 (su_exec))
+(typeattributeset surfaceflinger_28_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_28_0 (swap_block_device))
+(typeattributeset sysfs_28_0
+ ( sysfs
+ sysfs_devices_block
+ sysfs_extcon
+ sysfs_loop
+ sysfs_transparent_hugepage))
+(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_28_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_28_0 (sysfs_dm))
+(typeattributeset sysfs_dt_firmware_android_28_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_fs_ext4_features_28_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_hwrandom_28_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ipv4_28_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_28_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_28_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_28_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_28_0 (sysfs_mac_address))
+(typeattributeset sysfs_net_28_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_28_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_28_0 (sysfs_power))
+(typeattributeset sysfs_rtc_28_0 (sysfs_rtc))
+(typeattributeset sysfs_switch_28_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_28_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_28_0 (sysfs_uio))
+(typeattributeset sysfs_usb_28_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_28_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_28_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_28_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_reasons_28_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_28_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_28_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_28_0 (sysfs_zram_uevent))
+(typeattributeset system_app_28_0 (system_app))
+(typeattributeset system_app_data_file_28_0 (system_app_data_file))
+(typeattributeset system_app_service_28_0 (system_app_service))
+(typeattributeset system_block_device_28_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_28_0 (system_boot_reason_prop))
+(typeattributeset system_data_file_28_0
+ ( dropbox_data_file
+ system_data_file
+ packages_list_file))
+(typeattributeset system_file_28_0
+ ( system_file
+ system_asan_options_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ tcpdump_exec
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_28_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_28_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_28_0 (system_prop))
+(typeattributeset system_radio_prop_28_0 (system_radio_prop))
+(typeattributeset system_server_28_0 (system_server))
+(typeattributeset system_update_service_28_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_28_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_28_0 (system_wpa_socket))
+(typeattributeset task_service_28_0 (task_service))
+(typeattributeset tee_28_0 (tee))
+(typeattributeset tee_data_file_28_0 (tee_data_file))
+(typeattributeset tee_device_28_0 (tee_device))
+(typeattributeset telecom_service_28_0 (telecom_service))
+(typeattributeset test_boot_reason_prop_28_0 (test_boot_reason_prop))
+(typeattributeset textclassification_service_28_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_28_0 (textclassifier_data_file))
+(typeattributeset textservices_service_28_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_28_0 (thermal_service))
+(typeattributeset timezone_service_28_0 (timezone_service))
+(typeattributeset tmpfs_28_0
+ ( mnt_sdcard_file
+ tmpfs))
+(typeattributeset tombstoned_28_0 (tombstoned))
+(typeattributeset tombstone_data_file_28_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_28_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_28_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_28_0 (tombstoned_java_trace_socket))
+(typeattributeset tombstone_wifi_data_file_28_0 (tombstone_wifi_data_file))
+(typeattributeset toolbox_28_0 (toolbox))
+(typeattributeset toolbox_exec_28_0 (toolbox_exec))
+(typeattributeset trace_data_file_28_0 (trace_data_file))
+(typeattributeset traced_consumer_socket_28_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_28_0 (traced_enabled_prop))
+(typeattributeset traced_probes_28_0 (traced_probes))
+(typeattributeset traced_producer_socket_28_0 (traced_producer_socket))
+(typeattributeset traceur_app_28_0 (traceur_app))
+(typeattributeset trust_service_28_0 (trust_service))
+(typeattributeset tty_device_28_0 (tty_device))
+(typeattributeset tun_device_28_0 (tun_device))
+(typeattributeset tv_input_service_28_0 (tv_input_service))
+(typeattributeset tzdatacheck_28_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_28_0 (tzdatacheck_exec))
+(typeattributeset ueventd_28_0 (ueventd))
+(typeattributeset uhid_device_28_0 (uhid_device))
+(typeattributeset uimode_service_28_0 (uimode_service))
+(typeattributeset uio_device_28_0 (uio_device))
+(typeattributeset uncrypt_28_0 (uncrypt))
+(typeattributeset uncrypt_exec_28_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_28_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_28_0 (unencrypted_data_file))
+(typeattributeset unlabeled_28_0 (unlabeled))
+(typeattributeset untrusted_app_25_28_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_28_0 (untrusted_app_27))
+(typeattributeset untrusted_app_28_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_28_0 (untrusted_v2_app))
+(typeattributeset update_engine_28_0 (update_engine))
+(typeattributeset update_engine_data_file_28_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_28_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_28_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_28_0 (update_engine_service))
+(typeattributeset updatelock_service_28_0 (updatelock_service))
+(typeattributeset update_verifier_28_0 (update_verifier))
+(typeattributeset update_verifier_exec_28_0 (update_verifier_exec))
+(typeattributeset usagestats_service_28_0 (usagestats_service))
+(typeattributeset usbaccessory_device_28_0 (usbaccessory_device))
+(typeattributeset usbd_28_0 (usbd))
+(typeattributeset usb_device_28_0 (usb_device))
+(typeattributeset usbd_exec_28_0 (usbd_exec))
+(typeattributeset usbfs_28_0 (usbfs))
+(typeattributeset usb_service_28_0 (usb_service))
+(typeattributeset userdata_block_device_28_0 (userdata_block_device))
+(typeattributeset usermodehelper_28_0 (usermodehelper))
+(typeattributeset user_profile_data_file_28_0 (user_profile_data_file))
+(typeattributeset user_service_28_0 (user_service))
+(typeattributeset vcs_device_28_0 (vcs_device))
+(typeattributeset vdc_28_0 (vdc))
+(typeattributeset vdc_exec_28_0 (vdc_exec))
+(typeattributeset vendor_app_file_28_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_28_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_28_0 (vendor_data_file))
+(typeattributeset vendor_default_prop_28_0 (vendor_default_prop))
+(typeattributeset vendor_file_28_0 (vendor_file))
+(typeattributeset vendor_framework_file_28_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_28_0 (vendor_hal_file))
+(typeattributeset vendor_init_28_0 (vendor_init))
+(typeattributeset vendor_overlay_file_28_0 (vendor_overlay_file))
+(typeattributeset vendor_security_patch_level_prop_28_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_shell_28_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_28_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_28_0 (vendor_toolbox_exec))
+(typeattributeset vfat_28_0 (vfat))
+(typeattributeset vibrator_service_28_0 (vibrator_service))
+(typeattributeset video_device_28_0 (video_device))
+(typeattributeset virtual_touchpad_28_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_28_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_28_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_28_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_28_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_28_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_28_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_28_0 (voiceinteraction_service))
+(typeattributeset vold_28_0 (vold))
+(typeattributeset vold_data_file_28_0 (vold_data_file))
+(typeattributeset vold_device_28_0 (vold_device))
+(typeattributeset vold_exec_28_0 (vold_exec))
+(typeattributeset vold_metadata_file_28_0 (vold_metadata_file))
+(typeattributeset vold_prepare_subdirs_28_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_28_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_28_0 (vold_prop))
+(typeattributeset vold_service_28_0 (vold_service))
+(typeattributeset vpn_data_file_28_0 (vpn_data_file))
+(typeattributeset vr_hwc_28_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_28_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_28_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_28_0 (vr_manager_service))
+(typeattributeset wallpaper_file_28_0 (wallpaper_file))
+(typeattributeset wallpaper_service_28_0 (wallpaper_service))
+(typeattributeset watchdogd_28_0 (watchdogd))
+(typeattributeset watchdog_device_28_0 (watchdog_device))
+(typeattributeset webviewupdate_service_28_0 (webviewupdate_service))
+(typeattributeset webview_zygote_28_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_28_0 (webview_zygote_exec))
+(typeattributeset wifiaware_service_28_0 (wifiaware_service))
+(typeattributeset wificond_28_0 (wificond))
+(typeattributeset wificond_exec_28_0 (wificond_exec))
+(typeattributeset wificond_service_28_0 (wificond_service))
+(typeattributeset wifi_data_file_28_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_28_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_28_0 (wifip2p_service))
+(typeattributeset wifi_prop_28_0 (wifi_prop))
+(typeattributeset wifiscanner_service_28_0 (wifiscanner_service))
+(typeattributeset wifi_service_28_0 (wifi_service))
+(typeattributeset window_service_28_0 (window_service))
+(typeattributeset wpantund_28_0 (wpantund))
+(typeattributeset wpantund_exec_28_0 (wpantund_exec))
+(typeattributeset wpantund_service_28_0 (wpantund_service))
+(typeattributeset wpa_socket_28_0 (wpa_socket))
+(typeattributeset zero_device_28_0 (zero_device))
+(typeattributeset zoneinfo_data_file_28_0 (zoneinfo_data_file))
+(typeattributeset zygote_28_0 (zygote))
+(typeattributeset zygote_exec_28_0 (zygote_exec))
+(typeattributeset zygote_socket_28_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
new file mode 100644
index 0000000..d24d12d
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
@@ -0,0 +1,159 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ appdomain_tmpfs
+ app_binding_service
+ app_prediction_service
+ app_zygote
+ app_zygote_tmpfs
+ ashmemd
+ ashmem_device_service
+ attention_service
+ biometric_service
+ bluetooth_audio_hal_prop
+ bpf_progs_loaded_prop
+ bugreport_service
+ cgroup_desc_file
+ cgroup_rc_file
+ charger_exec
+ content_capture_service
+ content_suggestions_service
+ cpu_variant_prop
+ ctl_apexd_prop
+ ctl_gsid_prop
+ dev_cpu_variant
+ device_config_activity_manager_native_boot_prop
+ device_config_boot_count_prop
+ device_config_input_native_boot_prop
+ device_config_netd_native_prop
+ device_config_reset_performed_prop
+ device_config_runtime_native_boot_prop
+ device_config_runtime_native_prop
+ device_config_media_native_prop
+ device_config_service
+ device_config_sys_traced_prop
+ dnsresolver_service
+ dynamic_system_service
+ dynamic_system_prop
+ face_service
+ face_vendor_data_file
+ sota_prop
+ fastbootd
+ flags_health_check
+ flags_health_check_exec
+ fwk_bufferhub_hwservice
+ fwk_camera_hwservice
+ fwk_stats_hwservice
+ gpuservice
+ gsi_data_file
+ gsi_metadata_file
+ gsi_service
+ gsid
+ gsid_exec
+ gsid_prop
+ color_display_service
+ external_vibrator_service
+ hal_atrace_hwservice
+ hal_face_hwservice
+ hal_graphics_composer_server_tmpfs
+ hal_health_storage_hwservice
+ hal_input_classifier_hwservice
+ hal_power_stats_hwservice
+ heapprofd
+ heapprofd_enabled_prop
+ heapprofd_exec
+ heapprofd_prop
+ heapprofd_socket
+ idmap_service
+ iris_service
+ iris_vendor_data_file
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lpdumpd
+ lpdumpd_exec
+ lpdumpd_prop
+ lpdump_service
+ iorapd
+ iorapd_exec
+ iorapd_data_file
+ iorapd_service
+ iorapd_tmpfs
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ metadata_bootstat_file
+ mnt_product_file
+ network_stack
+ network_stack_service
+ network_stack_tmpfs
+ nnapi_ext_deny_product_prop
+ overlayfs_file
+ password_slot_metadata_file
+ permissionmgr_service
+ postinstall_apex_mnt_dir
+ recovery_socket
+ role_service
+ rollback_service
+ rs
+ rs_exec
+ rss_hwm_reset
+ rss_hwm_reset_exec
+ runas_app
+ runas_app_tmpfs
+ art_apex_dir
+ runtime_service
+ sdcard_block_device
+ sensor_privacy_service
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ socket_hook_prop
+ su_tmpfs
+ super_block_device
+ sysfs_fs_f2fs
+ system_bootstrap_lib_file
+ system_event_log_tags_file
+ system_lmk_prop
+ system_suspend_hwservice
+ system_suspend_control_service
+ system_trace_prop
+ staging_data_file
+ task_profiles_file
+ testharness_service
+ test_harness_prop
+ theme_prop
+ time_prop
+ timedetector_service
+ timezonedetector_service
+ traced_lazy_prop
+ uri_grants_service
+ use_memfd_prop
+ vendor_apex_file
+ vendor_cgroup_desc_file
+ vendor_idc_file
+ vendor_keychars_file
+ vendor_keylayout_file
+ vendor_misc_writer
+ vendor_misc_writer_exec
+ vendor_socket_hook_prop
+ vendor_task_profiles_file
+ vndk_prop
+ vrflinger_vsync_service
+ watchdogd_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.cil
new file mode 100644
index 0000000..5231498
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.cil
@@ -0,0 +1,1970 @@
+;; types removed from current policy
+(type ashmemd)
+(type hal_wifi_offload_hwservice)
+(type install_recovery)
+(type install_recovery_exec)
+(type mediacodec_service)
+(type perfprofd_data_file)
+(type perfprofd_service)
+(type sysfs_mac_address)
+(type wificond_service)
+
+(expandtypeattribute (accessibility_service_29_0) true)
+(expandtypeattribute (account_service_29_0) true)
+(expandtypeattribute (activity_service_29_0) true)
+(expandtypeattribute (activity_task_service_29_0) true)
+(expandtypeattribute (adbd_29_0) true)
+(expandtypeattribute (adb_data_file_29_0) true)
+(expandtypeattribute (adbd_exec_29_0) true)
+(expandtypeattribute (adbd_socket_29_0) true)
+(expandtypeattribute (adb_keys_file_29_0) true)
+(expandtypeattribute (adb_service_29_0) true)
+(expandtypeattribute (alarm_service_29_0) true)
+(expandtypeattribute (anr_data_file_29_0) true)
+(expandtypeattribute (apexd_29_0) true)
+(expandtypeattribute (apex_data_file_29_0) true)
+(expandtypeattribute (apexd_exec_29_0) true)
+(expandtypeattribute (apexd_prop_29_0) true)
+(expandtypeattribute (apex_metadata_file_29_0) true)
+(expandtypeattribute (apex_mnt_dir_29_0) true)
+(expandtypeattribute (apex_service_29_0) true)
+(expandtypeattribute (apk_data_file_29_0) true)
+(expandtypeattribute (apk_private_data_file_29_0) true)
+(expandtypeattribute (apk_private_tmp_file_29_0) true)
+(expandtypeattribute (apk_tmp_file_29_0) true)
+(expandtypeattribute (app_binding_service_29_0) true)
+(expandtypeattribute (app_data_file_29_0) true)
+(expandtypeattribute (appdomain_tmpfs_29_0) true)
+(expandtypeattribute (app_fuse_file_29_0) true)
+(expandtypeattribute (app_fusefs_29_0) true)
+(expandtypeattribute (appops_service_29_0) true)
+(expandtypeattribute (app_prediction_service_29_0) true)
+(expandtypeattribute (appwidget_service_29_0) true)
+(expandtypeattribute (app_zygote_29_0) true)
+(expandtypeattribute (app_zygote_tmpfs_29_0) true)
+(expandtypeattribute (asec_apk_file_29_0) true)
+(expandtypeattribute (asec_image_file_29_0) true)
+(expandtypeattribute (asec_public_file_29_0) true)
+(expandtypeattribute (ashmemd_29_0) true)
+(expandtypeattribute (ashmem_device_29_0) true)
+(expandtypeattribute (assetatlas_service_29_0) true)
+(expandtypeattribute (audio_data_file_29_0) true)
+(expandtypeattribute (audio_device_29_0) true)
+(expandtypeattribute (audiohal_data_file_29_0) true)
+(expandtypeattribute (audio_prop_29_0) true)
+(expandtypeattribute (audioserver_29_0) true)
+(expandtypeattribute (audioserver_data_file_29_0) true)
+(expandtypeattribute (audioserver_service_29_0) true)
+(expandtypeattribute (audioserver_tmpfs_29_0) true)
+(expandtypeattribute (audio_service_29_0) true)
+(expandtypeattribute (autofill_service_29_0) true)
+(expandtypeattribute (backup_data_file_29_0) true)
+(expandtypeattribute (backup_service_29_0) true)
+(expandtypeattribute (batteryproperties_service_29_0) true)
+(expandtypeattribute (battery_service_29_0) true)
+(expandtypeattribute (batterystats_service_29_0) true)
+(expandtypeattribute (binder_calls_stats_service_29_0) true)
+(expandtypeattribute (binder_device_29_0) true)
+(expandtypeattribute (binfmt_miscfs_29_0) true)
+(expandtypeattribute (biometric_service_29_0) true)
+(expandtypeattribute (blkid_29_0) true)
+(expandtypeattribute (blkid_untrusted_29_0) true)
+(expandtypeattribute (block_device_29_0) true)
+(expandtypeattribute (bluetooth_29_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_29_0) true)
+(expandtypeattribute (bluetooth_audio_hal_prop_29_0) true)
+(expandtypeattribute (bluetooth_data_file_29_0) true)
+(expandtypeattribute (bluetooth_efs_file_29_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_29_0) true)
+(expandtypeattribute (bluetooth_manager_service_29_0) true)
+(expandtypeattribute (bluetooth_prop_29_0) true)
+(expandtypeattribute (bluetooth_service_29_0) true)
+(expandtypeattribute (bluetooth_socket_29_0) true)
+(expandtypeattribute (bootanim_29_0) true)
+(expandtypeattribute (bootanim_exec_29_0) true)
+(expandtypeattribute (boot_block_device_29_0) true)
+(expandtypeattribute (bootchart_data_file_29_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_29_0) true)
+(expandtypeattribute (bootstat_29_0) true)
+(expandtypeattribute (bootstat_data_file_29_0) true)
+(expandtypeattribute (bootstat_exec_29_0) true)
+(expandtypeattribute (boottime_prop_29_0) true)
+(expandtypeattribute (boottrace_data_file_29_0) true)
+(expandtypeattribute (bpf_progs_loaded_prop_29_0) true)
+(expandtypeattribute (broadcastradio_service_29_0) true)
+(expandtypeattribute (bufferhubd_29_0) true)
+(expandtypeattribute (bufferhubd_exec_29_0) true)
+(expandtypeattribute (bugreport_service_29_0) true)
+(expandtypeattribute (cache_backup_file_29_0) true)
+(expandtypeattribute (cache_block_device_29_0) true)
+(expandtypeattribute (cache_file_29_0) true)
+(expandtypeattribute (cache_private_backup_file_29_0) true)
+(expandtypeattribute (cache_recovery_file_29_0) true)
+(expandtypeattribute (camera_data_file_29_0) true)
+(expandtypeattribute (camera_device_29_0) true)
+(expandtypeattribute (cameraproxy_service_29_0) true)
+(expandtypeattribute (cameraserver_29_0) true)
+(expandtypeattribute (cameraserver_exec_29_0) true)
+(expandtypeattribute (cameraserver_service_29_0) true)
+(expandtypeattribute (cameraserver_tmpfs_29_0) true)
+(expandtypeattribute (cgroup_29_0) true)
+(expandtypeattribute (cgroup_bpf_29_0) true)
+(expandtypeattribute (cgroup_desc_file_29_0) true)
+(expandtypeattribute (cgroup_rc_file_29_0) true)
+(expandtypeattribute (charger_29_0) true)
+(expandtypeattribute (charger_exec_29_0) true)
+(expandtypeattribute (clatd_29_0) true)
+(expandtypeattribute (clatd_exec_29_0) true)
+(expandtypeattribute (clipboard_service_29_0) true)
+(expandtypeattribute (color_display_service_29_0) true)
+(expandtypeattribute (companion_device_service_29_0) true)
+(expandtypeattribute (configfs_29_0) true)
+(expandtypeattribute (config_prop_29_0) true)
+(expandtypeattribute (connectivity_service_29_0) true)
+(expandtypeattribute (connmetrics_service_29_0) true)
+(expandtypeattribute (console_device_29_0) true)
+(expandtypeattribute (consumer_ir_service_29_0) true)
+(expandtypeattribute (content_capture_service_29_0) true)
+(expandtypeattribute (content_service_29_0) true)
+(expandtypeattribute (content_suggestions_service_29_0) true)
+(expandtypeattribute (contexthub_service_29_0) true)
+(expandtypeattribute (coredump_file_29_0) true)
+(expandtypeattribute (country_detector_service_29_0) true)
+(expandtypeattribute (coverage_service_29_0) true)
+(expandtypeattribute (cppreopt_prop_29_0) true)
+(expandtypeattribute (cpuinfo_service_29_0) true)
+(expandtypeattribute (cpu_variant_prop_29_0) true)
+(expandtypeattribute (crash_dump_29_0) true)
+(expandtypeattribute (crash_dump_exec_29_0) true)
+(expandtypeattribute (crossprofileapps_service_29_0) true)
+(expandtypeattribute (ctl_adbd_prop_29_0) true)
+(expandtypeattribute (ctl_bootanim_prop_29_0) true)
+(expandtypeattribute (ctl_bugreport_prop_29_0) true)
+(expandtypeattribute (ctl_console_prop_29_0) true)
+(expandtypeattribute (ctl_default_prop_29_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_29_0) true)
+(expandtypeattribute (ctl_fuse_prop_29_0) true)
+(expandtypeattribute (ctl_gsid_prop_29_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_29_0) true)
+(expandtypeattribute (ctl_interface_start_prop_29_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_29_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_29_0) true)
+(expandtypeattribute (ctl_restart_prop_29_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_29_0) true)
+(expandtypeattribute (ctl_sigstop_prop_29_0) true)
+(expandtypeattribute (ctl_start_prop_29_0) true)
+(expandtypeattribute (ctl_stop_prop_29_0) true)
+(expandtypeattribute (dalvikcache_data_file_29_0) true)
+(expandtypeattribute (dalvik_prop_29_0) true)
+(expandtypeattribute (dbinfo_service_29_0) true)
+(expandtypeattribute (debugfs_29_0) true)
+(expandtypeattribute (debugfs_mmc_29_0) true)
+(expandtypeattribute (debugfs_trace_marker_29_0) true)
+(expandtypeattribute (debugfs_tracing_29_0) true)
+(expandtypeattribute (debugfs_tracing_debug_29_0) true)
+(expandtypeattribute (debugfs_tracing_instances_29_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_29_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_29_0) true)
+(expandtypeattribute (debuggerd_prop_29_0) true)
+(expandtypeattribute (debug_prop_29_0) true)
+(expandtypeattribute (default_android_hwservice_29_0) true)
+(expandtypeattribute (default_android_service_29_0) true)
+(expandtypeattribute (default_android_vndservice_29_0) true)
+(expandtypeattribute (default_prop_29_0) true)
+(expandtypeattribute (dev_cpu_variant_29_0) true)
+(expandtypeattribute (device_29_0) true)
+(expandtypeattribute (device_config_activity_manager_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_boot_count_prop_29_0) true)
+(expandtypeattribute (device_config_input_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_media_native_prop_29_0) true)
+(expandtypeattribute (device_config_netd_native_prop_29_0) true)
+(expandtypeattribute (device_config_reset_performed_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_prop_29_0) true)
+(expandtypeattribute (device_config_service_29_0) true)
+(expandtypeattribute (device_identifiers_service_29_0) true)
+(expandtypeattribute (deviceidle_service_29_0) true)
+(expandtypeattribute (device_logging_prop_29_0) true)
+(expandtypeattribute (device_policy_service_29_0) true)
+(expandtypeattribute (devicestoragemonitor_service_29_0) true)
+(expandtypeattribute (devpts_29_0) true)
+(expandtypeattribute (dhcp_29_0) true)
+(expandtypeattribute (dhcp_data_file_29_0) true)
+(expandtypeattribute (dhcp_exec_29_0) true)
+(expandtypeattribute (dhcp_prop_29_0) true)
+(expandtypeattribute (diskstats_service_29_0) true)
+(expandtypeattribute (display_service_29_0) true)
+(expandtypeattribute (dm_device_29_0) true)
+(expandtypeattribute (dnsmasq_29_0) true)
+(expandtypeattribute (dnsmasq_exec_29_0) true)
+(expandtypeattribute (dnsproxyd_socket_29_0) true)
+(expandtypeattribute (dnsresolver_service_29_0) true)
+(expandtypeattribute (DockObserver_service_29_0) true)
+(expandtypeattribute (dreams_service_29_0) true)
+(expandtypeattribute (drm_data_file_29_0) true)
+(expandtypeattribute (drmserver_29_0) true)
+(expandtypeattribute (drmserver_exec_29_0) true)
+(expandtypeattribute (drmserver_service_29_0) true)
+(expandtypeattribute (drmserver_socket_29_0) true)
+(expandtypeattribute (dropbox_data_file_29_0) true)
+(expandtypeattribute (dropbox_service_29_0) true)
+(expandtypeattribute (dumpstate_29_0) true)
+(expandtypeattribute (dumpstate_exec_29_0) true)
+(expandtypeattribute (dumpstate_options_prop_29_0) true)
+(expandtypeattribute (dumpstate_prop_29_0) true)
+(expandtypeattribute (dumpstate_service_29_0) true)
+(expandtypeattribute (dumpstate_socket_29_0) true)
+(expandtypeattribute (dynamic_system_prop_29_0) true)
+(expandtypeattribute (e2fs_29_0) true)
+(expandtypeattribute (e2fs_exec_29_0) true)
+(expandtypeattribute (efs_file_29_0) true)
+(expandtypeattribute (ephemeral_app_29_0) true)
+(expandtypeattribute (ethernet_service_29_0) true)
+(expandtypeattribute (exfat_29_0) true)
+(expandtypeattribute (exported2_config_prop_29_0) true)
+(expandtypeattribute (exported2_default_prop_29_0) true)
+(expandtypeattribute (exported2_radio_prop_29_0) true)
+(expandtypeattribute (exported2_system_prop_29_0) true)
+(expandtypeattribute (exported2_vold_prop_29_0) true)
+(expandtypeattribute (exported3_default_prop_29_0) true)
+(expandtypeattribute (exported3_radio_prop_29_0) true)
+(expandtypeattribute (exported3_system_prop_29_0) true)
+(expandtypeattribute (exported_audio_prop_29_0) true)
+(expandtypeattribute (exported_bluetooth_prop_29_0) true)
+(expandtypeattribute (exported_config_prop_29_0) true)
+(expandtypeattribute (exported_dalvik_prop_29_0) true)
+(expandtypeattribute (exported_default_prop_29_0) true)
+(expandtypeattribute (exported_dumpstate_prop_29_0) true)
+(expandtypeattribute (exported_ffs_prop_29_0) true)
+(expandtypeattribute (exported_fingerprint_prop_29_0) true)
+(expandtypeattribute (exported_overlay_prop_29_0) true)
+(expandtypeattribute (exported_pm_prop_29_0) true)
+(expandtypeattribute (exported_radio_prop_29_0) true)
+(expandtypeattribute (exported_secure_prop_29_0) true)
+(expandtypeattribute (exported_system_prop_29_0) true)
+(expandtypeattribute (exported_system_radio_prop_29_0) true)
+(expandtypeattribute (exported_vold_prop_29_0) true)
+(expandtypeattribute (exported_wifi_prop_29_0) true)
+(expandtypeattribute (external_vibrator_service_29_0) true)
+(expandtypeattribute (face_service_29_0) true)
+(expandtypeattribute (face_vendor_data_file_29_0) true)
+(expandtypeattribute (fastbootd_29_0) true)
+(expandtypeattribute (ffs_prop_29_0) true)
+(expandtypeattribute (file_contexts_file_29_0) true)
+(expandtypeattribute (fingerprintd_29_0) true)
+(expandtypeattribute (fingerprintd_data_file_29_0) true)
+(expandtypeattribute (fingerprintd_exec_29_0) true)
+(expandtypeattribute (fingerprintd_service_29_0) true)
+(expandtypeattribute (fingerprint_prop_29_0) true)
+(expandtypeattribute (fingerprint_service_29_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_29_0) true)
+(expandtypeattribute (firstboot_prop_29_0) true)
+(expandtypeattribute (flags_health_check_29_0) true)
+(expandtypeattribute (flags_health_check_exec_29_0) true)
+(expandtypeattribute (font_service_29_0) true)
+(expandtypeattribute (frp_block_device_29_0) true)
+(expandtypeattribute (fs_bpf_29_0) true)
+(expandtypeattribute (fsck_29_0) true)
+(expandtypeattribute (fsck_exec_29_0) true)
+(expandtypeattribute (fscklogs_29_0) true)
+(expandtypeattribute (fsck_untrusted_29_0) true)
+(expandtypeattribute (functionfs_29_0) true)
+(expandtypeattribute (fuse_29_0) true)
+(expandtypeattribute (fuse_device_29_0) true)
+(expandtypeattribute (fwk_bufferhub_hwservice_29_0) true)
+(expandtypeattribute (fwk_camera_hwservice_29_0) true)
+(expandtypeattribute (fwk_display_hwservice_29_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_29_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_29_0) true)
+(expandtypeattribute (fwk_stats_hwservice_29_0) true)
+(expandtypeattribute (fwmarkd_socket_29_0) true)
+(expandtypeattribute (gatekeeperd_29_0) true)
+(expandtypeattribute (gatekeeper_data_file_29_0) true)
+(expandtypeattribute (gatekeeperd_exec_29_0) true)
+(expandtypeattribute (gatekeeper_service_29_0) true)
+(expandtypeattribute (gfxinfo_service_29_0) true)
+(expandtypeattribute (gps_control_29_0) true)
+(expandtypeattribute (gpu_device_29_0) true)
+(expandtypeattribute (gpu_service_29_0) true)
+(expandtypeattribute (gpuservice_29_0) true)
+(expandtypeattribute (graphics_device_29_0) true)
+(expandtypeattribute (graphicsstats_service_29_0) true)
+(expandtypeattribute (gsi_data_file_29_0) true)
+(expandtypeattribute (gsid_prop_29_0) true)
+(expandtypeattribute (gsi_metadata_file_29_0) true)
+(expandtypeattribute (hal_atrace_hwservice_29_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_29_0) true)
+(expandtypeattribute (hal_audio_hwservice_29_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_29_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_29_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_29_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_29_0) true)
+(expandtypeattribute (hal_camera_hwservice_29_0) true)
+(expandtypeattribute (hal_cas_hwservice_29_0) true)
+(expandtypeattribute (hal_codec2_hwservice_29_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_29_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_29_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_29_0) true)
+(expandtypeattribute (hal_drm_hwservice_29_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_29_0) true)
+(expandtypeattribute (hal_evs_hwservice_29_0) true)
+(expandtypeattribute (hal_face_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_service_29_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_29_0) true)
+(expandtypeattribute (hal_gnss_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_server_tmpfs_29_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_29_0) true)
+(expandtypeattribute (hal_health_hwservice_29_0) true)
+(expandtypeattribute (hal_health_storage_hwservice_29_0) true)
+(expandtypeattribute (hal_input_classifier_hwservice_29_0) true)
+(expandtypeattribute (hal_ir_hwservice_29_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_29_0) true)
+(expandtypeattribute (hal_light_hwservice_29_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_29_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_29_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_29_0) true)
+(expandtypeattribute (hal_nfc_hwservice_29_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_29_0) true)
+(expandtypeattribute (hal_omx_hwservice_29_0) true)
+(expandtypeattribute (hal_power_hwservice_29_0) true)
+(expandtypeattribute (hal_power_stats_hwservice_29_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_29_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_29_0) true)
+(expandtypeattribute (hal_sensors_hwservice_29_0) true)
+(expandtypeattribute (hal_telephony_hwservice_29_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_29_0) true)
+(expandtypeattribute (hal_thermal_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_hwservice_29_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_29_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_29_0) true)
+(expandtypeattribute (hal_vr_hwservice_29_0) true)
+(expandtypeattribute (hal_weaver_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_29_0) true)
+(expandtypeattribute (hardware_properties_service_29_0) true)
+(expandtypeattribute (hardware_service_29_0) true)
+(expandtypeattribute (hci_attach_dev_29_0) true)
+(expandtypeattribute (hdmi_control_service_29_0) true)
+(expandtypeattribute (healthd_29_0) true)
+(expandtypeattribute (healthd_exec_29_0) true)
+(expandtypeattribute (heapdump_data_file_29_0) true)
+(expandtypeattribute (heapprofd_29_0) true)
+(expandtypeattribute (heapprofd_enabled_prop_29_0) true)
+(expandtypeattribute (heapprofd_prop_29_0) true)
+(expandtypeattribute (heapprofd_socket_29_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_29_0) true)
+(expandtypeattribute (hidl_base_hwservice_29_0) true)
+(expandtypeattribute (hidl_manager_hwservice_29_0) true)
+(expandtypeattribute (hidl_memory_hwservice_29_0) true)
+(expandtypeattribute (hidl_token_hwservice_29_0) true)
+(expandtypeattribute (hwbinder_device_29_0) true)
+(expandtypeattribute (hw_random_device_29_0) true)
+(expandtypeattribute (hwservice_contexts_file_29_0) true)
+(expandtypeattribute (hwservicemanager_29_0) true)
+(expandtypeattribute (hwservicemanager_exec_29_0) true)
+(expandtypeattribute (hwservicemanager_prop_29_0) true)
+(expandtypeattribute (icon_file_29_0) true)
+(expandtypeattribute (idmap_29_0) true)
+(expandtypeattribute (idmap_exec_29_0) true)
+(expandtypeattribute (idmap_service_29_0) true)
+(expandtypeattribute (iio_device_29_0) true)
+(expandtypeattribute (imms_service_29_0) true)
+(expandtypeattribute (incident_29_0) true)
+(expandtypeattribute (incidentd_29_0) true)
+(expandtypeattribute (incident_data_file_29_0) true)
+(expandtypeattribute (incident_helper_29_0) true)
+(expandtypeattribute (incident_service_29_0) true)
+(expandtypeattribute (init_29_0) true)
+(expandtypeattribute (init_exec_29_0) true)
+(expandtypeattribute (init_tmpfs_29_0) true)
+(expandtypeattribute (inotify_29_0) true)
+(expandtypeattribute (input_device_29_0) true)
+(expandtypeattribute (inputflinger_29_0) true)
+(expandtypeattribute (inputflinger_exec_29_0) true)
+(expandtypeattribute (inputflinger_service_29_0) true)
+(expandtypeattribute (input_method_service_29_0) true)
+(expandtypeattribute (input_service_29_0) true)
+(expandtypeattribute (installd_29_0) true)
+(expandtypeattribute (install_data_file_29_0) true)
+(expandtypeattribute (installd_exec_29_0) true)
+(expandtypeattribute (installd_service_29_0) true)
+(expandtypeattribute (install_recovery_29_0) true)
+(expandtypeattribute (install_recovery_exec_29_0) true)
+(expandtypeattribute (ion_device_29_0) true)
+(expandtypeattribute (iorapd_29_0) true)
+(expandtypeattribute (iorapd_data_file_29_0) true)
+(expandtypeattribute (iorapd_exec_29_0) true)
+(expandtypeattribute (iorapd_service_29_0) true)
+(expandtypeattribute (iorapd_tmpfs_29_0) true)
+(expandtypeattribute (IProxyService_service_29_0) true)
+(expandtypeattribute (ipsec_service_29_0) true)
+(expandtypeattribute (iris_service_29_0) true)
+(expandtypeattribute (iris_vendor_data_file_29_0) true)
+(expandtypeattribute (isolated_app_29_0) true)
+(expandtypeattribute (jobscheduler_service_29_0) true)
+(expandtypeattribute (kernel_29_0) true)
+(expandtypeattribute (keychain_data_file_29_0) true)
+(expandtypeattribute (keychord_device_29_0) true)
+(expandtypeattribute (keystore_29_0) true)
+(expandtypeattribute (keystore_data_file_29_0) true)
+(expandtypeattribute (keystore_exec_29_0) true)
+(expandtypeattribute (keystore_service_29_0) true)
+(expandtypeattribute (kmsg_debug_device_29_0) true)
+(expandtypeattribute (kmsg_device_29_0) true)
+(expandtypeattribute (labeledfs_29_0) true)
+(expandtypeattribute (last_boot_reason_prop_29_0) true)
+(expandtypeattribute (launcherapps_service_29_0) true)
+(expandtypeattribute (llkd_29_0) true)
+(expandtypeattribute (llkd_exec_29_0) true)
+(expandtypeattribute (llkd_prop_29_0) true)
+(expandtypeattribute (lmkd_29_0) true)
+(expandtypeattribute (lmkd_exec_29_0) true)
+(expandtypeattribute (lmkd_socket_29_0) true)
+(expandtypeattribute (location_service_29_0) true)
+(expandtypeattribute (lock_settings_service_29_0) true)
+(expandtypeattribute (logcat_exec_29_0) true)
+(expandtypeattribute (logd_29_0) true)
+(expandtypeattribute (logd_exec_29_0) true)
+(expandtypeattribute (logd_prop_29_0) true)
+(expandtypeattribute (logdr_socket_29_0) true)
+(expandtypeattribute (logd_socket_29_0) true)
+(expandtypeattribute (logdw_socket_29_0) true)
+(expandtypeattribute (logpersist_29_0) true)
+(expandtypeattribute (logpersistd_logging_prop_29_0) true)
+(expandtypeattribute (log_prop_29_0) true)
+(expandtypeattribute (log_tag_prop_29_0) true)
+(expandtypeattribute (loop_control_device_29_0) true)
+(expandtypeattribute (loop_device_29_0) true)
+(expandtypeattribute (looper_stats_service_29_0) true)
+(expandtypeattribute (lowpan_device_29_0) true)
+(expandtypeattribute (lowpan_prop_29_0) true)
+(expandtypeattribute (lowpan_service_29_0) true)
+(expandtypeattribute (lpdumpd_prop_29_0) true)
+(expandtypeattribute (lpdump_service_29_0) true)
+(expandtypeattribute (mac_perms_file_29_0) true)
+(expandtypeattribute (mdnsd_29_0) true)
+(expandtypeattribute (mdnsd_socket_29_0) true)
+(expandtypeattribute (mdns_socket_29_0) true)
+(expandtypeattribute (mediacodec_service_29_0) true)
+(expandtypeattribute (media_data_file_29_0) true)
+(expandtypeattribute (mediadrmserver_29_0) true)
+(expandtypeattribute (mediadrmserver_exec_29_0) true)
+(expandtypeattribute (mediadrmserver_service_29_0) true)
+(expandtypeattribute (mediaextractor_29_0) true)
+(expandtypeattribute (mediaextractor_exec_29_0) true)
+(expandtypeattribute (mediaextractor_service_29_0) true)
+(expandtypeattribute (mediaextractor_tmpfs_29_0) true)
+(expandtypeattribute (mediametrics_29_0) true)
+(expandtypeattribute (mediametrics_exec_29_0) true)
+(expandtypeattribute (mediametrics_service_29_0) true)
+(expandtypeattribute (media_projection_service_29_0) true)
+(expandtypeattribute (mediaprovider_29_0) true)
+(expandtypeattribute (media_router_service_29_0) true)
+(expandtypeattribute (media_rw_data_file_29_0) true)
+(expandtypeattribute (mediaserver_29_0) true)
+(expandtypeattribute (mediaserver_exec_29_0) true)
+(expandtypeattribute (mediaserver_service_29_0) true)
+(expandtypeattribute (mediaserver_tmpfs_29_0) true)
+(expandtypeattribute (media_session_service_29_0) true)
+(expandtypeattribute (mediaswcodec_29_0) true)
+(expandtypeattribute (mediaswcodec_exec_29_0) true)
+(expandtypeattribute (meminfo_service_29_0) true)
+(expandtypeattribute (metadata_block_device_29_0) true)
+(expandtypeattribute (metadata_file_29_0) true)
+(expandtypeattribute (method_trace_data_file_29_0) true)
+(expandtypeattribute (midi_service_29_0) true)
+(expandtypeattribute (misc_block_device_29_0) true)
+(expandtypeattribute (misc_logd_file_29_0) true)
+(expandtypeattribute (misc_user_data_file_29_0) true)
+(expandtypeattribute (mmc_prop_29_0) true)
+(expandtypeattribute (mnt_expand_file_29_0) true)
+(expandtypeattribute (mnt_media_rw_file_29_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_29_0) true)
+(expandtypeattribute (mnt_product_file_29_0) true)
+(expandtypeattribute (mnt_user_file_29_0) true)
+(expandtypeattribute (mnt_vendor_file_29_0) true)
+(expandtypeattribute (modprobe_29_0) true)
+(expandtypeattribute (mount_service_29_0) true)
+(expandtypeattribute (mqueue_29_0) true)
+(expandtypeattribute (mtp_29_0) true)
+(expandtypeattribute (mtp_device_29_0) true)
+(expandtypeattribute (mtpd_socket_29_0) true)
+(expandtypeattribute (mtp_exec_29_0) true)
+(expandtypeattribute (nativetest_data_file_29_0) true)
+(expandtypeattribute (netd_29_0) true)
+(expandtypeattribute (net_data_file_29_0) true)
+(expandtypeattribute (netd_exec_29_0) true)
+(expandtypeattribute (netd_listener_service_29_0) true)
+(expandtypeattribute (net_dns_prop_29_0) true)
+(expandtypeattribute (netd_service_29_0) true)
+(expandtypeattribute (netd_stable_secret_prop_29_0) true)
+(expandtypeattribute (netif_29_0) true)
+(expandtypeattribute (netpolicy_service_29_0) true)
+(expandtypeattribute (net_radio_prop_29_0) true)
+(expandtypeattribute (netstats_service_29_0) true)
+(expandtypeattribute (netutils_wrapper_29_0) true)
+(expandtypeattribute (netutils_wrapper_exec_29_0) true)
+(expandtypeattribute (network_management_service_29_0) true)
+(expandtypeattribute (network_score_service_29_0) true)
+(expandtypeattribute (network_stack_29_0) true)
+(expandtypeattribute (network_stack_service_29_0) true)
+(expandtypeattribute (network_time_update_service_29_0) true)
+(expandtypeattribute (network_watchlist_data_file_29_0) true)
+(expandtypeattribute (network_watchlist_service_29_0) true)
+(expandtypeattribute (nfc_29_0) true)
+(expandtypeattribute (nfc_data_file_29_0) true)
+(expandtypeattribute (nfc_device_29_0) true)
+(expandtypeattribute (nfc_prop_29_0) true)
+(expandtypeattribute (nfc_service_29_0) true)
+(expandtypeattribute (nnapi_ext_deny_product_prop_29_0) true)
+(expandtypeattribute (node_29_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_29_0) true)
+(expandtypeattribute (notification_service_29_0) true)
+(expandtypeattribute (null_device_29_0) true)
+(expandtypeattribute (oemfs_29_0) true)
+(expandtypeattribute (oem_lock_service_29_0) true)
+(expandtypeattribute (ota_data_file_29_0) true)
+(expandtypeattribute (otadexopt_service_29_0) true)
+(expandtypeattribute (ota_package_file_29_0) true)
+(expandtypeattribute (overlayfs_file_29_0) true)
+(expandtypeattribute (overlay_prop_29_0) true)
+(expandtypeattribute (overlay_service_29_0) true)
+(expandtypeattribute (owntty_device_29_0) true)
+(expandtypeattribute (package_native_service_29_0) true)
+(expandtypeattribute (package_service_29_0) true)
+(expandtypeattribute (packages_list_file_29_0) true)
+(expandtypeattribute (pan_result_prop_29_0) true)
+(expandtypeattribute (password_slot_metadata_file_29_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_29_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_dir_29_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_performance_dir_29_0) true)
+(expandtypeattribute (perfetto_29_0) true)
+(expandtypeattribute (performanced_29_0) true)
+(expandtypeattribute (performanced_exec_29_0) true)
+(expandtypeattribute (permissionmgr_service_29_0) true)
+(expandtypeattribute (permission_service_29_0) true)
+(expandtypeattribute (persist_debug_prop_29_0) true)
+(expandtypeattribute (persistent_data_block_service_29_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_29_0) true)
+(expandtypeattribute (pinner_service_29_0) true)
+(expandtypeattribute (pipefs_29_0) true)
+(expandtypeattribute (platform_app_29_0) true)
+(expandtypeattribute (pm_prop_29_0) true)
+(expandtypeattribute (pmsg_device_29_0) true)
+(expandtypeattribute (port_29_0) true)
+(expandtypeattribute (port_device_29_0) true)
+(expandtypeattribute (postinstall_29_0) true)
+(expandtypeattribute (postinstall_apex_mnt_dir_29_0) true)
+(expandtypeattribute (postinstall_file_29_0) true)
+(expandtypeattribute (postinstall_mnt_dir_29_0) true)
+(expandtypeattribute (powerctl_prop_29_0) true)
+(expandtypeattribute (power_service_29_0) true)
+(expandtypeattribute (ppp_29_0) true)
+(expandtypeattribute (ppp_device_29_0) true)
+(expandtypeattribute (ppp_exec_29_0) true)
+(expandtypeattribute (preloads_data_file_29_0) true)
+(expandtypeattribute (preloads_media_file_29_0) true)
+(expandtypeattribute (print_service_29_0) true)
+(expandtypeattribute (priv_app_29_0) true)
+(expandtypeattribute (privapp_data_file_29_0) true)
+(expandtypeattribute (proc_29_0) true)
+(expandtypeattribute (proc_abi_29_0) true)
+(expandtypeattribute (proc_asound_29_0) true)
+(expandtypeattribute (proc_bluetooth_writable_29_0) true)
+(expandtypeattribute (proc_buddyinfo_29_0) true)
+(expandtypeattribute (proc_cmdline_29_0) true)
+(expandtypeattribute (proc_cpuinfo_29_0) true)
+(expandtypeattribute (proc_dirty_29_0) true)
+(expandtypeattribute (proc_diskstats_29_0) true)
+(expandtypeattribute (proc_drop_caches_29_0) true)
+(expandtypeattribute (processinfo_service_29_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_29_0) true)
+(expandtypeattribute (proc_filesystems_29_0) true)
+(expandtypeattribute (proc_fs_verity_29_0) true)
+(expandtypeattribute (proc_hostname_29_0) true)
+(expandtypeattribute (proc_hung_task_29_0) true)
+(expandtypeattribute (proc_interrupts_29_0) true)
+(expandtypeattribute (proc_iomem_29_0) true)
+(expandtypeattribute (proc_keys_29_0) true)
+(expandtypeattribute (proc_kmsg_29_0) true)
+(expandtypeattribute (proc_loadavg_29_0) true)
+(expandtypeattribute (proc_max_map_count_29_0) true)
+(expandtypeattribute (proc_meminfo_29_0) true)
+(expandtypeattribute (proc_min_free_order_shift_29_0) true)
+(expandtypeattribute (proc_misc_29_0) true)
+(expandtypeattribute (proc_modules_29_0) true)
+(expandtypeattribute (proc_mounts_29_0) true)
+(expandtypeattribute (proc_net_29_0) true)
+(expandtypeattribute (proc_net_tcp_udp_29_0) true)
+(expandtypeattribute (proc_overcommit_memory_29_0) true)
+(expandtypeattribute (proc_page_cluster_29_0) true)
+(expandtypeattribute (proc_pagetypeinfo_29_0) true)
+(expandtypeattribute (proc_panic_29_0) true)
+(expandtypeattribute (proc_perf_29_0) true)
+(expandtypeattribute (proc_pid_max_29_0) true)
+(expandtypeattribute (proc_pipe_conf_29_0) true)
+(expandtypeattribute (proc_pressure_cpu_29_0) true)
+(expandtypeattribute (proc_pressure_io_29_0) true)
+(expandtypeattribute (proc_pressure_mem_29_0) true)
+(expandtypeattribute (proc_qtaguid_ctrl_29_0) true)
+(expandtypeattribute (proc_qtaguid_stat_29_0) true)
+(expandtypeattribute (proc_random_29_0) true)
+(expandtypeattribute (proc_sched_29_0) true)
+(expandtypeattribute (proc_security_29_0) true)
+(expandtypeattribute (proc_slabinfo_29_0) true)
+(expandtypeattribute (proc_stat_29_0) true)
+(expandtypeattribute (procstats_service_29_0) true)
+(expandtypeattribute (proc_swaps_29_0) true)
+(expandtypeattribute (proc_sysrq_29_0) true)
+(expandtypeattribute (proc_timer_29_0) true)
+(expandtypeattribute (proc_tty_drivers_29_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_29_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_29_0) true)
+(expandtypeattribute (proc_uid_cpupower_29_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_29_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_29_0) true)
+(expandtypeattribute (proc_uid_io_stats_29_0) true)
+(expandtypeattribute (proc_uid_procstat_set_29_0) true)
+(expandtypeattribute (proc_uid_time_in_state_29_0) true)
+(expandtypeattribute (proc_uptime_29_0) true)
+(expandtypeattribute (proc_version_29_0) true)
+(expandtypeattribute (proc_vmallocinfo_29_0) true)
+(expandtypeattribute (proc_vmstat_29_0) true)
+(expandtypeattribute (proc_zoneinfo_29_0) true)
+(expandtypeattribute (profman_29_0) true)
+(expandtypeattribute (profman_dump_data_file_29_0) true)
+(expandtypeattribute (profman_exec_29_0) true)
+(expandtypeattribute (properties_device_29_0) true)
+(expandtypeattribute (properties_serial_29_0) true)
+(expandtypeattribute (property_contexts_file_29_0) true)
+(expandtypeattribute (property_data_file_29_0) true)
+(expandtypeattribute (property_info_29_0) true)
+(expandtypeattribute (property_socket_29_0) true)
+(expandtypeattribute (pstorefs_29_0) true)
+(expandtypeattribute (ptmx_device_29_0) true)
+(expandtypeattribute (qtaguid_device_29_0) true)
+(expandtypeattribute (racoon_29_0) true)
+(expandtypeattribute (racoon_exec_29_0) true)
+(expandtypeattribute (racoon_socket_29_0) true)
+(expandtypeattribute (radio_29_0) true)
+(expandtypeattribute (radio_data_file_29_0) true)
+(expandtypeattribute (radio_device_29_0) true)
+(expandtypeattribute (radio_prop_29_0) true)
+(expandtypeattribute (radio_service_29_0) true)
+(expandtypeattribute (ram_device_29_0) true)
+(expandtypeattribute (random_device_29_0) true)
+(expandtypeattribute (recovery_29_0) true)
+(expandtypeattribute (recovery_block_device_29_0) true)
+(expandtypeattribute (recovery_data_file_29_0) true)
+(expandtypeattribute (recovery_persist_29_0) true)
+(expandtypeattribute (recovery_persist_exec_29_0) true)
+(expandtypeattribute (recovery_refresh_29_0) true)
+(expandtypeattribute (recovery_refresh_exec_29_0) true)
+(expandtypeattribute (recovery_service_29_0) true)
+(expandtypeattribute (recovery_socket_29_0) true)
+(expandtypeattribute (registry_service_29_0) true)
+(expandtypeattribute (resourcecache_data_file_29_0) true)
+(expandtypeattribute (restorecon_prop_29_0) true)
+(expandtypeattribute (restrictions_service_29_0) true)
+(expandtypeattribute (rild_debug_socket_29_0) true)
+(expandtypeattribute (rild_socket_29_0) true)
+(expandtypeattribute (ringtone_file_29_0) true)
+(expandtypeattribute (role_service_29_0) true)
+(expandtypeattribute (rollback_service_29_0) true)
+(expandtypeattribute (root_block_device_29_0) true)
+(expandtypeattribute (rootfs_29_0) true)
+(expandtypeattribute (rpmsg_device_29_0) true)
+(expandtypeattribute (rs_29_0) true)
+(expandtypeattribute (rs_exec_29_0) true)
+(expandtypeattribute (rss_hwm_reset_29_0) true)
+(expandtypeattribute (rtc_device_29_0) true)
+(expandtypeattribute (rttmanager_service_29_0) true)
+(expandtypeattribute (runas_29_0) true)
+(expandtypeattribute (runas_app_29_0) true)
+(expandtypeattribute (runas_exec_29_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_29_0) true)
+(expandtypeattribute (runtime_service_29_0) true)
+(expandtypeattribute (safemode_prop_29_0) true)
+(expandtypeattribute (same_process_hal_file_29_0) true)
+(expandtypeattribute (samplingprofiler_service_29_0) true)
+(expandtypeattribute (scheduling_policy_service_29_0) true)
+(expandtypeattribute (sdcard_block_device_29_0) true)
+(expandtypeattribute (sdcardd_29_0) true)
+(expandtypeattribute (sdcardd_exec_29_0) true)
+(expandtypeattribute (sdcardfs_29_0) true)
+(expandtypeattribute (seapp_contexts_file_29_0) true)
+(expandtypeattribute (search_service_29_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_29_0) true)
+(expandtypeattribute (secure_element_29_0) true)
+(expandtypeattribute (secure_element_device_29_0) true)
+(expandtypeattribute (secure_element_service_29_0) true)
+(expandtypeattribute (selinuxfs_29_0) true)
+(expandtypeattribute (sensor_privacy_service_29_0) true)
+(expandtypeattribute (sensors_device_29_0) true)
+(expandtypeattribute (sensorservice_service_29_0) true)
+(expandtypeattribute (sepolicy_file_29_0) true)
+(expandtypeattribute (serial_device_29_0) true)
+(expandtypeattribute (serialno_prop_29_0) true)
+(expandtypeattribute (serial_service_29_0) true)
+(expandtypeattribute (server_configurable_flags_data_file_29_0) true)
+(expandtypeattribute (service_contexts_file_29_0) true)
+(expandtypeattribute (servicediscovery_service_29_0) true)
+(expandtypeattribute (servicemanager_29_0) true)
+(expandtypeattribute (servicemanager_exec_29_0) true)
+(expandtypeattribute (settings_service_29_0) true)
+(expandtypeattribute (sgdisk_29_0) true)
+(expandtypeattribute (sgdisk_exec_29_0) true)
+(expandtypeattribute (shared_relro_29_0) true)
+(expandtypeattribute (shared_relro_file_29_0) true)
+(expandtypeattribute (shell_29_0) true)
+(expandtypeattribute (shell_data_file_29_0) true)
+(expandtypeattribute (shell_exec_29_0) true)
+(expandtypeattribute (shell_prop_29_0) true)
+(expandtypeattribute (shm_29_0) true)
+(expandtypeattribute (shortcut_manager_icons_29_0) true)
+(expandtypeattribute (shortcut_service_29_0) true)
+(expandtypeattribute (simpleperf_app_runner_29_0) true)
+(expandtypeattribute (simpleperf_app_runner_exec_29_0) true)
+(expandtypeattribute (slice_service_29_0) true)
+(expandtypeattribute (slideshow_29_0) true)
+(expandtypeattribute (socket_device_29_0) true)
+(expandtypeattribute (sockfs_29_0) true)
+(expandtypeattribute (staging_data_file_29_0) true)
+(expandtypeattribute (statsd_29_0) true)
+(expandtypeattribute (stats_data_file_29_0) true)
+(expandtypeattribute (statsd_exec_29_0) true)
+(expandtypeattribute (statsdw_socket_29_0) true)
+(expandtypeattribute (statusbar_service_29_0) true)
+(expandtypeattribute (storaged_service_29_0) true)
+(expandtypeattribute (storage_file_29_0) true)
+(expandtypeattribute (storagestats_service_29_0) true)
+(expandtypeattribute (storage_stub_file_29_0) true)
+(expandtypeattribute (su_29_0) true)
+(expandtypeattribute (su_exec_29_0) true)
+(expandtypeattribute (super_block_device_29_0) true)
+(expandtypeattribute (surfaceflinger_29_0) true)
+(expandtypeattribute (surfaceflinger_service_29_0) true)
+(expandtypeattribute (surfaceflinger_tmpfs_29_0) true)
+(expandtypeattribute (swap_block_device_29_0) true)
+(expandtypeattribute (sysfs_29_0) true)
+(expandtypeattribute (sysfs_android_usb_29_0) true)
+(expandtypeattribute (sysfs_batteryinfo_29_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_29_0) true)
+(expandtypeattribute (sysfs_devices_block_29_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_29_0) true)
+(expandtypeattribute (sysfs_dm_29_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_29_0) true)
+(expandtypeattribute (sysfs_extcon_29_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_29_0) true)
+(expandtypeattribute (sysfs_fs_f2fs_29_0) true)
+(expandtypeattribute (sysfs_hwrandom_29_0) true)
+(expandtypeattribute (sysfs_ipv4_29_0) true)
+(expandtypeattribute (sysfs_kernel_notes_29_0) true)
+(expandtypeattribute (sysfs_leds_29_0) true)
+(expandtypeattribute (sysfs_loop_29_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_29_0) true)
+(expandtypeattribute (sysfs_mac_address_29_0) true)
+(expandtypeattribute (sysfs_net_29_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_29_0) true)
+(expandtypeattribute (sysfs_power_29_0) true)
+(expandtypeattribute (sysfs_rtc_29_0) true)
+(expandtypeattribute (sysfs_switch_29_0) true)
+(expandtypeattribute (sysfs_thermal_29_0) true)
+(expandtypeattribute (sysfs_transparent_hugepage_29_0) true)
+(expandtypeattribute (sysfs_uio_29_0) true)
+(expandtypeattribute (sysfs_usb_29_0) true)
+(expandtypeattribute (sysfs_usermodehelper_29_0) true)
+(expandtypeattribute (sysfs_vibrator_29_0) true)
+(expandtypeattribute (sysfs_wake_lock_29_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_29_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_29_0) true)
+(expandtypeattribute (sysfs_zram_29_0) true)
+(expandtypeattribute (sysfs_zram_uevent_29_0) true)
+(expandtypeattribute (system_app_29_0) true)
+(expandtypeattribute (system_app_data_file_29_0) true)
+(expandtypeattribute (system_app_service_29_0) true)
+(expandtypeattribute (system_asan_options_file_29_0) true)
+(expandtypeattribute (system_block_device_29_0) true)
+(expandtypeattribute (system_boot_reason_prop_29_0) true)
+(expandtypeattribute (system_bootstrap_lib_file_29_0) true)
+(expandtypeattribute (system_data_file_29_0) true)
+(expandtypeattribute (system_event_log_tags_file_29_0) true)
+(expandtypeattribute (system_file_29_0) true)
+(expandtypeattribute (systemkeys_data_file_29_0) true)
+(expandtypeattribute (system_lib_file_29_0) true)
+(expandtypeattribute (system_linker_config_file_29_0) true)
+(expandtypeattribute (system_linker_exec_29_0) true)
+(expandtypeattribute (system_lmk_prop_29_0) true)
+(expandtypeattribute (system_ndebug_socket_29_0) true)
+(expandtypeattribute (system_net_netd_hwservice_29_0) true)
+(expandtypeattribute (system_prop_29_0) true)
+(expandtypeattribute (system_radio_prop_29_0) true)
+(expandtypeattribute (system_seccomp_policy_file_29_0) true)
+(expandtypeattribute (system_security_cacerts_file_29_0) true)
+(expandtypeattribute (system_server_29_0) true)
+(expandtypeattribute (system_server_tmpfs_29_0) true)
+(expandtypeattribute (system_suspend_control_service_29_0) true)
+(expandtypeattribute (system_suspend_hwservice_29_0) true)
+(expandtypeattribute (system_trace_prop_29_0) true)
+(expandtypeattribute (system_update_service_29_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_29_0) true)
+(expandtypeattribute (system_wpa_socket_29_0) true)
+(expandtypeattribute (system_zoneinfo_file_29_0) true)
+(expandtypeattribute (task_profiles_file_29_0) true)
+(expandtypeattribute (task_service_29_0) true)
+(expandtypeattribute (tcpdump_exec_29_0) true)
+(expandtypeattribute (tee_29_0) true)
+(expandtypeattribute (tee_data_file_29_0) true)
+(expandtypeattribute (tee_device_29_0) true)
+(expandtypeattribute (telecom_service_29_0) true)
+(expandtypeattribute (test_boot_reason_prop_29_0) true)
+(expandtypeattribute (test_harness_prop_29_0) true)
+(expandtypeattribute (testharness_service_29_0) true)
+(expandtypeattribute (textclassification_service_29_0) true)
+(expandtypeattribute (textclassifier_data_file_29_0) true)
+(expandtypeattribute (textservices_service_29_0) true)
+(expandtypeattribute (thermalcallback_hwservice_29_0) true)
+(expandtypeattribute (thermal_service_29_0) true)
+(expandtypeattribute (timedetector_service_29_0) true)
+(expandtypeattribute (time_prop_29_0) true)
+(expandtypeattribute (timezone_service_29_0) true)
+(expandtypeattribute (tmpfs_29_0) true)
+(expandtypeattribute (tombstoned_29_0) true)
+(expandtypeattribute (tombstone_data_file_29_0) true)
+(expandtypeattribute (tombstoned_crash_socket_29_0) true)
+(expandtypeattribute (tombstoned_exec_29_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_29_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_29_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_29_0) true)
+(expandtypeattribute (toolbox_29_0) true)
+(expandtypeattribute (toolbox_exec_29_0) true)
+(expandtypeattribute (traced_29_0) true)
+(expandtypeattribute (trace_data_file_29_0) true)
+(expandtypeattribute (traced_consumer_socket_29_0) true)
+(expandtypeattribute (traced_enabled_prop_29_0) true)
+(expandtypeattribute (traced_lazy_prop_29_0) true)
+(expandtypeattribute (traced_probes_29_0) true)
+(expandtypeattribute (traced_producer_socket_29_0) true)
+(expandtypeattribute (traceur_app_29_0) true)
+(expandtypeattribute (trust_service_29_0) true)
+(expandtypeattribute (tty_device_29_0) true)
+(expandtypeattribute (tun_device_29_0) true)
+(expandtypeattribute (tv_input_service_29_0) true)
+(expandtypeattribute (tzdatacheck_29_0) true)
+(expandtypeattribute (tzdatacheck_exec_29_0) true)
+(expandtypeattribute (ueventd_29_0) true)
+(expandtypeattribute (ueventd_tmpfs_29_0) true)
+(expandtypeattribute (uhid_device_29_0) true)
+(expandtypeattribute (uimode_service_29_0) true)
+(expandtypeattribute (uio_device_29_0) true)
+(expandtypeattribute (uncrypt_29_0) true)
+(expandtypeattribute (uncrypt_exec_29_0) true)
+(expandtypeattribute (uncrypt_socket_29_0) true)
+(expandtypeattribute (unencrypted_data_file_29_0) true)
+(expandtypeattribute (unlabeled_29_0) true)
+(expandtypeattribute (untrusted_app_25_29_0) true)
+(expandtypeattribute (untrusted_app_27_29_0) true)
+(expandtypeattribute (untrusted_app_29_0) true)
+(expandtypeattribute (update_engine_29_0) true)
+(expandtypeattribute (update_engine_data_file_29_0) true)
+(expandtypeattribute (update_engine_exec_29_0) true)
+(expandtypeattribute (update_engine_log_data_file_29_0) true)
+(expandtypeattribute (update_engine_service_29_0) true)
+(expandtypeattribute (updatelock_service_29_0) true)
+(expandtypeattribute (update_verifier_29_0) true)
+(expandtypeattribute (update_verifier_exec_29_0) true)
+(expandtypeattribute (uri_grants_service_29_0) true)
+(expandtypeattribute (usagestats_service_29_0) true)
+(expandtypeattribute (usbaccessory_device_29_0) true)
+(expandtypeattribute (usbd_29_0) true)
+(expandtypeattribute (usb_device_29_0) true)
+(expandtypeattribute (usbd_exec_29_0) true)
+(expandtypeattribute (usbfs_29_0) true)
+(expandtypeattribute (usb_service_29_0) true)
+(expandtypeattribute (use_memfd_prop_29_0) true)
+(expandtypeattribute (userdata_block_device_29_0) true)
+(expandtypeattribute (usermodehelper_29_0) true)
+(expandtypeattribute (user_profile_data_file_29_0) true)
+(expandtypeattribute (user_service_29_0) true)
+(expandtypeattribute (vdc_29_0) true)
+(expandtypeattribute (vdc_exec_29_0) true)
+(expandtypeattribute (vendor_app_file_29_0) true)
+(expandtypeattribute (vendor_cgroup_desc_file_29_0) true)
+(expandtypeattribute (vendor_configs_file_29_0) true)
+(expandtypeattribute (vendor_data_file_29_0) true)
+(expandtypeattribute (vendor_default_prop_29_0) true)
+(expandtypeattribute (vendor_file_29_0) true)
+(expandtypeattribute (vendor_framework_file_29_0) true)
+(expandtypeattribute (vendor_hal_file_29_0) true)
+(expandtypeattribute (vendor_idc_file_29_0) true)
+(expandtypeattribute (vendor_init_29_0) true)
+(expandtypeattribute (vendor_keychars_file_29_0) true)
+(expandtypeattribute (vendor_keylayout_file_29_0) true)
+(expandtypeattribute (vendor_overlay_file_29_0) true)
+(expandtypeattribute (vendor_public_lib_file_29_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_29_0) true)
+(expandtypeattribute (vendor_shell_29_0) true)
+(expandtypeattribute (vendor_shell_exec_29_0) true)
+(expandtypeattribute (vendor_task_profiles_file_29_0) true)
+(expandtypeattribute (vendor_toolbox_exec_29_0) true)
+(expandtypeattribute (vfat_29_0) true)
+(expandtypeattribute (vibrator_service_29_0) true)
+(expandtypeattribute (video_device_29_0) true)
+(expandtypeattribute (virtual_touchpad_29_0) true)
+(expandtypeattribute (virtual_touchpad_exec_29_0) true)
+(expandtypeattribute (virtual_touchpad_service_29_0) true)
+(expandtypeattribute (vndbinder_device_29_0) true)
+(expandtypeattribute (vndk_sp_file_29_0) true)
+(expandtypeattribute (vndservice_contexts_file_29_0) true)
+(expandtypeattribute (vndservicemanager_29_0) true)
+(expandtypeattribute (voiceinteraction_service_29_0) true)
+(expandtypeattribute (vold_29_0) true)
+(expandtypeattribute (vold_data_file_29_0) true)
+(expandtypeattribute (vold_device_29_0) true)
+(expandtypeattribute (vold_exec_29_0) true)
+(expandtypeattribute (vold_metadata_file_29_0) true)
+(expandtypeattribute (vold_prepare_subdirs_29_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_29_0) true)
+(expandtypeattribute (vold_prop_29_0) true)
+(expandtypeattribute (vold_service_29_0) true)
+(expandtypeattribute (vpn_data_file_29_0) true)
+(expandtypeattribute (vrflinger_vsync_service_29_0) true)
+(expandtypeattribute (vr_hwc_29_0) true)
+(expandtypeattribute (vr_hwc_exec_29_0) true)
+(expandtypeattribute (vr_hwc_service_29_0) true)
+(expandtypeattribute (vr_manager_service_29_0) true)
+(expandtypeattribute (wallpaper_file_29_0) true)
+(expandtypeattribute (wallpaper_service_29_0) true)
+(expandtypeattribute (watchdogd_29_0) true)
+(expandtypeattribute (watchdog_device_29_0) true)
+(expandtypeattribute (watchdogd_exec_29_0) true)
+(expandtypeattribute (webviewupdate_service_29_0) true)
+(expandtypeattribute (webview_zygote_29_0) true)
+(expandtypeattribute (webview_zygote_exec_29_0) true)
+(expandtypeattribute (webview_zygote_tmpfs_29_0) true)
+(expandtypeattribute (wifiaware_service_29_0) true)
+(expandtypeattribute (wificond_29_0) true)
+(expandtypeattribute (wificond_exec_29_0) true)
+(expandtypeattribute (wificond_service_29_0) true)
+(expandtypeattribute (wifi_data_file_29_0) true)
+(expandtypeattribute (wifi_log_prop_29_0) true)
+(expandtypeattribute (wifip2p_service_29_0) true)
+(expandtypeattribute (wifi_prop_29_0) true)
+(expandtypeattribute (wifiscanner_service_29_0) true)
+(expandtypeattribute (wifi_service_29_0) true)
+(expandtypeattribute (window_service_29_0) true)
+(expandtypeattribute (wpantund_29_0) true)
+(expandtypeattribute (wpantund_exec_29_0) true)
+(expandtypeattribute (wpantund_service_29_0) true)
+(expandtypeattribute (wpa_socket_29_0) true)
+(expandtypeattribute (zero_device_29_0) true)
+(expandtypeattribute (zoneinfo_data_file_29_0) true)
+(expandtypeattribute (zygote_29_0) true)
+(expandtypeattribute (zygote_exec_29_0) true)
+(expandtypeattribute (zygote_socket_29_0) true)
+(expandtypeattribute (zygote_tmpfs_29_0) true)
+(typeattributeset accessibility_service_29_0 (accessibility_service))
+(typeattributeset account_service_29_0 (account_service))
+(typeattributeset activity_service_29_0 (activity_service))
+(typeattributeset activity_task_service_29_0 (activity_task_service))
+(typeattributeset adbd_29_0 (adbd))
+(typeattributeset adb_data_file_29_0 (adb_data_file))
+(typeattributeset adbd_exec_29_0 (adbd_exec))
+(typeattributeset adbd_socket_29_0 (adbd_socket))
+(typeattributeset adb_keys_file_29_0 (adb_keys_file))
+(typeattributeset adb_service_29_0 (adb_service))
+(typeattributeset alarm_service_29_0 (alarm_service))
+(typeattributeset anr_data_file_29_0 (anr_data_file))
+(typeattributeset apexd_29_0 (apexd))
+(typeattributeset apex_data_file_29_0 (apex_data_file))
+(typeattributeset apexd_exec_29_0 (apexd_exec))
+(typeattributeset apexd_prop_29_0 (apexd_prop))
+(typeattributeset apex_metadata_file_29_0 (apex_metadata_file))
+(typeattributeset apex_mnt_dir_29_0 (apex_mnt_dir))
+(typeattributeset apex_service_29_0 (apex_service))
+(typeattributeset apk_data_file_29_0 (apk_data_file))
+(typeattributeset apk_private_data_file_29_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_29_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_29_0 (apk_tmp_file))
+(typeattributeset app_binding_service_29_0 (app_binding_service))
+(typeattributeset app_data_file_29_0 (app_data_file))
+(typeattributeset appdomain_tmpfs_29_0 (appdomain_tmpfs))
+(typeattributeset app_fuse_file_29_0 (app_fuse_file))
+(typeattributeset app_fusefs_29_0 (app_fusefs))
+(typeattributeset appops_service_29_0 (appops_service))
+(typeattributeset app_prediction_service_29_0 (app_prediction_service))
+(typeattributeset appwidget_service_29_0 (appwidget_service))
+(typeattributeset app_zygote_29_0 (app_zygote))
+(typeattributeset app_zygote_tmpfs_29_0 (app_zygote_tmpfs))
+(typeattributeset asec_apk_file_29_0 (asec_apk_file))
+(typeattributeset asec_image_file_29_0 (asec_image_file))
+(typeattributeset asec_public_file_29_0 (asec_public_file))
+(typeattributeset ashmemd_29_0 (ashmemd))
+(typeattributeset ashmem_device_29_0 (ashmem_device))
+(typeattributeset assetatlas_service_29_0 (assetatlas_service))
+(typeattributeset audio_data_file_29_0 (audio_data_file))
+(typeattributeset audio_device_29_0 (audio_device))
+(typeattributeset audiohal_data_file_29_0 (audiohal_data_file))
+(typeattributeset audio_prop_29_0 (audio_prop))
+(typeattributeset audioserver_29_0 (audioserver))
+(typeattributeset audioserver_data_file_29_0 (audioserver_data_file))
+(typeattributeset audioserver_service_29_0 (audioserver_service))
+(typeattributeset audioserver_tmpfs_29_0 (audioserver_tmpfs))
+(typeattributeset audio_service_29_0 (audio_service))
+(typeattributeset autofill_service_29_0 (autofill_service))
+(typeattributeset backup_data_file_29_0 (backup_data_file))
+(typeattributeset backup_service_29_0 (backup_service))
+(typeattributeset batteryproperties_service_29_0 (batteryproperties_service))
+(typeattributeset battery_service_29_0 (battery_service))
+(typeattributeset batterystats_service_29_0 (batterystats_service))
+(typeattributeset binder_calls_stats_service_29_0 (binder_calls_stats_service))
+(typeattributeset binder_device_29_0 (binder_device))
+(typeattributeset binfmt_miscfs_29_0 (binfmt_miscfs))
+(typeattributeset biometric_service_29_0 (biometric_service))
+(typeattributeset blkid_29_0 (blkid))
+(typeattributeset blkid_untrusted_29_0 (blkid_untrusted))
+(typeattributeset block_device_29_0 (block_device))
+(typeattributeset bluetooth_29_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_29_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_audio_hal_prop_29_0 (bluetooth_audio_hal_prop))
+(typeattributeset bluetooth_data_file_29_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_29_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_29_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_29_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_29_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_29_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_29_0 (bluetooth_socket))
+(typeattributeset bootanim_29_0 (bootanim))
+(typeattributeset bootanim_exec_29_0 (bootanim_exec))
+(typeattributeset boot_block_device_29_0 (boot_block_device))
+(typeattributeset bootchart_data_file_29_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_29_0 (bootloader_boot_reason_prop))
+(typeattributeset bootstat_29_0 (bootstat))
+(typeattributeset bootstat_data_file_29_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_29_0 (bootstat_exec))
+(typeattributeset boottime_prop_29_0 (boottime_prop))
+(typeattributeset boottrace_data_file_29_0 (boottrace_data_file))
+(typeattributeset bpf_progs_loaded_prop_29_0 (bpf_progs_loaded_prop))
+(typeattributeset broadcastradio_service_29_0 (broadcastradio_service))
+(typeattributeset bufferhubd_29_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_29_0 (bufferhubd_exec))
+(typeattributeset bugreport_service_29_0 (bugreport_service))
+(typeattributeset cache_backup_file_29_0 (cache_backup_file))
+(typeattributeset cache_block_device_29_0 (cache_block_device))
+(typeattributeset cache_file_29_0 (cache_file))
+(typeattributeset cache_private_backup_file_29_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_29_0 (cache_recovery_file))
+(typeattributeset camera_data_file_29_0 (camera_data_file))
+(typeattributeset camera_device_29_0 (camera_device))
+(typeattributeset cameraproxy_service_29_0 (cameraproxy_service))
+(typeattributeset cameraserver_29_0 (cameraserver))
+(typeattributeset cameraserver_exec_29_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_29_0 (cameraserver_service))
+(typeattributeset cameraserver_tmpfs_29_0 (cameraserver_tmpfs))
+(typeattributeset cgroup_29_0 (cgroup))
+(typeattributeset cgroup_bpf_29_0 (cgroup_bpf))
+(typeattributeset cgroup_desc_file_29_0 (cgroup_desc_file))
+(typeattributeset cgroup_rc_file_29_0 (cgroup_rc_file))
+(typeattributeset charger_29_0 (charger))
+(typeattributeset charger_exec_29_0 (charger_exec))
+(typeattributeset clatd_29_0 (clatd))
+(typeattributeset clatd_exec_29_0 (clatd_exec))
+(typeattributeset clipboard_service_29_0 (clipboard_service))
+(typeattributeset color_display_service_29_0 (color_display_service))
+(typeattributeset companion_device_service_29_0 (companion_device_service))
+(typeattributeset configfs_29_0 (configfs))
+(typeattributeset config_prop_29_0 (config_prop))
+(typeattributeset connectivity_service_29_0 (connectivity_service))
+(typeattributeset connmetrics_service_29_0 (connmetrics_service))
+(typeattributeset console_device_29_0 (console_device))
+(typeattributeset consumer_ir_service_29_0 (consumer_ir_service))
+(typeattributeset content_capture_service_29_0 (content_capture_service))
+(typeattributeset content_service_29_0 (content_service))
+(typeattributeset content_suggestions_service_29_0 (content_suggestions_service))
+(typeattributeset contexthub_service_29_0 (contexthub_service))
+(typeattributeset coredump_file_29_0 (coredump_file))
+(typeattributeset country_detector_service_29_0 (country_detector_service))
+(typeattributeset coverage_service_29_0 (coverage_service))
+(typeattributeset cppreopt_prop_29_0 (cppreopt_prop))
+(typeattributeset cpuinfo_service_29_0 (cpuinfo_service))
+(typeattributeset cpu_variant_prop_29_0 (cpu_variant_prop))
+(typeattributeset crash_dump_29_0 (crash_dump))
+(typeattributeset crash_dump_exec_29_0 (crash_dump_exec))
+(typeattributeset crossprofileapps_service_29_0 (crossprofileapps_service))
+(typeattributeset ctl_adbd_prop_29_0 (ctl_adbd_prop))
+(typeattributeset ctl_bootanim_prop_29_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_29_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_29_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_29_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_29_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_29_0 (ctl_fuse_prop))
+(typeattributeset ctl_gsid_prop_29_0 (ctl_gsid_prop))
+(typeattributeset ctl_interface_restart_prop_29_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_29_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_29_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_29_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_29_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_29_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_29_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_29_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_29_0 (ctl_stop_prop))
+(typeattributeset dalvikcache_data_file_29_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_29_0 (dalvik_prop))
+(typeattributeset dbinfo_service_29_0 (dbinfo_service))
+(typeattributeset debugfs_29_0 (debugfs))
+(typeattributeset debugfs_mmc_29_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_29_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_29_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_29_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_29_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wakeup_sources_29_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_29_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_29_0 (debuggerd_prop))
+(typeattributeset debug_prop_29_0 (debug_prop))
+(typeattributeset default_android_hwservice_29_0 (default_android_hwservice))
+(typeattributeset default_android_service_29_0 (default_android_service))
+(typeattributeset default_android_vndservice_29_0 (default_android_vndservice))
+(typeattributeset default_prop_29_0 (default_prop apk_verity_prop))
+(typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant))
+(typeattributeset device_29_0 (device))
+(typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop))
+(typeattributeset device_config_boot_count_prop_29_0 (device_config_boot_count_prop))
+(typeattributeset device_config_input_native_boot_prop_29_0 (device_config_input_native_boot_prop))
+(typeattributeset device_config_media_native_prop_29_0 (device_config_media_native_prop))
+(typeattributeset device_config_netd_native_prop_29_0 (device_config_netd_native_prop))
+(typeattributeset device_config_reset_performed_prop_29_0 (device_config_reset_performed_prop))
+(typeattributeset device_config_runtime_native_boot_prop_29_0 (device_config_runtime_native_boot_prop))
+(typeattributeset device_config_runtime_native_prop_29_0 (device_config_runtime_native_prop))
+(typeattributeset device_config_service_29_0 (device_config_service))
+(typeattributeset device_identifiers_service_29_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_29_0 (deviceidle_service))
+(typeattributeset device_logging_prop_29_0 (device_logging_prop))
+(typeattributeset device_policy_service_29_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_29_0 (devicestoragemonitor_service))
+(typeattributeset devpts_29_0 (devpts))
+(typeattributeset dhcp_29_0 (dhcp))
+(typeattributeset dhcp_data_file_29_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_29_0 (dhcp_exec))
+(typeattributeset dhcp_prop_29_0 (dhcp_prop))
+(typeattributeset diskstats_service_29_0 (diskstats_service))
+(typeattributeset display_service_29_0 (display_service))
+(typeattributeset dm_device_29_0 (dm_device))
+(typeattributeset dnsmasq_29_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_29_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_29_0 (dnsproxyd_socket))
+(typeattributeset dnsresolver_service_29_0 (dnsresolver_service))
+(typeattributeset DockObserver_service_29_0 (DockObserver_service))
+(typeattributeset dreams_service_29_0 (dreams_service))
+(typeattributeset drm_data_file_29_0 (drm_data_file))
+(typeattributeset drmserver_29_0 (drmserver))
+(typeattributeset drmserver_exec_29_0 (drmserver_exec))
+(typeattributeset drmserver_service_29_0 (drmserver_service))
+(typeattributeset drmserver_socket_29_0 (drmserver_socket))
+(typeattributeset dropbox_data_file_29_0 (dropbox_data_file))
+(typeattributeset dropbox_service_29_0 (dropbox_service))
+(typeattributeset dumpstate_29_0 (dumpstate))
+(typeattributeset dumpstate_exec_29_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_29_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_29_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_29_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_29_0 (dumpstate_socket))
+(typeattributeset dynamic_system_prop_29_0 (dynamic_system_prop))
+(typeattributeset e2fs_29_0 (e2fs))
+(typeattributeset e2fs_exec_29_0 (e2fs_exec))
+(typeattributeset efs_file_29_0 (efs_file))
+(typeattributeset ephemeral_app_29_0 (ephemeral_app))
+(typeattributeset ethernet_service_29_0 (ethernet_service))
+(typeattributeset exfat_29_0 (exfat))
+(typeattributeset exported2_config_prop_29_0 (exported2_config_prop))
+(typeattributeset exported2_default_prop_29_0 (exported2_default_prop))
+(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop))
+(typeattributeset exported2_system_prop_29_0 (exported2_system_prop))
+(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop))
+(typeattributeset exported3_default_prop_29_0 (exported3_default_prop))
+(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop))
+(typeattributeset exported3_system_prop_29_0 (exported3_system_prop))
+(typeattributeset exported_audio_prop_29_0 (exported_audio_prop))
+(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop))
+(typeattributeset exported_config_prop_29_0 (exported_config_prop))
+(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop))
+(typeattributeset exported_default_prop_29_0
+ ( exported_default_prop
+ vndk_prop))
+(typeattributeset exported_dumpstate_prop_29_0 (exported_dumpstate_prop))
+(typeattributeset exported_ffs_prop_29_0 (exported_ffs_prop))
+(typeattributeset exported_fingerprint_prop_29_0 (exported_fingerprint_prop))
+(typeattributeset exported_overlay_prop_29_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_29_0 (exported_pm_prop))
+(typeattributeset exported_radio_prop_29_0 (exported_radio_prop))
+(typeattributeset exported_secure_prop_29_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_29_0 (exported_system_prop))
+(typeattributeset exported_system_radio_prop_29_0 (exported_system_radio_prop))
+(typeattributeset exported_vold_prop_29_0 (exported_vold_prop))
+(typeattributeset exported_wifi_prop_29_0 (exported_wifi_prop))
+(typeattributeset external_vibrator_service_29_0 (external_vibrator_service))
+(typeattributeset face_service_29_0 (face_service))
+(typeattributeset face_vendor_data_file_29_0 (face_vendor_data_file))
+(typeattributeset fastbootd_29_0 (fastbootd))
+(typeattributeset ffs_prop_29_0 (ffs_prop))
+(typeattributeset file_contexts_file_29_0 (file_contexts_file))
+(typeattributeset fingerprintd_29_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_29_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_29_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_29_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_29_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_29_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_29_0 (fingerprint_vendor_data_file))
+(typeattributeset firstboot_prop_29_0 (firstboot_prop))
+(typeattributeset flags_health_check_29_0 (flags_health_check))
+(typeattributeset flags_health_check_exec_29_0 (flags_health_check_exec))
+(typeattributeset font_service_29_0 (font_service))
+(typeattributeset frp_block_device_29_0 (frp_block_device))
+(typeattributeset fs_bpf_29_0 (fs_bpf))
+(typeattributeset fsck_29_0 (fsck))
+(typeattributeset fsck_exec_29_0 (fsck_exec))
+(typeattributeset fscklogs_29_0 (fscklogs))
+(typeattributeset fsck_untrusted_29_0 (fsck_untrusted))
+(typeattributeset functionfs_29_0 (functionfs))
+(typeattributeset fuse_29_0 (fuse))
+(typeattributeset fuse_device_29_0 (fuse_device))
+(typeattributeset fwk_bufferhub_hwservice_29_0 (fwk_bufferhub_hwservice))
+(typeattributeset fwk_camera_hwservice_29_0 (fwk_camera_hwservice))
+(typeattributeset fwk_display_hwservice_29_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_29_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_29_0 (fwk_sensor_hwservice))
+(typeattributeset fwk_stats_hwservice_29_0 (fwk_stats_hwservice))
+(typeattributeset fwmarkd_socket_29_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_29_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_29_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_29_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_29_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_29_0 (gfxinfo_service))
+(typeattributeset gps_control_29_0 (gps_control))
+(typeattributeset gpu_device_29_0 (gpu_device))
+(typeattributeset gpu_service_29_0 (gpu_service))
+(typeattributeset gpuservice_29_0 (gpuservice))
+(typeattributeset graphics_device_29_0 (graphics_device))
+(typeattributeset graphicsstats_service_29_0 (graphicsstats_service))
+(typeattributeset gsi_data_file_29_0 (gsi_data_file))
+(typeattributeset gsid_prop_29_0 (gsid_prop))
+(typeattributeset gsi_metadata_file_29_0 (gsi_metadata_file))
+(typeattributeset hal_atrace_hwservice_29_0 (hal_atrace_hwservice))
+(typeattributeset hal_audiocontrol_hwservice_29_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audio_hwservice_29_0 (hal_audio_hwservice))
+(typeattributeset hal_authsecret_hwservice_29_0 (hal_authsecret_hwservice))
+(typeattributeset hal_bluetooth_hwservice_29_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_29_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_29_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_29_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_29_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_29_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_29_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_29_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_29_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_29_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_29_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_evs_hwservice_29_0 (hal_evs_hwservice))
+(typeattributeset hal_face_hwservice_29_0 (hal_face_hwservice))
+(typeattributeset hal_fingerprint_hwservice_29_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_29_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_29_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_29_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_29_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_29_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_composer_server_tmpfs_29_0 (hal_graphics_composer_server_tmpfs))
+(typeattributeset hal_graphics_mapper_hwservice_29_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_29_0 (hal_health_hwservice))
+(typeattributeset hal_health_storage_hwservice_29_0 (hal_health_storage_hwservice))
+(typeattributeset hal_input_classifier_hwservice_29_0 (hal_input_classifier_hwservice))
+(typeattributeset hal_ir_hwservice_29_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_29_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_29_0 (hal_light_hwservice))
+(typeattributeset hal_lowpan_hwservice_29_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_29_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_29_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_29_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_29_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_29_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_29_0 (hal_power_hwservice))
+(typeattributeset hal_power_stats_hwservice_29_0 (hal_power_stats_hwservice))
+(typeattributeset hal_renderscript_hwservice_29_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_29_0 (hal_secure_element_hwservice))
+(typeattributeset hal_sensors_hwservice_29_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_29_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_29_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_29_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_29_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_29_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_gadget_hwservice_29_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_29_0 (hal_usb_hwservice))
+(typeattributeset hal_vehicle_hwservice_29_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vibrator_hwservice_29_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_29_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_29_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hostapd_hwservice_29_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hwservice_29_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_29_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_29_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_29_0 (hardware_properties_service))
+(typeattributeset hardware_service_29_0 (hardware_service))
+(typeattributeset hci_attach_dev_29_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_29_0 (hdmi_control_service))
+(typeattributeset healthd_29_0 (healthd))
+(typeattributeset healthd_exec_29_0 (healthd_exec))
+(typeattributeset heapdump_data_file_29_0 (heapdump_data_file))
+(typeattributeset heapprofd_29_0 (heapprofd))
+(typeattributeset heapprofd_enabled_prop_29_0 (heapprofd_enabled_prop))
+(typeattributeset heapprofd_prop_29_0 (heapprofd_prop))
+(typeattributeset heapprofd_socket_29_0 (heapprofd_socket))
+(typeattributeset hidl_allocator_hwservice_29_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_29_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_29_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_29_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_29_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_29_0 (hwbinder_device))
+(typeattributeset hw_random_device_29_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_29_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_29_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_29_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_29_0 (hwservicemanager_prop))
+(typeattributeset icon_file_29_0 (icon_file))
+(typeattributeset idmap_29_0 (idmap))
+(typeattributeset idmap_exec_29_0 (idmap_exec))
+(typeattributeset idmap_service_29_0 (idmap_service))
+(typeattributeset iio_device_29_0 (iio_device))
+(typeattributeset imms_service_29_0 (imms_service))
+(typeattributeset incident_29_0 (incident))
+(typeattributeset incidentd_29_0 (incidentd))
+(typeattributeset incident_data_file_29_0 (incident_data_file))
+(typeattributeset incident_helper_29_0 (incident_helper))
+(typeattributeset incident_service_29_0 (incident_service))
+(typeattributeset init_29_0 (init))
+(typeattributeset init_exec_29_0 (init_exec))
+(typeattributeset init_tmpfs_29_0 (init_tmpfs))
+(typeattributeset inotify_29_0 (inotify))
+(typeattributeset input_device_29_0 (input_device))
+(typeattributeset inputflinger_29_0 (inputflinger))
+(typeattributeset inputflinger_exec_29_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_29_0 (inputflinger_service))
+(typeattributeset input_method_service_29_0 (input_method_service))
+(typeattributeset input_service_29_0 (input_service))
+(typeattributeset installd_29_0 (installd))
+(typeattributeset install_data_file_29_0 (install_data_file))
+(typeattributeset installd_exec_29_0 (installd_exec))
+(typeattributeset installd_service_29_0 (installd_service))
+(typeattributeset install_recovery_29_0 (install_recovery))
+(typeattributeset install_recovery_exec_29_0 (install_recovery_exec))
+(typeattributeset ion_device_29_0 (ion_device))
+(typeattributeset iorapd_29_0 (iorapd))
+(typeattributeset iorapd_data_file_29_0 (iorapd_data_file))
+(typeattributeset iorapd_exec_29_0 (iorapd_exec))
+(typeattributeset iorapd_service_29_0 (iorapd_service))
+(typeattributeset iorapd_tmpfs_29_0 (iorapd_tmpfs))
+(typeattributeset IProxyService_service_29_0 (IProxyService_service))
+(typeattributeset ipsec_service_29_0 (ipsec_service))
+(typeattributeset iris_service_29_0 (iris_service))
+(typeattributeset iris_vendor_data_file_29_0 (iris_vendor_data_file))
+(typeattributeset isolated_app_29_0 (isolated_app))
+(typeattributeset jobscheduler_service_29_0 (jobscheduler_service))
+(typeattributeset kernel_29_0 (kernel))
+(typeattributeset keychain_data_file_29_0 (keychain_data_file))
+(typeattributeset keychord_device_29_0 (keychord_device))
+(typeattributeset keystore_29_0 (keystore))
+(typeattributeset keystore_data_file_29_0 (keystore_data_file))
+(typeattributeset keystore_exec_29_0 (keystore_exec))
+(typeattributeset keystore_service_29_0 (keystore_service))
+(typeattributeset kmsg_debug_device_29_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_29_0 (kmsg_device))
+(typeattributeset labeledfs_29_0 (labeledfs))
+(typeattributeset last_boot_reason_prop_29_0 (last_boot_reason_prop))
+(typeattributeset launcherapps_service_29_0 (launcherapps_service))
+(typeattributeset llkd_29_0 (llkd))
+(typeattributeset llkd_exec_29_0 (llkd_exec))
+(typeattributeset llkd_prop_29_0 (llkd_prop))
+(typeattributeset lmkd_29_0 (lmkd))
+(typeattributeset lmkd_exec_29_0 (lmkd_exec))
+(typeattributeset lmkd_socket_29_0 (lmkd_socket))
+(typeattributeset location_service_29_0 (location_service))
+(typeattributeset lock_settings_service_29_0 (lock_settings_service))
+(typeattributeset logcat_exec_29_0 (logcat_exec))
+(typeattributeset logd_29_0 (logd))
+(typeattributeset logd_exec_29_0 (logd_exec))
+(typeattributeset logd_prop_29_0 (logd_prop))
+(typeattributeset logdr_socket_29_0 (logdr_socket))
+(typeattributeset logd_socket_29_0 (logd_socket))
+(typeattributeset logdw_socket_29_0 (logdw_socket))
+(typeattributeset logpersist_29_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_29_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_29_0 (log_prop))
+(typeattributeset log_tag_prop_29_0 (log_tag_prop))
+(typeattributeset loop_control_device_29_0 (loop_control_device))
+(typeattributeset loop_device_29_0 (loop_device))
+(typeattributeset looper_stats_service_29_0 (looper_stats_service))
+(typeattributeset lowpan_device_29_0 (lowpan_device))
+(typeattributeset lowpan_prop_29_0 (lowpan_prop))
+(typeattributeset lowpan_service_29_0 (lowpan_service))
+(typeattributeset lpdumpd_prop_29_0 (lpdumpd_prop))
+(typeattributeset lpdump_service_29_0 (lpdump_service))
+(typeattributeset mac_perms_file_29_0 (mac_perms_file))
+(typeattributeset mdnsd_29_0 (mdnsd))
+(typeattributeset mdnsd_socket_29_0 (mdnsd_socket))
+(typeattributeset mdns_socket_29_0 (mdns_socket))
+(typeattributeset mediacodec_service_29_0 (mediacodec_service))
+(typeattributeset media_data_file_29_0 (media_data_file))
+(typeattributeset mediadrmserver_29_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_29_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_29_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_29_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_29_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_29_0 (mediaextractor_service))
+(typeattributeset mediaextractor_tmpfs_29_0 (mediaextractor_tmpfs))
+(typeattributeset mediametrics_29_0 (mediametrics))
+(typeattributeset mediametrics_exec_29_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_29_0 (mediametrics_service))
+(typeattributeset media_projection_service_29_0 (media_projection_service))
+(typeattributeset mediaprovider_29_0 (mediaprovider))
+(typeattributeset media_router_service_29_0 (media_router_service))
+(typeattributeset media_rw_data_file_29_0 (media_rw_data_file))
+(typeattributeset mediaserver_29_0 (mediaserver))
+(typeattributeset mediaserver_exec_29_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_29_0 (mediaserver_service))
+(typeattributeset mediaserver_tmpfs_29_0 (mediaserver_tmpfs))
+(typeattributeset media_session_service_29_0 (media_session_service))
+(typeattributeset mediaswcodec_29_0 (mediaswcodec))
+(typeattributeset mediaswcodec_exec_29_0 (mediaswcodec_exec))
+(typeattributeset meminfo_service_29_0 (meminfo_service))
+(typeattributeset metadata_block_device_29_0 (metadata_block_device))
+(typeattributeset metadata_file_29_0 (metadata_file))
+(typeattributeset method_trace_data_file_29_0 (method_trace_data_file))
+(typeattributeset midi_service_29_0 (midi_service))
+(typeattributeset misc_block_device_29_0 (misc_block_device))
+(typeattributeset misc_logd_file_29_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_29_0 (misc_user_data_file))
+(typeattributeset mmc_prop_29_0 (mmc_prop))
+(typeattributeset mnt_expand_file_29_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_29_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_29_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_product_file_29_0 (mnt_product_file))
+(typeattributeset mnt_user_file_29_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_29_0 (mnt_vendor_file))
+(typeattributeset modprobe_29_0 (modprobe))
+(typeattributeset mount_service_29_0 (mount_service))
+(typeattributeset mqueue_29_0 (mqueue))
+(typeattributeset mtp_29_0 (mtp))
+(typeattributeset mtp_device_29_0 (mtp_device))
+(typeattributeset mtpd_socket_29_0 (mtpd_socket))
+(typeattributeset mtp_exec_29_0 (mtp_exec))
+(typeattributeset nativetest_data_file_29_0 (nativetest_data_file))
+(typeattributeset netd_29_0 (netd))
+(typeattributeset net_data_file_29_0 (net_data_file))
+(typeattributeset netd_exec_29_0 (netd_exec))
+(typeattributeset netd_listener_service_29_0 (netd_listener_service))
+(typeattributeset net_dns_prop_29_0 (net_dns_prop))
+(typeattributeset netd_service_29_0 (netd_service))
+(typeattributeset netd_stable_secret_prop_29_0 (netd_stable_secret_prop))
+(typeattributeset netif_29_0 (netif))
+(typeattributeset netpolicy_service_29_0 (netpolicy_service))
+(typeattributeset net_radio_prop_29_0 (net_radio_prop))
+(typeattributeset netstats_service_29_0 (netstats_service))
+(typeattributeset netutils_wrapper_29_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_29_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_29_0 (network_management_service))
+(typeattributeset network_score_service_29_0 (network_score_service))
+(typeattributeset network_stack_29_0 (network_stack))
+(typeattributeset network_stack_service_29_0 (network_stack_service))
+(typeattributeset network_time_update_service_29_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_29_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_29_0 (network_watchlist_service))
+(typeattributeset nfc_29_0 (nfc))
+(typeattributeset nfc_data_file_29_0 (nfc_data_file))
+(typeattributeset nfc_device_29_0 (nfc_device))
+(typeattributeset nfc_prop_29_0 (nfc_prop))
+(typeattributeset nfc_service_29_0 (nfc_service))
+(typeattributeset nnapi_ext_deny_product_prop_29_0 (nnapi_ext_deny_product_prop))
+(typeattributeset node_29_0 (node))
+(typeattributeset nonplat_service_contexts_file_29_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_29_0 (notification_service))
+(typeattributeset null_device_29_0 (null_device))
+(typeattributeset oemfs_29_0 (oemfs))
+(typeattributeset oem_lock_service_29_0 (oem_lock_service))
+(typeattributeset ota_data_file_29_0 (ota_data_file))
+(typeattributeset otadexopt_service_29_0 (otadexopt_service))
+(typeattributeset ota_package_file_29_0 (ota_package_file))
+(typeattributeset overlayfs_file_29_0 (overlayfs_file))
+(typeattributeset overlay_prop_29_0 (overlay_prop))
+(typeattributeset overlay_service_29_0 (overlay_service))
+(typeattributeset owntty_device_29_0 (owntty_device))
+(typeattributeset package_native_service_29_0 (package_native_service))
+(typeattributeset package_service_29_0 (package_service))
+(typeattributeset packages_list_file_29_0 (packages_list_file))
+(typeattributeset pan_result_prop_29_0 (pan_result_prop))
+(typeattributeset password_slot_metadata_file_29_0 (password_slot_metadata_file))
+(typeattributeset pdx_bufferhub_client_channel_socket_29_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_29_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_29_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_29_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_29_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_29_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_29_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_29_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_29_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_29_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_29_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_29_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_29_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_29_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_29_0 (pdx_performance_dir))
+(typeattributeset perfetto_29_0 (perfetto))
+(typeattributeset performanced_29_0 (performanced))
+(typeattributeset performanced_exec_29_0 (performanced_exec))
+(typeattributeset permissionmgr_service_29_0 (permissionmgr_service))
+(typeattributeset permission_service_29_0 (permission_service))
+(typeattributeset persist_debug_prop_29_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_29_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_29_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_29_0 (pinner_service))
+(typeattributeset pipefs_29_0 (pipefs))
+(typeattributeset platform_app_29_0 (platform_app))
+(typeattributeset pm_prop_29_0 (pm_prop))
+(typeattributeset pmsg_device_29_0 (pmsg_device))
+(typeattributeset port_29_0 (port))
+(typeattributeset port_device_29_0 (port_device))
+(typeattributeset postinstall_29_0 (postinstall))
+(typeattributeset postinstall_apex_mnt_dir_29_0 (postinstall_apex_mnt_dir))
+(typeattributeset postinstall_file_29_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_29_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_29_0 (powerctl_prop))
+(typeattributeset power_service_29_0 (power_service))
+(typeattributeset ppp_29_0 (ppp))
+(typeattributeset ppp_device_29_0 (ppp_device))
+(typeattributeset ppp_exec_29_0 (ppp_exec))
+(typeattributeset preloads_data_file_29_0 (preloads_data_file))
+(typeattributeset preloads_media_file_29_0 (preloads_media_file))
+(typeattributeset print_service_29_0 (print_service))
+(typeattributeset priv_app_29_0 (priv_app))
+(typeattributeset privapp_data_file_29_0 (privapp_data_file))
+(typeattributeset proc_29_0
+ ( proc
+ proc_kpageflags
+ proc_lowmemorykiller))
+(typeattributeset proc_abi_29_0 (proc_abi))
+(typeattributeset proc_asound_29_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_29_0 (proc_bluetooth_writable))
+(typeattributeset proc_buddyinfo_29_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_29_0 (proc_cmdline))
+(typeattributeset proc_cpuinfo_29_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_29_0 (proc_dirty))
+(typeattributeset proc_diskstats_29_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_29_0 (proc_drop_caches))
+(typeattributeset processinfo_service_29_0 (processinfo_service))
+(typeattributeset proc_extra_free_kbytes_29_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_29_0 (proc_filesystems))
+(typeattributeset proc_fs_verity_29_0 (proc_fs_verity))
+(typeattributeset proc_hostname_29_0 (proc_hostname))
+(typeattributeset proc_hung_task_29_0 (proc_hung_task))
+(typeattributeset proc_interrupts_29_0 (proc_interrupts))
+(typeattributeset proc_iomem_29_0 (proc_iomem))
+(typeattributeset proc_keys_29_0 (proc_keys))
+(typeattributeset proc_kmsg_29_0 (proc_kmsg))
+(typeattributeset proc_loadavg_29_0 (proc_loadavg))
+(typeattributeset proc_max_map_count_29_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_29_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_29_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_29_0 (proc_misc))
+(typeattributeset proc_modules_29_0 (proc_modules))
+(typeattributeset proc_mounts_29_0 (proc_mounts))
+(typeattributeset proc_net_29_0 (proc_net))
+(typeattributeset proc_net_tcp_udp_29_0 (proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_29_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_29_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_29_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_29_0 (proc_panic))
+(typeattributeset proc_perf_29_0 (proc_perf))
+(typeattributeset proc_pid_max_29_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_29_0 (proc_pipe_conf))
+(typeattributeset proc_pressure_cpu_29_0 (proc_pressure_cpu))
+(typeattributeset proc_pressure_io_29_0 (proc_pressure_io))
+(typeattributeset proc_pressure_mem_29_0 (proc_pressure_mem))
+(typeattributeset proc_qtaguid_ctrl_29_0 (proc_qtaguid_ctrl))
+(typeattributeset proc_qtaguid_stat_29_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_29_0 (proc_random))
+(typeattributeset proc_sched_29_0 (proc_sched))
+(typeattributeset proc_security_29_0 (proc_security))
+(typeattributeset proc_slabinfo_29_0 (proc_slabinfo))
+(typeattributeset proc_stat_29_0 (proc_stat))
+(typeattributeset procstats_service_29_0 (procstats_service))
+(typeattributeset proc_swaps_29_0 (proc_swaps))
+(typeattributeset proc_sysrq_29_0 (proc_sysrq))
+(typeattributeset proc_timer_29_0 (proc_timer))
+(typeattributeset proc_tty_drivers_29_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_29_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_29_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_29_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_29_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_29_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_29_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_29_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_29_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_29_0 (proc_uptime))
+(typeattributeset proc_version_29_0 (proc_version))
+(typeattributeset proc_vmallocinfo_29_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_29_0 (proc_vmstat))
+(typeattributeset proc_zoneinfo_29_0 (proc_zoneinfo))
+(typeattributeset profman_29_0 (profman))
+(typeattributeset profman_dump_data_file_29_0 (profman_dump_data_file))
+(typeattributeset profman_exec_29_0 (profman_exec))
+(typeattributeset properties_device_29_0 (properties_device))
+(typeattributeset properties_serial_29_0 (properties_serial))
+(typeattributeset property_contexts_file_29_0 (property_contexts_file))
+(typeattributeset property_data_file_29_0 (property_data_file))
+(typeattributeset property_info_29_0 (property_info))
+(typeattributeset property_socket_29_0 (property_socket))
+(typeattributeset pstorefs_29_0 (pstorefs))
+(typeattributeset ptmx_device_29_0 (ptmx_device))
+(typeattributeset qtaguid_device_29_0 (qtaguid_device))
+(typeattributeset racoon_29_0 (racoon))
+(typeattributeset racoon_exec_29_0 (racoon_exec))
+(typeattributeset racoon_socket_29_0 (racoon_socket))
+(typeattributeset radio_29_0 (radio))
+(typeattributeset radio_data_file_29_0 (radio_data_file))
+(typeattributeset radio_device_29_0 (radio_device))
+(typeattributeset radio_prop_29_0 (radio_prop))
+(typeattributeset radio_service_29_0 (radio_service))
+(typeattributeset ram_device_29_0 (ram_device))
+(typeattributeset random_device_29_0 (random_device))
+(typeattributeset recovery_29_0 (recovery))
+(typeattributeset recovery_block_device_29_0 (recovery_block_device))
+(typeattributeset recovery_data_file_29_0 (recovery_data_file))
+(typeattributeset recovery_persist_29_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_29_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_29_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_29_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_29_0 (recovery_service))
+(typeattributeset recovery_socket_29_0 (recovery_socket))
+(typeattributeset registry_service_29_0 (registry_service))
+(typeattributeset resourcecache_data_file_29_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_29_0 (restorecon_prop))
+(typeattributeset restrictions_service_29_0 (restrictions_service))
+(typeattributeset rild_debug_socket_29_0 (rild_debug_socket))
+(typeattributeset rild_socket_29_0 (rild_socket))
+(typeattributeset ringtone_file_29_0 (ringtone_file))
+(typeattributeset role_service_29_0 (role_service))
+(typeattributeset rollback_service_29_0 (rollback_service))
+(typeattributeset root_block_device_29_0 (root_block_device))
+(typeattributeset rootfs_29_0 (rootfs))
+(typeattributeset rpmsg_device_29_0 (rpmsg_device))
+(typeattributeset rs_29_0 (rs))
+(typeattributeset rs_exec_29_0 (rs_exec))
+(typeattributeset rss_hwm_reset_29_0 (rss_hwm_reset))
+(typeattributeset rtc_device_29_0 (rtc_device))
+(typeattributeset rttmanager_service_29_0 (rttmanager_service))
+(typeattributeset runas_29_0 (runas))
+(typeattributeset runas_app_29_0 (runas_app))
+(typeattributeset runas_exec_29_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_29_0 (runtime_event_log_tags_file))
+(typeattributeset runtime_service_29_0 (runtime_service))
+(typeattributeset safemode_prop_29_0 (safemode_prop))
+(typeattributeset same_process_hal_file_29_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_29_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_29_0 (scheduling_policy_service))
+(typeattributeset sdcard_block_device_29_0 (sdcard_block_device))
+(typeattributeset sdcardd_29_0 (sdcardd))
+(typeattributeset sdcardd_exec_29_0 (sdcardd_exec))
+(typeattributeset sdcardfs_29_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_29_0 (seapp_contexts_file))
+(typeattributeset search_service_29_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_29_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_29_0 (secure_element))
+(typeattributeset secure_element_device_29_0 (secure_element_device))
+(typeattributeset secure_element_service_29_0 (secure_element_service))
+(typeattributeset selinuxfs_29_0 (selinuxfs))
+(typeattributeset sensor_privacy_service_29_0 (sensor_privacy_service))
+(typeattributeset sensors_device_29_0 (sensors_device))
+(typeattributeset sensorservice_service_29_0 (sensorservice_service))
+(typeattributeset sepolicy_file_29_0 (sepolicy_file))
+(typeattributeset serial_device_29_0 (serial_device))
+(typeattributeset serialno_prop_29_0 (serialno_prop))
+(typeattributeset serial_service_29_0 (serial_service))
+(typeattributeset server_configurable_flags_data_file_29_0 (server_configurable_flags_data_file))
+(typeattributeset service_contexts_file_29_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_29_0 (servicediscovery_service))
+(typeattributeset servicemanager_29_0 (servicemanager))
+(typeattributeset servicemanager_exec_29_0 (servicemanager_exec))
+(typeattributeset settings_service_29_0 (settings_service))
+(typeattributeset sgdisk_29_0 (sgdisk))
+(typeattributeset sgdisk_exec_29_0 (sgdisk_exec))
+(typeattributeset shared_relro_29_0 (shared_relro))
+(typeattributeset shared_relro_file_29_0 (shared_relro_file))
+(typeattributeset shell_29_0 (shell))
+(typeattributeset shell_data_file_29_0 (shell_data_file))
+(typeattributeset shell_exec_29_0 (shell_exec))
+(typeattributeset shell_prop_29_0 (shell_prop))
+(typeattributeset shm_29_0 (shm))
+(typeattributeset shortcut_manager_icons_29_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_29_0 (shortcut_service))
+(typeattributeset simpleperf_app_runner_29_0 (simpleperf_app_runner))
+(typeattributeset simpleperf_app_runner_exec_29_0 (simpleperf_app_runner_exec))
+(typeattributeset slice_service_29_0 (slice_service))
+(typeattributeset slideshow_29_0 (slideshow))
+(typeattributeset socket_device_29_0 (socket_device))
+(typeattributeset sockfs_29_0 (sockfs))
+(typeattributeset staging_data_file_29_0 (staging_data_file))
+(typeattributeset statsd_29_0 (statsd))
+(typeattributeset stats_data_file_29_0 (stats_data_file))
+(typeattributeset statsd_exec_29_0 (statsd_exec))
+(typeattributeset statsdw_socket_29_0 (statsdw_socket))
+(typeattributeset statusbar_service_29_0 (statusbar_service))
+(typeattributeset storaged_service_29_0 (storaged_service))
+(typeattributeset storage_file_29_0 (storage_file))
+(typeattributeset storagestats_service_29_0 (storagestats_service))
+(typeattributeset storage_stub_file_29_0 (storage_stub_file))
+(typeattributeset su_29_0 (su))
+(typeattributeset su_exec_29_0 (su_exec))
+(typeattributeset super_block_device_29_0 (super_block_device))
+(typeattributeset surfaceflinger_29_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service))
+(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs))
+(typeattributeset swap_block_device_29_0 (swap_block_device))
+(typeattributeset sysfs_29_0
+ ( sysfs
+ sysfs_ion
+ sysfs_suspend_stats
+ sysfs_wakeup))
+(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_block_29_0 (sysfs_devices_block))
+(typeattributeset sysfs_devices_system_cpu_29_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_29_0 (sysfs_dm))
+(typeattributeset sysfs_dt_firmware_android_29_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_extcon_29_0 (sysfs_extcon))
+(typeattributeset sysfs_fs_ext4_features_29_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_fs_f2fs_29_0 (sysfs_fs_f2fs))
+(typeattributeset sysfs_hwrandom_29_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ipv4_29_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_29_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_29_0 (sysfs_leds))
+(typeattributeset sysfs_loop_29_0 (sysfs_loop))
+(typeattributeset sysfs_lowmemorykiller_29_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_29_0 (sysfs_mac_address))
+(typeattributeset sysfs_net_29_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_29_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_29_0 (sysfs_power))
+(typeattributeset sysfs_rtc_29_0 (sysfs_rtc))
+(typeattributeset sysfs_switch_29_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_29_0 (sysfs_thermal))
+(typeattributeset sysfs_transparent_hugepage_29_0 (sysfs_transparent_hugepage))
+(typeattributeset sysfs_uio_29_0 (sysfs_uio))
+(typeattributeset sysfs_usb_29_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_29_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_29_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_29_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_reasons_29_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_29_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_29_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_29_0 (sysfs_zram_uevent))
+(typeattributeset system_app_29_0 (system_app))
+(typeattributeset system_app_data_file_29_0 (system_app_data_file))
+(typeattributeset system_app_service_29_0 (system_app_service))
+(typeattributeset system_asan_options_file_29_0 (system_asan_options_file))
+(typeattributeset system_block_device_29_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_29_0 (system_boot_reason_prop))
+(typeattributeset system_bootstrap_lib_file_29_0 (system_bootstrap_lib_file))
+(typeattributeset system_data_file_29_0 (system_data_file system_data_root_file))
+(typeattributeset system_event_log_tags_file_29_0 (system_event_log_tags_file))
+(typeattributeset system_file_29_0 (system_file))
+(typeattributeset systemkeys_data_file_29_0 (systemkeys_data_file))
+(typeattributeset system_lib_file_29_0 (system_lib_file))
+(typeattributeset system_linker_config_file_29_0 (system_linker_config_file))
+(typeattributeset system_linker_exec_29_0 (system_linker_exec))
+(typeattributeset system_lmk_prop_29_0 (system_lmk_prop))
+(typeattributeset system_ndebug_socket_29_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_29_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_29_0 (system_prop))
+(typeattributeset system_radio_prop_29_0 (system_radio_prop))
+(typeattributeset system_seccomp_policy_file_29_0 (system_seccomp_policy_file))
+(typeattributeset system_security_cacerts_file_29_0 (system_security_cacerts_file))
+(typeattributeset system_server_29_0 (system_server))
+(typeattributeset system_server_tmpfs_29_0 (system_server_tmpfs))
+(typeattributeset system_suspend_control_service_29_0 (system_suspend_control_service))
+(typeattributeset system_suspend_hwservice_29_0 (system_suspend_hwservice))
+(typeattributeset system_trace_prop_29_0 (system_trace_prop))
+(typeattributeset system_update_service_29_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_29_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_29_0 (system_wpa_socket))
+(typeattributeset system_zoneinfo_file_29_0 (system_zoneinfo_file))
+(typeattributeset task_profiles_file_29_0 (task_profiles_file))
+(typeattributeset task_service_29_0 (task_service))
+(typeattributeset tcpdump_exec_29_0 (tcpdump_exec))
+(typeattributeset tee_29_0 (tee))
+(typeattributeset tee_data_file_29_0 (tee_data_file))
+(typeattributeset tee_device_29_0 (tee_device))
+(typeattributeset telecom_service_29_0 (telecom_service))
+(typeattributeset test_boot_reason_prop_29_0 (test_boot_reason_prop))
+(typeattributeset test_harness_prop_29_0 (test_harness_prop))
+(typeattributeset testharness_service_29_0 (testharness_service))
+(typeattributeset textclassification_service_29_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_29_0 (textclassifier_data_file))
+(typeattributeset textservices_service_29_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_29_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_29_0 (thermal_service))
+(typeattributeset timedetector_service_29_0 (timedetector_service))
+(typeattributeset time_prop_29_0 (time_prop))
+(typeattributeset timezone_service_29_0 (timezone_service))
+(typeattributeset tmpfs_29_0
+ ( mnt_sdcard_file
+ tmpfs))
+(typeattributeset tombstoned_29_0 (tombstoned))
+(typeattributeset tombstone_data_file_29_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_29_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_29_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_29_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_29_0 (tombstoned_java_trace_socket))
+(typeattributeset tombstone_wifi_data_file_29_0 (tombstone_wifi_data_file))
+(typeattributeset toolbox_29_0 (toolbox))
+(typeattributeset toolbox_exec_29_0 (toolbox_exec))
+(typeattributeset traced_29_0 (traced))
+(typeattributeset trace_data_file_29_0 (trace_data_file))
+(typeattributeset traced_consumer_socket_29_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_29_0 (traced_enabled_prop))
+(typeattributeset traced_lazy_prop_29_0 (traced_lazy_prop))
+(typeattributeset traced_probes_29_0 (traced_probes))
+(typeattributeset traced_producer_socket_29_0 (traced_producer_socket))
+(typeattributeset traceur_app_29_0 (traceur_app))
+(typeattributeset trust_service_29_0 (trust_service))
+(typeattributeset tty_device_29_0 (tty_device))
+(typeattributeset tun_device_29_0 (tun_device))
+(typeattributeset tv_input_service_29_0 (tv_input_service))
+(typeattributeset tzdatacheck_29_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_29_0 (tzdatacheck_exec))
+(typeattributeset ueventd_29_0 (ueventd))
+(typeattributeset ueventd_tmpfs_29_0 (ueventd_tmpfs))
+(typeattributeset uhid_device_29_0 (uhid_device))
+(typeattributeset uimode_service_29_0 (uimode_service))
+(typeattributeset uio_device_29_0 (uio_device))
+(typeattributeset uncrypt_29_0 (uncrypt))
+(typeattributeset uncrypt_exec_29_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_29_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_29_0 (unencrypted_data_file))
+(typeattributeset unlabeled_29_0 (unlabeled))
+(typeattributeset untrusted_app_25_29_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_29_0 (untrusted_app_27))
+(typeattributeset untrusted_app_29_0 (untrusted_app))
+(typeattributeset update_engine_29_0 (update_engine))
+(typeattributeset update_engine_data_file_29_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_29_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_29_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_29_0 (update_engine_service))
+(typeattributeset updatelock_service_29_0 (updatelock_service))
+(typeattributeset update_verifier_29_0 (update_verifier))
+(typeattributeset update_verifier_exec_29_0 (update_verifier_exec))
+(typeattributeset uri_grants_service_29_0 (uri_grants_service))
+(typeattributeset usagestats_service_29_0 (usagestats_service))
+(typeattributeset usbaccessory_device_29_0 (usbaccessory_device))
+(typeattributeset usbd_29_0 (usbd))
+(typeattributeset usb_device_29_0 (usb_device))
+(typeattributeset usbd_exec_29_0 (usbd_exec))
+(typeattributeset usbfs_29_0 (usbfs))
+(typeattributeset usb_service_29_0 (usb_service))
+(typeattributeset use_memfd_prop_29_0 (use_memfd_prop))
+(typeattributeset userdata_block_device_29_0 (userdata_block_device))
+(typeattributeset usermodehelper_29_0 (usermodehelper))
+(typeattributeset user_profile_data_file_29_0 (user_profile_data_file))
+(typeattributeset user_service_29_0 (user_service))
+(typeattributeset vdc_29_0 (vdc))
+(typeattributeset vdc_exec_29_0 (vdc_exec))
+(typeattributeset vendor_app_file_29_0 (vendor_app_file))
+(typeattributeset vendor_cgroup_desc_file_29_0 (vendor_cgroup_desc_file))
+(typeattributeset vendor_configs_file_29_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_29_0 (vendor_data_file))
+(typeattributeset vendor_default_prop_29_0 (vendor_default_prop))
+(typeattributeset vendor_file_29_0 (vendor_file))
+(typeattributeset vendor_framework_file_29_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_29_0 (vendor_hal_file))
+(typeattributeset vendor_idc_file_29_0 (vendor_idc_file))
+(typeattributeset vendor_init_29_0 (vendor_init))
+(typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file))
+(typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file))
+(typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file))
+(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file))
+(typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_shell_29_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec))
+(typeattributeset vendor_task_profiles_file_29_0 (vendor_task_profiles_file))
+(typeattributeset vendor_toolbox_exec_29_0 (vendor_toolbox_exec))
+(typeattributeset vfat_29_0 (vfat))
+(typeattributeset vibrator_service_29_0 (vibrator_service))
+(typeattributeset video_device_29_0 (video_device))
+(typeattributeset virtual_touchpad_29_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_29_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_29_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_29_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_29_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_29_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_29_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_29_0 (voiceinteraction_service))
+(typeattributeset vold_29_0 (vold))
+(typeattributeset vold_data_file_29_0 (vold_data_file))
+(typeattributeset vold_device_29_0 (vold_device))
+(typeattributeset vold_exec_29_0 (vold_exec))
+(typeattributeset vold_metadata_file_29_0 (vold_metadata_file))
+(typeattributeset vold_prepare_subdirs_29_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_29_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_29_0 (vold_prop))
+(typeattributeset vold_service_29_0 (vold_service))
+(typeattributeset vpn_data_file_29_0 (vpn_data_file))
+(typeattributeset vrflinger_vsync_service_29_0 (vrflinger_vsync_service))
+(typeattributeset vr_hwc_29_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_29_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_29_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_29_0 (vr_manager_service))
+(typeattributeset wallpaper_file_29_0 (wallpaper_file))
+(typeattributeset wallpaper_service_29_0 (wallpaper_service))
+(typeattributeset watchdogd_29_0 (watchdogd))
+(typeattributeset watchdog_device_29_0 (watchdog_device))
+(typeattributeset watchdogd_exec_29_0 (watchdogd_exec))
+(typeattributeset webviewupdate_service_29_0 (webviewupdate_service))
+(typeattributeset webview_zygote_29_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_29_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_tmpfs_29_0 (webview_zygote_tmpfs))
+(typeattributeset wifiaware_service_29_0 (wifiaware_service))
+(typeattributeset wificond_29_0 (wificond))
+(typeattributeset wificond_exec_29_0 (wificond_exec))
+(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service))
+(typeattributeset wifi_data_file_29_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_29_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_29_0 (wifip2p_service))
+(typeattributeset wifi_prop_29_0 (wifi_prop))
+(typeattributeset wifiscanner_service_29_0 (wifiscanner_service))
+(typeattributeset wifi_service_29_0 (wifi_service))
+(typeattributeset window_service_29_0 (window_service))
+(typeattributeset wpantund_29_0 (wpantund))
+(typeattributeset wpantund_exec_29_0 (wpantund_exec))
+(typeattributeset wpantund_service_29_0 (wpantund_service))
+(typeattributeset wpa_socket_29_0 (wpa_socket))
+(typeattributeset zero_device_29_0 (zero_device))
+(typeattributeset zoneinfo_data_file_29_0 (zoneinfo_data_file))
+(typeattributeset zygote_29_0 (zygote))
+(typeattributeset zygote_exec_29_0 (zygote_exec))
+(typeattributeset zygote_socket_29_0 (zygote_socket))
+(typeattributeset zygote_tmpfs_29_0 (zygote_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil
new file mode 100644
index 0000000..af4da8a
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil
@@ -0,0 +1,3 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
new file mode 100644
index 0000000..fdea691
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil
@@ -0,0 +1,130 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ aidl_lazy_test_server
+ aidl_lazy_test_server_exec
+ aidl_lazy_test_service
+ adbd_prop
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
+ app_integrity_service
+ app_search_service
+ auth_service
+ automotive_display_service
+ automotive_display_service_exec
+ ashmem_libcutils_device
+ blob_store_service
+ binder_cache_bluetooth_server_prop
+ binder_cache_system_server_prop
+ binder_cache_telephony_server_prop
+ binderfs
+ binderfs_logs
+ binderfs_logs_proc
+ boringssl_self_test
+ bq_config_prop
+ cacheinfo_service
+ charger_prop
+ cold_boot_done_prop
+ credstore
+ credstore_data_file
+ credstore_exec
+ credstore_service
+ platform_compat_service
+ ctl_apexd_prop
+ dataloader_manager_service
+ debugfs_kprobes
+ device_config_storage_native_boot_prop
+ device_config_sys_traced_prop
+ device_config_window_manager_native_boot_prop
+ device_config_configuration_prop
+ emergency_affordance_service
+ exported_camera_prop
+ fastbootd_protocol_prop
+ file_integrity_service
+ fwk_automotive_display_hwservice
+ fusectlfs
+ gmscore_app
+ graphics_config_prop
+ hal_can_bus_hwservice
+ hal_can_controller_hwservice
+ hal_identity_service
+ hal_light_service
+ hal_power_service
+ hal_rebootescrow_service
+ hal_tv_tuner_hwservice
+ hal_vibrator_service
+ incremental_control_file
+ incremental_prop
+ incremental_service
+ init_perf_lsm_hooks_prop
+ init_svc_debug_prop
+ iorap_inode2filename
+ iorap_inode2filename_data_file
+ iorap_inode2filename_exec
+ iorap_inode2filename_tmpfs
+ iorap_prefetcherd
+ iorap_prefetcherd_data_file
+ iorap_prefetcherd_exec
+ iorap_prefetcherd_tmpfs
+ mediatranscoding_service
+ mediatranscoding
+ mediatranscoding_exec
+ mediatranscoding_tmpfs
+ mirror_data_file
+ light_service
+ linkerconfig_file
+ lmkd_prop
+ media_variant_prop
+ metadata_bootstat_file
+ mnt_pass_through_file
+ mock_ota_prop
+ module_sdkextensions_prop
+ ota_metadata_file
+ ota_prop
+ prereboot_data_file
+ art_apex_dir
+ rebootescrow_hal_prop
+ securityfs
+ service_manager_service
+ service_manager_vndservice
+ simpleperf
+ snapshotctl_log_data_file
+ socket_hook_prop
+ soundtrigger_middleware_service
+ staged_install_file
+ storage_config_prop
+ surfaceflinger_display_prop
+ sysfs_dm_verity
+ system_adbd_prop
+ system_config_service
+ system_group_file
+ system_jvmti_agent_prop
+ system_passwd_file
+ system_unsolzygote_socket
+ tethering_service
+ traced_perf
+ traced_perf_enabled_prop
+ traced_perf_socket
+ timezonedetector_service
+ untrusted_app_29
+ usb_serial_device
+ userspace_reboot_config_prop
+ userspace_reboot_exported_prop
+ userspace_reboot_log_prop
+ userspace_reboot_test_prop
+ vehicle_hal_prop
+ tv_tuner_resource_mgr_service
+ vendor_apex_file
+ vendor_boringssl_self_test
+ vendor_install_recovery
+ vendor_install_recovery_exec
+ vendor_service_contexts_file
+ vendor_socket_hook_prop
+ vendor_socket_hook_prop
+ virtual_ab_prop))
diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te
new file mode 100644
index 0000000..86e8009
--- /dev/null
+++ b/prebuilts/api/30.0/private/coredomain.te
@@ -0,0 +1,200 @@
+get_prop(coredomain, pm_prop)
+get_prop(coredomain, exported_pm_prop)
+
+full_treble_only(`
+neverallow {
+ coredomain
+
+ # for chowning
+ -init
+
+ # generic access to sysfs_type
+ -ueventd
+ -vold
+} sysfs_leds:file *;
+')
+
+# On TREBLE devices, a limited set of files in /vendor are accessible to
+# only a few whitelisted coredomains to keep system/vendor separation.
+full_treble_only(`
+ # Limit access to /vendor/app
+ neverallow {
+ coredomain
+ -appdomain
+ -dex2oat
+ -dexoptanalyzer
+ -idmap
+ -init
+ -installd
+ userdebug_or_eng(`-heapprofd')
+ -postinstall_dexopt
+ -rs # spawned by appdomain, so carryover the exception above
+ -system_server
+ -traced_perf
+ } vendor_app_file:dir { open read getattr search };
+')
+
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain
+ -dex2oat
+ -dexoptanalyzer
+ -idmap
+ -init
+ -installd
+ userdebug_or_eng(`-heapprofd')
+ -postinstall_dexopt
+ -rs # spawned by appdomain, so carryover the exception above
+ -system_server
+ -traced_perf
+ -mediaserver
+ } vendor_app_file:file r_file_perms;
+')
+
+full_treble_only(`
+ # Limit access to /vendor/overlay
+ neverallow {
+ coredomain
+ -appdomain
+ -idmap
+ -init
+ -installd
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -postinstall_dexopt
+ -rs # spawned by appdomain, so carryover the exception above
+ -system_server
+ -traced_perf
+ -app_zygote
+ -webview_zygote
+ -zygote
+ userdebug_or_eng(`-heapprofd')
+ } vendor_overlay_file:dir { getattr open read search };
+')
+
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain
+ -idmap
+ -init
+ -installd
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -postinstall_dexopt
+ -rs # spawned by appdomain, so carryover the exception above
+ -system_server
+ -traced_perf
+ -app_zygote
+ -webview_zygote
+ -zygote
+ userdebug_or_eng(`-heapprofd')
+ } vendor_overlay_file:file open;
+')
+
+# Core domains are not permitted to use kernel interfaces which are not
+# explicitly labeled.
+# TODO(b/65643247): Apply these neverallow rules to all coredomain.
+full_treble_only(`
+ # /proc
+ neverallow {
+ coredomain
+ -init
+ -vold
+ } proc:file no_rw_file_perms;
+
+ # /sys
+ neverallow {
+ coredomain
+ -init
+ -ueventd
+ -vold
+ } sysfs:file no_rw_file_perms;
+
+ # /dev
+ neverallow {
+ coredomain
+ -fsck
+ -init
+ -ueventd
+ } device:{ blk_file file } no_rw_file_perms;
+
+ # debugfs
+ neverallow {
+ coredomain
+ -dumpstate
+ -init
+ -system_server
+ } debugfs:file no_rw_file_perms;
+
+ # tracefs
+ neverallow {
+ coredomain
+ -atrace
+ -dumpstate
+ -init
+ -traced_probes
+ -shell
+ -system_server
+ -traceur_app
+ } debugfs_tracing:file no_rw_file_perms;
+
+ # inotifyfs
+ neverallow {
+ coredomain
+ -init
+ } inotify:file no_rw_file_perms;
+
+ # pstorefs
+ neverallow {
+ coredomain
+ -bootstat
+ -charger
+ -dumpstate
+ -healthd
+ userdebug_or_eng(`-incidentd')
+ -init
+ -logd
+ -logpersist
+ -recovery_persist
+ -recovery_refresh
+ -shell
+ -system_server
+ } pstorefs:file no_rw_file_perms;
+
+ # configfs
+ neverallow {
+ coredomain
+ -init
+ -system_server
+ } configfs:file no_rw_file_perms;
+
+ # functionfs
+ neverallow {
+ coredomain
+ -adbd
+ -init
+ -mediaprovider
+ -system_server
+ } functionfs:file no_rw_file_perms;
+
+ # usbfs and binfmt_miscfs
+ neverallow {
+ coredomain
+ -init
+ }{ usbfs binfmt_miscfs }:file no_rw_file_perms;
+')
+
+# Following /dev nodes must not be directly accessed by coredomain, but should
+# instead be wrapped by HALs.
+neverallow coredomain {
+ iio_device
+ radio_device
+}:chr_file { open read append write ioctl };
+
+# TODO(b/120243891): HAL permission to tee_device is included into coredomain
+# on non-Treble devices.
+full_treble_only(`
+ neverallow coredomain tee_device:chr_file { open read append write ioctl };
+')
diff --git a/prebuilts/api/30.0/private/cppreopts.te b/prebuilts/api/30.0/private/cppreopts.te
new file mode 100644
index 0000000..1192ba6
--- /dev/null
+++ b/prebuilts/api/30.0/private/cppreopts.te
@@ -0,0 +1,31 @@
+# cppreopts
+#
+# This command copies preopted files from the system_b partition to the data
+# partition. This domain ensures that we are only copying into specific
+# directories.
+
+type cppreopts, domain, mlstrustedsubject, coredomain;
+type cppreopts_exec, system_file_type, exec_type, file_type;
+
+# Technically not a daemon but we do want the transition from init domain to
+# cppreopts to occur.
+init_daemon_domain(cppreopts)
+domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename);
+
+# Allow cppreopts copy files into the dalvik-cache
+allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write };
+allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink };
+
+# Allow cppreopts to execute itself using #!/system/bin/sh
+allow cppreopts shell_exec:file rx_file_perms;
+
+# Allow us to run find on /postinstall
+allow cppreopts system_file:dir { open read };
+
+# Allow running the cp command using cppreopts permissions. Needed so we can
+# write into dalvik-cache
+allow cppreopts toolbox_exec:file rx_file_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but cppreopts.sh still runs.
+dontaudit cppreopts postinstall_mnt_dir:dir search;
diff --git a/prebuilts/api/30.0/private/crash_dump.te b/prebuilts/api/30.0/private/crash_dump.te
new file mode 100644
index 0000000..f130327
--- /dev/null
+++ b/prebuilts/api/30.0/private/crash_dump.te
@@ -0,0 +1,49 @@
+typeattribute crash_dump coredomain;
+
+# Crash dump does not need to access devices passed across exec().
+dontaudit crash_dump { devpts dev_type }:chr_file { read write };
+
+allow crash_dump {
+ domain
+ -apexd
+ -bpfloader
+ -crash_dump
+ -init
+ -kernel
+ -keystore
+ -llkd
+ -logd
+ -ueventd
+ -vendor_init
+ -vold
+}:process { ptrace signal sigchld sigstop sigkill };
+userdebug_or_eng(`
+ allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
+')
+
+###
+### neverallow assertions
+###
+
+# ptrace neverallow assertions are spread throughout the other policy
+# files, so we avoid adding redundant assertions here
+
+neverallow crash_dump {
+ apexd
+ userdebug_or_eng(`-apexd')
+ bpfloader
+ init
+ kernel
+ keystore
+ llkd
+ userdebug_or_eng(`-llkd')
+ logd
+ userdebug_or_eng(`-logd')
+ ueventd
+ vendor_init
+ vold
+ userdebug_or_eng(`-vold')
+}:process { signal sigstop sigkill };
+
+neverallow crash_dump self:process ptrace;
+neverallow crash_dump gpu_device:chr_file *;
diff --git a/prebuilts/api/30.0/private/credstore.te b/prebuilts/api/30.0/private/credstore.te
new file mode 100644
index 0000000..8d87e2f
--- /dev/null
+++ b/prebuilts/api/30.0/private/credstore.te
@@ -0,0 +1,6 @@
+typeattribute credstore coredomain;
+
+init_daemon_domain(credstore)
+
+# talk to Identity Credential
+hal_client_domain(credstore, hal_identity)
diff --git a/prebuilts/api/30.0/private/derive_sdk.te b/prebuilts/api/30.0/private/derive_sdk.te
new file mode 100644
index 0000000..1f60e34
--- /dev/null
+++ b/prebuilts/api/30.0/private/derive_sdk.te
@@ -0,0 +1,12 @@
+
+# Domain for derive_sdk
+type derive_sdk, domain, coredomain;
+type derive_sdk_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(derive_sdk)
+
+# Read /apex
+allow derive_sdk apex_mnt_dir:dir r_dir_perms;
+
+# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
+set_prop(derive_sdk, module_sdkextensions_prop)
+neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/dex2oat.te b/prebuilts/api/30.0/private/dex2oat.te
new file mode 100644
index 0000000..7907f6c
--- /dev/null
+++ b/prebuilts/api/30.0/private/dex2oat.te
@@ -0,0 +1,84 @@
+# dex2oat
+type dex2oat, domain, coredomain;
+type dex2oat_exec, system_file_type, exec_type, file_type;
+
+r_dir_file(dex2oat, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dex2oat, vendor_app_file)
+# Access /vendor/framework
+allow dex2oat vendor_framework_file:dir { getattr search };
+allow dex2oat vendor_framework_file:file { getattr open read map };
+
+allow dex2oat tmpfs:file { read getattr map };
+
+r_dir_file(dex2oat, dalvikcache_data_file)
+allow dex2oat dalvikcache_data_file:file write;
+# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot images, where
+# the oat file is symlinked to the original file in /system.
+allow dex2oat dalvikcache_data_file:lnk_file read;
+allow dex2oat installd:fd use;
+
+# Acquire advisory lock on /system/framework/arm/*
+allow dex2oat system_file:file lock;
+
+# Read already open asec_apk_file file descriptors passed by installd.
+# Also allow reading unlabeled files, to allow for upgrading forward
+# locked APKs.
+allow dex2oat asec_apk_file:file { read map };
+allow dex2oat unlabeled:file { read map };
+allow dex2oat oemfs:file { read map };
+allow dex2oat apk_tmp_file:dir search;
+allow dex2oat apk_tmp_file:file r_file_perms;
+allow dex2oat user_profile_data_file:file { getattr read lock map };
+
+# Allow dex2oat to compile app's secondary dex files which were reported back to
+# the framework.
+allow dex2oat { privapp_data_file app_data_file }:file { getattr read write lock map };
+
+##################
+# A/B OTA Dexopt #
+##################
+
+# Allow dex2oat to use file descriptors from otapreopt.
+allow dex2oat postinstall_dexopt:fd use;
+
+# Allow dex2oat to read files under /postinstall (e.g. APKs under /system, /system/bin/linker).
+allow dex2oat postinstall_file:dir r_dir_perms;
+allow dex2oat postinstall_file:filesystem getattr;
+allow dex2oat postinstall_file:lnk_file { getattr read };
+allow dex2oat postinstall_file:file read;
+# Allow dex2oat to use libraries under /postinstall/system (e.g. /system/lib/libc.so).
+# TODO(b/120266448): Remove when Bionic libraries are part of the Runtime APEX.
+allow dex2oat postinstall_file:file { execute getattr open };
+
+# Allow dex2oat access to /postinstall/apex.
+allow dex2oat postinstall_apex_mnt_dir:dir { getattr search };
+
+# Allow dex2oat access to files in /data/ota.
+allow dex2oat ota_data_file:dir ra_dir_perms;
+allow dex2oat ota_data_file:file r_file_perms;
+
+# Create and read symlinks in /data/ota/dalvik-cache. This is required for PIC mode boot images,
+# where the oat file is symlinked to the original file in /system.
+allow dex2oat ota_data_file:lnk_file { create read };
+
+# It would be nice to tie this down, but currently, because of how images are written, we can't
+# pass file descriptors for the preopted boot image to dex2oat. So dex2oat needs to be able to
+# create them itself (and make them world-readable).
+allow dex2oat ota_data_file:file { create w_file_perms setattr };
+
+###############
+# APEX Update #
+###############
+
+# /dev/zero is inherited.
+allow dex2oat apexd:fd use;
+
+# Allow dex2oat to use file descriptors from preinstall.
+allow dex2oat art_apex_preinstall:fd use;
+
+##############
+# Neverallow #
+##############
+
+neverallow dex2oat { privapp_data_file app_data_file }:notdevfile_class_set open;
diff --git a/prebuilts/api/30.0/private/dexoptanalyzer.te b/prebuilts/api/30.0/private/dexoptanalyzer.te
new file mode 100644
index 0000000..a2b2b01
--- /dev/null
+++ b/prebuilts/api/30.0/private/dexoptanalyzer.te
@@ -0,0 +1,39 @@
+# dexoptanalyzer
+type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
+type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
+type dexoptanalyzer_tmpfs, file_type;
+
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
+# Reading an APK opens a ZipArchive, which unpack to tmpfs.
+# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
+# own label, which differs from other labels created by other processes.
+# This allows to distinguish in policy files created by dexoptanalyzer vs other
+#processes.
+tmpfs_domain(dexoptanalyzer)
+
+# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot
+# app_data_file the oat file is symlinked to the original file in /system.
+allow dexoptanalyzer dalvikcache_data_file:dir { getattr search };
+allow dexoptanalyzer dalvikcache_data_file:file r_file_perms;
+allow dexoptanalyzer dalvikcache_data_file:lnk_file read;
+
+allow dexoptanalyzer installd:fd use;
+allow dexoptanalyzer installd:fifo_file { getattr write };
+
+# Acquire advisory lock on /system/framework/arm/*
+allow dexoptanalyzer system_file:file lock;
+
+# Allow reading secondary dex files that were reported by the app to the
+# package manager.
+allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
+# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
+# "dontaudit...audit_access" policy line to suppress the audit access without
+# suppressing denial on actual access.
+dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access;
+
+# Allow testing /data/user/0 which symlinks to /data/data
+allow dexoptanalyzer system_data_file:lnk_file { getattr };
diff --git a/prebuilts/api/30.0/private/dhcp.te b/prebuilts/api/30.0/private/dhcp.te
new file mode 100644
index 0000000..b2f8ac7
--- /dev/null
+++ b/prebuilts/api/30.0/private/dhcp.te
@@ -0,0 +1,4 @@
+typeattribute dhcp coredomain;
+
+init_daemon_domain(dhcp)
+type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
diff --git a/prebuilts/api/30.0/private/dnsmasq.te b/prebuilts/api/30.0/private/dnsmasq.te
new file mode 100644
index 0000000..96084b4
--- /dev/null
+++ b/prebuilts/api/30.0/private/dnsmasq.te
@@ -0,0 +1 @@
+typeattribute dnsmasq coredomain;
diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te
new file mode 100644
index 0000000..7116dad
--- /dev/null
+++ b/prebuilts/api/30.0/private/domain.te
@@ -0,0 +1,374 @@
+# Transition to crash_dump when /system/bin/crash_dump* is executed.
+# This occurs when the process crashes.
+# We do not apply this to the su domain to avoid interfering with
+# tests (b/114136122)
+domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
+allow domain crash_dump:process sigchld;
+
+# Allow every process to check the heapprofd.enable properties to determine
+# whether to load the heap profiling library. This does not necessarily enable
+# heap profiling, as initialization will fail if it does not have the
+# necessary SELinux permissions.
+get_prop(domain, heapprofd_prop);
+# Allow heap profiling on debug builds.
+userdebug_or_eng(`can_profile_heap_central({
+ domain
+ -bpfloader
+ -init
+ -kernel
+ -keystore
+ -llkd
+ -logd
+ -logpersist
+ -recovery
+ -recovery_persist
+ -recovery_refresh
+ -ueventd
+ -vendor_init
+ -vold
+})')
+
+# As above, allow perf profiling most processes on debug builds.
+# zygote is excluded as system-wide profiling could end up with it
+# (unexpectedly) holding an open fd across a fork.
+userdebug_or_eng(`can_profile_perf({
+ domain
+ -bpfloader
+ -init
+ -kernel
+ -keystore
+ -llkd
+ -logd
+ -logpersist
+ -recovery
+ -recovery_persist
+ -recovery_refresh
+ -ueventd
+ -vendor_init
+ -vold
+ -zygote
+})')
+
+# Path resolution access in cgroups.
+allow domain cgroup:dir search;
+allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
+allow { domain -appdomain -rs } cgroup:file w_file_perms;
+
+allow domain cgroup_rc_file:dir search;
+allow domain cgroup_rc_file:file r_file_perms;
+allow domain task_profiles_file:file r_file_perms;
+allow domain vendor_task_profiles_file:file r_file_perms;
+
+# Allow all domains to read sys.use_memfd to determine
+# if memfd support can be used if device supports it
+get_prop(domain, use_memfd_prop);
+
+# Read access to sdkextensions props
+get_prop(domain, module_sdkextensions_prop)
+
+# Read access to bq configuration values
+get_prop(domain, bq_config_prop);
+
+# For now, everyone can access core property files
+# Device specific properties are not granted by default
+not_compatible_property(`
+ get_prop(domain, core_property_type)
+ get_prop(domain, exported_dalvik_prop)
+ get_prop(domain, exported_ffs_prop)
+ get_prop(domain, exported_system_radio_prop)
+ get_prop(domain, exported2_config_prop)
+ get_prop(domain, exported2_radio_prop)
+ get_prop(domain, exported2_system_prop)
+ get_prop(domain, exported2_vold_prop)
+ get_prop(domain, exported3_default_prop)
+ get_prop(domain, exported3_radio_prop)
+ get_prop(domain, exported3_system_prop)
+ get_prop(domain, vendor_default_prop)
+')
+compatible_property_only(`
+ get_prop({coredomain appdomain shell}, core_property_type)
+ get_prop({coredomain appdomain shell}, exported_dalvik_prop)
+ get_prop({coredomain appdomain shell}, exported_ffs_prop)
+ get_prop({coredomain appdomain shell}, exported_system_radio_prop)
+ get_prop({coredomain appdomain shell}, exported2_config_prop)
+ get_prop({coredomain appdomain shell}, exported2_radio_prop)
+ get_prop({coredomain appdomain shell}, exported2_system_prop)
+ get_prop({coredomain appdomain shell}, exported2_vold_prop)
+ get_prop({coredomain appdomain shell}, exported3_default_prop)
+ get_prop({coredomain appdomain shell}, exported3_radio_prop)
+ get_prop({coredomain appdomain shell}, exported3_system_prop)
+ get_prop({coredomain appdomain shell}, exported_camera_prop)
+ get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
+ get_prop({coredomain shell}, userspace_reboot_exported_prop)
+ get_prop({coredomain shell}, userspace_reboot_log_prop)
+ get_prop({coredomain shell}, userspace_reboot_test_prop)
+ get_prop({domain -coredomain -appdomain}, vendor_default_prop)
+')
+
+# Allow access to fsverity keyring.
+allow domain kernel:key search;
+# Allow access to keys in the fsverity keyring that were installed at boot.
+allow domain fsverity_init:key search;
+# For testing purposes, allow access to keys installed with su.
+userdebug_or_eng(`
+ allow domain su:key search;
+')
+
+# Allow access to linkerconfig file
+allow domain linkerconfig_file:dir search;
+allow domain linkerconfig_file:file r_file_perms;
+
+# Allow all processes to check for the existence of the boringssl_self_test_marker files.
+allow domain boringssl_self_test_marker:dir search;
+
+# Limit ability to ptrace or read sensitive /proc/pid files of processes
+# with other UIDs to these whitelisted domains.
+neverallow {
+ domain
+ -vold
+ userdebug_or_eng(`-llkd')
+ -dumpstate
+ userdebug_or_eng(`-incidentd')
+ -storaged
+ -system_server
+} self:global_capability_class_set sys_ptrace;
+
+# Limit ability to generate hardware unique device ID attestations to priv_apps
+neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id;
+
+neverallow {
+ domain
+ -init
+ -vendor_init
+ userdebug_or_eng(`-domain')
+} debugfs_tracing_debug:file no_rw_file_perms;
+
+# System_server owns dropbox data, and init creates/restorecons the directory
+# Disallow direct access by other processes.
+neverallow { domain -init -system_server } dropbox_data_file:dir *;
+neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
+
+###
+# Services should respect app sandboxes
+neverallow {
+ domain
+ -appdomain
+ -installd # creation of sandbox
+} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
+
+# Only the following processes should be directly accessing private app
+# directories.
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -app_zygote
+ -dexoptanalyzer
+ -installd
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -profman
+ -rs # spawned by appdomain, so carryover the exception above
+ -runas
+ -system_server
+ -viewcompiler
+ -zygote
+} { privapp_data_file app_data_file }:dir *;
+
+# Only apps should be modifying app data. installd is exempted for
+# restorecon and package install/uninstall.
+neverallow {
+ domain
+ -appdomain
+ -installd
+ -rs # spawned by appdomain, so carryover the exception above
+} { privapp_data_file app_data_file }:dir ~r_dir_perms;
+
+neverallow {
+ domain
+ -appdomain
+ -app_zygote
+ -installd
+ -iorap_prefetcherd
+ -rs # spawned by appdomain, so carryover the exception above
+} { privapp_data_file app_data_file }:file_class_set open;
+
+neverallow {
+ domain
+ -appdomain
+ -installd # creation of sandbox
+} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
+
+neverallow {
+ domain
+ -installd
+} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto };
+
+# The staging directory contains APEX and APK files. It is important to ensure
+# that these files cannot be accessed by other domains to ensure that the files
+# do not change between system_server staging the files and apexd processing
+# the files.
+neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *;
+neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *;
+neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
+# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
+# except for `link` and `unlink`.
+neverallow { domain -init -system_server } staging_data_file:file
+ { append create relabelfrom rename setattr write no_x_file_perms };
+
+neverallow {
+ domain
+ -appdomain # for oemfs
+ -bootanim # for oemfs
+ -recovery # for /tmp/update_binary in tmpfs
+} { fs_type -rootfs }:file execute;
+
+#
+# Assert that, to the extent possible, we're not loading executable content from
+# outside the rootfs or /system partition except for a few whitelisted domains.
+# Executable files loaded from /data is a persistence vector
+# we want to avoid. See
+# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
+#
+neverallow {
+ domain
+ -appdomain
+ with_asan(`-asan_extract')
+ -iorap_prefetcherd
+ -shell
+ userdebug_or_eng(`-su')
+ -system_server_startup # for memfd backed executable regions
+ -app_zygote
+ -webview_zygote
+ -zygote
+ userdebug_or_eng(`-mediaextractor')
+ userdebug_or_eng(`-mediaswcodec')
+} {
+ file_type
+ -system_file_type
+ -system_lib_file
+ -system_linker_exec
+ -vendor_file_type
+ -exec_type
+ -postinstall_file
+}:file execute;
+
+# Only init is allowed to write cgroup.rc file
+neverallow {
+ domain
+ -init
+ -vendor_init
+} cgroup_rc_file:file no_w_file_perms;
+
+# Only authorized processes should be writing to files in /data/dalvik-cache
+neverallow {
+ domain
+ -init # TODO: limit init to relabelfrom for files
+ -zygote
+ -installd
+ -postinstall_dexopt
+ -cppreopts
+ -dex2oat
+ -otapreopt_slot
+ -art_apex_postinstall
+ -art_apex_boot_integrity
+} dalvikcache_data_file:file no_w_file_perms;
+
+neverallow {
+ domain
+ -init
+ -installd
+ -postinstall_dexopt
+ -cppreopts
+ -dex2oat
+ -zygote
+ -otapreopt_slot
+ -art_apex_boot_integrity
+ -art_apex_postinstall
+} dalvikcache_data_file:dir no_w_dir_perms;
+
+# Minimize dac_override and dac_read_search.
+# Instead of granting them it is usually better to add the domain to
+# a Unix group or change the permissions of a file.
+define(`dac_override_allowed', `{
+ apexd
+ dnsmasq
+ dumpstate
+ init
+ installd
+ userdebug_or_eng(`llkd')
+ lmkd
+ migrate_legacy_obb_data
+ netd
+ postinstall_dexopt
+ recovery
+ rss_hwm_reset
+ sdcardd
+ tee
+ ueventd
+ uncrypt
+ vendor_init
+ vold
+ vold_prepare_subdirs
+ zygote
+}')
+neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
+# Since the kernel checks dac_read_search before dac_override, domains that
+# have dac_override should also have dac_read_search to eliminate spurious
+# denials. Some domains have dac_read_search without having dac_override, so
+# this list should be a superset of the one above.
+neverallow ~{
+ dac_override_allowed
+ iorap_inode2filename
+ iorap_prefetcherd
+ traced_perf
+ traced_probes
+ userdebug_or_eng(`heapprofd')
+} self:global_capability_class_set dac_read_search;
+
+# Limit what domains can mount filesystems or change their mount flags.
+# sdcard_type / vfat is exempt as a larger set of domains need
+# this capability, including device-specific domains.
+neverallow {
+ domain
+ -apexd
+ recovery_only(`userdebug_or_eng(`-fastbootd')')
+ -init
+ -kernel
+ -otapreopt_chroot
+ -recovery
+ -update_engine
+ -vold
+ -zygote
+} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto };
+
+# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+neverallow {
+ domain
+ userdebug_or_eng(`-domain')
+ -kernel
+ -gsid
+ -init
+ -recovery
+ -ueventd
+ -healthd
+ -uncrypt
+ -tee
+ -hal_bootctl_server
+ -fastbootd
+} self:global_capability_class_set sys_rawio;
+
+# Limit directory operations that doesn't need to do app data isolation.
+neverallow {
+ domain
+ -init
+ -installd
+ -zygote
+} mirror_data_file:dir *;
+
+# This property is being removed. Remove remaining access.
+neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set;
+neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read;
+
+# Kprobes should only be used by adb root
+neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
diff --git a/prebuilts/api/30.0/private/drmserver.te b/prebuilts/api/30.0/private/drmserver.te
new file mode 100644
index 0000000..afe4f0a
--- /dev/null
+++ b/prebuilts/api/30.0/private/drmserver.te
@@ -0,0 +1,7 @@
+typeattribute drmserver coredomain;
+
+init_daemon_domain(drmserver)
+
+type_transition drmserver apk_data_file:sock_file drmserver_socket;
+
+typeattribute drmserver_socket coredomain_socket;
diff --git a/prebuilts/api/30.0/private/dumpstate.te b/prebuilts/api/30.0/private/dumpstate.te
new file mode 100644
index 0000000..72e508e
--- /dev/null
+++ b/prebuilts/api/30.0/private/dumpstate.te
@@ -0,0 +1,62 @@
+typeattribute dumpstate coredomain;
+
+init_daemon_domain(dumpstate)
+
+# Execute and transition to the vdc domain
+domain_auto_trans(dumpstate, vdc_exec, vdc)
+
+# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
+allow dumpstate system_file:file lock;
+
+allow dumpstate storaged_exec:file rx_file_perms;
+
+# /data/misc/wmtrace for wm traces
+userdebug_or_eng(`
+ allow dumpstate wm_trace_data_file:dir r_dir_perms;
+ allow dumpstate wm_trace_data_file:file r_file_perms;
+')
+
+# Allow dumpstate to make binder calls to incidentd
+binder_call(dumpstate, incidentd)
+
+# Allow dumpstate to make binder calls to storaged service
+binder_call(dumpstate, storaged)
+
+# Allow dumpstate to make binder calls to statsd
+binder_call(dumpstate, statsd)
+
+# Allow dumpstate to talk to gpuservice over binder
+binder_call(dumpstate, gpuservice);
+
+# Allow dumpstate to talk to idmap over binder
+binder_call(dumpstate, idmap);
+
+# Collect metrics on boot time created by init
+get_prop(dumpstate, boottime_prop)
+
+# Signal native processes to dump their stack.
+allow dumpstate {
+ statsd
+ netd
+}:process signal;
+
+# For collecting bugreports.
+allow dumpstate debugfs_wakeup_sources:file r_file_perms;
+allow dumpstate dev_type:blk_file getattr;
+allow dumpstate webview_zygote:process signal;
+dontaudit dumpstate update_engine:binder call;
+allow dumpstate proc_net_tcp_udp:file r_file_perms;
+
+# For comminucating with the system process to do confirmation ui.
+binder_call(dumpstate, incidentcompanion_service)
+
+# For dumping dynamic partition information.
+set_prop(dumpstate, lpdumpd_prop)
+binder_call(dumpstate, lpdumpd)
+
+# For dumping device-mapper and snapshot information.
+allow dumpstate gsid_exec:file rx_file_perms;
+set_prop(dumpstate, ctl_gsid_prop)
+binder_call(dumpstate, gsid)
+
+r_dir_file(dumpstate, ota_metadata_file)
diff --git a/prebuilts/api/30.0/private/ephemeral_app.te b/prebuilts/api/30.0/private/ephemeral_app.te
new file mode 100644
index 0000000..56d4747
--- /dev/null
+++ b/prebuilts/api/30.0/private/ephemeral_app.te
@@ -0,0 +1,99 @@
+###
+### Ephemeral apps.
+###
+### This file defines the security policy for apps with the ephemeral
+### feature.
+###
+### The ephemeral_app domain is a reduced permissions sandbox allowing
+### ephemeral applications to be safely installed and run. Non ephemeral
+### applications may also opt-in to ephemeral to take advantage of the
+### additional security features.
+###
+### PackageManager flags an app as ephemeral at install time.
+
+typeattribute ephemeral_app coredomain;
+
+net_domain(ephemeral_app)
+app_domain(ephemeral_app)
+
+# Allow ephemeral apps to read/write files in visible storage if provided fds
+allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append};
+
+# Some apps ship with shared libraries and binaries that they write out
+# to their sandbox directory and then execute.
+allow ephemeral_app privapp_data_file:file { r_file_perms execute };
+allow ephemeral_app app_data_file:file { r_file_perms execute };
+
+# Follow priv-app symlinks. This is used for dynamite functionality.
+allow ephemeral_app privapp_data_file:lnk_file r_file_perms;
+
+# Allow the renderscript compiler to be run.
+domain_auto_trans(ephemeral_app, rs_exec, rs)
+
+# Allow loading and deleting shared libraries created by trusted system
+# components within an application home directory.
+allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink };
+
+# services
+allow ephemeral_app audioserver_service:service_manager find;
+allow ephemeral_app cameraserver_service:service_manager find;
+allow ephemeral_app mediaserver_service:service_manager find;
+allow ephemeral_app mediaextractor_service:service_manager find;
+allow ephemeral_app mediametrics_service:service_manager find;
+allow ephemeral_app mediadrmserver_service:service_manager find;
+allow ephemeral_app drmserver_service:service_manager find;
+allow ephemeral_app radio_service:service_manager find;
+allow ephemeral_app ephemeral_app_api_service:service_manager find;
+allow ephemeral_app gpu_service:service_manager find;
+
+# Allow ephemeral apps to interact with gpuservice
+binder_call(ephemeral_app, gpuservice)
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(ephemeral_app)
+
+# Allow profiling if the app opts in by being marked profileable/debuggable.
+can_profile_heap(ephemeral_app)
+can_profile_perf(ephemeral_app)
+
+# allow ephemeral apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow ephemeral_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
+
+allow ephemeral_app ashmem_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+neverallow ephemeral_app { app_data_file privapp_data_file }:file execute_no_trans;
+
+# Receive or send uevent messages.
+neverallow ephemeral_app domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow ephemeral_app domain:netlink_socket *;
+
+# Too much leaky information in debugfs. It's a security
+# best practice to ensure these files aren't readable.
+neverallow ephemeral_app debugfs:file read;
+
+# execute gpu_device
+neverallow ephemeral_app gpu_device:chr_file execute;
+
+# access files in /sys with the default sysfs label
+neverallow ephemeral_app sysfs:file *;
+
+# Avoid reads from generically labeled /proc files
+# Create a more specific label if needed
+neverallow ephemeral_app proc:file { no_rw_file_perms no_x_file_perms };
+
+# Directly access external storage
+neverallow ephemeral_app { sdcard_type media_rw_data_file }:file {open create};
+neverallow ephemeral_app { sdcard_type media_rw_data_file }:dir search;
+
+# Avoid reads to proc_net, it contains too much device wide information about
+# ongoing connections.
+neverallow ephemeral_app proc_net:file no_rw_file_perms;
diff --git a/prebuilts/api/30.0/private/fastbootd.te b/prebuilts/api/30.0/private/fastbootd.te
new file mode 100644
index 0000000..29a9157
--- /dev/null
+++ b/prebuilts/api/30.0/private/fastbootd.te
@@ -0,0 +1 @@
+typeattribute fastbootd coredomain;
diff --git a/prebuilts/api/30.0/private/file.te b/prebuilts/api/30.0/private/file.te
new file mode 100644
index 0000000..4492002
--- /dev/null
+++ b/prebuilts/api/30.0/private/file.te
@@ -0,0 +1,28 @@
+# /proc/config.gz
+type config_gz, fs_type, proc_type;
+
+# /data/misc/storaged
+type storaged_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/wmtrace for wm traces
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/perfetto-traces for perfetto traces
+type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
+
+# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
+type debugfs_kcov, fs_type, debugfs_type;
+
+# App executable files in /data/data directories
+type app_exec_data_file, file_type, data_file_type, core_data_file_type;
+typealias app_exec_data_file alias rs_data_file;
+
+# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
+# of application data.
+type rollback_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/gsi/ota
+type ota_image_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/emergencynumberdb
+type emergency_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts
new file mode 100644
index 0000000..9620b75
--- /dev/null
+++ b/prebuilts/api/30.0/private/file_contexts
@@ -0,0 +1,738 @@
+###########################################
+# Root
+/ u:object_r:rootfs:s0
+
+# Data files
+/adb_keys u:object_r:adb_keys_file:s0
+/build\.prop u:object_r:rootfs:s0
+/default\.prop u:object_r:rootfs:s0
+/fstab\..* u:object_r:rootfs:s0
+/init\..* u:object_r:rootfs:s0
+/res(/.*)? u:object_r:rootfs:s0
+/selinux_version u:object_r:rootfs:s0
+/ueventd\..* u:object_r:rootfs:s0
+/verity_key u:object_r:rootfs:s0
+
+# Executables
+/init u:object_r:init_exec:s0
+/sbin(/.*)? u:object_r:rootfs:s0
+
+# For kernel modules
+/lib(/.*)? u:object_r:rootfs:s0
+
+# Empty directories
+/lost\+found u:object_r:rootfs:s0
+/acct u:object_r:cgroup:s0
+/config u:object_r:rootfs:s0
+/data_mirror u:object_r:mirror_data_file:s0
+/debug_ramdisk u:object_r:tmpfs:s0
+/mnt u:object_r:tmpfs:s0
+/postinstall u:object_r:postinstall_mnt_dir:s0
+/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0
+/proc u:object_r:rootfs:s0
+/sys u:object_r:sysfs:s0
+/apex u:object_r:apex_mnt_dir:s0
+
+# Symlinks
+/bin u:object_r:rootfs:s0
+/bugreports u:object_r:rootfs:s0
+/charger u:object_r:rootfs:s0
+/d u:object_r:rootfs:s0
+/etc u:object_r:rootfs:s0
+/sdcard u:object_r:rootfs:s0
+
+# SELinux policy files
+/vendor_file_contexts u:object_r:file_contexts_file:s0
+/nonplat_file_contexts u:object_r:file_contexts_file:s0
+/plat_file_contexts u:object_r:file_contexts_file:s0
+/product_file_contexts u:object_r:file_contexts_file:s0
+/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0
+/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0
+/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
+/plat_property_contexts u:object_r:property_contexts_file:s0
+/product_property_contexts u:object_r:property_contexts_file:s0
+/nonplat_property_contexts u:object_r:property_contexts_file:s0
+/vendor_property_contexts u:object_r:property_contexts_file:s0
+/seapp_contexts u:object_r:seapp_contexts_file:s0
+/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0
+/vendor_seapp_contexts u:object_r:seapp_contexts_file:s0
+/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
+/sepolicy u:object_r:sepolicy_file:s0
+/plat_service_contexts u:object_r:service_contexts_file:s0
+/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
+# Use nonplat_service_contexts_file to allow servicemanager to read it
+# on non full-treble devices.
+/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0
+/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/vndservice_contexts u:object_r:vndservice_contexts_file:s0
+
+##########################
+# Devices
+#
+/dev(/.*)? u:object_r:device:s0
+/dev/adf[0-9]* u:object_r:graphics_device:s0
+/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
+/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
+/dev/ashmem u:object_r:ashmem_device:s0
+/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
+/dev/audio.* u:object_r:audio_device:s0
+/dev/binder u:object_r:binder_device:s0
+/dev/block(/.*)? u:object_r:block_device:s0
+/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
+/dev/block/loop[0-9]* u:object_r:loop_device:s0
+/dev/block/vold/.+ u:object_r:vold_device:s0
+/dev/block/ram[0-9]* u:object_r:ram_device:s0
+/dev/block/zram[0-9]* u:object_r:ram_device:s0
+/dev/boringssl/selftest(/.*)? u:object_r:boringssl_self_test_marker:s0
+/dev/bus/usb(.*)? u:object_r:usb_device:s0
+/dev/console u:object_r:console_device:s0
+/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
+/dev/device-mapper u:object_r:dm_device:s0
+/dev/eac u:object_r:audio_device:s0
+/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
+/dev/cgroup_info(/.*)? u:object_r:cgroup_rc_file:s0
+/dev/fscklogs(/.*)? u:object_r:fscklogs:s0
+/dev/fuse u:object_r:fuse_device:s0
+/dev/graphics(/.*)? u:object_r:graphics_device:s0
+/dev/hw_random u:object_r:hw_random_device:s0
+/dev/hwbinder u:object_r:hwbinder_device:s0
+/dev/input(/.*)? u:object_r:input_device:s0
+/dev/iio:device[0-9]+ u:object_r:iio_device:s0
+/dev/ion u:object_r:ion_device:s0
+/dev/keychord u:object_r:keychord_device:s0
+/dev/loop-control u:object_r:loop_control_device:s0
+/dev/modem.* u:object_r:radio_device:s0
+/dev/mtp_usb u:object_r:mtp_device:s0
+/dev/pmsg0 u:object_r:pmsg_device:s0
+/dev/pn544 u:object_r:nfc_device:s0
+/dev/port u:object_r:port_device:s0
+/dev/ppp u:object_r:ppp_device:s0
+/dev/ptmx u:object_r:ptmx_device:s0
+/dev/pvrsrvkm u:object_r:gpu_device:s0
+/dev/kmsg u:object_r:kmsg_device:s0
+/dev/kmsg_debug u:object_r:kmsg_debug_device:s0
+/dev/null u:object_r:null_device:s0
+/dev/nvhdcp1 u:object_r:video_device:s0
+/dev/random u:object_r:random_device:s0
+/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0
+/dev/rproc_user u:object_r:rpmsg_device:s0
+/dev/rtc[0-9] u:object_r:rtc_device:s0
+/dev/snd(/.*)? u:object_r:audio_device:s0
+/dev/socket(/.*)? u:object_r:socket_device:s0
+/dev/socket/adbd u:object_r:adbd_socket:s0
+/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
+/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
+/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
+/dev/socket/lmkd u:object_r:lmkd_socket:s0
+/dev/socket/logd u:object_r:logd_socket:s0
+/dev/socket/logdr u:object_r:logdr_socket:s0
+/dev/socket/logdw u:object_r:logdw_socket:s0
+/dev/socket/statsdw u:object_r:statsdw_socket:s0
+/dev/socket/mdns u:object_r:mdns_socket:s0
+/dev/socket/mdnsd u:object_r:mdnsd_socket:s0
+/dev/socket/mtpd u:object_r:mtpd_socket:s0
+/dev/socket/pdx/system/buffer_hub u:object_r:pdx_bufferhub_dir:s0
+/dev/socket/pdx/system/buffer_hub/client u:object_r:pdx_bufferhub_client_endpoint_socket:s0
+/dev/socket/pdx/system/performance u:object_r:pdx_performance_dir:s0
+/dev/socket/pdx/system/performance/client u:object_r:pdx_performance_client_endpoint_socket:s0
+/dev/socket/pdx/system/vr/display u:object_r:pdx_display_dir:s0
+/dev/socket/pdx/system/vr/display/client u:object_r:pdx_display_client_endpoint_socket:s0
+/dev/socket/pdx/system/vr/display/manager u:object_r:pdx_display_manager_endpoint_socket:s0
+/dev/socket/pdx/system/vr/display/screenshot u:object_r:pdx_display_screenshot_endpoint_socket:s0
+/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0
+/dev/socket/property_service u:object_r:property_socket:s0
+/dev/socket/racoon u:object_r:racoon_socket:s0
+/dev/socket/recovery u:object_r:recovery_socket:s0
+/dev/socket/rild u:object_r:rild_socket:s0
+/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
+/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
+/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
+/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
+/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
+/dev/socket/traced_perf u:object_r:traced_perf_socket:s0
+/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
+/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
+/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
+/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
+/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
+/dev/socket/zygote u:object_r:zygote_socket:s0
+/dev/socket/zygote_secondary u:object_r:zygote_socket:s0
+/dev/socket/usap_pool_primary u:object_r:zygote_socket:s0
+/dev/socket/usap_pool_secondary u:object_r:zygote_socket:s0
+/dev/spdif_out.* u:object_r:audio_device:s0
+/dev/tty u:object_r:owntty_device:s0
+/dev/tty[0-9]* u:object_r:tty_device:s0
+/dev/ttyS[0-9]* u:object_r:serial_device:s0
+/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0
+/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0
+/dev/tun u:object_r:tun_device:s0
+/dev/uhid u:object_r:uhid_device:s0
+/dev/uinput u:object_r:uhid_device:s0
+/dev/uio[0-9]* u:object_r:uio_device:s0
+/dev/urandom u:object_r:random_device:s0
+/dev/usb_accessory u:object_r:usbaccessory_device:s0
+/dev/v4l-touch[0-9]* u:object_r:input_device:s0
+/dev/video[0-9]* u:object_r:video_device:s0
+/dev/vndbinder u:object_r:vndbinder_device:s0
+/dev/watchdog u:object_r:watchdog_device:s0
+/dev/xt_qtaguid u:object_r:qtaguid_device:s0
+/dev/zero u:object_r:zero_device:s0
+/dev/__properties__ u:object_r:properties_device:s0
+/dev/__properties__/property_info u:object_r:property_info:s0
+#############################
+# Linker configuration
+#
+/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
+#############################
+# System files
+#
+/system(/.*)? u:object_r:system_file:s0
+/system/apex/com.android.art u:object_r:art_apex_dir:s0
+/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
+/system/bin/atrace u:object_r:atrace_exec:s0
+/system/bin/auditctl u:object_r:auditctl_exec:s0
+/system/bin/bcc u:object_r:rs_exec:s0
+/system/bin/blank_screen u:object_r:blank_screen_exec:s0
+/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
+/system/bin/charger u:object_r:charger_exec:s0
+/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
+/system/bin/mke2fs u:object_r:e2fs_exec:s0
+/system/bin/e2fsck -- u:object_r:fsck_exec:s0
+/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0
+/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
+/system/bin/init u:object_r:init_exec:s0
+# TODO(/123600489): merge mini-keyctl into toybox
+/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0
+/system/bin/fsverity_init u:object_r:fsverity_init_exec:s0
+/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0
+/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0
+/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0
+/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0
+/system/bin/tune2fs -- u:object_r:fsck_exec:s0
+/system/bin/toolbox -- u:object_r:toolbox_exec:s0
+/system/bin/toybox -- u:object_r:toolbox_exec:s0
+/system/bin/ld\.mc u:object_r:rs_exec:s0
+/system/bin/logcat -- u:object_r:logcat_exec:s0
+/system/bin/logcatd -- u:object_r:logcat_exec:s0
+/system/bin/sh -- u:object_r:shell_exec:s0
+/system/bin/run-as -- u:object_r:runas_exec:s0
+/system/bin/bootanimation u:object_r:bootanim_exec:s0
+/system/bin/bootstat u:object_r:bootstat_exec:s0
+/system/bin/app_process32 u:object_r:zygote_exec:s0
+/system/bin/app_process64 u:object_r:zygote_exec:s0
+/system/bin/servicemanager u:object_r:servicemanager_exec:s0
+/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0
+/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0
+/system/bin/gpuservice u:object_r:gpuservice_exec:s0
+/system/bin/bufferhubd u:object_r:bufferhubd_exec:s0
+/system/bin/performanced u:object_r:performanced_exec:s0
+/system/bin/drmserver u:object_r:drmserver_exec:s0
+/system/bin/dumpstate u:object_r:dumpstate_exec:s0
+/system/bin/incident u:object_r:incident_exec:s0
+/system/bin/incidentd u:object_r:incidentd_exec:s0
+/system/bin/incident_helper u:object_r:incident_helper_exec:s0
+/system/bin/iw u:object_r:iw_exec:s0
+/system/bin/netutils-wrapper-1\.0 u:object_r:netutils_wrapper_exec:s0
+/system/bin/vold u:object_r:vold_exec:s0
+/system/bin/netd u:object_r:netd_exec:s0
+/system/bin/wificond u:object_r:wificond_exec:s0
+/system/bin/audioserver u:object_r:audioserver_exec:s0
+/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
+/system/bin/mediaserver u:object_r:mediaserver_exec:s0
+/system/bin/mediametrics u:object_r:mediametrics_exec:s0
+/system/bin/cameraserver u:object_r:cameraserver_exec:s0
+/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
+/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0
+/system/bin/mediatranscoding u:object_r:mediatranscoding_exec:s0
+/system/bin/mdnsd u:object_r:mdnsd_exec:s0
+/system/bin/installd u:object_r:installd_exec:s0
+/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
+/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0
+/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
+/system/bin/credstore u:object_r:credstore_exec:s0
+/system/bin/keystore u:object_r:keystore_exec:s0
+/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
+/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
+/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0
+/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0
+/system/bin/tombstoned u:object_r:tombstoned_exec:s0
+/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0
+/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
+/system/bin/sdcard u:object_r:sdcardd_exec:s0
+/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0
+/system/bin/dhcpcd u:object_r:dhcp_exec:s0
+/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0
+/system/bin/mtpd u:object_r:mtp_exec:s0
+/system/bin/pppd u:object_r:ppp_exec:s0
+/system/bin/racoon u:object_r:racoon_exec:s0
+/system/xbin/su u:object_r:su_exec:s0
+/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
+/system/bin/healthd u:object_r:healthd_exec:s0
+/system/bin/clatd u:object_r:clatd_exec:s0
+/system/bin/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
+/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/llkd u:object_r:llkd_exec:s0
+/system/bin/lmkd u:object_r:lmkd_exec:s0
+/system/bin/usbd u:object_r:usbd_exec:s0
+/system/bin/inputflinger u:object_r:inputflinger_exec:s0
+/system/bin/logd u:object_r:logd_exec:s0
+/system/bin/lpdumpd u:object_r:lpdumpd_exec:s0
+/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0
+/system/bin/perfetto u:object_r:perfetto_exec:s0
+/system/bin/traced u:object_r:traced_exec:s0
+/system/bin/traced_perf u:object_r:traced_perf_exec:s0
+/system/bin/traced_probes u:object_r:traced_probes_exec:s0
+/system/bin/heapprofd u:object_r:heapprofd_exec:s0
+/system/bin/uncrypt u:object_r:uncrypt_exec:s0
+/system/bin/update_verifier u:object_r:update_verifier_exec:s0
+/system/bin/logwrapper u:object_r:system_file:s0
+/system/bin/vdc u:object_r:vdc_exec:s0
+/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0
+/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
+/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
+/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
+/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
+/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0
+/system/bin/profman(d)? u:object_r:profman_exec:s0
+/system/bin/iorapd u:object_r:iorapd_exec:s0
+/system/bin/iorap\.inode2filename u:object_r:iorap_inode2filename_exec:s0
+/system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
+/system/bin/sgdisk u:object_r:sgdisk_exec:s0
+/system/bin/blkid u:object_r:blkid_exec:s0
+/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
+/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
+/system/bin/idmap u:object_r:idmap_exec:s0
+/system/bin/idmap2(d)? u:object_r:idmap_exec:s0
+/system/bin/update_engine u:object_r:update_engine_exec:s0
+/system/bin/storaged u:object_r:storaged_exec:s0
+/system/bin/wpantund u:object_r:wpantund_exec:s0
+/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
+/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
+/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
+/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0
+/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
+/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
+/system/etc/group u:object_r:system_group_file:s0
+/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
+/system/etc/passwd u:object_r:system_passwd_file:s0
+/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
+/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
+/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
+/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0
+/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0
+/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0
+/system/etc/selinux/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0
+/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0
+/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0
+/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
+/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0
+/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0
+/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0
+/system/bin/adbd u:object_r:adbd_exec:s0
+/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
+/system/bin/stats u:object_r:stats_exec:s0
+/system/bin/statsd u:object_r:statsd_exec:s0
+/system/bin/bpfloader u:object_r:bpfloader_exec:s0
+/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0
+/system/bin/watchdogd u:object_r:watchdogd_exec:s0
+/system/bin/apexd u:object_r:apexd_exec:s0
+/system/bin/gsid u:object_r:gsid_exec:s0
+/system/bin/simpleperf u:object_r:simpleperf_exec:s0
+/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
+/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
+/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
+
+#############################
+# Vendor files
+#
+/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0
+/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0
+/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0
+/(vendor|system/vendor)/bin/toolbox u:object_r:vendor_toolbox_exec:s0
+/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0
+/(vendor|system/vendor)/etc/cgroups\.json u:object_r:vendor_cgroup_desc_file:s0
+/(vendor|system/vendor)/etc/task_profiles\.json u:object_r:vendor_task_profiles_file:s0
+
+/(vendor|system/vendor)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
+
+/(vendor|system/vendor)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0
+
+/(vendor|system/vendor)/manifest\.xml u:object_r:vendor_configs_file:s0
+/(vendor|system/vendor)/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0
+/(vendor|system/vendor)/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0
+/(vendor|system/vendor)/app(/.*)? u:object_r:vendor_app_file:s0
+/(vendor|system/vendor)/priv-app(/.*)? u:object_r:vendor_app_file:s0
+/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
+
+/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
+/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
+/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
+
+# HAL location
+/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
+
+/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
+
+/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
+
+/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
+
+#############################
+# OEM and ODM files
+#
+/(odm|vendor/odm)(/.*)? u:object_r:vendor_file:s0
+/(odm|vendor/odm)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0
+/(odm|vendor/odm)/lib(64)?/hw u:object_r:vendor_hal_file:s0
+/(odm|vendor/odm)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0
+/(odm|vendor/odm)/bin/sh u:object_r:vendor_shell_exec:s0
+/(odm|vendor/odm)/etc(/.*)? u:object_r:vendor_configs_file:s0
+/(odm|vendor/odm)/app(/.*)? u:object_r:vendor_app_file:s0
+/(odm|vendor/odm)/priv-app(/.*)? u:object_r:vendor_app_file:s0
+/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
+
+# Input configuration
+/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0
+
+/oem(/.*)? u:object_r:oemfs:s0
+/oem/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+
+# The precompiled monolithic sepolicy will be under /odm only when
+# BOARD_USES_ODMIMAGE is true: a separate odm.img is built.
+/odm/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0
+/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
+
+/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_file_contexts u:object_r:file_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts u:object_r:seapp_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_property_contexts u:object_r:property_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0
+
+#############################
+# Product files
+#
+/(product|system/product)(/.*)? u:object_r:system_file:s0
+/(product|system/product)/etc/group u:object_r:system_group_file:s0
+/(product|system/product)/etc/passwd u:object_r:system_passwd_file:s0
+/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+
+/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
+/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0
+/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0
+/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
+/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0
+
+/(product|system/product)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+
+#############################
+# SystemExt files
+#
+/(system_ext|system/system_ext)(/.*)? u:object_r:system_file:s0
+/(system_ext|system/system_ext)/etc/group u:object_r:system_group_file:s0
+/(system_ext|system/system_ext)/etc/passwd u:object_r:system_passwd_file:s0
+/(system_ext|system/system_ext)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+
+/(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts u:object_r:file_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts u:object_r:property_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts u:object_r:seapp_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0
+
+/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
+
+/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+
+#############################
+# Vendor files from /(product|system/product)/vendor_overlay
+#
+# NOTE: For additional vendor file contexts for vendor overlay files,
+# use device specific file_contexts.
+#
+/(product|system/product)/vendor_overlay/[0-9]+/.* u:object_r:vendor_file:s0
+
+#############################
+# Data files
+#
+# NOTE: When modifying existing label rules, changes may also need to
+# propagate to the "Expanded data files" section.
+#
+/data u:object_r:system_data_root_file:s0
+/data/(.*)? u:object_r:system_data_file:s0
+/data/system/packages\.list u:object_r:packages_list_file:s0
+/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0
+/data/backup(/.*)? u:object_r:backup_data_file:s0
+/data/secure/backup(/.*)? u:object_r:backup_data_file:s0
+/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0
+/data/system/unsolzygotesocket u:object_r:system_unsolzygote_socket:s0
+/data/drm(/.*)? u:object_r:drm_data_file:s0
+/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
+/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
+/data/ota(/.*)? u:object_r:ota_data_file:s0
+/data/ota_package(/.*)? u:object_r:ota_package_file:s0
+/data/adb(/.*)? u:object_r:adb_data_file:s0
+/data/anr(/.*)? u:object_r:anr_data_file:s0
+/data/apex(/.*)? u:object_r:apex_data_file:s0
+/data/apex/active/(.*)? u:object_r:staging_data_file:s0
+/data/apex/backup/(.*)? u:object_r:staging_data_file:s0
+/data/app(/.*)? u:object_r:apk_data_file:s0
+# Traditional /data/app/[packageName]-[randomString]/base.apk location
+/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+# /data/app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
+/data/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
+/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+/data/app-private(/.*)? u:object_r:apk_private_data_file:s0
+/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0
+/data/gsi(/.*)? u:object_r:gsi_data_file:s0
+/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0
+/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
+/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
+/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
+/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
+/data/local/traces(/.*)? u:object_r:trace_data_file:s0
+/data/media(/.*)? u:object_r:media_rw_data_file:s0
+/data/mediadrm(/.*)? u:object_r:media_data_file:s0
+/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0
+/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0
+# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices.
+/data/pkg_staging(/.*)? u:object_r:staging_data_file:s0
+/data/property(/.*)? u:object_r:property_data_file:s0
+/data/preloads(/.*)? u:object_r:preloads_data_file:s0
+/data/preloads/media(/.*)? u:object_r:preloads_media_file:s0
+/data/preloads/demo(/.*)? u:object_r:preloads_media_file:s0
+/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0
+/data/app-staging(/.*)? u:object_r:staging_data_file:s0
+
+# Misc data
+/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
+/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
+/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
+/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
+/data/misc/audiohal(/.*)? u:object_r:audiohal_data_file:s0
+/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0
+/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0
+/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
+/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0
+/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
+/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0
+/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0
+/data/misc/camera(/.*)? u:object_r:camera_data_file:s0
+/data/misc/carrierid(/.*)? u:object_r:radio_data_file:s0
+/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0
+/data/misc/dhcp-6\.8\.2(/.*)? u:object_r:dhcp_data_file:s0
+/data/misc/emergencynumberdb(/.*)? u:object_r:emergency_data_file:s0
+/data/misc/gatekeeper(/.*)? u:object_r:gatekeeper_data_file:s0
+/data/misc/incidents(/.*)? u:object_r:incident_data_file:s0
+/data/misc/installd(/.*)? u:object_r:install_data_file:s0
+/data/misc/keychain(/.*)? u:object_r:keychain_data_file:s0
+/data/misc/credstore(/.*)? u:object_r:credstore_data_file:s0
+/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0
+/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
+/data/misc/media(/.*)? u:object_r:media_data_file:s0
+/data/misc/net(/.*)? u:object_r:net_data_file:s0
+/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
+/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
+/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
+/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
+/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
+/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
+/data/misc/snapshotctl_log(/.*)? u:object_r:snapshotctl_log_data_file:s0
+/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0
+/data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0
+/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0
+/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0
+/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
+/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
+/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
+/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
+/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
+/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
+/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
+/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0
+/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
+/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
+/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
+/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0
+/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
+/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
+/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
+/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
+/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
+/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0
+# TODO(calin) label profile reference differently so that only
+# profman run as a special user can write to them
+/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0
+/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0
+/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0
+/data/vendor(/.*)? u:object_r:vendor_data_file:s0
+/data/vendor_ce(/.*)? u:object_r:vendor_data_file:s0
+/data/vendor_de(/.*)? u:object_r:vendor_data_file:s0
+
+# storaged proto files
+/data/misc_de/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0
+/data/misc_ce/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0
+
+# Fingerprint data
+/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
+
+# Fingerprint vendor data file
+/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0
+
+# Face vendor data file
+/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+/data/vendor_ce/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0
+
+# Iris vendor data file
+/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0
+
+# Bootchart data
+/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0
+
+# App data snapshots (managed by installd).
+/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
+/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
+
+# Apex data directories
+/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+
+# Apex rollback directories
+/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+
+# Incremental directories
+/data/incremental(/.*)? u:object_r:apk_data_file:s0
+/data/incremental/MT_[^/]+/mount/.pending_reads u:object_r:incremental_control_file:s0
+/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0
+
+#############################
+# Expanded data files
+#
+/mnt/expand(/.*)? u:object_r:mnt_expand_file:s0
+/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0
+/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0
+/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
+/mnt/expand/[^/]+/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
+/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0
+/mnt/expand/[^/]+/media(/.*)? u:object_r:media_rw_data_file:s0
+/mnt/expand/[^/]+/misc/vold(/.*)? u:object_r:vold_data_file:s0
+
+# coredump directory for userdebug/eng devices
+/cores(/.*)? u:object_r:coredump_file:s0
+
+# Wallpaper files
+/data/system/users/[0-9]+/wallpaper_lock_orig u:object_r:wallpaper_file:s0
+/data/system/users/[0-9]+/wallpaper_lock u:object_r:wallpaper_file:s0
+/data/system/users/[0-9]+/wallpaper_orig u:object_r:wallpaper_file:s0
+/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0
+
+# Ringtone files
+/data/system_de/[0-9]+/ringtones(/.*)? u:object_r:ringtone_file:s0
+
+# ShortcutManager icons, e.g.
+# /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png
+/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0
+
+# User icon files
+/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0
+
+# vold per-user data
+/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
+/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
+
+# iorapd per-user data
+/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0
+
+# Backup service persistent per-user bookkeeping
+/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0
+# Backup service temporary per-user data for inter-change with apps
+/data/system_ce/[0-9]+/backup_stage(/.*)? u:object_r:backup_data_file:s0
+
+#############################
+# efs files
+#
+/efs(/.*)? u:object_r:efs_file:s0
+
+#############################
+# Cache files
+#
+/cache(/.*)? u:object_r:cache_file:s0
+/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
+# General backup/restore interchange with apps
+/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this subtree
+/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
+
+#############################
+# Overlayfs support directories
+#
+/cache/overlay(/.*)? u:object_r:overlayfs_file:s0
+/mnt/scratch(/.*)? u:object_r:overlayfs_file:s0
+
+/data/cache(/.*)? u:object_r:cache_file:s0
+/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
+# General backup/restore interchange with apps
+/data/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0
+# LocalTransport (backup) uses this subtree
+/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
+
+#############################
+# Metadata files
+#
+/metadata(/.*)? u:object_r:metadata_file:s0
+/metadata/apex(/.*)? u:object_r:apex_metadata_file:s0
+/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0
+/metadata/gsi(/.*)? u:object_r:gsi_metadata_file:s0
+/metadata/gsi/ota(/.*)? u:object_r:ota_metadata_file:s0
+/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
+/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0
+/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
+/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0
+
+#############################
+# asec containers
+/mnt/asec(/.*)? u:object_r:asec_apk_file:s0
+/mnt/asec/[^/]+/[^/]+\.zip u:object_r:asec_public_file:s0
+/mnt/asec/[^/]+/lib(/.*)? u:object_r:asec_public_file:s0
+/data/app-asec(/.*)? u:object_r:asec_image_file:s0
+
+#############################
+# external storage
+/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0
+/mnt/user(/.*)? u:object_r:mnt_user_file:s0
+/mnt/pass_through(/.*)? u:object_r:mnt_pass_through_file:s0
+/mnt/sdcard u:object_r:mnt_sdcard_file:s0
+/mnt/runtime(/.*)? u:object_r:storage_file:s0
+/storage(/.*)? u:object_r:storage_file:s0
+
+#############################
+# mount point for read-write vendor partitions
+/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0
+
+#############################
+# mount point for read-write product partitions
+/mnt/product(/.*)? u:object_r:mnt_product_file:s0
diff --git a/prebuilts/api/30.0/private/file_contexts_asan b/prebuilts/api/30.0/private/file_contexts_asan
new file mode 100644
index 0000000..b37f086
--- /dev/null
+++ b/prebuilts/api/30.0/private/file_contexts_asan
@@ -0,0 +1,14 @@
+/data/asan/system/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/system/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/vendor/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/product/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/product/lib64(/.*)? u:object_r:system_lib_file:s0
+/system/asan.options u:object_r:system_asan_options_file:s0
+/system/bin/asan_extract u:object_r:asan_extract_exec:s0
+/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0
+/system/bin/asan/app_process u:object_r:zygote_exec:s0
+/system/bin/asan/app_process32 u:object_r:zygote_exec:s0
+/system/bin/asan/app_process64 u:object_r:zygote_exec:s0
diff --git a/prebuilts/api/30.0/private/file_contexts_overlayfs b/prebuilts/api/30.0/private/file_contexts_overlayfs
new file mode 100644
index 0000000..e472fad
--- /dev/null
+++ b/prebuilts/api/30.0/private/file_contexts_overlayfs
@@ -0,0 +1,9 @@
+#############################
+# Overlayfs support directories for userdebug/eng devices
+#
+/cache/overlay/(system|product)/upper u:object_r:system_file:s0
+/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
+/cache/overlay/oem/upper u:object_r:vendor_file:s0
+/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0
+/mnt/scratch/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
+/mnt/scratch/overlay/oem/upper u:object_r:vendor_file:s0
diff --git a/prebuilts/api/30.0/private/fingerprintd.te b/prebuilts/api/30.0/private/fingerprintd.te
new file mode 100644
index 0000000..eb73ef8
--- /dev/null
+++ b/prebuilts/api/30.0/private/fingerprintd.te
@@ -0,0 +1,3 @@
+typeattribute fingerprintd coredomain;
+
+init_daemon_domain(fingerprintd)
diff --git a/prebuilts/api/30.0/private/flags_health_check.te b/prebuilts/api/30.0/private/flags_health_check.te
new file mode 100644
index 0000000..fb41aff
--- /dev/null
+++ b/prebuilts/api/30.0/private/flags_health_check.te
@@ -0,0 +1,3 @@
+typeattribute flags_health_check coredomain;
+
+init_daemon_domain(flags_health_check)
diff --git a/prebuilts/api/30.0/private/fs_use b/prebuilts/api/30.0/private/fs_use
new file mode 100644
index 0000000..6fcc2cc
--- /dev/null
+++ b/prebuilts/api/30.0/private/fs_use
@@ -0,0 +1,26 @@
+# Label inodes via getxattr.
+fs_use_xattr yaffs2 u:object_r:labeledfs:s0;
+fs_use_xattr jffs2 u:object_r:labeledfs:s0;
+fs_use_xattr ext2 u:object_r:labeledfs:s0;
+fs_use_xattr ext3 u:object_r:labeledfs:s0;
+fs_use_xattr ext4 u:object_r:labeledfs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+fs_use_xattr f2fs u:object_r:labeledfs:s0;
+fs_use_xattr squashfs u:object_r:labeledfs:s0;
+fs_use_xattr overlay u:object_r:labeledfs:s0;
+fs_use_xattr erofs u:object_r:labeledfs:s0;
+fs_use_xattr incremental-fs u:object_r:labeledfs:s0;
+
+# Label inodes from task label.
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_task sockfs u:object_r:sockfs:s0;
+
+# Label inodes from combination of task label and fs label.
+# Define type_transition rules if you want per-domain types.
+fs_use_trans devpts u:object_r:devpts:s0;
+fs_use_trans tmpfs u:object_r:tmpfs:s0;
+fs_use_trans devtmpfs u:object_r:device:s0;
+fs_use_trans shm u:object_r:shm:s0;
+fs_use_trans mqueue u:object_r:mqueue:s0;
+
diff --git a/prebuilts/api/30.0/private/fsck.te b/prebuilts/api/30.0/private/fsck.te
new file mode 100644
index 0000000..f8e09b6
--- /dev/null
+++ b/prebuilts/api/30.0/private/fsck.te
@@ -0,0 +1,5 @@
+typeattribute fsck coredomain;
+
+init_daemon_domain(fsck)
+
+allow fsck metadata_block_device:blk_file rw_file_perms;
diff --git a/prebuilts/api/30.0/private/fsck_untrusted.te b/prebuilts/api/30.0/private/fsck_untrusted.te
new file mode 100644
index 0000000..9a57bf0
--- /dev/null
+++ b/prebuilts/api/30.0/private/fsck_untrusted.te
@@ -0,0 +1 @@
+typeattribute fsck_untrusted coredomain;
diff --git a/prebuilts/api/30.0/private/fsverity_init.te b/prebuilts/api/30.0/private/fsverity_init.te
new file mode 100644
index 0000000..4bb3d0f
--- /dev/null
+++ b/prebuilts/api/30.0/private/fsverity_init.te
@@ -0,0 +1,21 @@
+type fsverity_init, domain, coredomain;
+type fsverity_init_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(fsverity_init)
+
+# Allow to read /proc/keys for searching key id.
+allow fsverity_init proc_keys:file r_file_perms;
+
+# Kernel only prints the keys that can be accessed and only kernel keyring is needed here.
+dontaudit fsverity_init init:key view;
+dontaudit fsverity_init vold:key view;
+allow fsverity_init kernel:key { view search write setattr };
+allow fsverity_init fsverity_init:key { view search write };
+
+# Allow init to write to /proc/sys/fs/verity/require_signatures
+allow fsverity_init proc_fs_verity:file w_file_perms;
+
+# When kernel requests an algorithm, the crypto API first looks for an
+# already registered algorithm with that name. If it fails, the kernel creates
+# an implementation of the algorithm from templates.
+dontaudit fsverity_init kernel:system module_request;
diff --git a/prebuilts/api/30.0/private/fwk_bufferhub.te b/prebuilts/api/30.0/private/fwk_bufferhub.te
new file mode 100644
index 0000000..6b69cca
--- /dev/null
+++ b/prebuilts/api/30.0/private/fwk_bufferhub.te
@@ -0,0 +1,8 @@
+type fwk_bufferhub, domain, coredomain;
+type fwk_bufferhub_exec, system_file_type, exec_type, file_type;
+
+hal_client_domain(fwk_bufferhub, hal_graphics_allocator)
+allow fwk_bufferhub ion_device:chr_file r_file_perms;
+
+hal_server_domain(fwk_bufferhub, hal_bufferhub)
+init_daemon_domain(fwk_bufferhub)
diff --git a/prebuilts/api/30.0/private/gatekeeperd.te b/prebuilts/api/30.0/private/gatekeeperd.te
new file mode 100644
index 0000000..5e4d0a2
--- /dev/null
+++ b/prebuilts/api/30.0/private/gatekeeperd.te
@@ -0,0 +1,3 @@
+typeattribute gatekeeperd coredomain;
+
+init_daemon_domain(gatekeeperd)
diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
new file mode 100644
index 0000000..89232bc
--- /dev/null
+++ b/prebuilts/api/30.0/private/genfs_contexts
@@ -0,0 +1,324 @@
+# Label inodes with the fs label.
+genfscon rootfs / u:object_r:rootfs:s0
+# proc labeling can be further refined (longest matching prefix).
+genfscon proc / u:object_r:proc:s0
+genfscon proc /asound u:object_r:proc_asound:s0
+genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
+genfscon proc /cmdline u:object_r:proc_cmdline:s0
+genfscon proc /config.gz u:object_r:config_gz:s0
+genfscon proc /diskstats u:object_r:proc_diskstats:s0
+genfscon proc /filesystems u:object_r:proc_filesystems:s0
+genfscon proc /interrupts u:object_r:proc_interrupts:s0
+genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /keys u:object_r:proc_keys:s0
+genfscon proc /kmsg u:object_r:proc_kmsg:s0
+genfscon proc /loadavg u:object_r:proc_loadavg:s0
+genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
+genfscon proc /meminfo u:object_r:proc_meminfo:s0
+genfscon proc /misc u:object_r:proc_misc:s0
+genfscon proc /modules u:object_r:proc_modules:s0
+genfscon proc /mounts u:object_r:proc_mounts:s0
+genfscon proc /net u:object_r:proc_net:s0
+genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
+genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
+genfscon proc /softirqs u:object_r:proc_timer:s0
+genfscon proc /stat u:object_r:proc_stat:s0
+genfscon proc /swaps u:object_r:proc_swaps:s0
+genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
+genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
+genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
+genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
+genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
+genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
+genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
+genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
+genfscon proc /sys/kernel/random u:object_r:proc_random:s0
+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
+genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
+genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
+genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
+genfscon proc /sys/net u:object_r:proc_net:s0
+genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
+genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
+genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
+genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
+genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
+genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
+genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
+genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
+genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
+genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
+genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
+genfscon proc /timer_list u:object_r:proc_timer:s0
+genfscon proc /timer_stats u:object_r:proc_timer:s0
+genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
+genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
+genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
+genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
+genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
+genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
+genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
+genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
+genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
+genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0
+genfscon proc /uptime u:object_r:proc_uptime:s0
+genfscon proc /version u:object_r:proc_version:s0
+genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
+genfscon proc /vmstat u:object_r:proc_vmstat:s0
+genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
+
+genfscon fusectl / u:object_r:fusectlfs:s0
+
+# selinuxfs booleans can be individually labeled.
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+genfscon cgroup / u:object_r:cgroup:s0
+genfscon cgroup2 / u:object_r:cgroup_bpf:s0
+# sysfs labels can be set by userspace.
+genfscon sysfs / u:object_r:sysfs:s0
+genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
+genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
+genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
+genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /class/net u:object_r:sysfs_net:s0
+genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
+genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
+genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
+genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
+genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
+genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0
+genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
+genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
+genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
+genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
+genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
+genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
+genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
+genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
+genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
+genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
+genfscon sysfs /power/state u:object_r:sysfs_power:s0
+genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
+genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
+genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
+genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
+genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
+genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
+genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
+genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
+genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
+genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
+genfscon sysfs /module/dm_verity/parameters/prefetch_cluster u:object_r:sysfs_dm_verity:s0
+genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
+genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
+genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
+genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
+
+genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0
+genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
+genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0
+genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0
+genfscon tracefs /trace u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
+genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
+genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
+genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
+genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
+genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
+genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
+genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
+
+genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
+
+genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
+
+genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
+genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
+genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
+genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0
+genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sync/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/fence/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/dma_fence/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/dma_fence/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
+
+genfscon securityfs / u:object_r:securityfs:s0
+
+genfscon binder /binder u:object_r:binder_device:s0
+genfscon binder /hwbinder u:object_r:hwbinder_device:s0
+genfscon binder /vndbinder u:object_r:vndbinder_device:s0
+genfscon binder /binder_logs u:object_r:binderfs_logs:s0
+genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
+
+genfscon inotifyfs / u:object_r:inotify:s0
+genfscon vfat / u:object_r:vfat:s0
+genfscon binder / u:object_r:binderfs:s0
+genfscon exfat / u:object_r:exfat:s0
+genfscon debugfs / u:object_r:debugfs:s0
+genfscon fuse / u:object_r:fuse:s0
+genfscon configfs / u:object_r:configfs:s0
+genfscon sdcardfs / u:object_r:sdcardfs:s0
+genfscon esdfs / u:object_r:sdcardfs:s0
+genfscon pstore / u:object_r:pstorefs:s0
+genfscon functionfs / u:object_r:functionfs:s0
+genfscon usbfs / u:object_r:usbfs:s0
+genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
+genfscon bpf / u:object_r:fs_bpf:s0
diff --git a/prebuilts/api/30.0/private/gmscore_app.te b/prebuilts/api/30.0/private/gmscore_app.te
new file mode 100644
index 0000000..2355326
--- /dev/null
+++ b/prebuilts/api/30.0/private/gmscore_app.te
@@ -0,0 +1,129 @@
+###
+### A domain for further sandboxing the PrebuiltGMSCore app.
+###
+typeattribute gmscore_app coredomain;
+
+app_domain(gmscore_app)
+
+allow gmscore_app sysfs_type:dir search;
+# Read access to /sys/class/net/wlan*/address
+r_dir_file(gmscore_app, sysfs_net)
+# Read access to /sys/block/zram*/mm_stat
+r_dir_file(gmscore_app, sysfs_zram)
+
+r_dir_file(gmscore_app, rootfs)
+
+# Allow GMS core to open kernel config for OTA matching through libvintf
+allow gmscore_app config_gz:file { open read getattr };
+
+# Allow GMS core to communicate with update_engine for A/B update.
+binder_call(gmscore_app, update_engine)
+allow gmscore_app update_engine_service:service_manager find;
+
+# Allow GMS core to communicate with dumpsys storaged.
+binder_call(gmscore_app, storaged)
+allow gmscore_app storaged_service:service_manager find;
+
+# Allow GMS core to access system_update_service (e.g. to publish pending
+# system update info).
+allow gmscore_app system_update_service:service_manager find;
+
+# Allow GMS core to communicate with statsd.
+binder_call(gmscore_app, statsd)
+
+# Allow GMS core to generate unique hardware IDs
+allow gmscore_app keystore:keystore_key gen_unique_id;
+
+# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check
+allow gmscore_app selinuxfs:file r_file_perms;
+
+# suppress denials for non-API accesses.
+dontaudit gmscore_app exec_type:file r_file_perms;
+dontaudit gmscore_app device:dir r_dir_perms;
+dontaudit gmscore_app fs_bpf:dir r_dir_perms;
+dontaudit gmscore_app net_dns_prop:file r_file_perms;
+dontaudit gmscore_app proc:file r_file_perms;
+dontaudit gmscore_app proc_interrupts:file r_file_perms;
+dontaudit gmscore_app proc_modules:file r_file_perms;
+dontaudit gmscore_app proc_net:file r_file_perms;
+dontaudit gmscore_app proc_stat:file r_file_perms;
+dontaudit gmscore_app proc_version:file r_file_perms;
+dontaudit gmscore_app sysfs:dir r_dir_perms;
+dontaudit gmscore_app sysfs:file r_file_perms;
+dontaudit gmscore_app sysfs_android_usb:file r_file_perms;
+dontaudit gmscore_app sysfs_dm:file r_file_perms;
+dontaudit gmscore_app sysfs_loop:file r_file_perms;
+dontaudit gmscore_app wifi_prop:file r_file_perms;
+dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
+dontaudit gmscore_app mirror_data_file:dir search;
+dontaudit gmscore_app mnt_vendor_file:dir search;
+
+# Access the network
+net_domain(gmscore_app)
+
+# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
+allow gmscore_app self:process ptrace;
+
+# Allow loading executable code from writable priv-app home
+# directories. This is a W^X violation, however, it needs
+# to be supported for now for the following reasons.
+# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367)
+# 1) com.android.opengl.shaders_cache
+# 2) com.android.skia.shaders_cache
+# 3) com.android.renderscript.cache
+# * /data/user_de/0/com.google.android.gms/app_chimera
+# TODO: Tighten (b/112357170)
+allow gmscore_app privapp_data_file:file execute;
+
+allow gmscore_app privapp_data_file:lnk_file create_file_perms;
+
+# /proc access
+allow gmscore_app proc_vmstat:file r_file_perms;
+
+# Allow interaction with gpuservice
+binder_call(gmscore_app, gpuservice)
+allow gmscore_app gpu_service:service_manager find;
+
+# find services that expose both @SystemAPI and normal APIs.
+allow gmscore_app app_api_service:service_manager find;
+allow gmscore_app system_api_service:service_manager find;
+allow gmscore_app audioserver_service:service_manager find;
+allow gmscore_app cameraserver_service:service_manager find;
+allow gmscore_app drmserver_service:service_manager find;
+allow gmscore_app mediadrmserver_service:service_manager find;
+allow gmscore_app mediaextractor_service:service_manager find;
+allow gmscore_app mediametrics_service:service_manager find;
+allow gmscore_app mediaserver_service:service_manager find;
+allow gmscore_app network_watchlist_service:service_manager find;
+allow gmscore_app nfc_service:service_manager find;
+allow gmscore_app oem_lock_service:service_manager find;
+allow gmscore_app persistent_data_block_service:service_manager find;
+allow gmscore_app radio_service:service_manager find;
+allow gmscore_app recovery_service:service_manager find;
+allow gmscore_app stats_service:service_manager find;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# Write to /cache.
+allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow gmscore_app cache_file:lnk_file r_file_perms;
+
+# Write to /data/ota_package for OTA packages.
+allow gmscore_app ota_package_file:dir rw_dir_perms;
+allow gmscore_app ota_package_file:file create_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# b/18504118: Allow reads from /data/anr/traces.txt
+allow gmscore_app anr_data_file:file r_file_perms;
+
+# b/148974132: com.android.vending needs this
+allow gmscore_app priv_app:tcp_socket { read write };
diff --git a/prebuilts/api/30.0/private/gpuservice.te b/prebuilts/api/30.0/private/gpuservice.te
new file mode 100644
index 0000000..a4d84ea
--- /dev/null
+++ b/prebuilts/api/30.0/private/gpuservice.te
@@ -0,0 +1,48 @@
+# gpuservice - server for gpu stats and other gpu related services
+typeattribute gpuservice coredomain;
+type gpuservice_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(gpuservice)
+
+binder_call(gpuservice, adbd)
+binder_call(gpuservice, shell)
+binder_call(gpuservice, system_server)
+binder_use(gpuservice)
+
+# Access the GPU.
+allow gpuservice gpu_device:chr_file rw_file_perms;
+
+# GPU service will need to load GPU driver, for example Vulkan driver in order
+# to get the capability of the driver.
+allow gpuservice same_process_hal_file:file { open read getattr execute map };
+allow gpuservice ion_device:chr_file r_file_perms;
+get_prop(gpuservice, hwservicemanager_prop)
+hwbinder_use(gpuservice)
+
+# Access /dev/graphics/fb0.
+allow gpuservice graphics_device:dir search;
+allow gpuservice graphics_device:chr_file rw_file_perms;
+
+# Needed for dumpsys pipes.
+allow gpuservice shell:fifo_file write;
+
+# Use socket supplied by adbd, for cmd gpu vkjson etc.
+allow gpuservice adbd:unix_stream_socket { read write getattr };
+
+# Needed for interactive shell
+allow gpuservice devpts:chr_file { read write getattr };
+
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
+# Needed for stats callback registration to statsd.
+allow gpuservice stats_service:service_manager find;
+allow gpuservice statsmanager_service:service_manager find;
+# TODO(b/146461633): remove this once native pullers talk to StatsManagerService
+binder_call(gpuservice, statsd);
+
+add_service(gpuservice, gpu_service)
+
+# Only uncomment below line when in development
+# userdebug_or_eng(`permissive gpuservice;')
diff --git a/prebuilts/api/30.0/private/gsid.te b/prebuilts/api/30.0/private/gsid.te
new file mode 100644
index 0000000..3ff9d67
--- /dev/null
+++ b/prebuilts/api/30.0/private/gsid.te
@@ -0,0 +1,180 @@
+# gsid - Manager for GSI Installation
+
+type gsid, domain;
+type gsid_exec, exec_type, file_type, system_file_type;
+typeattribute gsid coredomain;
+
+init_daemon_domain(gsid)
+
+binder_use(gsid)
+binder_service(gsid)
+add_service(gsid, gsi_service)
+set_prop(gsid, gsid_prop)
+
+# Needed to create/delete device-mapper nodes, and read/write to them.
+allow gsid dm_device:chr_file rw_file_perms;
+allow gsid dm_device:blk_file rw_file_perms;
+allow gsid self:global_capability_class_set sys_admin;
+dontaudit gsid self:global_capability_class_set dac_override;
+
+# On FBE devices (not using dm-default-key), gsid will use loop devices to map
+# images rather than device-mapper.
+allow gsid loop_control_device:chr_file rw_file_perms;
+allow gsid loop_device:blk_file rw_file_perms;
+allowxperm gsid loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+ BLKFLSBUF
+};
+
+# libfiemap_writer uses sysfs to derive the bottom of a device-mapper stacking.
+# This requires traversing /sys/block/dm-N/slaves/* and reading the list of
+# file names.
+r_dir_file(gsid, sysfs_dm)
+
+# libfiemap_writer needs to read /sys/fs/f2fs/<dev>/features to determine
+# whether pin_file support is enabled.
+r_dir_file(gsid, sysfs_fs_f2fs)
+
+# Needed to read fstab, which is used to validate that system verity does not
+# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed
+# to get the A/B slot suffix).
+allow gsid proc_cmdline:file r_file_perms;
+allow gsid sysfs_dt_firmware_android:dir r_dir_perms;
+allow gsid sysfs_dt_firmware_android:file r_file_perms;
+
+# Needed to stat /data/gsi/* and realpath on /dev/block/by-name/*
+allow gsid block_device:dir r_dir_perms;
+
+# liblp queries these block alignment properties.
+allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl {
+ BLKIOMIN
+ BLKALIGNOFF
+};
+
+# When installing images to an sdcard, gsid needs to be able to stat() the
+# block device. gsid also calls realpath() to remove symlinks.
+allow gsid mnt_media_rw_file:dir r_dir_perms;
+
+# When installing images to an sdcard, gsid must bypass sdcardfs and install
+# directly to vfat, which supports the FIBMAP ioctl.
+allow gsid vfat:dir rw_dir_perms;
+allow gsid vfat:file create_file_perms;
+allow gsid sdcard_block_device:blk_file r_file_perms;
+# This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this
+# requirement, but the kernel does not implement FIEMAP support for VFAT.
+allow gsid self:global_capability_class_set sys_rawio;
+
+# gsi_tool passes the system image over the adb connection, via stdin.
+allow gsid adbd:fd use;
+# Needed when running gsi_tool through "su root" rather than adb root.
+allow gsid adbd:unix_stream_socket rw_socket_perms;
+
+neverallow {
+ domain
+ -gsid
+ -init
+ -update_engine_common
+ -recovery
+ -fastbootd
+} gsid_prop:property_service set;
+
+# gsid needs to store images on /data, but cannot use file I/O. If it did, the
+# underlying blocks would be encrypted, and we couldn't mount the GSI image in
+# first-stage init. So instead of directly writing to /data, we:
+#
+# 1. fallocate a file large enough to hold the signed GSI
+# 2. extract its block layout with FIEMAP
+# 3. create a dm-linear device using the FIEMAP, targeting /dev/block/by-name/userdata
+# 4. write system_gsi into that dm device
+#
+# To make this process work, we need to unwrap the device-mapper stacking for
+# userdata to reach the underlying block device. To verify the result we use
+# stat(), which requires read access.
+allow gsid userdata_block_device:blk_file r_file_perms;
+
+# gsid uses /metadata/gsi to communicate GSI boot information to first-stage
+# init. It cannot use userdata since data cannot be decrypted during this
+# stage.
+#
+# gsid uses /metadata/gsi to store three files:
+# install_status - A short string indicating whether a GSI image is bootable.
+# lp_metadata - LpMetadata blob describing the block ranges on userdata
+# where system_gsi resides.
+# booted - An empty file that, if exists, indicates that a GSI is
+# currently running.
+#
+allow gsid metadata_file:dir { search getattr };
+allow gsid {
+ gsi_metadata_file
+}:dir create_dir_perms;
+
+allow gsid {
+ ota_metadata_file
+}:dir rw_dir_perms;
+
+allow gsid {
+ gsi_metadata_file
+ ota_metadata_file
+}:file create_file_perms;
+
+allow gsid {
+ gsi_data_file
+ ota_image_data_file
+}:dir rw_dir_perms;
+allow gsid {
+ gsi_data_file
+ ota_image_data_file
+}:file create_file_perms;
+allowxperm gsid {
+ gsi_data_file
+ ota_image_data_file
+}:file ioctl FS_IOC_FIEMAP;
+
+allow gsid system_server:binder call;
+
+neverallow {
+ domain
+ -init
+ -gsid
+ -fastbootd
+ -recovery
+ -vold
+} gsi_metadata_file:dir *;
+
+neverallow {
+ domain
+ -init
+ -gsid
+ -fastbootd
+ -vold
+} gsi_metadata_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow {
+ domain
+ -init
+ -gsid
+ -fastbootd
+ -vold
+} { gsi_data_file gsi_metadata_file }:notdevfile_class_set *;
+
+neverallow {
+ domain
+ -gsid
+ -init
+} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
+
+neverallow {
+ domain
+ -init
+ -gsid
+} gsi_data_file:dir *;
+
+neverallow {
+ domain
+ -gsid
+} gsi_data_file:notdevfile_class_set ~{ relabelto getattr };
diff --git a/prebuilts/api/30.0/private/hal_allocator_default.te b/prebuilts/api/30.0/private/hal_allocator_default.te
new file mode 100644
index 0000000..7aa28aa
--- /dev/null
+++ b/prebuilts/api/30.0/private/hal_allocator_default.te
@@ -0,0 +1,5 @@
+type hal_allocator_default, domain, coredomain;
+hal_server_domain(hal_allocator_default, hal_allocator)
+
+type hal_allocator_default_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(hal_allocator_default)
diff --git a/prebuilts/api/30.0/private/hal_lazy_test.te b/prebuilts/api/30.0/private/hal_lazy_test.te
new file mode 100644
index 0000000..93cf235
--- /dev/null
+++ b/prebuilts/api/30.0/private/hal_lazy_test.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+ hal_attribute_hwservice(hal_lazy_test, hal_lazy_test_hwservice)
+')
diff --git a/prebuilts/api/30.0/private/halclientdomain.te b/prebuilts/api/30.0/private/halclientdomain.te
new file mode 100644
index 0000000..9dcd3ee
--- /dev/null
+++ b/prebuilts/api/30.0/private/halclientdomain.te
@@ -0,0 +1,13 @@
+###
+### Rules for all domains which are clients of a HAL
+###
+
+# Find out whether a HAL in passthrough/in-process mode or
+# binderized/out-of-process mode
+hwbinder_use(halclientdomain)
+
+# Used to wait for hwservicemanager
+get_prop(halclientdomain, hwservicemanager_prop)
+
+# Wait for HAL server to be up (used by getService)
+allow halclientdomain hidl_manager_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/30.0/private/halserverdomain.te b/prebuilts/api/30.0/private/halserverdomain.te
new file mode 100644
index 0000000..f36e0e7
--- /dev/null
+++ b/prebuilts/api/30.0/private/halserverdomain.te
@@ -0,0 +1,12 @@
+###
+### Rules for all domains which offer a HAL service over HwBinder
+###
+
+# Register the HAL service with hwservicemanager
+hwbinder_use(halserverdomain)
+
+# Find HAL implementations
+allow halserverdomain system_file:dir r_dir_perms;
+
+# Used to wait for hwservicemanager
+get_prop(halserverdomain, hwservicemanager_prop)
diff --git a/prebuilts/api/30.0/private/healthd.te b/prebuilts/api/30.0/private/healthd.te
new file mode 100644
index 0000000..20d0791
--- /dev/null
+++ b/prebuilts/api/30.0/private/healthd.te
@@ -0,0 +1,6 @@
+typeattribute healthd coredomain;
+
+init_daemon_domain(healthd)
+
+# Allow healthd to serve health HAL
+hal_server_domain(healthd, hal_health)
diff --git a/prebuilts/api/30.0/private/heapprofd.te b/prebuilts/api/30.0/private/heapprofd.te
new file mode 100644
index 0000000..ec3e4d0
--- /dev/null
+++ b/prebuilts/api/30.0/private/heapprofd.te
@@ -0,0 +1,76 @@
+# Android heap profiling daemon. go/heapprofd.
+#
+# On user builds, this daemon is responsible for receiving the initial
+# profiling configuration, finding matching target processes (if profiling by
+# process name), and sending the activation signal to them (+ setting system
+# properties for new processes to start profiling from startup). When profiling
+# is triggered in a process, it spawns a private heapprofd subprocess (in its
+# own SELinux domain), which will exclusively handle profiling of its parent.
+#
+# On debug builds, this central daemon performs profiling for all target
+# processes (which talk directly to this daemon).
+type heapprofd_exec, exec_type, file_type, system_file_type;
+type heapprofd_tmpfs, file_type;
+
+init_daemon_domain(heapprofd)
+tmpfs_domain(heapprofd)
+
+# Allow apps in other MLS contexts (for multi-user) to access
+# shared memory buffers created by heapprofd.
+typeattribute heapprofd_tmpfs mlstrustedobject;
+
+set_prop(heapprofd, heapprofd_prop);
+
+# Necessary for /proc/[pid]/cmdline access & sending signals.
+typeattribute heapprofd mlstrustedsubject;
+
+# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and
+# SIGCHLD, which are controlled by separate permissions.
+allow heapprofd self:capability kill;
+
+# When scanning /proc/[pid]/cmdline to find matching processes for by-name
+# profiling, only whitelisted domains will be allowed by SELinux. Avoid
+# spamming logs with denials for entries that we can not access.
+dontaudit heapprofd domain:dir { search open };
+
+# Write trace data to the Perfetto traced daemon. This requires connecting to
+# its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(heapprofd)
+
+# When handling profiling for all processes, heapprofd needs to read
+# executables/libraries/etc to do stack unwinding.
+userdebug_or_eng(`
+ r_dir_file(heapprofd, nativetest_data_file)
+ r_dir_file(heapprofd, system_file_type)
+ r_dir_file(heapprofd, apk_data_file)
+ r_dir_file(heapprofd, dalvikcache_data_file)
+ r_dir_file(heapprofd, vendor_file_type)
+ # Some dex files are not world-readable.
+ # We are still constrained by the SELinux rules above.
+ allow heapprofd self:global_capability_class_set dac_read_search;
+
+ allow heapprofd proc_kpageflags:file r_file_perms;
+')
+
+# This is going to happen on user but is benign because central heapprofd
+# does not actually need these permission.
+# If the dac_read_search capability check is rejected, the kernel then tries
+# to perform a dac_override capability check, so we need to dontaudit that
+# as well.
+dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
+
+never_profile_heap(`{
+ bpfloader
+ init
+ kernel
+ keystore
+ llkd
+ logd
+ ueventd
+ vendor_init
+ vold
+}')
+
+full_treble_only(`
+ neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms };
+')
diff --git a/prebuilts/api/30.0/private/hidl_lazy_test_server.te b/prebuilts/api/30.0/private/hidl_lazy_test_server.te
new file mode 100644
index 0000000..04e8c9f
--- /dev/null
+++ b/prebuilts/api/30.0/private/hidl_lazy_test_server.te
@@ -0,0 +1,8 @@
+type hidl_lazy_test_server, domain;
+type hidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
+
+userdebug_or_eng(`
+ typeattribute hidl_lazy_test_server coredomain;
+ init_daemon_domain(hidl_lazy_test_server)
+ hal_server_domain(hidl_lazy_test_server, hal_lazy_test)
+')
diff --git a/prebuilts/api/30.0/private/hwservice.te b/prebuilts/api/30.0/private/hwservice.te
new file mode 100644
index 0000000..b7ba4d7
--- /dev/null
+++ b/prebuilts/api/30.0/private/hwservice.te
@@ -0,0 +1 @@
+type hal_lazy_test_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/prebuilts/api/30.0/private/hwservice_contexts b/prebuilts/api/30.0/private/hwservice_contexts
new file mode 100644
index 0000000..c45b0ef
--- /dev/null
+++ b/prebuilts/api/30.0/private/hwservice_contexts
@@ -0,0 +1,86 @@
+android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0
+android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
+android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
+android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
+android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0
+android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0
+android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0
+android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0
+android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0
+android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
+android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
+android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
+android.hardware.automotive.can::ICanController u:object_r:hal_can_controller_hwservice:s0
+android.hardware.automotive.can::ICanBus u:object_r:hal_can_bus_hwservice:s0
+android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
+android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
+android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0
+android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0
+android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0
+android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0
+android.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0
+android.hardware.boot::IBootControl u:object_r:hal_bootctl_hwservice:s0
+android.hardware.broadcastradio::IBroadcastRadio u:object_r:hal_broadcastradio_hwservice:s0
+android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_broadcastradio_hwservice:s0
+android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0
+android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
+android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
+android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
+android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
+android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
+android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
+android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
+android.hardware.gatekeeper::IGatekeeper u:object_r:hal_gatekeeper_hwservice:s0
+android.hardware.gnss::IGnss u:object_r:hal_gnss_hwservice:s0
+android.hardware.graphics.allocator::IAllocator u:object_r:hal_graphics_allocator_hwservice:s0
+android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0
+android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0
+android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0
+android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0
+android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0
+android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
+android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
+android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0
+android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
+android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
+android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
+android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0
+android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0
+android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0
+android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0
+android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0
+android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0
+android.hardware.power::IPower u:object_r:hal_power_hwservice:s0
+android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0
+android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0
+android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0
+android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0
+android.hardware.radio::ISap u:object_r:hal_telephony_hwservice:s0
+android.hardware.renderscript::IDevice u:object_r:hal_renderscript_hwservice:s0
+android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0
+android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
+android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
+android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0
+android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0
+android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
+android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
+android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
+android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
+android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0
+android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
+android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
+android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
+android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0
+android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
+android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
+android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
+android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
+android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
+android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
+android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0
+android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0
+android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0
+android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0
+android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0
+android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0
+* u:object_r:default_android_hwservice:s0
diff --git a/prebuilts/api/30.0/private/hwservicemanager.te b/prebuilts/api/30.0/private/hwservicemanager.te
new file mode 100644
index 0000000..0705cc7
--- /dev/null
+++ b/prebuilts/api/30.0/private/hwservicemanager.te
@@ -0,0 +1,8 @@
+typeattribute hwservicemanager coredomain;
+
+init_daemon_domain(hwservicemanager)
+
+add_hwservice(hwservicemanager, hidl_manager_hwservice)
+add_hwservice(hwservicemanager, hidl_token_hwservice)
+
+set_prop(hwservicemanager, ctl_interface_start_prop)
diff --git a/prebuilts/api/30.0/private/idmap.te b/prebuilts/api/30.0/private/idmap.te
new file mode 100644
index 0000000..c982783
--- /dev/null
+++ b/prebuilts/api/30.0/private/idmap.te
@@ -0,0 +1,3 @@
+typeattribute idmap coredomain;
+
+init_daemon_domain(idmap)
diff --git a/prebuilts/api/30.0/private/incident.te b/prebuilts/api/30.0/private/incident.te
new file mode 100644
index 0000000..db9ae86
--- /dev/null
+++ b/prebuilts/api/30.0/private/incident.te
@@ -0,0 +1,37 @@
+typeattribute incident coredomain;
+
+type incident_exec, system_file_type, exec_type, file_type;
+
+# switch to incident domain for incident command
+domain_auto_trans(shell, incident_exec, incident)
+domain_auto_trans(dumpstate, incident_exec, incident)
+
+# allow incident access to stdout from its parent shell.
+allow incident shell:fd use;
+
+# allow incident to communicate with dumpstate, and write incident report to
+# /data/data/com.android.shell/files/bugreports/tmp_incident_report
+allow incident dumpstate:fd use;
+allow incident dumpstate:unix_stream_socket { read write };
+allow incident shell_data_file:file write;
+
+# allow incident be able to output data for CTS to fetch.
+allow incident devpts:chr_file { read write };
+
+# allow incident to communicate use, read and write over the adb
+# connection.
+allow incident adbd:fd use;
+allow incident adbd:unix_stream_socket { read write };
+
+# allow adbd to reap incident
+allow incident adbd:process { sigchld };
+
+# Allow the incident command to talk to the incidentd over the binder, and get
+# back the incident report data from a ParcelFileDescriptor.
+binder_use(incident)
+allow incident incident_service:service_manager find;
+binder_call(incident, incidentd)
+allow incident incidentd:fifo_file write;
+
+# only allow incident being called by shell or dumpstate
+neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans };
diff --git a/prebuilts/api/30.0/private/incident_helper.te b/prebuilts/api/30.0/private/incident_helper.te
new file mode 100644
index 0000000..b453855
--- /dev/null
+++ b/prebuilts/api/30.0/private/incident_helper.te
@@ -0,0 +1,14 @@
+typeattribute incident_helper coredomain;
+
+type incident_helper_exec, system_file_type, exec_type, file_type;
+
+# switch to incident_helper domain for incident_helper command
+domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
+
+# use pipe to transmit data from/to incidentd/incident_helper for parsing
+allow incident_helper { shell incident incidentd dumpstate }:fd use;
+allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
+allow incident_helper incidentd:unix_stream_socket { read write };
+
+# only allow incidentd and shell to call incident_helper
+neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te
new file mode 100644
index 0000000..656f69f
--- /dev/null
+++ b/prebuilts/api/30.0/private/incidentd.te
@@ -0,0 +1,199 @@
+typeattribute incidentd coredomain;
+typeattribute incidentd mlstrustedsubject;
+
+init_daemon_domain(incidentd)
+type incidentd_exec, system_file_type, exec_type, file_type;
+binder_use(incidentd)
+wakelock_use(incidentd)
+
+# Allow incidentd to scan through /proc/pid for all processes
+r_dir_file(incidentd, domain)
+
+# Allow incidentd to kill incident_helper when timeout
+allow incidentd incident_helper:process sigkill;
+
+# Allow executing files on system, such as:
+# /system/bin/toolbox
+# /system/bin/logcat
+# /system/bin/dumpsys
+allow incidentd system_file:file execute_no_trans;
+allow incidentd toolbox_exec:file rx_file_perms;
+
+# section id 1002, allow reading kernel version /proc/version
+allow incidentd proc_version:file r_file_perms;
+
+# section id 2001, allow reading /proc/pagetypeinfo
+allow incidentd proc_pagetypeinfo:file r_file_perms;
+
+# section id 2002, allow reading /d/wakeup_sources
+allow incidentd debugfs_wakeup_sources:file r_file_perms;
+
+# section id 2003, allow executing top
+allow incidentd proc_meminfo:file { open read };
+
+# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state
+allow incidentd sysfs_devices_system_cpu:file r_file_perms;
+
+# section id 2005, allow reading ps dump in full
+allow incidentd domain:process getattr;
+
+# section id 2006, allow reading /sys/class/power_supply/bms/battery_type
+allow incidentd sysfs_batteryinfo:dir { search };
+allow incidentd sysfs_batteryinfo:file r_file_perms;
+
+# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops
+userdebug_or_eng(`allow incidentd pstorefs:dir search');
+userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
+
+# section id 3023, allow obtaining stats report
+allow incidentd stats_service:service_manager find;
+binder_call(incidentd, statsd)
+
+# section id 3026, allow reading /data/misc/perfetto-traces.
+allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+allow incidentd perfetto_traces_data_file:file r_file_perms;
+
+# Create and write into /data/misc/incidents
+allow incidentd incident_data_file:dir rw_dir_perms;
+allow incidentd incident_data_file:file create_file_perms;
+
+# Enable incidentd to get stack traces.
+binder_use(incidentd)
+hwbinder_use(incidentd)
+allow incidentd hwservicemanager:hwservice_manager { list };
+get_prop(incidentd, hwservicemanager_prop)
+allow incidentd hidl_manager_hwservice:hwservice_manager { find };
+
+# Read files in /proc
+allow incidentd {
+ proc_cmdline
+ proc_pipe_conf
+ proc_stat
+}:file r_file_perms;
+
+# Signal java processes to dump their stack and get the results
+allow incidentd { appdomain ephemeral_app system_server }:process signal;
+
+# Signal native processes to dump their stack.
+# This list comes from native_processes_to_dump in incidentd/utils.c
+allow incidentd {
+ # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediadrmserver
+ mediaextractor
+ mediametrics
+ mediaserver
+ sdcardd
+ statsd
+ surfaceflinger
+
+ # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
+ hal_audio_server
+ hal_bluetooth_server
+ hal_camera_server
+ hal_codec2_server
+ hal_face_server
+ hal_graphics_allocator_server
+ hal_graphics_composer_server
+ hal_health_server
+ hal_omx_server
+ hal_sensors_server
+ hal_vr_server
+}:process signal;
+
+# Allow incidentd to make binder calls to any binder service
+binder_call(incidentd, system_server)
+binder_call(incidentd, appdomain)
+
+# Reading /proc/PID/maps of other processes
+userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
+# incidentd has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow incidentd *:process ptrace;
+
+allow incidentd self:global_capability_class_set {
+ # Send signals to processes
+ kill
+};
+
+# Connect to tombstoned to intercept dumps.
+unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
+
+# Run a shell.
+allow incidentd shell_exec:file rx_file_perms;
+
+# For running am, incident-helper-cmd and similar framework commands.
+# Run /system/bin/app_process.
+allow incidentd zygote_exec:file { rx_file_perms };
+# Access the runtime feature flag properties.
+get_prop(incidentd, device_config_runtime_native_prop)
+get_prop(incidentd, device_config_runtime_native_boot_prop)
+# ART locks profile files.
+allow incidentd system_file:file lock;
+# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.
+dontaudit incidentd dalvikcache_data_file:dir r_dir_perms;
+dontaudit incidentd tmpfs:file rwx_file_perms;
+
+# logd access - work to be done is a PII safe log (possibly an event log?)
+userdebug_or_eng(`read_logd(incidentd)')
+# TODO control_logd(incidentd)
+
+# Access /data/misc/logd
+r_dir_file(incidentd, misc_logd_file)
+
+# Allow incidentd to find these standard groups of services.
+# Others can be whitelisted individually.
+allow incidentd {
+ system_server_service
+ app_api_service
+ system_api_service
+}:service_manager find;
+
+# Only incidentd can publish the binder service
+add_service(incidentd, incident_service)
+
+# Allow pipes only from dumpstate and incident
+allow incidentd { dumpstate incident }:fd use;
+allow incidentd { dumpstate incident }:fifo_file write;
+
+# Allow incident to call back to incident with status updates.
+binder_call(incidentd, incident)
+
+# Read device serial number from system properties
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, serialno_prop)
+')
+
+# Read ro.boot.bootreason, persist.sys.boot.bootreason
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, bootloader_boot_reason_prop);
+ get_prop(incidentd, system_boot_reason_prop);
+ get_prop(incidentd, last_boot_reason_prop);
+')
+
+###
+### neverallow rules
+###
+# only incidentd and the other root services in limited circumstances
+# can get to the files in /data/misc/incidents
+#
+# write, execute, append are forbidden almost everywhere
+neverallow { domain -incidentd -init -vold } incident_data_file:file {
+ w_file_perms
+ x_file_perms
+ create
+ rename
+ setattr
+ unlink
+ append
+};
+# read is also allowed by system_server, for when the file is handed to dropbox
+neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms;
+# limited access to the directory itself
+neverallow { domain -incidentd -init -vold } incident_data_file:dir create_dir_perms;
+
diff --git a/prebuilts/api/30.0/private/init.te b/prebuilts/api/30.0/private/init.te
new file mode 100644
index 0000000..b0e7f80
--- /dev/null
+++ b/prebuilts/api/30.0/private/init.te
@@ -0,0 +1,60 @@
+typeattribute init coredomain;
+
+tmpfs_domain(init)
+
+# Transitions to seclabel processes in init.rc
+domain_trans(init, rootfs, healthd)
+domain_trans(init, rootfs, slideshow)
+domain_auto_trans(init, charger_exec, charger)
+domain_auto_trans(init, e2fs_exec, e2fs)
+domain_auto_trans(init, bpfloader_exec, bpfloader)
+
+recovery_only(`
+ # Files in recovery image are labeled as rootfs.
+ domain_trans(init, rootfs, adbd)
+ domain_trans(init, rootfs, charger)
+ domain_trans(init, rootfs, fastbootd)
+ domain_trans(init, rootfs, recovery)
+ domain_trans(init, rootfs, linkerconfig)
+')
+domain_trans(init, shell_exec, shell)
+domain_trans(init, init_exec, ueventd)
+domain_trans(init, init_exec, vendor_init)
+domain_trans(init, { rootfs toolbox_exec }, modprobe)
+userdebug_or_eng(`
+ # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
+ domain_auto_trans(init, logcat_exec, logpersist)
+
+ # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
+ allow init su:process transition;
+ dontaudit init su:process noatsecure;
+ allow init su:process { siginh rlimitinh };
+')
+
+# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
+# This is useful in case of remounting ext4 userdata into checkpointing mode,
+# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto)
+# that userdata is mounted onto.
+allow init sysfs_dm:file read;
+
+# Allow the BoringSSL self test to request a reboot upon failure
+set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
+
+# Second-stage init performs a test for whether the kernel has SELinux hooks
+# for the perf_event_open() syscall. This is done by testing for the syscall
+# outcomes corresponding to this policy.
+# TODO(b/137092007): this can be removed once the platform stops supporting
+# kernels that precede the perf_event_open hooks (Android common kernels 4.4
+# and 4.9).
+allow init self:perf_event { open cpu };
+neverallow init self:perf_event { kernel tracepoint read write };
+dontaudit init self:perf_event { kernel tracepoint read write };
+
+# Only init is allowed to set the sysprop indicating whether perf_event_open()
+# SELinux hooks were detected.
+set_prop(init, init_perf_lsm_hooks_prop)
+neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/initial_sid_contexts b/prebuilts/api/30.0/private/initial_sid_contexts
new file mode 100644
index 0000000..9819051
--- /dev/null
+++ b/prebuilts/api/30.0/private/initial_sid_contexts
@@ -0,0 +1,27 @@
+sid kernel u:r:kernel:s0
+sid security u:object_r:kernel:s0
+sid unlabeled u:object_r:unlabeled:s0
+sid fs u:object_r:labeledfs:s0
+sid file u:object_r:unlabeled:s0
+sid file_labels u:object_r:unlabeled:s0
+sid init u:object_r:unlabeled:s0
+sid any_socket u:object_r:unlabeled:s0
+sid port u:object_r:port:s0
+sid netif u:object_r:netif:s0
+sid netmsg u:object_r:unlabeled:s0
+sid node u:object_r:node:s0
+sid igmp_packet u:object_r:unlabeled:s0
+sid icmp_socket u:object_r:unlabeled:s0
+sid tcp_socket u:object_r:unlabeled:s0
+sid sysctl_modprobe u:object_r:unlabeled:s0
+sid sysctl u:object_r:proc:s0
+sid sysctl_fs u:object_r:unlabeled:s0
+sid sysctl_kernel u:object_r:unlabeled:s0
+sid sysctl_net u:object_r:unlabeled:s0
+sid sysctl_net_unix u:object_r:unlabeled:s0
+sid sysctl_vm u:object_r:unlabeled:s0
+sid sysctl_dev u:object_r:unlabeled:s0
+sid kmod u:object_r:unlabeled:s0
+sid policy u:object_r:unlabeled:s0
+sid scmp_packet u:object_r:unlabeled:s0
+sid devnull u:object_r:null_device:s0
diff --git a/prebuilts/api/30.0/private/initial_sids b/prebuilts/api/30.0/private/initial_sids
new file mode 100644
index 0000000..91ac816
--- /dev/null
+++ b/prebuilts/api/30.0/private/initial_sids
@@ -0,0 +1,35 @@
+# FLASK
+
+#
+# Define initial security identifiers
+#
+
+sid kernel
+sid security
+sid unlabeled
+sid fs
+sid file
+sid file_labels
+sid init
+sid any_socket
+sid port
+sid netif
+sid netmsg
+sid node
+sid igmp_packet
+sid icmp_socket
+sid tcp_socket
+sid sysctl_modprobe
+sid sysctl
+sid sysctl_fs
+sid sysctl_kernel
+sid sysctl_net
+sid sysctl_net_unix
+sid sysctl_vm
+sid sysctl_dev
+sid kmod
+sid policy
+sid scmp_packet
+sid devnull
+
+# FLASK
diff --git a/prebuilts/api/30.0/private/inputflinger.te b/prebuilts/api/30.0/private/inputflinger.te
new file mode 100644
index 0000000..9696b49
--- /dev/null
+++ b/prebuilts/api/30.0/private/inputflinger.te
@@ -0,0 +1,3 @@
+typeattribute inputflinger coredomain;
+
+init_daemon_domain(inputflinger)
diff --git a/prebuilts/api/30.0/private/installd.te b/prebuilts/api/30.0/private/installd.te
new file mode 100644
index 0000000..c89ba8b
--- /dev/null
+++ b/prebuilts/api/30.0/private/installd.te
@@ -0,0 +1,45 @@
+typeattribute installd coredomain;
+
+init_daemon_domain(installd)
+
+# Run migrate_legacy_obb_data.sh in its own sandbox.
+domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data)
+allow installd shell_exec:file rx_file_perms;
+
+# Run dex2oat in its own sandbox.
+domain_auto_trans(installd, dex2oat_exec, dex2oat)
+
+# Run dexoptanalyzer in its own sandbox.
+domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer)
+
+# Run viewcompiler in its own sandbox.
+domain_auto_trans(installd, viewcompiler_exec, viewcompiler)
+
+# Run profman in its own sandbox.
+domain_auto_trans(installd, profman_exec, profman)
+
+# Run idmap in its own sandbox.
+domain_auto_trans(installd, idmap_exec, idmap)
+
+# For collecting bugreports.
+allow installd dumpstate:fd use;
+allow installd dumpstate:fifo_file r_file_perms;
+
+# Delete /system/bin/bcc generated artifacts
+allow installd app_exec_data_file:file unlink;
+
+# Capture userdata snapshots to /data/misc_[ce|de]/rollback and
+# subsequently restore them.
+allow installd rollback_data_file:dir create_dir_perms;
+allow installd rollback_data_file:file create_file_perms;
+
+# Allow installd to access the runtime feature flag properties.
+get_prop(installd, device_config_runtime_native_prop)
+get_prop(installd, device_config_runtime_native_boot_prop)
+
+# Allow installd to access apk verity feature flag (for legacy case).
+get_prop(installd, apk_verity_prop)
+
+# Allow installd to delete files in /data/staging
+allow installd staging_data_file:file unlink;
+allow installd staging_data_file:dir { open read remove_name rmdir search write };
diff --git a/prebuilts/api/30.0/private/iorap_inode2filename.te b/prebuilts/api/30.0/private/iorap_inode2filename.te
new file mode 100644
index 0000000..96b7bc2
--- /dev/null
+++ b/prebuilts/api/30.0/private/iorap_inode2filename.te
@@ -0,0 +1,9 @@
+typeattribute iorap_inode2filename coredomain;
+
+# Grant access to open most of the files under /
+allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
+allow iorap_inode2filename dalvikcache_data_file:file { getattr };
+allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
+allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
+allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
+allow iorap_inode2filename storaged_data_file:file { getattr };
diff --git a/prebuilts/api/30.0/private/iorap_prefecherd.te b/prebuilts/api/30.0/private/iorap_prefecherd.te
new file mode 100644
index 0000000..9ddb512
--- /dev/null
+++ b/prebuilts/api/30.0/private/iorap_prefecherd.te
@@ -0,0 +1,4 @@
+typeattribute iorap_prefetcherd coredomain;
+
+init_daemon_domain(iorap_prefetcherd)
+tmpfs_domain(iorap_prefetcherd)
diff --git a/prebuilts/api/30.0/private/iorapd.te b/prebuilts/api/30.0/private/iorapd.te
new file mode 100644
index 0000000..73acec9
--- /dev/null
+++ b/prebuilts/api/30.0/private/iorapd.te
@@ -0,0 +1,10 @@
+typeattribute iorapd coredomain;
+
+init_daemon_domain(iorapd)
+tmpfs_domain(iorapd)
+
+domain_auto_trans(iorapd, iorap_prefetcherd_exec, iorap_prefetcherd)
+domain_auto_trans(iorapd, iorap_inode2filename_exec, iorap_inode2filename)
+
+# Allow iorapd to access the runtime native boot feature flag properties.
+get_prop(iorapd, device_config_runtime_native_boot_prop)
diff --git a/prebuilts/api/30.0/private/isolated_app.te b/prebuilts/api/30.0/private/isolated_app.te
new file mode 100644
index 0000000..4c6c5aa
--- /dev/null
+++ b/prebuilts/api/30.0/private/isolated_app.te
@@ -0,0 +1,152 @@
+###
+### Services with isolatedProcess=true in their manifest.
+###
+### This file defines the rules for isolated apps. An "isolated
+### app" is an APP with UID between AID_ISOLATED_START (99000)
+### and AID_ISOLATED_END (99999).
+###
+
+typeattribute isolated_app coredomain;
+
+app_domain(isolated_app)
+
+# Access already open app data files received over Binder or local socket IPC.
+allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock map };
+
+# Allow access to network sockets received over IPC. New socket creation is not
+# permitted.
+allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl };
+
+allow isolated_app activity_service:service_manager find;
+allow isolated_app display_service:service_manager find;
+allow isolated_app webviewupdate_service:service_manager find;
+
+# Google Breakpad (crash reporter for Chrome) relies on ptrace
+# functionality. Without the ability to ptrace, the crash reporter
+# tool is broken.
+# b/20150694
+# https://code.google.com/p/chromium/issues/detail?id=475270
+allow isolated_app self:process ptrace;
+
+# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps
+# by other processes. Open should never be allowed, and is blocked by
+# neverallow rules below.
+# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
+# is modified to change the secontext when accessing the lower filesystem.
+allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map };
+
+# For webviews, isolated_app processes can be forked from the webview_zygote
+# in addition to the zygote. Allow access to resources inherited from the
+# webview_zygote process. These rules are specialized copies of the ones in app.te.
+# Inherit FDs from the webview_zygote.
+allow isolated_app webview_zygote:fd use;
+# Notify webview_zygote of child death.
+allow isolated_app webview_zygote:process sigchld;
+# Inherit logd write socket.
+allow isolated_app webview_zygote:unix_dgram_socket write;
+# Read system properties managed by webview_zygote.
+allow isolated_app webview_zygote_tmpfs:file read;
+
+# Inherit FDs from the app_zygote.
+allow isolated_app app_zygote:fd use;
+# Notify app_zygote of child death.
+allow isolated_app app_zygote:process sigchld;
+# Inherit logd write socket.
+allow isolated_app app_zygote:unix_dgram_socket write;
+
+# TODO (b/63631799) fix this access
+# suppress denials to /data/local/tmp
+dontaudit isolated_app shell_data_file:dir search;
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(isolated_app)
+
+# Allow profiling if the main app has been marked as profileable or
+# debuggable.
+can_profile_heap(isolated_app)
+can_profile_perf(isolated_app)
+
+#####
+##### Neverallow
+#####
+
+# Isolated apps should not directly open app data files themselves.
+neverallow isolated_app { app_data_file privapp_data_file }:file open;
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+# TODO: are there situations where isolated_apps write to this file?
+# TODO: should we tighten these restrictions further?
+neverallow isolated_app anr_data_file:file ~{ open append };
+neverallow isolated_app anr_data_file:dir ~search;
+
+# Isolated apps must not be permitted to use HwBinder
+neverallow isolated_app hwbinder_device:chr_file *;
+neverallow isolated_app *:hwservice_manager *;
+
+# Isolated apps must not be permitted to use VndBinder
+neverallow isolated_app vndbinder_device:chr_file *;
+
+# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
+# except the find actions for services whitelisted below.
+neverallow isolated_app *:service_manager ~find;
+
+# b/17487348
+# Isolated apps can only access three services,
+# activity_service, display_service, webviewupdate_service.
+neverallow isolated_app {
+ service_manager_type
+ -activity_service
+ -display_service
+ -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps shouldn't be able to access the driver directly.
+neverallow isolated_app gpu_device:chr_file { rw_file_perms execute };
+
+# Do not allow isolated_app access to /cache
+neverallow isolated_app cache_file:dir ~{ r_dir_perms };
+neverallow isolated_app cache_file:file ~{ read getattr };
+
+# Do not allow isolated_app to access external storage, except for files passed
+# via file descriptors (b/32896414).
+neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr;
+neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
+neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *;
+neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map };
+
+# Do not allow USB access
+neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
+
+# Restrict the webview_zygote control socket.
+neverallow isolated_app webview_zygote:sock_file write;
+
+# Limit the /sys files which isolated_app can access. This is important
+# for controlling isolated_app attack surface.
+neverallow isolated_app {
+ sysfs_type
+ -sysfs_devices_system_cpu
+ -sysfs_transparent_hugepage
+ -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
+}:file no_rw_file_perms;
+
+# No creation of sockets families other than AF_UNIX sockets.
+# List taken from system/sepolicy/public/global_macros - socket_class_set
+# excluding unix_stream_socket and unix_dgram_socket.
+# Many of these are socket families which have never and will never
+# be compiled into the Android kernel.
+neverallow isolated_app { self ephemeral_app priv_app untrusted_app_all }:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
+ key_socket appletalk_socket netlink_route_socket
+ netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
+ netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
+ netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
+ netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
+ netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
+ rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
+ ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
+ qipcrtr_socket smc_socket xdp_socket
+} create;
diff --git a/prebuilts/api/30.0/private/iw.te b/prebuilts/api/30.0/private/iw.te
new file mode 100644
index 0000000..adc8c96
--- /dev/null
+++ b/prebuilts/api/30.0/private/iw.te
@@ -0,0 +1,4 @@
+type iw, domain, coredomain;
+type iw_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(iw)
diff --git a/prebuilts/api/30.0/private/kernel.te b/prebuilts/api/30.0/private/kernel.te
new file mode 100644
index 0000000..207800e
--- /dev/null
+++ b/prebuilts/api/30.0/private/kernel.te
@@ -0,0 +1,8 @@
+typeattribute kernel coredomain;
+
+domain_auto_trans(kernel, init_exec, init)
+
+# Allow the kernel to read otapreopt_chroot's file descriptors and files under
+# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex.
+allow kernel otapreopt_chroot:fd use;
+allow kernel postinstall_file:file read;
diff --git a/prebuilts/api/30.0/private/keys.conf b/prebuilts/api/30.0/private/keys.conf
new file mode 100644
index 0000000..362e73d
--- /dev/null
+++ b/prebuilts/api/30.0/private/keys.conf
@@ -0,0 +1,28 @@
+#
+# Maps an arbitrary tag [TAGNAME] with the string contents found in
+# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and
+# name it after the base file name of the pem file.
+#
+# Each tag (section) then allows one to specify any string found in
+# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another
+# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string.
+#
+
+[@PLATFORM]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
+
+[@MEDIA]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
+
+[@NETWORK_STACK]
+ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
+
+[@SHARED]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
+
+# Example of ALL TARGET_BUILD_VARIANTS
+[@RELEASE]
+ENG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
+USER : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
+USERDEBUG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem
+
diff --git a/prebuilts/api/30.0/private/keystore.te b/prebuilts/api/30.0/private/keystore.te
new file mode 100644
index 0000000..81b6dfb
--- /dev/null
+++ b/prebuilts/api/30.0/private/keystore.te
@@ -0,0 +1,18 @@
+typeattribute keystore coredomain;
+
+init_daemon_domain(keystore)
+
+# talk to keymaster
+hal_client_domain(keystore, hal_keymaster)
+
+# talk to confirmationui
+hal_client_domain(keystore, hal_confirmationui)
+
+# This is used for the ConfirmationUI async callback.
+allow keystore platform_app:binder call;
+
+# Allow to check whether security logging is enabled.
+get_prop(keystore, device_logging_prop)
+
+# Allow keystore to write to statsd.
+unix_socket_send(keystore, statsdw, statsd)
diff --git a/prebuilts/api/30.0/private/linkerconfig.te b/prebuilts/api/30.0/private/linkerconfig.te
new file mode 100644
index 0000000..414b39f
--- /dev/null
+++ b/prebuilts/api/30.0/private/linkerconfig.te
@@ -0,0 +1,19 @@
+type linkerconfig, domain, coredomain;
+type linkerconfig_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(linkerconfig)
+
+## Read and write linkerconfig subdirectory.
+allow linkerconfig linkerconfig_file:dir create_dir_perms;
+allow linkerconfig linkerconfig_file:file create_file_perms;
+
+# Allow linkerconfig to log to the kernel.
+allow linkerconfig kmsg_device:chr_file w_file_perms;
+
+# Allow linkerconfig to be invoked with logwrapper from init.
+allow linkerconfig devpts:chr_file { read write };
+
+# Allow linkerconfig to scan for apex modules
+allow linkerconfig apex_mnt_dir:dir r_dir_perms;
+
+neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms;
diff --git a/prebuilts/api/30.0/private/llkd.te b/prebuilts/api/30.0/private/llkd.te
new file mode 100644
index 0000000..f218dec
--- /dev/null
+++ b/prebuilts/api/30.0/private/llkd.te
@@ -0,0 +1,53 @@
+# llkd Live LocK Daemon
+typeattribute llkd coredomain;
+
+init_daemon_domain(llkd)
+
+get_prop(llkd, llkd_prop)
+
+allow llkd self:global_capability_class_set kill;
+userdebug_or_eng(`
+ allow llkd self:global_capability_class_set { sys_ptrace sys_admin };
+ allow llkd self:global_capability_class_set { dac_override dac_read_search };
+')
+
+# llkd optionally locks itself in memory, to prevent it from being
+# swapped out and unable to discover a kernel in live-lock state.
+allow llkd self:global_capability_class_set ipc_lock;
+
+# Send kill signals to _anyone_ suffering from Live Lock
+allow llkd domain:process sigkill;
+
+# read stack to check for Live Lock
+userdebug_or_eng(`
+ allow llkd {
+ domain
+ -apexd
+ -kernel
+ -keystore
+ -init
+ -llkd
+ -ueventd
+ -vendor_init
+ }:process ptrace;
+')
+
+# live lock watchdog process allowed to look through /proc/
+allow llkd domain:dir r_dir_perms;
+allow llkd domain:file r_file_perms;
+allow llkd domain:lnk_file read;
+# Set /proc/sys/kernel/hung_task_*
+allow llkd proc_hung_task:file rw_file_perms;
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow llkd proc_sysrq:file w_file_perms;
+allow llkd kmsg_device:chr_file w_file_perms;
+
+### neverallow rules
+
+neverallow { domain -init } llkd:process { dyntransition transition };
+neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
+
+# never honor LD_PRELOAD
+neverallow * llkd:process noatsecure;
diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te
new file mode 100644
index 0000000..e51cddb
--- /dev/null
+++ b/prebuilts/api/30.0/private/lmkd.te
@@ -0,0 +1,8 @@
+typeattribute lmkd coredomain;
+
+init_daemon_domain(lmkd)
+
+# Set lmkd.* properties.
+set_prop(lmkd, lmkd_prop)
+
+neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/logd.te b/prebuilts/api/30.0/private/logd.te
new file mode 100644
index 0000000..ca92e20
--- /dev/null
+++ b/prebuilts/api/30.0/private/logd.te
@@ -0,0 +1,38 @@
+typeattribute logd coredomain;
+
+init_daemon_domain(logd)
+
+# logd is not allowed to write anywhere other than /data/misc/logd, and then
+# only on userdebug or eng builds
+neverallow logd {
+ file_type
+ -runtime_event_log_tags_file
+ userdebug_or_eng(`-coredump_file -misc_logd_file')
+ with_native_coverage(`-method_trace_data_file')
+}:file { create write append };
+
+# protect the event-log-tags file
+neverallow {
+ domain
+ -appdomain # covered below
+ -bootstat
+ -dumpstate
+ -init
+ -logd
+ userdebug_or_eng(`-logpersist')
+ -servicemanager
+ -system_server
+ -surfaceflinger
+ -zygote
+} runtime_event_log_tags_file:file no_rw_file_perms;
+
+neverallow {
+ appdomain
+ -bluetooth
+ -platform_app
+ -priv_app
+ -radio
+ -shell
+ userdebug_or_eng(`-su')
+ -system_app
+} runtime_event_log_tags_file:file no_rw_file_perms;
diff --git a/prebuilts/api/30.0/private/logpersist.te b/prebuilts/api/30.0/private/logpersist.te
new file mode 100644
index 0000000..ac324df
--- /dev/null
+++ b/prebuilts/api/30.0/private/logpersist.te
@@ -0,0 +1,29 @@
+typeattribute logpersist coredomain;
+
+# android debug log storage in logpersist domains (eng and userdebug only)
+userdebug_or_eng(`
+
+ r_dir_file(logpersist, cgroup)
+
+ allow logpersist misc_logd_file:file create_file_perms;
+ allow logpersist misc_logd_file:dir rw_dir_perms;
+
+ allow logpersist self:global_capability_class_set sys_nice;
+ allow logpersist pstorefs:dir search;
+ allow logpersist pstorefs:file r_file_perms;
+
+ control_logd(logpersist)
+ unix_socket_connect(logpersist, logdr, logd)
+ read_runtime_log_tags(logpersist)
+
+')
+
+# logpersist is allowed to write to /data/misc/log for userdebug and eng builds
+neverallow logpersist {
+ file_type
+ userdebug_or_eng(`-misc_logd_file -coredump_file')
+ with_native_coverage(`-method_trace_data_file')
+}:file { create write append };
+neverallow { domain -init -dumpstate -incidentd userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_w_file_perms;
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
diff --git a/prebuilts/api/30.0/private/lpdumpd.te b/prebuilts/api/30.0/private/lpdumpd.te
new file mode 100644
index 0000000..3bcd761
--- /dev/null
+++ b/prebuilts/api/30.0/private/lpdumpd.te
@@ -0,0 +1,42 @@
+type lpdumpd, domain, coredomain;
+type lpdumpd_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(lpdumpd)
+
+# Allow lpdumpd to register itself as a service.
+binder_use(lpdumpd)
+add_service(lpdumpd, lpdump_service)
+
+# Allow lpdumpd to find the super partition block device.
+allow lpdumpd block_device:dir r_dir_perms;
+
+# Allow lpdumpd to read super partition metadata.
+allow lpdumpd super_block_device_type:blk_file r_file_perms;
+
+# Allow lpdumpd to read fstab.
+allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms;
+allow lpdumpd sysfs_dt_firmware_android:file r_file_perms;
+
+# Triggered when lpdumpd tries to read default fstab.
+dontaudit lpdumpd metadata_file:dir r_dir_perms;
+dontaudit lpdumpd metadata_file:file r_file_perms;
+dontaudit lpdumpd gsi_metadata_file:dir r_dir_perms;
+dontaudit lpdumpd gsi_metadata_file:file r_file_perms;
+
+### Neverallow rules
+
+# Disallow other domains to get lpdump_service and call lpdumpd.
+neverallow {
+ domain
+ -dumpstate
+ -lpdumpd
+ -shell
+} lpdump_service:service_manager find;
+
+neverallow {
+ domain
+ -dumpstate
+ -lpdumpd
+ -shell
+ -servicemanager
+} lpdumpd:binder call;
diff --git a/prebuilts/api/30.0/private/mac_permissions.xml b/prebuilts/api/30.0/private/mac_permissions.xml
new file mode 100644
index 0000000..7fc37c1
--- /dev/null
+++ b/prebuilts/api/30.0/private/mac_permissions.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag. The signature can
+ either appear as a set of attached cert child tags or as an attribute.
+ * A signer tag must contain a seinfo tag XOR multiple package stanzas.
+ * Each signer/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process as well as the apps data directory.
+ * seinfo assignments are made according to the following rules:
+ - Stanzas with package name refinements will be checked first.
+ - Stanzas w/o package name refinements will be checked second.
+ - The "default" seinfo label is automatically applied.
+
+ * valid stanzas can take one of the following forms:
+
+ // single cert protecting seinfo
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+
+ // multiple certs protecting seinfo (all contained certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <seinfo value="platform" />
+ </signer>
+
+ // single cert protecting explicitly named app
+ <signer signature="@PLATFORM" >
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+
+ // multiple certs protecting explicitly named app (all certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+-->
+
+ <!-- Platform dev key in AOSP -->
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+
+ <!-- Media key in AOSP -->
+ <signer signature="@MEDIA" >
+ <seinfo value="media" />
+ </signer>
+
+ <signer signature="@NETWORK_STACK" >
+ <seinfo value="network_stack" />
+ </signer>
+</policy>
diff --git a/prebuilts/api/30.0/private/mdnsd.te b/prebuilts/api/30.0/private/mdnsd.te
new file mode 100644
index 0000000..98e95da
--- /dev/null
+++ b/prebuilts/api/30.0/private/mdnsd.te
@@ -0,0 +1,12 @@
+# mdns daemon
+
+typeattribute mdnsd coredomain;
+typeattribute mdnsd mlstrustedsubject;
+
+type mdnsd_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(mdnsd)
+
+net_domain(mdnsd)
+
+# Read from /proc/net
+r_dir_file(mdnsd, proc_net_type)
diff --git a/prebuilts/api/30.0/private/mediadrmserver.te b/prebuilts/api/30.0/private/mediadrmserver.te
new file mode 100644
index 0000000..4e511a8
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediadrmserver.te
@@ -0,0 +1,8 @@
+typeattribute mediadrmserver coredomain;
+
+init_daemon_domain(mediadrmserver)
+
+# allocate and use graphic buffers
+hal_client_domain(mediadrmserver, hal_graphics_allocator)
+auditallow mediadrmserver hal_graphics_allocator_server:binder call;
+
diff --git a/prebuilts/api/30.0/private/mediaextractor.te b/prebuilts/api/30.0/private/mediaextractor.te
new file mode 100644
index 0000000..2e654d68
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediaextractor.te
@@ -0,0 +1,7 @@
+typeattribute mediaextractor coredomain;
+
+init_daemon_domain(mediaextractor)
+tmpfs_domain(mediaextractor)
+allow mediaextractor appdomain_tmpfs:file { getattr map read write };
+allow mediaextractor mediaserver_tmpfs:file { getattr map read write };
+allow mediaextractor system_server_tmpfs:file { getattr map read write };
diff --git a/prebuilts/api/30.0/private/mediametrics.te b/prebuilts/api/30.0/private/mediametrics.te
new file mode 100644
index 0000000..f8b2fa5
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediametrics.te
@@ -0,0 +1,3 @@
+typeattribute mediametrics coredomain;
+
+init_daemon_domain(mediametrics)
diff --git a/prebuilts/api/30.0/private/mediaprovider.te b/prebuilts/api/30.0/private/mediaprovider.te
new file mode 100644
index 0000000..249fee1
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediaprovider.te
@@ -0,0 +1,44 @@
+###
+### A domain for android.process.media, which contains both
+### MediaProvider and DownloadProvider and associated services.
+###
+
+typeattribute mediaprovider coredomain;
+app_domain(mediaprovider)
+
+# DownloadProvider accesses the network.
+net_domain(mediaprovider)
+
+# DownloadProvider uses /cache.
+allow mediaprovider cache_file:dir create_dir_perms;
+allow mediaprovider cache_file:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow mediaprovider cache_file:lnk_file r_file_perms;
+# mediaprovider searches through /cache looking for orphans
+# Ignore denials to /cache/recovery and /cache/backup.
+dontaudit mediaprovider cache_private_backup_file:dir getattr;
+dontaudit mediaprovider cache_recovery_file:dir getattr;
+
+# Access external sdcards through /mnt/media_rw
+allow mediaprovider { mnt_media_rw_file }:dir search;
+
+allow mediaprovider app_api_service:service_manager find;
+allow mediaprovider audioserver_service:service_manager find;
+allow mediaprovider drmserver_service:service_manager find;
+allow mediaprovider mediaextractor_service:service_manager find;
+allow mediaprovider mediaserver_service:service_manager find;
+
+# Allow MediaProvider to read/write cached ringtones (opened by system).
+allow mediaprovider ringtone_file:file { getattr read write };
+
+# MtpServer uses /dev/mtp_usb
+allow mediaprovider mtp_device:chr_file rw_file_perms;
+
+# MtpServer uses /dev/usb-ffs/mtp
+allow mediaprovider functionfs:dir search;
+allow mediaprovider functionfs:file rw_file_perms;
+allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
+
+# MtpServer sets sys.usb.ffs.mtp.ready
+set_prop(mediaprovider, ffs_prop)
+set_prop(mediaprovider, exported_ffs_prop)
diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te
new file mode 100644
index 0000000..335c1b6
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediaprovider_app.te
@@ -0,0 +1,45 @@
+###
+### A domain for further sandboxing the MediaProvider mainline module.
+###
+type mediaprovider_app, domain, coredomain;
+
+app_domain(mediaprovider_app)
+
+# Access to /mnt/pass_through.
+allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms;
+
+# Allow MediaProvider to host a FUSE daemon for external storage
+allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
+
+# Allow MediaProvider to read/write media_rw_data_file files and dirs
+allow mediaprovider_app media_rw_data_file:file create_file_perms;
+allow mediaprovider_app media_rw_data_file:dir create_dir_perms;
+
+# Talk to the DRM service
+allow mediaprovider_app drmserver_service:service_manager find;
+
+# Talk to the MediaServer service
+allow mediaprovider_app mediaserver_service:service_manager find;
+
+# Talk to regular app services
+allow mediaprovider_app app_api_service:service_manager find;
+
+# Talk to the GPU service
+binder_call(mediaprovider_app, gpuservice)
+
+# read pipe-max-size configuration
+allow mediaprovider_app proc_pipe_conf:file r_file_perms;
+
+# Allow MediaProvider to set extended attributes (such as quota project ID)
+# on media files.
+allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
+
+allow mediaprovider_app proc_filesystems:file r_file_perms;
+
+#Allow MediaProvider to see if sdcardfs is in use
+get_prop(mediaprovider_app, storage_config_prop)
diff --git a/prebuilts/api/30.0/private/mediaserver.te b/prebuilts/api/30.0/private/mediaserver.te
new file mode 100644
index 0000000..c55e54a
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediaserver.te
@@ -0,0 +1,14 @@
+typeattribute mediaserver coredomain;
+
+init_daemon_domain(mediaserver)
+tmpfs_domain(mediaserver)
+allow mediaserver appdomain_tmpfs:file { getattr map read write };
+
+# allocate and use graphic buffers
+hal_client_domain(mediaserver, hal_graphics_allocator)
+hal_client_domain(mediaserver, hal_configstore)
+hal_client_domain(mediaserver, hal_drm)
+hal_client_domain(mediaserver, hal_omx)
+hal_client_domain(mediaserver, hal_codec2)
+
+allow mediaserver mediatranscoding_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/mediaswcodec.te b/prebuilts/api/30.0/private/mediaswcodec.te
new file mode 100644
index 0000000..50f5698
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediaswcodec.te
@@ -0,0 +1,4 @@
+typeattribute mediaswcodec coredomain;
+
+init_daemon_domain(mediaswcodec)
+
diff --git a/prebuilts/api/30.0/private/mediatranscoding.te b/prebuilts/api/30.0/private/mediatranscoding.te
new file mode 100644
index 0000000..e0ad84c
--- /dev/null
+++ b/prebuilts/api/30.0/private/mediatranscoding.te
@@ -0,0 +1,3 @@
+typeattribute mediatranscoding coredomain;
+
+init_daemon_domain(mediatranscoding)
diff --git a/prebuilts/api/30.0/private/migrate_legacy_obb_data.te b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te
new file mode 100644
index 0000000..b2a1fb1
--- /dev/null
+++ b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te
@@ -0,0 +1,28 @@
+type migrate_legacy_obb_data, domain, coredomain;
+type migrate_legacy_obb_data_exec, system_file_type, exec_type, file_type;
+
+allow migrate_legacy_obb_data media_rw_data_file:dir create_dir_perms;
+allow migrate_legacy_obb_data media_rw_data_file:file create_file_perms;
+
+allow migrate_legacy_obb_data shell_exec:file rx_file_perms;
+
+allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms;
+
+allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
+# TODO: This should not be necessary. We don't deliberately hand over
+# any open file descriptors to this domain, so anything that triggers this
+# should be a candidate for O_CLOEXEC.
+allow migrate_legacy_obb_data installd:fd use;
+
+# This rule is required to let this process read /proc/{parent_pid}/mount.
+# TODO: Why is this required ?
+allow migrate_legacy_obb_data installd:file read;
diff --git a/prebuilts/api/30.0/private/mls b/prebuilts/api/30.0/private/mls
new file mode 100644
index 0000000..9690440
--- /dev/null
+++ b/prebuilts/api/30.0/private/mls
@@ -0,0 +1,107 @@
+#################################################
+# MLS policy constraints
+#
+
+#
+# Process constraints
+#
+
+# Process transition: Require equivalence unless the subject is trusted.
+mlsconstrain process { transition dyntransition }
+ ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject);
+
+# Process read operations: No read up unless trusted.
+mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share }
+ (l1 dom l2 or t1 == mlstrustedsubject);
+
+# Process write operations: Require equivalence unless trusted.
+mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setrlimit ptrace share }
+ (l1 eq l2 or t1 == mlstrustedsubject);
+
+#
+# Socket constraints
+#
+
+# Create/relabel operations: Subject must be equivalent to object unless
+# the subject is trusted. Sockets inherit the range of their creator.
+mlsconstrain socket_class_set { create relabelfrom relabelto }
+ ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject);
+
+# Datagram send: Sender must be equivalent to the receiver unless one of them
+# is trusted.
+mlsconstrain unix_dgram_socket { sendto }
+ (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject);
+
+# Stream connect: Client must be equivalent to server unless one of them
+# is trusted.
+mlsconstrain unix_stream_socket { connectto }
+ (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject);
+
+#
+# Directory/file constraints
+#
+
+# Create/relabel operations: Subject must be equivalent to object unless
+# the subject is trusted. Also, files should always be single-level.
+# Do NOT exempt mlstrustedobject types from this constraint.
+mlsconstrain dir_file_class_set { create relabelfrom relabelto }
+ (l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject));
+
+#
+# Constraints for app data files only.
+#
+
+# Only constrain open, not read/write.
+# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
+# Subject must dominate object unless the subject is trusted.
+mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
+ ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
+mlsconstrain { file sock_file } { open setattr unlink link rename }
+ ( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
+# For symlinks in app_data_file, require equivalence in order to manipulate or follow (read).
+mlsconstrain { lnk_file } { open setattr unlink link rename read }
+ ( (t2 != app_data_file) or l1 eq l2 or t1 == mlstrustedsubject);
+# For priv_app_data_file, continue to use dominance for symlinks because dynamite relies on this.
+# TODO: Migrate to equivalence when it's no longer needed.
+mlsconstrain { lnk_file } { open setattr unlink link rename read }
+ ( (t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
+
+#
+# Constraints for file types other than app data files.
+#
+
+# Read operations: Subject must dominate object unless the subject
+# or the object is trusted.
+mlsconstrain dir { read getattr search }
+ (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+
+mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
+ (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+
+# Write operations: Subject must be equivalent to the object unless the
+# subject or the object is trusted.
+mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir }
+ (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+
+mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename }
+ (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+
+# Special case for FIFOs.
+# These can be unnamed pipes, in which case they will be labeled with the
+# creating process' label. Thus we also have an exemption when the "object"
+# is a domain type, so that processes can communicate via unnamed pipes
+# passed by binder or local socket IPC.
+mlsconstrain fifo_file { read getattr }
+ (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain);
+
+mlsconstrain fifo_file { write setattr append unlink link rename }
+ (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain);
+
+#
+# Binder IPC constraints
+#
+# Presently commented out, as apps are expected to call one another.
+# This would only make sense if apps were assigned categories
+# based on allowable communications rather than per-app categories.
+#mlsconstrain binder call
+# (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject);
diff --git a/prebuilts/api/30.0/private/mls_decl b/prebuilts/api/30.0/private/mls_decl
new file mode 100644
index 0000000..dd53bea
--- /dev/null
+++ b/prebuilts/api/30.0/private/mls_decl
@@ -0,0 +1,10 @@
+#########################################
+# MLS declarations
+#
+
+# Generate the desired number of sensitivities and categories.
+gen_sens(mls_num_sens)
+gen_cats(mls_num_cats)
+
+# Generate level definitions for each sensitivity and category.
+gen_levels(mls_num_sens,mls_num_cats)
diff --git a/prebuilts/api/30.0/private/mls_macros b/prebuilts/api/30.0/private/mls_macros
new file mode 100644
index 0000000..83e0542
--- /dev/null
+++ b/prebuilts/api/30.0/private/mls_macros
@@ -0,0 +1,54 @@
+########################################
+#
+# gen_cats(N)
+#
+# declares categores c0 to c(N-1)
+#
+define(`decl_cats',`dnl
+category c$1;
+ifelse(`$1',`$2',,`decl_cats(incr($1),$2)')dnl
+')
+
+define(`gen_cats',`decl_cats(0,decr($1))')
+
+########################################
+#
+# gen_sens(N)
+#
+# declares sensitivites s0 to s(N-1) with dominance
+# in increasing numeric order with s0 lowest, s(N-1) highest
+#
+define(`decl_sens',`dnl
+sensitivity s$1;
+ifelse(`$1',`$2',,`decl_sens(incr($1),$2)')dnl
+')
+
+define(`gen_dominance',`s$1 ifelse(`$1',`$2',,`gen_dominance(incr($1),$2)')')
+
+define(`gen_sens',`
+# Each sensitivity has a name and zero or more aliases.
+decl_sens(0,decr($1))
+
+# Define the ordering of the sensitivity levels (least to greatest)
+dominance { gen_dominance(0,decr($1)) }
+')
+
+########################################
+#
+# gen_levels(N,M)
+#
+# levels from s0 to (N-1) with categories c0 to (M-1)
+#
+define(`decl_levels',`dnl
+level s$1:c0.c$3;
+ifelse(`$1',`$2',,`decl_levels(incr($1),$2,$3)')dnl
+')
+
+define(`gen_levels',`decl_levels(0,decr($1),decr($2))')
+
+########################################
+#
+# Basic level names for system low and high
+#
+define(`mls_systemlow',`s0')
+define(`mls_systemhigh',`s`'decr(mls_num_sens):c0.c`'decr(mls_num_cats)')
diff --git a/prebuilts/api/30.0/private/modprobe.te b/prebuilts/api/30.0/private/modprobe.te
new file mode 100644
index 0000000..9858675
--- /dev/null
+++ b/prebuilts/api/30.0/private/modprobe.te
@@ -0,0 +1 @@
+typeattribute modprobe coredomain;
diff --git a/prebuilts/api/30.0/private/mtp.te b/prebuilts/api/30.0/private/mtp.te
new file mode 100644
index 0000000..732e111
--- /dev/null
+++ b/prebuilts/api/30.0/private/mtp.te
@@ -0,0 +1,3 @@
+typeattribute mtp coredomain;
+
+init_daemon_domain(mtp)
diff --git a/prebuilts/api/30.0/private/netd.te b/prebuilts/api/30.0/private/netd.te
new file mode 100644
index 0000000..41473b7
--- /dev/null
+++ b/prebuilts/api/30.0/private/netd.te
@@ -0,0 +1,30 @@
+typeattribute netd coredomain;
+
+init_daemon_domain(netd)
+
+# Allow netd to spawn dnsmasq in it's own domain
+domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
+
+# Allow netd to start clatd in its own domain and kill it
+domain_auto_trans(netd, clatd_exec, clatd)
+allow netd clatd:process signal;
+
+# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
+# the map created by bpfloader
+allow netd bpfloader:bpf { prog_run map_read map_write };
+
+# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
+# TODO: Remove this permission when 4.9 kernel is deprecated.
+allow netd self:key_socket create;
+
+get_prop(netd, bpf_progs_loaded_prop)
+
+# Allow netd to write to statsd.
+unix_socket_send(netd, statsdw, statsd)
+
+# Allow netd to send callbacks to network_stack
+binder_call(netd, network_stack)
+
+# Allow netd to send dump info to dumpstate
+allow netd dumpstate:fd use;
+allow netd dumpstate:fifo_file { getattr write };
diff --git a/prebuilts/api/30.0/private/netutils_wrapper.te b/prebuilts/api/30.0/private/netutils_wrapper.te
new file mode 100644
index 0000000..ca3b515
--- /dev/null
+++ b/prebuilts/api/30.0/private/netutils_wrapper.te
@@ -0,0 +1,44 @@
+typeattribute netutils_wrapper coredomain;
+
+r_dir_file(netutils_wrapper, system_file);
+
+# For netutils (ip, iptables, tc)
+allow netutils_wrapper self:global_capability_class_set net_raw;
+
+allow netutils_wrapper system_file:file { execute execute_no_trans };
+allow netutils_wrapper proc_net_type:file { open read getattr };
+allow netutils_wrapper self:rawip_socket create_socket_perms;
+allow netutils_wrapper self:udp_socket create_socket_perms;
+allow netutils_wrapper self:global_capability_class_set net_admin;
+# ip utils need everything but ioctl
+allow netutils_wrapper self:netlink_route_socket ~ioctl;
+allow netutils_wrapper self:netlink_xfrm_socket ~ioctl;
+
+# For netutils (ndc) to be able to talk to netd
+allow netutils_wrapper netd_service:service_manager find;
+allow netutils_wrapper dnsresolver_service:service_manager find;
+binder_use(netutils_wrapper);
+binder_call(netutils_wrapper, netd);
+
+# For vendor code that update the iptables rules at runtime. They need to reload
+# the whole chain including the xt_bpf rules. They need to access to the pinned
+# program when reloading the rule.
+allow netutils_wrapper fs_bpf:dir search;
+allow netutils_wrapper fs_bpf:file { read write };
+allow netutils_wrapper bpfloader:bpf prog_run;
+
+# For /data/misc/net access to ndc and ip
+r_dir_file(netutils_wrapper, net_data_file)
+
+domain_auto_trans({
+ domain
+ -coredomain
+ -appdomain
+}, netutils_wrapper_exec, netutils_wrapper)
+
+# suppress spurious denials
+dontaudit netutils_wrapper self:global_capability_class_set sys_resource;
+dontaudit netutils_wrapper sysfs_type:file read;
+
+# netutils wrapper may only use the following capabilities.
+neverallow netutils_wrapper self:global_capability_class_set ~{ net_admin net_raw };
diff --git a/prebuilts/api/30.0/private/network_stack.te b/prebuilts/api/30.0/private/network_stack.te
new file mode 100644
index 0000000..1295a07
--- /dev/null
+++ b/prebuilts/api/30.0/private/network_stack.te
@@ -0,0 +1,38 @@
+# Networking service app
+typeattribute network_stack coredomain;
+
+app_domain(network_stack);
+net_domain(network_stack);
+
+allow network_stack self:global_capability_class_set {
+ net_admin
+ net_bind_service
+ net_broadcast
+ net_raw
+};
+
+# Allow access to net_admin ioctl, DHCP server uses SIOCSARP
+allowxperm network_stack self:udp_socket ioctl priv_sock_ioctls;
+
+# The DhcpClient uses packet_sockets
+allow network_stack self:packet_socket create_socket_perms_no_ioctl;
+
+# Monitor neighbors via netlink.
+allow network_stack self:netlink_route_socket nlmsg_write;
+
+allow network_stack app_api_service:service_manager find;
+allow network_stack dnsresolver_service:service_manager find;
+allow network_stack netd_service:service_manager find;
+allow network_stack radio_service:service_manager find;
+allow network_stack radio_data_file:dir create_dir_perms;
+allow network_stack radio_data_file:file create_file_perms;
+
+binder_call(network_stack, netd);
+
+# Create/use netlink_tcpdiag_socket to get tcp info
+allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
+############### Tethering Service app - Tethering.apk ##############
+hal_client_domain(network_stack, hal_tetheroffload)
+# Create and share netlink_netfilter_sockets for tetheroffload.
+allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+allow network_stack network_stack_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/nfc.te b/prebuilts/api/30.0/private/nfc.te
new file mode 100644
index 0000000..2e48eef
--- /dev/null
+++ b/prebuilts/api/30.0/private/nfc.te
@@ -0,0 +1,33 @@
+# nfc subsystem
+typeattribute nfc coredomain;
+app_domain(nfc)
+net_domain(nfc)
+
+binder_service(nfc)
+add_service(nfc, nfc_service)
+
+hal_client_domain(nfc, hal_nfc)
+
+# Data file accesses.
+allow nfc nfc_data_file:dir create_dir_perms;
+allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
+
+# SoundPool loading and playback
+allow nfc audioserver_service:service_manager find;
+allow nfc drmserver_service:service_manager find;
+allow nfc mediametrics_service:service_manager find;
+allow nfc mediaextractor_service:service_manager find;
+allow nfc mediaserver_service:service_manager find;
+
+allow nfc radio_service:service_manager find;
+allow nfc app_api_service:service_manager find;
+allow nfc system_api_service:service_manager find;
+allow nfc vr_manager_service:service_manager find;
+allow nfc secure_element_service:service_manager find;
+
+set_prop(nfc, nfc_prop);
+
+# already open bugreport file descriptors may be shared with
+# the nfc process, from a file in
+# /data/data/com.android.shell/files/bugreports/bugreport-*.
+allow nfc shell_data_file:file read;
diff --git a/prebuilts/api/30.0/private/notify_traceur.te b/prebuilts/api/30.0/private/notify_traceur.te
new file mode 100644
index 0000000..ef1fd4f
--- /dev/null
+++ b/prebuilts/api/30.0/private/notify_traceur.te
@@ -0,0 +1,12 @@
+type notify_traceur, domain, coredomain;
+type notify_traceur_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(notify_traceur);
+binder_use(notify_traceur);
+
+# This is to execute am
+allow notify_traceur activity_service:service_manager find;
+allow notify_traceur shell_exec:file rx_file_perms;
+allow notify_traceur system_file:file rx_file_perms;
+
+binder_call(notify_traceur, system_server);
diff --git a/prebuilts/api/30.0/private/otapreopt_chroot.te b/prebuilts/api/30.0/private/otapreopt_chroot.te
new file mode 100644
index 0000000..e2bc33e
--- /dev/null
+++ b/prebuilts/api/30.0/private/otapreopt_chroot.te
@@ -0,0 +1,74 @@
+# otapreopt_chroot executable
+type otapreopt_chroot, domain, coredomain;
+type otapreopt_chroot_exec, system_file_type, exec_type, file_type;
+
+# Chroot preparation and execution.
+# We need to create an unshared mount namespace, and then mount /data.
+allow otapreopt_chroot postinstall_file:dir { search mounton };
+allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot };
+
+# This is required to mount /vendor and mount/unmount ext4 images from
+# APEX packages in /postinstall/apex.
+allow otapreopt_chroot block_device:dir search;
+allow otapreopt_chroot labeledfs:filesystem { mount unmount };
+# This is required for dynamic partitions.
+allow otapreopt_chroot dm_device:chr_file rw_file_perms;
+
+# This is required to unmount flattened APEX packages under
+# /postinstall/system/apex (which are bind-mounted in /postinstall/apex).
+allow otapreopt_chroot postinstall_file:filesystem unmount;
+# Mounting /vendor can have this side-effect. Ignore denial.
+dontaudit otapreopt_chroot kernel:process setsched;
+
+# Allow otapreopt_chroot to read SELinux policy files.
+allow otapreopt_chroot file_contexts_file:file r_file_perms;
+
+# Allow otapreopt_chroot to open and read the contents of /postinstall/system/apex.
+allow otapreopt_chroot postinstall_file:dir r_dir_perms;
+# Allow otapreopt_chroot to read the persist.apexd.verity_on_system system property.
+get_prop(otapreopt_chroot, apexd_prop)
+
+# Allow otapreopt to use file descriptors from update-engine. It will
+# close them immediately.
+allow otapreopt_chroot postinstall:fd use;
+allow otapreopt_chroot update_engine:fd use;
+allow otapreopt_chroot update_engine:fifo_file write;
+
+# Allow to transition to postinstall_dexopt, to run otapreopt in its own sandbox.
+domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
+
+# Allow otapreopt_chroot to create loop devices with /dev/loop-control.
+allow otapreopt_chroot loop_control_device:chr_file rw_file_perms;
+# Allow otapreopt_chroot to access loop devices.
+allow otapreopt_chroot loop_device:blk_file rw_file_perms;
+allowxperm otapreopt_chroot loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+ BLKFLSBUF
+};
+
+# Allow otapreopt_chroot to configure read-ahead of loop devices.
+allow otapreopt_chroot sysfs_loop:dir r_dir_perms;
+allow otapreopt_chroot sysfs_loop:file rw_file_perms;
+
+# Allow otapreopt_chroot to mount a tmpfs filesystem in /postinstall/apex.
+allow otapreopt_chroot tmpfs:filesystem mount;
+# Allow otapreopt_chroot to restore the security context of /postinstall/apex.
+allow otapreopt_chroot tmpfs:dir relabelfrom;
+allow otapreopt_chroot postinstall_apex_mnt_dir:dir relabelto;
+
+# Allow otapreopt_chroot to manipulate directory /postinstall/apex.
+allow otapreopt_chroot postinstall_apex_mnt_dir:dir create_dir_perms;
+# Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
+allow otapreopt_chroot postinstall_apex_mnt_dir:dir mounton;
+
+# Allow otapreopt_chroot to access /dev/block (needed to detach loop
+# devices used by ext4 images from APEX packages).
+allow otapreopt_chroot block_device:dir r_dir_perms;
+
+# Allow to access the linker through the symlink.
+allow otapreopt_chroot postinstall_file:lnk_file r_file_perms;
diff --git a/prebuilts/api/30.0/private/otapreopt_slot.te b/prebuilts/api/30.0/private/otapreopt_slot.te
new file mode 100644
index 0000000..27a3b0e
--- /dev/null
+++ b/prebuilts/api/30.0/private/otapreopt_slot.te
@@ -0,0 +1,28 @@
+# This command set moves the artifact corresponding to the current slot
+# from /data/ota to /data/dalvik-cache.
+
+type otapreopt_slot, domain, mlstrustedsubject, coredomain;
+type otapreopt_slot_exec, system_file_type, exec_type, file_type;
+
+# Technically not a daemon but we do want the transition from init domain to
+# cppreopts to occur.
+init_daemon_domain(otapreopt_slot)
+
+# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up
+# the directory afterwards. For logging of aggregate size, we need getattr.
+allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir };
+allow otapreopt_slot ota_data_file:{ file lnk_file } getattr;
+# (du follows symlinks)
+allow otapreopt_slot ota_data_file:lnk_file read;
+
+# Delete old content of the dalvik-cache.
+allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write };
+allow otapreopt_slot dalvikcache_data_file:file { getattr unlink };
+allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink };
+
+# Allow cppreopts to execute itself using #!/system/bin/sh
+allow otapreopt_slot shell_exec:file rx_file_perms;
+
+# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions.
+# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache.
+allow otapreopt_slot toolbox_exec:file rx_file_perms;
diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te
new file mode 100644
index 0000000..0161361
--- /dev/null
+++ b/prebuilts/api/30.0/private/perfetto.te
@@ -0,0 +1,95 @@
+# Perfetto command-line client. Can be used only from the domains that are
+# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# This command line client accesses the privileged socket of the traced
+# daemon.
+
+type perfetto_exec, system_file_type, exec_type, file_type;
+type perfetto_tmpfs, file_type;
+
+tmpfs_domain(perfetto);
+
+# Allow to access traced's privileged consumer socket.
+unix_socket_connect(perfetto, traced_consumer, traced)
+
+# Connect to the Perfetto traced daemon as a producer. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(perfetto)
+
+# Allow to write and unlink traces into /data/misc/perfetto-traces.
+allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
+allow perfetto perfetto_traces_data_file:file create_file_perms;
+
+# Allow to access binder to pass the traces to Dropbox.
+binder_use(perfetto)
+binder_call(perfetto, system_server)
+allow perfetto dropbox_service:service_manager find;
+
+# Allow perfetto to read the trace config from statsd and shell
+# (both root and non-root) on stdin and also to write the resulting trace to
+# stdout.
+allow perfetto { statsd shell su }:fd use;
+allow perfetto { statsd shell su }:fifo_file { getattr read write };
+
+# Allow to communicate use, read and write over the adb connection.
+allow perfetto adbd:fd use;
+allow perfetto adbd:unix_stream_socket { read write };
+
+# Allow adbd to reap perfetto.
+allow perfetto adbd:process { sigchld };
+
+# Allow perfetto to write to statsd.
+unix_socket_send(perfetto, statsdw, statsd)
+
+# Allow to access /dev/pts when launched in an adb shell.
+allow perfetto devpts:chr_file rw_file_perms;
+
+# Allow perfetto to ask incidentd to start a report.
+allow perfetto incident_service:service_manager find;
+binder_call(perfetto, incidentd)
+
+# perfetto log formatter calls isatty() on its stderr. Denial when running
+# under adbd is harmless. Avoid generating denial logs.
+dontaudit perfetto adbd:unix_stream_socket getattr;
+dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
+# As above, when adbd is running in "su" domain (only the ioctl is denied in
+# practice).
+dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
+# Similarly, CTS tests end up hitting a denial on shell pipes.
+dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls;
+
+###
+### Neverallow rules
+###
+### perfetto should NEVER do any of this
+
+# Disallow mapping executable memory (execstack and exec are already disallowed
+# globally in domain.te).
+neverallow perfetto self:process execmem;
+
+# Block device access.
+neverallow perfetto dev_type:blk_file { read write };
+
+# ptrace any other process
+neverallow perfetto domain:process ptrace;
+
+# Disallows access to other /data files.
+neverallow perfetto {
+ data_file_type
+ -system_data_file
+ -system_data_root_file
+ # TODO(b/72998741) Remove exemption. Further restricted in a subsequent
+ # neverallow. Currently only getattr and search are allowed.
+ -vendor_data_file
+ -zoneinfo_data_file
+ -perfetto_traces_data_file
+ with_native_coverage(`-method_trace_data_file')
+}:dir *;
+neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
+neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
+neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
+neverallow perfetto {
+ data_file_type
+ -zoneinfo_data_file
+ -perfetto_traces_data_file
+ with_native_coverage(`-method_trace_data_file')
+}:file ~write;
diff --git a/prebuilts/api/30.0/private/performanced.te b/prebuilts/api/30.0/private/performanced.te
new file mode 100644
index 0000000..792826e
--- /dev/null
+++ b/prebuilts/api/30.0/private/performanced.te
@@ -0,0 +1,3 @@
+typeattribute performanced coredomain;
+
+init_daemon_domain(performanced)
diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te
new file mode 100644
index 0000000..41185e3
--- /dev/null
+++ b/prebuilts/api/30.0/private/permissioncontroller_app.te
@@ -0,0 +1,39 @@
+###
+### A domain for further sandboxing the GooglePermissionController app.
+###
+type permissioncontroller_app, domain, coredomain;
+
+app_domain(permissioncontroller_app)
+
+# Allow interaction with gpuservice
+binder_call(permissioncontroller_app, gpuservice)
+allow permissioncontroller_app gpu_service:service_manager find;
+
+# Allow interaction with role_service
+allow permissioncontroller_app role_service:service_manager find;
+
+# Allow interaction with usagestats_service
+allow permissioncontroller_app usagestats_service:service_manager find;
+
+# Allow interaction with activity_service
+allow permissioncontroller_app activity_service:service_manager find;
+
+allow permissioncontroller_app activity_task_service:service_manager find;
+allow permissioncontroller_app audio_service:service_manager find;
+allow permissioncontroller_app autofill_service:service_manager find;
+allow permissioncontroller_app content_capture_service:service_manager find;
+allow permissioncontroller_app device_policy_service:service_manager find;
+allow permissioncontroller_app incidentcompanion_service:service_manager find;
+allow permissioncontroller_app IProxyService_service:service_manager find;
+allow permissioncontroller_app location_service:service_manager find;
+allow permissioncontroller_app media_session_service:service_manager find;
+allow permissioncontroller_app radio_service:service_manager find;
+allow permissioncontroller_app surfaceflinger_service:service_manager find;
+allow permissioncontroller_app telecom_service:service_manager find;
+allow permissioncontroller_app trust_service:service_manager find;
+
+# Allow the app to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow permissioncontroller_app incident_service:service_manager find;
+binder_call(permissioncontroller_app, incidentd)
+allow permissioncontroller_app incidentd:fifo_file { read write };
diff --git a/prebuilts/api/30.0/private/platform_app.te b/prebuilts/api/30.0/private/platform_app.te
new file mode 100644
index 0000000..3beec38
--- /dev/null
+++ b/prebuilts/api/30.0/private/platform_app.te
@@ -0,0 +1,102 @@
+###
+### Apps signed with the platform key.
+###
+
+typeattribute platform_app coredomain;
+
+app_domain(platform_app)
+
+# Access the network.
+net_domain(platform_app)
+# Access bluetooth.
+bluetooth_domain(platform_app)
+# Read from /data/local/tmp or /data/data/com.android.shell.
+allow platform_app shell_data_file:dir search;
+allow platform_app shell_data_file:file { open getattr read };
+allow platform_app icon_file:file { open getattr read };
+# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+# created by system server.
+allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;
+allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;
+allow platform_app apk_private_data_file:dir search;
+# ASEC
+allow platform_app asec_apk_file:dir create_dir_perms;
+allow platform_app asec_apk_file:file create_file_perms;
+
+# Access to /data/media.
+allow platform_app media_rw_data_file:dir create_dir_perms;
+allow platform_app media_rw_data_file:file create_file_perms;
+
+# Write to /cache.
+allow platform_app cache_file:dir create_dir_perms;
+allow platform_app cache_file:file create_file_perms;
+
+# Direct access to vold-mounted storage under /mnt/media_rw
+# This is a performance optimization that allows platform apps to bypass the FUSE layer
+allow platform_app mnt_media_rw_file:dir r_dir_perms;
+allow platform_app sdcard_type:dir create_dir_perms;
+allow platform_app sdcard_type:file create_file_perms;
+
+# com.android.systemui
+allow platform_app rootfs:dir getattr;
+
+# com.android.captiveportallogin reads /proc/vmstat
+allow platform_app {
+ proc_vmstat
+}:file r_file_perms;
+
+# /proc/net access.
+# TODO(b/9496886) Audit access for removal.
+r_dir_file(platform_app, proc_net_type)
+userdebug_or_eng(`
+ auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+allow platform_app audioserver_service:service_manager find;
+allow platform_app cameraserver_service:service_manager find;
+allow platform_app drmserver_service:service_manager find;
+allow platform_app mediaserver_service:service_manager find;
+allow platform_app mediametrics_service:service_manager find;
+allow platform_app mediaextractor_service:service_manager find;
+allow platform_app mediadrmserver_service:service_manager find;
+allow platform_app persistent_data_block_service:service_manager find;
+allow platform_app radio_service:service_manager find;
+allow platform_app thermal_service:service_manager find;
+allow platform_app timezone_service:service_manager find;
+allow platform_app app_api_service:service_manager find;
+allow platform_app system_api_service:service_manager find;
+allow platform_app vr_manager_service:service_manager find;
+allow platform_app gpu_service:service_manager find;
+allow platform_app stats_service:service_manager find;
+
+# Allow platform apps to interact with gpuservice
+binder_call(platform_app, gpuservice)
+
+# Allow platform apps to log via statsd.
+binder_call(platform_app, statsd)
+
+# Access to /data/preloads
+allow platform_app preloads_data_file:file r_file_perms;
+allow platform_app preloads_data_file:dir r_dir_perms;
+allow platform_app preloads_media_file:file r_file_perms;
+allow platform_app preloads_media_file:dir r_dir_perms;
+
+read_runtime_log_tags(platform_app)
+
+# allow platform apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow platform_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
+
+# allow platform apps to connect to the property service
+set_prop(platform_app, test_boot_reason_prop)
+
+# allow platform apps to create symbolic link
+allow platform_app app_data_file:lnk_file create_file_perms;
+
+###
+### Neverallow rules
+###
+
+# app domains which access /dev/fuse should not run as platform_app
+neverallow platform_app fuse_device:chr_file *;
diff --git a/prebuilts/api/30.0/private/policy_capabilities b/prebuilts/api/30.0/private/policy_capabilities
new file mode 100644
index 0000000..9290e3a
--- /dev/null
+++ b/prebuilts/api/30.0/private/policy_capabilities
@@ -0,0 +1,20 @@
+# Enable new networking controls.
+policycap network_peer_controls;
+
+# Enable open permission check.
+policycap open_perms;
+
+# Enable separate security classes for
+# all network address families previously
+# mapped to the socket class and for
+# ICMP and SCTP sockets previously mapped
+# to the rawip_socket class.
+policycap extended_socket_class;
+
+# Enable NoNewPrivileges support. Requires libsepol 2.7+
+# and kernel 4.14 (estimated).
+#
+# Checks enabled;
+# process2: nnp_transition, nosuid_transition
+#
+policycap nnp_nosuid_transition;
diff --git a/prebuilts/api/30.0/private/port_contexts b/prebuilts/api/30.0/private/port_contexts
new file mode 100644
index 0000000..b473c0c
--- /dev/null
+++ b/prebuilts/api/30.0/private/port_contexts
@@ -0,0 +1,3 @@
+# portcon statements go here, e.g.
+# portcon tcp 80 u:object_r:http_port:s0
+
diff --git a/prebuilts/api/30.0/private/postinstall.te b/prebuilts/api/30.0/private/postinstall.te
new file mode 100644
index 0000000..363e362
--- /dev/null
+++ b/prebuilts/api/30.0/private/postinstall.te
@@ -0,0 +1,3 @@
+typeattribute postinstall coredomain;
+
+domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot)
diff --git a/prebuilts/api/30.0/private/postinstall_dexopt.te b/prebuilts/api/30.0/private/postinstall_dexopt.te
new file mode 100644
index 0000000..fd370c2
--- /dev/null
+++ b/prebuilts/api/30.0/private/postinstall_dexopt.te
@@ -0,0 +1,75 @@
+# Domain for the otapreopt executable, running under postinstall_dexopt
+#
+# Note: otapreopt is a driver for dex2oat, and reuses parts of installd. As such,
+# this is derived and adapted from installd.te.
+
+type postinstall_dexopt, domain, coredomain;
+
+# Run dex2oat/patchoat in its own sandbox.
+# We have to manually transition, as we don't have an entrypoint.
+# - Case where dex2oat is in a non-flattened APEX, which has retained
+# the correct type (`dex2oat_exec`).
+domain_auto_trans(postinstall_dexopt, dex2oat_exec, dex2oat)
+# - Case where dex2oat is in a flattened APEX, which has been tagged
+# with the `postinstall_file` type by update_engine.
+domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat)
+
+allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid };
+
+allow postinstall_dexopt postinstall_file:filesystem getattr;
+allow postinstall_dexopt postinstall_file:dir { getattr read search };
+allow postinstall_dexopt postinstall_file:lnk_file { getattr read };
+allow postinstall_dexopt proc_filesystems:file { getattr open read };
+allow postinstall_dexopt tmpfs:file read;
+
+# Allow access to /postinstall/apex.
+allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search };
+
+# Note: /data/ota is created by init (see system/core/rootdir/init.rc) to avoid giving access
+# here and having to relabel the directory.
+
+# Read app data (APKs) as input to dex2oat.
+r_dir_file(postinstall_dexopt, apk_data_file)
+# Read vendor app data (APKs) as input to dex2oat.
+r_dir_file(postinstall_dexopt, vendor_app_file)
+# Read vendor overlay files (APKs) as input to dex2oat.
+r_dir_file(postinstall_dexopt, vendor_overlay_file)
+# Access to app oat directory.
+r_dir_file(postinstall_dexopt, dalvikcache_data_file)
+
+# Read profile data.
+allow postinstall_dexopt user_profile_data_file:dir { getattr search };
+allow postinstall_dexopt user_profile_data_file:file r_file_perms;
+# Suppress deletion denial (we do not want to update the profile).
+dontaudit postinstall_dexopt user_profile_data_file:file { write };
+
+# Write to /data/ota(/*). Create symlinks in /data/ota(/*)
+allow postinstall_dexopt ota_data_file:dir create_dir_perms;
+allow postinstall_dexopt ota_data_file:file create_file_perms;
+allow postinstall_dexopt ota_data_file:lnk_file create_file_perms;
+
+# Need to write .b files, which are dalvikcache_data_file, not ota_data_file.
+# TODO: See whether we can apply ota_data_file?
+allow postinstall_dexopt dalvikcache_data_file:dir rw_dir_perms;
+allow postinstall_dexopt dalvikcache_data_file:file create_file_perms;
+
+# Allow labeling of files under /data/app/com.example/oat/
+# TODO: Restrict to .b suffix?
+allow postinstall_dexopt dalvikcache_data_file:dir relabelto;
+allow postinstall_dexopt dalvikcache_data_file:file { relabelto link };
+
+# Check validity of SELinux context before use.
+selinux_check_context(postinstall_dexopt)
+selinux_check_access(postinstall_dexopt)
+
+
+# Postinstall wants to know about our child.
+allow postinstall_dexopt postinstall:process sigchld;
+
+# Allow otapreopt to use file descriptors from otapreopt_chroot.
+# TODO: Probably we can actually close file descriptors...
+allow postinstall_dexopt otapreopt_chroot:fd use;
+
+# Allow postinstall_dexopt to access the runtime feature flag properties.
+get_prop(postinstall_dexopt, device_config_runtime_native_prop)
+get_prop(postinstall_dexopt, device_config_runtime_native_boot_prop)
diff --git a/prebuilts/api/30.0/private/ppp.te b/prebuilts/api/30.0/private/ppp.te
new file mode 100644
index 0000000..968b221
--- /dev/null
+++ b/prebuilts/api/30.0/private/ppp.te
@@ -0,0 +1,3 @@
+typeattribute ppp coredomain;
+
+domain_auto_trans(mtp, ppp_exec, ppp)
diff --git a/prebuilts/api/30.0/private/preloads_copy.te b/prebuilts/api/30.0/private/preloads_copy.te
new file mode 100644
index 0000000..ba54b70
--- /dev/null
+++ b/prebuilts/api/30.0/private/preloads_copy.te
@@ -0,0 +1,18 @@
+type preloads_copy, domain, coredomain;
+type preloads_copy_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(preloads_copy)
+
+allow preloads_copy shell_exec:file rx_file_perms;
+allow preloads_copy toolbox_exec:file rx_file_perms;
+allow preloads_copy preloads_data_file:dir create_dir_perms;
+allow preloads_copy preloads_data_file:file create_file_perms;
+allow preloads_copy preloads_media_file:dir create_dir_perms;
+allow preloads_copy preloads_media_file:file create_file_perms;
+
+# Allow to copy from /postinstall
+allow preloads_copy system_file:dir r_dir_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but preloads_copy.sh still runs.
+dontaudit preloads_copy postinstall_mnt_dir:dir search;
diff --git a/prebuilts/api/30.0/private/preopt2cachename.te b/prebuilts/api/30.0/private/preopt2cachename.te
new file mode 100644
index 0000000..dcfba14
--- /dev/null
+++ b/prebuilts/api/30.0/private/preopt2cachename.te
@@ -0,0 +1,17 @@
+# preopt2cachename executable
+#
+# This executable translates names from the preopted versions the build system
+# creates to the names the runtime expects in the data directory.
+
+type preopt2cachename, domain, coredomain;
+type preopt2cachename_exec, system_file_type, exec_type, file_type;
+
+# Allow write to stdout.
+allow preopt2cachename cppreopts:fd use;
+allow preopt2cachename cppreopts:fifo_file { getattr read write };
+
+# Allow write to logcat.
+allow preopt2cachename proc_net_type:file r_file_perms;
+userdebug_or_eng(`
+ auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read };
+')
diff --git a/prebuilts/api/30.0/private/priv_app.te b/prebuilts/api/30.0/private/priv_app.te
new file mode 100644
index 0000000..44c81ee
--- /dev/null
+++ b/prebuilts/api/30.0/private/priv_app.te
@@ -0,0 +1,222 @@
+###
+### A domain for further sandboxing privileged apps.
+###
+
+typeattribute priv_app coredomain;
+app_domain(priv_app)
+
+# Access the network.
+net_domain(priv_app)
+# Access bluetooth.
+bluetooth_domain(priv_app)
+
+# Allow the allocation and use of ptys
+# Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm
+create_pty(priv_app)
+
+# Allow loading executable code from writable priv-app home
+# directories. This is a W^X violation, however, it needs
+# to be supported for now for the following reasons.
+# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367)
+# 1) com.android.opengl.shaders_cache
+# 2) com.android.skia.shaders_cache
+# 3) com.android.renderscript.cache
+# * /data/user_de/0/com.google.android.gms/app_chimera
+# TODO: Tighten (b/112357170)
+allow priv_app privapp_data_file:file execute;
+
+allow priv_app privapp_data_file:lnk_file create_file_perms;
+
+# Priv apps can find services that expose both @SystemAPI and normal APIs.
+allow priv_app app_api_service:service_manager find;
+allow priv_app system_api_service:service_manager find;
+
+allow priv_app audioserver_service:service_manager find;
+allow priv_app cameraserver_service:service_manager find;
+allow priv_app drmserver_service:service_manager find;
+allow priv_app mediadrmserver_service:service_manager find;
+allow priv_app mediaextractor_service:service_manager find;
+allow priv_app mediametrics_service:service_manager find;
+allow priv_app mediaserver_service:service_manager find;
+allow priv_app network_watchlist_service:service_manager find;
+allow priv_app nfc_service:service_manager find;
+allow priv_app oem_lock_service:service_manager find;
+allow priv_app persistent_data_block_service:service_manager find;
+allow priv_app radio_service:service_manager find;
+allow priv_app recovery_service:service_manager find;
+allow priv_app stats_service:service_manager find;
+
+# Allow privileged apps to interact with gpuservice
+binder_call(priv_app, gpuservice)
+allow priv_app gpu_service:service_manager find;
+
+# Write to /cache.
+allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow priv_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow priv_app cache_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow priv_app media_rw_data_file:dir create_dir_perms;
+allow priv_app media_rw_data_file:file create_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow priv_app shell_data_file:file r_file_perms;
+allow priv_app shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow priv_app trace_data_file:file { getattr read };
+
+# Allow verifier to access staged apks.
+allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
+allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
+
+# For AppFuse.
+allow priv_app vold:fd use;
+allow priv_app fuse_device:chr_file { read write };
+
+# /proc access
+allow priv_app {
+ proc_vmstat
+}:file r_file_perms;
+
+allow priv_app sysfs_type:dir search;
+# Read access to /sys/class/net/wlan*/address
+r_dir_file(priv_app, sysfs_net)
+# Read access to /sys/block/zram*/mm_stat
+r_dir_file(priv_app, sysfs_zram)
+
+r_dir_file(priv_app, rootfs)
+
+# access the mac address
+allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR;
+
+# Allow com.android.vending to communicate with statsd.
+binder_call(priv_app, statsd)
+
+# Allow Phone to read/write cached ringtones (opened by system).
+allow priv_app ringtone_file:file { getattr read write };
+
+# Access to /data/preloads
+allow priv_app preloads_data_file:file r_file_perms;
+allow priv_app preloads_data_file:dir r_dir_perms;
+allow priv_app preloads_media_file:file r_file_perms;
+allow priv_app preloads_media_file:dir r_dir_perms;
+
+read_runtime_log_tags(priv_app)
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(priv_app)
+
+# Allow priv_apps to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow priv_app incident_service:service_manager find;
+binder_call(priv_app, incidentd)
+allow priv_app incidentd:fifo_file { read write };
+
+# Allow profiling if the app opts in by being marked profileable/debuggable.
+can_profile_heap(priv_app)
+can_profile_perf(priv_app)
+
+# Allow priv_apps to check whether Dynamic System Update is enabled
+get_prop(priv_app, dynamic_system_prop)
+
+# suppress denials for non-API accesses.
+dontaudit priv_app exec_type:file getattr;
+dontaudit priv_app device:dir read;
+dontaudit priv_app fs_bpf:dir search;
+dontaudit priv_app net_dns_prop:file read;
+dontaudit priv_app proc:file read;
+dontaudit priv_app proc_interrupts:file read;
+dontaudit priv_app proc_modules:file read;
+dontaudit priv_app proc_net:file read;
+dontaudit priv_app proc_stat:file read;
+dontaudit priv_app proc_version:file read;
+dontaudit priv_app sysfs:dir read;
+dontaudit priv_app sysfs:file read;
+dontaudit priv_app sysfs_android_usb:file read;
+dontaudit priv_app sysfs_dm:file r_file_perms;
+dontaudit priv_app wifi_prop:file read;
+dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
+
+# allow privileged apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow priv_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
+
+# allow apps like Phonesky to check the file signature of an apk installed on
+# the Incremental File System, and fill missing blocks in the apk
+allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+
+# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
+allow priv_app incremental_control_file:file { read getattr ioctl };
+
+# allow apps like Phonesky to request permission to fill blocks of an apk file
+# on the Incremental File System.
+allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL;
+
+# Required for Phonesky to be able to read APEX files under /data/apex/active/.
+allow priv_app apex_data_file:dir search;
+allow priv_app staging_data_file:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# Receive or send uevent messages.
+neverallow priv_app domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow priv_app domain:netlink_socket *;
+
+# Too much leaky information in debugfs. It's a security
+# best practice to ensure these files aren't readable.
+neverallow priv_app debugfs:file read;
+
+# Do not allow privileged apps to register services.
+# Only trusted components of Android should be registering
+# services.
+neverallow priv_app service_manager_type:service_manager add;
+
+# Do not allow privileged apps to connect to the property service
+# or set properties. b/10243159
+neverallow priv_app property_socket:sock_file write;
+neverallow priv_app init:unix_stream_socket connectto;
+neverallow priv_app property_type:property_service set;
+
+# Do not allow priv_app to be assigned mlstrustedsubject.
+# This would undermine the per-user isolation model being
+# enforced via levelFrom=user in seapp_contexts and the mls
+# constraints. As there is no direct way to specify a neverallow
+# on attribute assignment, this relies on the fact that fork
+# permission only makes sense within a domain (hence should
+# never be granted to any other domain within mlstrustedsubject)
+# and priv_app is allowed fork permission to itself.
+neverallow priv_app mlstrustedsubject:process fork;
+
+# Do not allow priv_app to hard link to any files.
+# In particular, if priv_app links to other app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure priv_app never has this
+# capability.
+neverallow priv_app file_type:file link;
+
+# priv apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor which they can then read
+neverallow priv_app trace_data_file:dir *;
+neverallow priv_app trace_data_file:file { no_w_file_perms open };
+
+# Do not allow priv_app access to cgroups.
+neverallow priv_app cgroup:file *;
+
+# Do not allow loading executable code from non-privileged
+# application home directories. Code loading across a security boundary
+# is dangerous and allows a full compromise of a privileged process
+# by an unprivileged process. b/112357170
+neverallow priv_app app_data_file:file no_x_file_perms;
+
+# Do not follow untrusted app provided symlinks
+neverallow priv_app app_data_file:lnk_file { open read getattr };
diff --git a/prebuilts/api/30.0/private/profman.te b/prebuilts/api/30.0/private/profman.te
new file mode 100644
index 0000000..f61d05e
--- /dev/null
+++ b/prebuilts/api/30.0/private/profman.te
@@ -0,0 +1 @@
+typeattribute profman coredomain;
diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts
new file mode 100644
index 0000000..7908bb1
--- /dev/null
+++ b/prebuilts/api/30.0/private/property_contexts
@@ -0,0 +1,268 @@
+##########################
+# property service keys
+#
+#
+net.rmnet u:object_r:net_radio_prop:s0
+net.gprs u:object_r:net_radio_prop:s0
+net.ppp u:object_r:net_radio_prop:s0
+net.qmi u:object_r:net_radio_prop:s0
+net.lte u:object_r:net_radio_prop:s0
+net.cdma u:object_r:net_radio_prop:s0
+net.dns u:object_r:net_dns_prop:s0
+sys.usb.config u:object_r:system_radio_prop:s0
+ril. u:object_r:radio_prop:s0
+ro.ril. u:object_r:radio_prop:s0
+gsm. u:object_r:radio_prop:s0
+persist.radio u:object_r:radio_prop:s0
+
+net. u:object_r:system_prop:s0
+dev. u:object_r:system_prop:s0
+ro.runtime. u:object_r:system_prop:s0
+ro.runtime.firstboot u:object_r:firstboot_prop:s0
+hw. u:object_r:system_prop:s0
+ro.hw. u:object_r:system_prop:s0
+sys. u:object_r:system_prop:s0
+sys.audio. u:object_r:audio_prop:s0
+sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
+sys.cppreopt u:object_r:cppreopt_prop:s0
+sys.lpdumpd u:object_r:lpdumpd_prop:s0
+sys.powerctl u:object_r:powerctl_prop:s0
+sys.usb.ffs. u:object_r:ffs_prop:s0
+service. u:object_r:system_prop:s0
+dhcp. u:object_r:dhcp_prop:s0
+dhcp.bt-pan.result u:object_r:pan_result_prop:s0
+bluetooth. u:object_r:bluetooth_prop:s0
+
+debug. u:object_r:debug_prop:s0
+debug.db. u:object_r:debuggerd_prop:s0
+dumpstate. u:object_r:dumpstate_prop:s0
+dumpstate.options u:object_r:dumpstate_options_prop:s0
+init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0
+llk. u:object_r:llkd_prop:s0
+khungtask. u:object_r:llkd_prop:s0
+ro.llk. u:object_r:llkd_prop:s0
+ro.khungtask. u:object_r:llkd_prop:s0
+lmkd.reinit u:object_r:lmkd_prop:s0 exact int
+log. u:object_r:log_prop:s0
+log.tag u:object_r:log_tag_prop:s0
+log.tag.WifiHAL u:object_r:wifi_log_prop:s0
+security.perf_harden u:object_r:shell_prop:s0
+service.adb.root u:object_r:shell_prop:s0
+service.adb.tcp.port u:object_r:shell_prop:s0
+service.adb.tls.port u:object_r:adbd_prop:s0
+persist.adb.wifi. u:object_r:adbd_prop:s0
+persist.adb.tls_server.enable u:object_r:system_adbd_prop:s0
+
+persist.audio. u:object_r:audio_prop:s0
+persist.bluetooth. u:object_r:bluetooth_prop:s0
+persist.nfc_cfg. u:object_r:nfc_prop:s0
+persist.debug. u:object_r:persist_debug_prop:s0
+persist.logd. u:object_r:logd_prop:s0
+ro.logd. u:object_r:logd_prop:s0
+persist.logd.security u:object_r:device_logging_prop:s0
+persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0
+logd.logpersistd u:object_r:logpersistd_logging_prop:s0
+persist.log.tag u:object_r:log_tag_prop:s0
+persist.mmc. u:object_r:mmc_prop:s0
+persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0
+persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0
+persist.sys. u:object_r:system_prop:s0
+persist.sys.safemode u:object_r:safemode_prop:s0
+persist.sys.theme u:object_r:theme_prop:s0
+persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0
+ro.sys.safemode u:object_r:safemode_prop:s0
+persist.sys.audit_safemode u:object_r:safemode_prop:s0
+persist.sys.dalvik.jvmtiagent u:object_r:system_jvmti_agent_prop:s0
+persist.service. u:object_r:system_prop:s0
+persist.service.bdroid. u:object_r:bluetooth_prop:s0
+persist.security. u:object_r:system_prop:s0
+persist.traced.enable u:object_r:traced_enabled_prop:s0
+traced.lazy. u:object_r:traced_lazy_prop:s0
+persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
+persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
+persist.vendor.overlay. u:object_r:overlay_prop:s0
+ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
+ro.boottime. u:object_r:boottime_prop:s0
+ro.serialno u:object_r:serialno_prop:s0
+ro.boot.btmacaddr u:object_r:bluetooth_prop:s0
+ro.boot.serialno u:object_r:serialno_prop:s0
+ro.bt. u:object_r:bluetooth_prop:s0
+ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
+persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
+sys.boot.reason u:object_r:system_boot_reason_prop:s0
+sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
+pm. u:object_r:pm_prop:s0
+test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
+test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0
+sys.lmk. u:object_r:system_lmk_prop:s0
+sys.trace. u:object_r:system_trace_prop:s0
+
+# Fastbootd protocol control property
+fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
+
+# Boolean property set by system server upon boot indicating
+# if device is fully owned by organization instead of being
+# a personal device.
+ro.organization_owned u:object_r:device_logging_prop:s0
+
+# selinux non-persistent properties
+selinux.restorecon_recursive u:object_r:restorecon_prop:s0
+
+# default property context
+* u:object_r:default_prop:s0
+
+# data partition encryption properties
+vold. u:object_r:vold_prop:s0
+ro.crypto. u:object_r:vold_prop:s0
+
+# ro.build.fingerprint is either set in /system/build.prop, or is
+# set at runtime by system_server.
+ro.build.fingerprint u:object_r:fingerprint_prop:s0
+
+ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0
+
+# ctl properties
+ctl.bootanim u:object_r:ctl_bootanim_prop:s0
+ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
+ctl.fuse_ u:object_r:ctl_fuse_prop:s0
+ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
+ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
+ctl.bugreport u:object_r:ctl_bugreport_prop:s0
+ctl.console u:object_r:ctl_console_prop:s0
+ctl. u:object_r:ctl_default_prop:s0
+
+# Don't allow blind access to all services
+ctl.sigstop_on$ u:object_r:ctl_sigstop_prop:s0
+ctl.sigstop_off$ u:object_r:ctl_sigstop_prop:s0
+ctl.start$ u:object_r:ctl_start_prop:s0
+ctl.stop$ u:object_r:ctl_stop_prop:s0
+ctl.restart$ u:object_r:ctl_restart_prop:s0
+ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
+ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
+ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
+
+ # Restrict access to starting/stopping adbd
+ctl.start$adbd u:object_r:ctl_adbd_prop:s0
+ctl.stop$adbd u:object_r:ctl_adbd_prop:s0
+ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
+
+# Restrict access to starting/stopping gsid.
+ctl.start$gsid u:object_r:ctl_gsid_prop:s0
+ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
+ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
+
+# Restrict access to stopping apexd.
+ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
+
+# Restrict access to restart dumpstate
+ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
+
+# NFC properties
+nfc. u:object_r:nfc_prop:s0
+
+# These properties are not normally set by processes other than init.
+# They are only distinguished here for setting by qemu-props on the
+# emulator/goldfish.
+config. u:object_r:config_prop:s0
+ro.config. u:object_r:config_prop:s0
+dalvik. u:object_r:dalvik_prop:s0
+ro.dalvik. u:object_r:dalvik_prop:s0
+
+# Shared between system server and wificond
+wifi. u:object_r:wifi_prop:s0
+wlan. u:object_r:wifi_prop:s0
+
+# Lowpan properties
+lowpan. u:object_r:lowpan_prop:s0
+ro.lowpan. u:object_r:lowpan_prop:s0
+
+# heapprofd properties
+heapprofd. u:object_r:heapprofd_prop:s0
+
+# hwservicemanager properties
+hwservicemanager. u:object_r:hwservicemanager_prop:s0
+
+# Common default properties for vendor and odm.
+init.svc.odm. u:object_r:vendor_default_prop:s0
+init.svc.vendor. u:object_r:vendor_default_prop:s0
+ro.hardware. u:object_r:vendor_default_prop:s0
+ro.odm. u:object_r:vendor_default_prop:s0
+ro.vendor. u:object_r:vendor_default_prop:s0
+odm. u:object_r:vendor_default_prop:s0
+persist.odm. u:object_r:vendor_default_prop:s0
+persist.vendor. u:object_r:vendor_default_prop:s0
+vendor. u:object_r:vendor_default_prop:s0
+# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
+ro.boot. u:object_r:exported2_default_prop:s0
+
+# Properties that relate to time / time zone detection behavior.
+persist.time. u:object_r:time_prop:s0
+
+# Properties that relate to server configurable flags
+device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
+persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0
+persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
+persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
+persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
+persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0
+persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0
+persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
+persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
+
+# Properties that relate to legacy server configurable flags
+persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
+
+apexd. u:object_r:apexd_prop:s0
+persist.apexd. u:object_r:apexd_prop:s0
+
+bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0
+
+gsid. u:object_r:gsid_prop:s0
+ro.gsid. u:object_r:gsid_prop:s0
+
+# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
+# which can't use NNAPI vendor extensions).
+ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
+
+# Property that is set once ueventd finishes cold boot.
+ro.cold_boot_done u:object_r:cold_boot_done_prop:s0
+
+# Charger properties
+ro.charger. u:object_r:charger_prop:s0
+
+# Virtual A/B properties
+ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0
+ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0
+
+# Property to set/clear the warm reset flag after an OTA update.
+ota.warm_reset u:object_r:ota_prop:s0
+
+# Module properties
+com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+
+# Userspace reboot properties
+sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+
+# Integer property which is used in libgui to configure the number of frames
+# tracked by buffer queue's frame event timing history. The property is set
+# by devices with video decoding pipelines long enough to overflow the default
+# history size.
+ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
+
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
+
+# Properties to configure userspace reboot.
+init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
+init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+
+# surfaceflinger-settable
+graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool
diff --git a/prebuilts/api/30.0/private/racoon.te b/prebuilts/api/30.0/private/racoon.te
new file mode 100644
index 0000000..42ea7c9
--- /dev/null
+++ b/prebuilts/api/30.0/private/racoon.te
@@ -0,0 +1,3 @@
+typeattribute racoon coredomain;
+
+init_daemon_domain(racoon)
diff --git a/prebuilts/api/30.0/private/radio.te b/prebuilts/api/30.0/private/radio.te
new file mode 100644
index 0000000..00a5cda
--- /dev/null
+++ b/prebuilts/api/30.0/private/radio.te
@@ -0,0 +1,25 @@
+typeattribute radio coredomain;
+
+app_domain(radio)
+
+read_runtime_log_tags(radio)
+
+# Telephony code contains time / time zone detection logic so it reads the associated properties.
+get_prop(radio, time_prop)
+
+# allow telephony to access platform compat to log permission denials
+allow radio platform_compat_service:service_manager find;
+
+allow radio uce_service:service_manager find;
+
+# Manage /data/misc/emergencynumberdb
+allow radio emergency_data_file:dir r_dir_perms;
+allow radio emergency_data_file:file r_file_perms;
+
+# allow sending pulled atoms to statsd
+binder_call(radio, statsd)
+
+# allow telephony to access related cache properties
+set_prop(radio, binder_cache_telephony_server_prop);
+neverallow { domain -radio -init }
+ binder_cache_telephony_server_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/recovery.te b/prebuilts/api/30.0/private/recovery.te
new file mode 100644
index 0000000..2a7fdc7
--- /dev/null
+++ b/prebuilts/api/30.0/private/recovery.te
@@ -0,0 +1 @@
+typeattribute recovery coredomain;
diff --git a/prebuilts/api/30.0/private/recovery_persist.te b/prebuilts/api/30.0/private/recovery_persist.te
new file mode 100644
index 0000000..7cb2e67
--- /dev/null
+++ b/prebuilts/api/30.0/private/recovery_persist.te
@@ -0,0 +1,11 @@
+typeattribute recovery_persist coredomain;
+
+init_daemon_domain(recovery_persist)
+
+# recovery_persist is not allowed to write anywhere other than recovery_data_file
+neverallow recovery_persist {
+ file_type
+ -recovery_data_file
+ userdebug_or_eng(`-coredump_file')
+ with_native_coverage(`-method_trace_data_file')
+}:file write;
diff --git a/prebuilts/api/30.0/private/recovery_refresh.te b/prebuilts/api/30.0/private/recovery_refresh.te
new file mode 100644
index 0000000..3c095cc
--- /dev/null
+++ b/prebuilts/api/30.0/private/recovery_refresh.te
@@ -0,0 +1,10 @@
+typeattribute recovery_refresh coredomain;
+
+init_daemon_domain(recovery_refresh)
+
+# recovery_refresh is not allowed to write anywhere
+neverallow recovery_refresh {
+ file_type
+ userdebug_or_eng(`-coredump_file')
+ with_native_coverage(`-method_trace_data_file')
+}:file write;
diff --git a/prebuilts/api/30.0/private/roles_decl b/prebuilts/api/30.0/private/roles_decl
new file mode 100644
index 0000000..c84fcba
--- /dev/null
+++ b/prebuilts/api/30.0/private/roles_decl
@@ -0,0 +1 @@
+role r;
diff --git a/prebuilts/api/30.0/private/rs.te b/prebuilts/api/30.0/private/rs.te
new file mode 100644
index 0000000..bf10841
--- /dev/null
+++ b/prebuilts/api/30.0/private/rs.te
@@ -0,0 +1,39 @@
+# Any files which would have been created as app_data_file
+# will be created as app_exec_data_file instead.
+allow rs app_data_file:dir ra_dir_perms;
+allow rs app_exec_data_file:file create_file_perms;
+type_transition rs app_data_file:file app_exec_data_file;
+
+# Follow /data/user/0 symlink
+allow rs system_data_file:lnk_file read;
+
+# Read files from the app home directory.
+allow rs app_data_file:file r_file_perms;
+allow rs app_data_file:dir r_dir_perms;
+
+# Cleanup app_exec_data_file files in the app home directory.
+allow rs app_data_file:dir remove_name;
+
+# Use vendor resources
+allow rs vendor_file:dir r_dir_perms;
+r_dir_file(rs, vendor_overlay_file)
+r_dir_file(rs, vendor_app_file)
+
+# Read contents of app apks
+r_dir_file(rs, apk_data_file)
+
+allow rs gpu_device:chr_file rw_file_perms;
+allow rs ion_device:chr_file r_file_perms;
+allow rs same_process_hal_file:file { r_file_perms execute };
+
+# File descriptors passed from app to renderscript
+allow rs { untrusted_app_all ephemeral_app }:fd use;
+
+# rs can access app data, so ensure it can only be entered via an app domain and cannot have
+# CAP_DAC_OVERRIDE.
+neverallow rs rs:capability_class_set *;
+neverallow { domain -appdomain } rs:process { dyntransition transition };
+neverallow rs { domain -crash_dump }:process { dyntransition transition };
+neverallow rs app_data_file:file_class_set ~r_file_perms;
+# rs should never use network sockets
+neverallow rs *:network_socket_class_set *;
diff --git a/prebuilts/api/30.0/private/rss_hwm_reset.te b/prebuilts/api/30.0/private/rss_hwm_reset.te
new file mode 100644
index 0000000..30818c2
--- /dev/null
+++ b/prebuilts/api/30.0/private/rss_hwm_reset.te
@@ -0,0 +1,14 @@
+type rss_hwm_reset_exec, system_file_type, exec_type, file_type;
+
+# Start rss_hwm_reset from init.
+init_daemon_domain(rss_hwm_reset)
+
+# Search /proc/pid directories.
+allow rss_hwm_reset domain:dir search;
+
+# Write to /proc/pid/clear_refs of other processes.
+# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c
+allow rss_hwm_reset self:global_capability_class_set { dac_override };
+
+# Write to /prc/pid/clear_refs.
+allow rss_hwm_reset domain:file w_file_perms;
diff --git a/prebuilts/api/30.0/private/runas.te b/prebuilts/api/30.0/private/runas.te
new file mode 100644
index 0000000..ef31aac
--- /dev/null
+++ b/prebuilts/api/30.0/private/runas.te
@@ -0,0 +1,4 @@
+typeattribute runas coredomain;
+
+# ndk-gdb invokes adb shell run-as.
+domain_auto_trans(shell, runas_exec, runas)
diff --git a/prebuilts/api/30.0/private/runas_app.te b/prebuilts/api/30.0/private/runas_app.te
new file mode 100644
index 0000000..c1b354a
--- /dev/null
+++ b/prebuilts/api/30.0/private/runas_app.te
@@ -0,0 +1,32 @@
+typeattribute runas_app coredomain;
+
+app_domain(runas_app)
+untrusted_app_domain(runas_app)
+net_domain(runas_app)
+bluetooth_domain(runas_app)
+
+# The ability to call exec() on files in the apps home directories
+# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
+# which are copied to the apps home directories.
+allow runas_app app_data_file:file execute_no_trans;
+
+# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
+r_dir_file(runas_app, untrusted_app_all)
+
+# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
+allow runas_app untrusted_app_all:process { ptrace signal sigstop };
+allow runas_app untrusted_app_all:unix_stream_socket connectto;
+
+# Allow executing system image simpleperf without a domain transition.
+allow runas_app simpleperf_exec:file rx_file_perms;
+
+# Suppress denial logspam when simpleperf is trying to find a matching process
+# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
+# the same domain as their respective process, most of which this domain is not
+# allowed to see.
+dontaudit runas_app domain:dir search;
+
+# Allow runas_app to call perf_event_open for profiling debuggable app
+# processes, but not the whole system.
+allow runas_app self:perf_event { open read write kernel };
+neverallow runas_app self:perf_event ~{ open read write kernel };
diff --git a/prebuilts/api/30.0/private/sdcardd.te b/prebuilts/api/30.0/private/sdcardd.te
new file mode 100644
index 0000000..126d643
--- /dev/null
+++ b/prebuilts/api/30.0/private/sdcardd.te
@@ -0,0 +1,3 @@
+typeattribute sdcardd coredomain;
+
+type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts
new file mode 100644
index 0000000..a8c61be
--- /dev/null
+++ b/prebuilts/api/30.0/private/seapp_contexts
@@ -0,0 +1,175 @@
+# The entries in this file define how security contexts for apps are determined.
+# Each entry lists input selectors, used to match the app, and outputs which are
+# used to determine the security contexts for matching apps.
+#
+# Input selectors:
+# isSystemServer (boolean)
+# isEphemeralApp (boolean)
+# isOwner (boolean)
+# user (string)
+# seinfo (string)
+# name (string)
+# path (string)
+# isPrivApp (boolean)
+# minTargetSdkVersion (unsigned integer)
+# fromRunAs (boolean)
+#
+# All specified input selectors in an entry must match (i.e. logical AND).
+# An unspecified string or boolean selector with no default will match any
+# value.
+# A user, name, or path string selector that ends in * will perform a prefix
+# match.
+# String matching is case-insensitive.
+# See external/selinux/libselinux/src/android/android_platform.c,
+# seapp_context_lookup().
+#
+# isSystemServer=true only matches the system server.
+# An unspecified isSystemServer defaults to false.
+# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
+# isOwner=true will only match for the owner/primary user.
+# user=_app will match any regular app process.
+# user=_isolated will match any isolated service process.
+# Other values of user are matched against the name associated with the process
+# UID.
+# seinfo= matches aginst the seinfo tag for the app, determined from
+# mac_permissions.xml files.
+# The ':' character is reserved and may not be used in seinfo.
+# name= matches against the package name of the app.
+# path= matches against the directory path when labeling app directories.
+# isPrivApp=true will only match for applications preinstalled in
+# /system/priv-app.
+# minTargetSdkVersion will match applications with a targetSdkVersion
+# greater than or equal to the specified value. If unspecified,
+# it has a default value of 0.
+# fromRunAs=true means the process being labeled is started by run-as. Default
+# is false.
+#
+# Precedence: entries are compared using the following rules, in the order shown
+# (see external/selinux/libselinux/src/android/android_platform.c,
+# seapp_context_cmp()).
+# (1) isSystemServer=true before isSystemServer=false.
+# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
+# boolean.
+# (3) Specified isOwner= before unspecified isOwner= boolean.
+# (4) Specified user= string before unspecified user= string;
+# more specific user= string before less specific user= string.
+# (5) Specified seinfo= string before unspecified seinfo= string.
+# (6) Specified name= string before unspecified name= string;
+# more specific name= string before less specific name= string.
+# (7) Specified path= string before unspecified path= string.
+# more specific name= string before less specific name= string.
+# (8) Specified isPrivApp= before unspecified isPrivApp= boolean.
+# (9) Higher value of minTargetSdkVersion= before lower value of
+# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
+# defaults to 0 if unspecified.
+# (10) fromRunAs=true before fromRunAs=false.
+# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
+# longer prefix is more specific than a shorter prefix.)
+# Apps are checked against entries in precedence order until the first match,
+# regardless of their order in this file.
+#
+# Duplicate entries, i.e. with identical input selectors, are not allowed.
+#
+# Outputs:
+# domain (string)
+# type (string)
+# levelFrom (string; one of none, all, app, or user)
+# level (string)
+#
+# domain= determines the label to be used for the app process; entries
+# without domain= are ignored for this purpose.
+# type= specifies the label to be used for the app data directory; entries
+# without type= are ignored for this purpose.
+# levelFrom and level are used to determine the level (sensitivity + categories)
+# for MLS/MCS.
+# levelFrom=none omits the level.
+# levelFrom=app determines the level from the process UID.
+# levelFrom=user determines the level from the user ID.
+# levelFrom=all determines the level from both UID and user ID.
+#
+# levelFrom=user is only supported for _app or _isolated UIDs.
+# levelFrom=app or levelFrom=all is only supported for _app UIDs.
+# level may be used to specify a fixed level for any UID.
+#
+# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
+# and levelFromUid=false is equivalent to levelFrom=none.
+#
+#
+# Neverallow Assertions
+# Additional compile time assertion checks for the rules in this file can be
+# added as well. The assertion
+# rules are lines beginning with the keyword neverallow. Full support for PCRE
+# regular expressions exists on all input and output selectors. Neverallow
+# rules are never output to the built seapp_contexts file. Like all keywords,
+# neverallows are case-insensitive. A neverallow is asserted when all key value
+# inputs are matched on a key value rule line.
+#
+
+# only the system server can be in system_server domain
+neverallow isSystemServer=false domain=system_server
+neverallow isSystemServer="" domain=system_server
+
+# system domains should never be assigned outside of system uid
+neverallow user=((?!system).)* domain=system_app
+neverallow user=((?!system).)* type=system_app_data_file
+
+# any non priv-app with a non-known uid with a specified name should have a specified
+# seinfo
+neverallow user=_app isPrivApp=false name=.* seinfo=""
+neverallow user=_app isPrivApp=false name=.* seinfo=default
+
+# neverallow shared relro to any other domain
+# and neverallow any other uid into shared_relro
+neverallow user=shared_relro domain=((?!shared_relro).)*
+neverallow user=((?!shared_relro).)* domain=shared_relro
+
+# neverallow non-isolated uids into isolated_app domain
+# and vice versa
+neverallow user=_isolated domain=((?!isolated_app).)*
+neverallow user=((?!_isolated).)* domain=isolated_app
+
+# uid shell should always be in shell domain, however non-shell
+# uid's can be in shell domain
+neverallow user=shell domain=((?!shell).)*
+
+# only the package named com.android.shell can run in the shell domain
+neverallow domain=shell name=((?!com\.android\.shell).)*
+neverallow user=shell name=((?!com\.android\.shell).)*
+
+# Ephemeral Apps must run in the ephemeral_app domain
+neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
+
+isSystemServer=true domain=system_server_startup
+
+user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
+user=system seinfo=platform domain=system_app type=system_app_data_file
+user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=network_stack seinfo=network_stack domain=network_stack levelFrom=all type=radio_data_file
+user=nfc seinfo=platform domain=nfc type=nfc_data_file
+user=secure_element seinfo=platform domain=secure_element levelFrom=all
+user=radio seinfo=platform domain=radio type=radio_data_file
+user=shared_relro domain=shared_relro
+user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
+user=webview_zygote seinfo=webview_zygote domain=webview_zygote
+user=_isolated domain=isolated_app levelFrom=user
+user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
+user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
+user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
+user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
+user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
+user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
+user=_app fromRunAs=true domain=runas_app levelFrom=user
diff --git a/prebuilts/api/30.0/private/secure_element.te b/prebuilts/api/30.0/private/secure_element.te
new file mode 100644
index 0000000..57f512b
--- /dev/null
+++ b/prebuilts/api/30.0/private/secure_element.te
@@ -0,0 +1,14 @@
+# secure element subsystem
+typeattribute secure_element coredomain;
+app_domain(secure_element)
+
+binder_service(secure_element)
+add_service(secure_element, secure_element_service)
+
+allow secure_element app_api_service:service_manager find;
+hal_client_domain(secure_element, hal_secure_element)
+
+# already open bugreport file descriptors may be shared with
+# the secure element process, from a file in
+# /data/data/com.android.shell/files/bugreports/bugreport-*.
+allow secure_element shell_data_file:file read;
diff --git a/prebuilts/api/30.0/private/security_classes b/prebuilts/api/30.0/private/security_classes
new file mode 100644
index 0000000..04ed814
--- /dev/null
+++ b/prebuilts/api/30.0/private/security_classes
@@ -0,0 +1,160 @@
+# FLASK
+
+#
+# Define the security object classes
+#
+
+# Classes marked as userspace are classes
+# for userspace object managers
+
+class security
+class process
+class system
+class capability
+
+# file-related classes
+class filesystem
+class file
+class dir
+class fd
+class lnk_file
+class chr_file
+class blk_file
+class sock_file
+class fifo_file
+
+# network-related classes
+class socket
+class tcp_socket
+class udp_socket
+class rawip_socket
+class node
+class netif
+class netlink_socket
+class packet_socket
+class key_socket
+class unix_stream_socket
+class unix_dgram_socket
+
+# sysv-ipc-related classes
+class sem
+class msg
+class msgq
+class shm
+class ipc
+
+# extended netlink sockets
+class netlink_route_socket
+class netlink_tcpdiag_socket
+class netlink_nflog_socket
+class netlink_xfrm_socket
+class netlink_selinux_socket
+class netlink_audit_socket
+class netlink_dnrt_socket
+
+# IPSec association
+class association
+
+# Updated Netlink class for KOBJECT_UEVENT family.
+class netlink_kobject_uevent_socket
+
+class appletalk_socket
+
+class packet
+
+# Kernel access key retention
+class key
+
+class dccp_socket
+
+class memprotect
+
+# network peer labels
+class peer
+
+# Capabilities >= 32
+class capability2
+
+# kernel services that need to override task security, e.g. cachefiles
+class kernel_service
+
+class tun_socket
+
+class binder
+
+# Updated netlink classes for more recent netlink protocols.
+class netlink_iscsi_socket
+class netlink_fib_lookup_socket
+class netlink_connector_socket
+class netlink_netfilter_socket
+class netlink_generic_socket
+class netlink_scsitransport_socket
+class netlink_rdma_socket
+class netlink_crypto_socket
+
+# Infiniband
+class infiniband_pkey
+class infiniband_endport
+
+# Capability checks when on a non-init user namespace
+class cap_userns
+class cap2_userns
+
+# New socket classes introduced by extended_socket_class policy capability.
+# These two were previously mapped to rawip_socket.
+class sctp_socket
+class icmp_socket
+# These were previously mapped to socket.
+class ax25_socket
+class ipx_socket
+class netrom_socket
+class atmpvc_socket
+class x25_socket
+class rose_socket
+class decnet_socket
+class atmsvc_socket
+class rds_socket
+class irda_socket
+class pppox_socket
+class llc_socket
+class can_socket
+class tipc_socket
+class bluetooth_socket
+class iucv_socket
+class rxrpc_socket
+class isdn_socket
+class phonet_socket
+class ieee802154_socket
+class caif_socket
+class alg_socket
+class nfc_socket
+class vsock_socket
+class kcm_socket
+class qipcrtr_socket
+class smc_socket
+
+class process2
+
+class bpf
+
+class xdp_socket
+
+class perf_event
+
+# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
+class lockdown
+
+# Property service
+class property_service # userspace
+
+# Service manager
+class service_manager # userspace
+
+# hardware service manager # userspace
+class hwservice_manager
+
+# Keystore Key
+class keystore_key # userspace
+
+class drmservice # userspace
+# FLASK
diff --git a/prebuilts/api/30.0/private/service.te b/prebuilts/api/30.0/private/service.te
new file mode 100644
index 0000000..6c17521
--- /dev/null
+++ b/prebuilts/api/30.0/private/service.te
@@ -0,0 +1,8 @@
+type attention_service, system_server_service, service_manager_type;
+type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
+type gsi_service, service_manager_type;
+type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
+type stats_service, service_manager_type;
+type statscompanion_service, system_server_service, service_manager_type;
+type statsmanager_service, system_api_service, system_server_service, service_manager_type;
+type uce_service, service_manager_type;
diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts
new file mode 100644
index 0000000..5c6f1a4
--- /dev/null
+++ b/prebuilts/api/30.0/private/service_contexts
@@ -0,0 +1,250 @@
+android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
+android.hardware.light.ILights/default u:object_r:hal_light_service:s0
+android.hardware.power.IPower/default u:object_r:hal_power_service:s0
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
+android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
+
+accessibility u:object_r:accessibility_service:s0
+account u:object_r:account_service:s0
+activity u:object_r:activity_service:s0
+activity_task u:object_r:activity_task_service:s0
+adb u:object_r:adb_service:s0
+aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
+aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
+alarm u:object_r:alarm_service:s0
+android.os.UpdateEngineService u:object_r:update_engine_service:s0
+android.security.identity u:object_r:credstore_service:s0
+android.security.keystore u:object_r:keystore_service:s0
+android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
+app_binding u:object_r:app_binding_service:s0
+app_integrity u:object_r:app_integrity_service:s0
+app_prediction u:object_r:app_prediction_service:s0
+app_search u:object_r:app_search_service:s0
+apexservice u:object_r:apex_service:s0
+blob_store u:object_r:blob_store_service:s0
+gsiservice u:object_r:gsi_service:s0
+appops u:object_r:appops_service:s0
+appwidget u:object_r:appwidget_service:s0
+assetatlas u:object_r:assetatlas_service:s0
+attention u:object_r:attention_service:s0
+audio u:object_r:audio_service:s0
+auth u:object_r:auth_service:s0
+autofill u:object_r:autofill_service:s0
+backup u:object_r:backup_service:s0
+batteryproperties u:object_r:batteryproperties_service:s0
+batterystats u:object_r:batterystats_service:s0
+battery u:object_r:battery_service:s0
+binder_calls_stats u:object_r:binder_calls_stats_service:s0
+biometric u:object_r:biometric_service:s0
+bluetooth_manager u:object_r:bluetooth_manager_service:s0
+bluetooth u:object_r:bluetooth_service:s0
+broadcastradio u:object_r:broadcastradio_service:s0
+bugreport u:object_r:bugreport_service:s0
+cacheinfo u:object_r:cacheinfo_service:s0
+carrier_config u:object_r:radio_service:s0
+clipboard u:object_r:clipboard_service:s0
+com.android.net.IProxyService u:object_r:IProxyService_service:s0
+companiondevice u:object_r:companion_device_service:s0
+platform_compat u:object_r:platform_compat_service:s0
+platform_compat_native u:object_r:platform_compat_service:s0
+connectivity u:object_r:connectivity_service:s0
+connmetrics u:object_r:connmetrics_service:s0
+consumer_ir u:object_r:consumer_ir_service:s0
+content u:object_r:content_service:s0
+content_capture u:object_r:content_capture_service:s0
+content_suggestions u:object_r:content_suggestions_service:s0
+contexthub u:object_r:contexthub_service:s0
+country_detector u:object_r:country_detector_service:s0
+coverage u:object_r:coverage_service:s0
+cpuinfo u:object_r:cpuinfo_service:s0
+crossprofileapps u:object_r:crossprofileapps_service:s0
+dataloader_manager u:object_r:dataloader_manager_service:s0
+dbinfo u:object_r:dbinfo_service:s0
+device_config u:object_r:device_config_service:s0
+device_policy u:object_r:device_policy_service:s0
+device_identifiers u:object_r:device_identifiers_service:s0
+deviceidle u:object_r:deviceidle_service:s0
+devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
+diskstats u:object_r:diskstats_service:s0
+display u:object_r:display_service:s0
+dnsresolver u:object_r:dnsresolver_service:s0
+color_display u:object_r:color_display_service:s0
+netd_listener u:object_r:netd_listener_service:s0
+network_watchlist u:object_r:network_watchlist_service:s0
+DockObserver u:object_r:DockObserver_service:s0
+dreams u:object_r:dreams_service:s0
+drm.drmManager u:object_r:drmserver_service:s0
+dropbox u:object_r:dropbox_service:s0
+dumpstate u:object_r:dumpstate_service:s0
+dynamic_system u:object_r:dynamic_system_service:s0
+econtroller u:object_r:radio_service:s0
+emergency_affordance u:object_r:emergency_affordance_service:s0
+euicc_card_controller u:object_r:radio_service:s0
+external_vibrator_service u:object_r:external_vibrator_service:s0
+lowpan u:object_r:lowpan_service:s0
+ethernet u:object_r:ethernet_service:s0
+face u:object_r:face_service:s0
+file_integrity u:object_r:file_integrity_service:s0
+fingerprint u:object_r:fingerprint_service:s0
+font u:object_r:font_service:s0
+android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
+gfxinfo u:object_r:gfxinfo_service:s0
+graphicsstats u:object_r:graphicsstats_service:s0
+gpu u:object_r:gpu_service:s0
+hardware u:object_r:hardware_service:s0
+hardware_properties u:object_r:hardware_properties_service:s0
+hdmi_control u:object_r:hdmi_control_service:s0
+ions u:object_r:radio_service:s0
+idmap u:object_r:idmap_service:s0
+incident u:object_r:incident_service:s0
+incidentcompanion u:object_r:incidentcompanion_service:s0
+inputflinger u:object_r:inputflinger_service:s0
+input_method u:object_r:input_method_service:s0
+input u:object_r:input_service:s0
+installd u:object_r:installd_service:s0
+iorapd u:object_r:iorapd_service:s0
+iphonesubinfo_msim u:object_r:radio_service:s0
+iphonesubinfo2 u:object_r:radio_service:s0
+iphonesubinfo u:object_r:radio_service:s0
+ims u:object_r:radio_service:s0
+imms u:object_r:imms_service:s0
+incremental u:object_r:incremental_service:s0
+ipsec u:object_r:ipsec_service:s0
+ircsmessage u:object_r:radio_service:s0
+iris u:object_r:iris_service:s0
+isms_msim u:object_r:radio_service:s0
+isms2 u:object_r:radio_service:s0
+isms u:object_r:radio_service:s0
+isub u:object_r:radio_service:s0
+jobscheduler u:object_r:jobscheduler_service:s0
+launcherapps u:object_r:launcherapps_service:s0
+lights u:object_r:light_service:s0
+location u:object_r:location_service:s0
+lock_settings u:object_r:lock_settings_service:s0
+looper_stats u:object_r:looper_stats_service:s0
+lpdump_service u:object_r:lpdump_service:s0
+media.aaudio u:object_r:audioserver_service:s0
+media.audio_flinger u:object_r:audioserver_service:s0
+media.audio_policy u:object_r:audioserver_service:s0
+media.camera u:object_r:cameraserver_service:s0
+media.camera.proxy u:object_r:cameraproxy_service:s0
+media.log u:object_r:audioserver_service:s0
+media.player u:object_r:mediaserver_service:s0
+media.metrics u:object_r:mediametrics_service:s0
+media.extractor u:object_r:mediaextractor_service:s0
+media.transcoding u:object_r:mediatranscoding_service:s0
+media.resource_manager u:object_r:mediaserver_service:s0
+media.sound_trigger_hw u:object_r:audioserver_service:s0
+media.drm u:object_r:mediadrmserver_service:s0
+media_projection u:object_r:media_projection_service:s0
+media_resource_monitor u:object_r:media_session_service:s0
+media_router u:object_r:media_router_service:s0
+media_session u:object_r:media_session_service:s0
+meminfo u:object_r:meminfo_service:s0
+midi u:object_r:midi_service:s0
+mount u:object_r:mount_service:s0
+netd u:object_r:netd_service:s0
+netpolicy u:object_r:netpolicy_service:s0
+netstats u:object_r:netstats_service:s0
+network_stack u:object_r:network_stack_service:s0
+network_management u:object_r:network_management_service:s0
+network_score u:object_r:network_score_service:s0
+network_time_update_service u:object_r:network_time_update_service:s0
+nfc u:object_r:nfc_service:s0
+notification u:object_r:notification_service:s0
+oem_lock u:object_r:oem_lock_service:s0
+otadexopt u:object_r:otadexopt_service:s0
+overlay u:object_r:overlay_service:s0
+package u:object_r:package_service:s0
+package_native u:object_r:package_native_service:s0
+permission u:object_r:permission_service:s0
+permissionmgr u:object_r:permissionmgr_service:s0
+persistent_data_block u:object_r:persistent_data_block_service:s0
+phone_msim u:object_r:radio_service:s0
+phone1 u:object_r:radio_service:s0
+phone2 u:object_r:radio_service:s0
+phone u:object_r:radio_service:s0
+pinner u:object_r:pinner_service:s0
+power u:object_r:power_service:s0
+print u:object_r:print_service:s0
+processinfo u:object_r:processinfo_service:s0
+procstats u:object_r:procstats_service:s0
+radio.phonesubinfo u:object_r:radio_service:s0
+radio.phone u:object_r:radio_service:s0
+radio.sms u:object_r:radio_service:s0
+rcs u:object_r:radio_service:s0
+recovery u:object_r:recovery_service:s0
+restrictions u:object_r:restrictions_service:s0
+role u:object_r:role_service:s0
+rollback u:object_r:rollback_service:s0
+rttmanager u:object_r:rttmanager_service:s0
+runtime u:object_r:runtime_service:s0
+samplingprofiler u:object_r:samplingprofiler_service:s0
+scheduling_policy u:object_r:scheduling_policy_service:s0
+search u:object_r:search_service:s0
+secure_element u:object_r:secure_element_service:s0
+sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0
+sensorservice u:object_r:sensorservice_service:s0
+sensor_privacy u:object_r:sensor_privacy_service:s0
+serial u:object_r:serial_service:s0
+servicediscovery u:object_r:servicediscovery_service:s0
+manager u:object_r:service_manager_service:s0
+settings u:object_r:settings_service:s0
+shortcut u:object_r:shortcut_service:s0
+simphonebook_msim u:object_r:radio_service:s0
+simphonebook2 u:object_r:radio_service:s0
+simphonebook u:object_r:radio_service:s0
+sip u:object_r:radio_service:s0
+slice u:object_r:slice_service:s0
+stats u:object_r:stats_service:s0
+statscompanion u:object_r:statscompanion_service:s0
+statsmanager u:object_r:statsmanager_service:s0
+soundtrigger u:object_r:voiceinteraction_service:s0
+soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0
+statusbar u:object_r:statusbar_service:s0
+storaged u:object_r:storaged_service:s0
+storaged_pri u:object_r:storaged_service:s0
+storagestats u:object_r:storagestats_service:s0
+SurfaceFlinger u:object_r:surfaceflinger_service:s0
+suspend_control u:object_r:system_suspend_control_service:s0
+system_config u:object_r:system_config_service:s0
+system_update u:object_r:system_update_service:s0
+task u:object_r:task_service:s0
+telecom u:object_r:telecom_service:s0
+telephony.registry u:object_r:registry_service:s0
+telephony_ims u:object_r:radio_service:s0
+testharness u:object_r:testharness_service:s0
+tethering u:object_r:tethering_service:s0
+textclassification u:object_r:textclassification_service:s0
+textservices u:object_r:textservices_service:s0
+time_detector u:object_r:timedetector_service:s0
+time_zone_detector u:object_r:timezonedetector_service:s0
+timezone u:object_r:timezone_service:s0
+thermalservice u:object_r:thermal_service:s0
+trust u:object_r:trust_service:s0
+tv_input u:object_r:tv_input_service:s0
+tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
+uce u:object_r:uce_service:s0
+uimode u:object_r:uimode_service:s0
+updatelock u:object_r:updatelock_service:s0
+uri_grants u:object_r:uri_grants_service:s0
+usagestats u:object_r:usagestats_service:s0
+usb u:object_r:usb_service:s0
+user u:object_r:user_service:s0
+vibrator u:object_r:vibrator_service:s0
+virtual_touchpad u:object_r:virtual_touchpad_service:s0
+voiceinteraction u:object_r:voiceinteraction_service:s0
+vold u:object_r:vold_service:s0
+vr_hwc u:object_r:vr_hwc_service:s0
+vrflinger_vsync u:object_r:vrflinger_vsync_service:s0
+vrmanager u:object_r:vr_manager_service:s0
+wallpaper u:object_r:wallpaper_service:s0
+webviewupdate u:object_r:webviewupdate_service:s0
+wifip2p u:object_r:wifip2p_service:s0
+wifiscanner u:object_r:wifiscanner_service:s0
+wifi u:object_r:wifi_service:s0
+wifinl80211 u:object_r:wifinl80211_service:s0
+wifiaware u:object_r:wifiaware_service:s0
+wifirtt u:object_r:rttmanager_service:s0
+window u:object_r:window_service:s0
+* u:object_r:default_android_service:s0
diff --git a/prebuilts/api/30.0/private/servicemanager.te b/prebuilts/api/30.0/private/servicemanager.te
new file mode 100644
index 0000000..6294452
--- /dev/null
+++ b/prebuilts/api/30.0/private/servicemanager.te
@@ -0,0 +1,7 @@
+typeattribute servicemanager coredomain;
+
+init_daemon_domain(servicemanager)
+
+read_runtime_log_tags(servicemanager)
+
+set_prop(servicemanager, ctl_interface_start_prop)
diff --git a/prebuilts/api/30.0/private/sgdisk.te b/prebuilts/api/30.0/private/sgdisk.te
new file mode 100644
index 0000000..a17342e
--- /dev/null
+++ b/prebuilts/api/30.0/private/sgdisk.te
@@ -0,0 +1 @@
+typeattribute sgdisk coredomain;
diff --git a/prebuilts/api/30.0/private/shared_relro.te b/prebuilts/api/30.0/private/shared_relro.te
new file mode 100644
index 0000000..02f7206
--- /dev/null
+++ b/prebuilts/api/30.0/private/shared_relro.te
@@ -0,0 +1,5 @@
+typeattribute shared_relro coredomain;
+
+# The shared relro process is a Java program forked from the zygote, so it
+# inherits from app to get basic permissions it needs to run.
+app_domain(shared_relro)
diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te
new file mode 100644
index 0000000..43e4dd5
--- /dev/null
+++ b/prebuilts/api/30.0/private/shell.te
@@ -0,0 +1,95 @@
+typeattribute shell coredomain;
+
+# allow shell input injection
+allow shell uhid_device:chr_file rw_file_perms;
+
+# systrace support - allow atrace to run
+allow shell debugfs_tracing_debug:dir r_dir_perms;
+allow shell debugfs_tracing:dir r_dir_perms;
+allow shell debugfs_tracing:file rw_file_perms;
+allow shell debugfs_trace_marker:file getattr;
+allow shell atrace_exec:file rx_file_perms;
+
+userdebug_or_eng(`
+ allow shell debugfs_tracing_debug:file rw_file_perms;
+')
+
+# read config.gz for CTS purposes
+allow shell config_gz:file r_file_perms;
+
+# Run app_process.
+# XXX Transition into its own domain?
+app_domain(shell)
+
+# allow shell to call dumpsys storaged
+binder_call(shell, storaged)
+
+# Perform SELinux access checks, needed for CTS
+selinux_check_access(shell)
+selinux_check_context(shell)
+
+# Control Perfetto traced and obtain traces from it.
+# Needed for Studio and debugging.
+unix_socket_connect(shell, traced_consumer, traced)
+
+# Allow shell binaries to write trace data to Perfetto. Used for testing and
+# cmdline utils.
+perfetto_producer(shell)
+
+domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
+
+# Allow shell binaries to exec the perfetto cmdline util and have that
+# transition into its own domain, so that it behaves consistently to
+# when exec()-d by statsd.
+domain_auto_trans(shell, perfetto_exec, perfetto)
+# Allow to send SIGINT to perfetto when daemonized.
+allow shell perfetto:process signal;
+
+# Allow shell to run adb shell cmd stats commands. Needed for CTS.
+binder_call(shell, statsd);
+
+# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
+allow shell perfetto_traces_data_file:dir rw_dir_perms;
+allow shell perfetto_traces_data_file:file { r_file_perms unlink };
+
+# Allow shell to run adb shell cmd gpu commands.
+binder_call(shell, gpuservice);
+
+# Allow shell to use atrace HAL
+hal_client_domain(shell, hal_atrace)
+
+# For hostside tests such as CTS listening ports test.
+allow shell proc_net_tcp_udp:file r_file_perms;
+
+# The dl.exec_linker* tests need to execute /system/bin/linker
+# b/124789393
+allow shell system_linker_exec:file rx_file_perms;
+
+# Renderscript host side tests depend on being able to execute
+# /system/bin/bcc (b/126388046)
+allow shell rs_exec:file rx_file_perms;
+
+# Allow shell to start and comminicate with lpdumpd.
+set_prop(shell, lpdumpd_prop);
+binder_call(shell, lpdumpd)
+
+# Allow shell to set and read value of properties used for CTS tests of
+# userspace reboot
+set_prop(shell, userspace_reboot_test_prop)
+
+# Allow shell to get encryption policy of /data/local/tmp/, for CTS
+allowxperm shell shell_data_file:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_GET_ENCRYPTION_POLICY_EX
+};
+
+# Allow shell to execute simpleperf without a domain transition.
+allow shell simpleperf_exec:file rx_file_perms;
+
+# Allow shell to call perf_event_open for profiling other shell processes, but
+# not the whole system.
+allow shell self:perf_event { open read write kernel };
+neverallow shell self:perf_event ~{ open read write kernel };
+
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)
\ No newline at end of file
diff --git a/prebuilts/api/30.0/private/simpleperf.te b/prebuilts/api/30.0/private/simpleperf.te
new file mode 100644
index 0000000..0639c11
--- /dev/null
+++ b/prebuilts/api/30.0/private/simpleperf.te
@@ -0,0 +1,37 @@
+# Domain used when running /system/bin/simpleperf to profile a specific app.
+# Entered either by the app itself exec-ing the binary, or through
+# simpleperf_app_runner (with shell as its origin). Certain other domains
+# (runas_app, shell) can also exec this binary without a domain transition.
+typeattribute simpleperf coredomain;
+type simpleperf_exec, system_file_type, exec_type, file_type;
+
+domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
+
+# When running in this domain, simpleperf is scoped to profiling an individual
+# app. The necessary MAC permissions for profiling are more maintainable and
+# consistent if simpleperf is marked as an app domain as well (as, for example,
+# it will then see the same set of system libraries as the app).
+app_domain(simpleperf)
+untrusted_app_domain(simpleperf)
+
+# Allow ptrace attach to the target app, for reading JIT debug info (using
+# process_vm_readv) during unwinding and symbolization.
+allow simpleperf untrusted_app_all:process ptrace;
+
+# Allow using perf_event_open syscall for profiling the target app.
+allow simpleperf self:perf_event { open read write kernel };
+
+# Allow /proc/<pid> access for the target app (for example, when trying to
+# discover it by cmdline).
+r_dir_file(simpleperf, untrusted_app_all)
+
+# Suppress denial logspam when simpleperf is trying to find a matching process
+# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
+# the same domain as their respective processes, most of which this domain is
+# not allowed to see.
+dontaudit simpleperf domain:dir search;
+
+# Neverallows:
+
+# Profiling must be confined to the scope of an individual app.
+neverallow simpleperf self:perf_event ~{ open read write kernel };
diff --git a/prebuilts/api/30.0/private/simpleperf_app_runner.te b/prebuilts/api/30.0/private/simpleperf_app_runner.te
new file mode 100644
index 0000000..8501826
--- /dev/null
+++ b/prebuilts/api/30.0/private/simpleperf_app_runner.te
@@ -0,0 +1,3 @@
+typeattribute simpleperf_app_runner coredomain;
+
+domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner)
diff --git a/prebuilts/api/30.0/private/slideshow.te b/prebuilts/api/30.0/private/slideshow.te
new file mode 100644
index 0000000..7dfa994
--- /dev/null
+++ b/prebuilts/api/30.0/private/slideshow.te
@@ -0,0 +1 @@
+typeattribute slideshow coredomain;
diff --git a/prebuilts/api/30.0/private/snapshotctl.te b/prebuilts/api/30.0/private/snapshotctl.te
new file mode 100644
index 0000000..fb2bbca
--- /dev/null
+++ b/prebuilts/api/30.0/private/snapshotctl.te
@@ -0,0 +1,45 @@
+type snapshotctl, domain, coredomain;
+type snapshotctl_exec, system_file_type, exec_type, file_type;
+
+# Allow init to run snapshotctl and do auto domain transfer.
+init_daemon_domain(snapshotctl);
+
+# Allow to start gsid service.
+set_prop(snapshotctl, ctl_gsid_prop)
+
+# Allow to talk to gsid.
+binder_use(snapshotctl)
+allow snapshotctl gsi_service:service_manager find;
+binder_call(snapshotctl, gsid)
+
+# Allow to create/read/write/delete OTA metadata files for snapshot status and COW file status.
+allow snapshotctl metadata_file:dir search;
+allow snapshotctl ota_metadata_file:dir rw_dir_perms;
+allow snapshotctl ota_metadata_file:file create_file_perms;
+
+# Allow to get A/B slot suffix from device tree or kernel cmdline.
+r_dir_file(snapshotctl, sysfs_dt_firmware_android);
+allow snapshotctl proc_cmdline:file r_file_perms;
+
+# Needed to (re-)map logical partitions.
+allow snapshotctl block_device:dir r_dir_perms;
+allow snapshotctl super_block_device:blk_file r_file_perms;
+
+# Interact with device-mapper to collapse snapshots.
+allow snapshotctl dm_device:chr_file rw_file_perms;
+
+# Needed to mutate device-mapper nodes.
+allow snapshotctl self:global_capability_class_set sys_admin;
+
+# Snapshotctl talk to boot control HAL to set merge status.
+hwbinder_use(snapshotctl)
+hal_client_domain(snapshotctl, hal_bootctl)
+
+# Allow snapshotctl to write to statsd socket.
+unix_socket_send(snapshotctl, statsdw, statsd)
+
+# Logging
+userdebug_or_eng(`
+ allow snapshotctl snapshotctl_log_data_file:dir rw_dir_perms;
+ allow snapshotctl snapshotctl_log_data_file:file create_file_perms;
+')
diff --git a/prebuilts/api/30.0/private/stats.te b/prebuilts/api/30.0/private/stats.te
new file mode 100644
index 0000000..3e8a3d5
--- /dev/null
+++ b/prebuilts/api/30.0/private/stats.te
@@ -0,0 +1,55 @@
+type stats, domain;
+typeattribute stats coredomain;
+type stats_exec, system_file_type, exec_type, file_type;
+
+# switch to stats domain for stats command
+domain_auto_trans(shell, stats_exec, stats)
+
+# allow stats access to stdout from its parent shell.
+allow stats shell:fd use;
+
+# allow stats to communicate use, read and write over the adb
+# connection.
+allow stats adbd:fd use;
+allow stats adbd:unix_stream_socket { read write };
+
+# allow adbd to reap stats
+allow stats adbd:process { sigchld };
+
+# Allow the stats command to talk to the statsd over the binder, and get
+# back the stats report data from a ParcelFileDescriptor.
+binder_use(stats)
+allow stats stats_service:service_manager find;
+binder_call(stats, statsd)
+allow stats statsd:fifo_file write;
+
+# Only statsd can publish the binder service.
+add_service(statsd, stats_service)
+
+# Allow pipes from (and only from) stats.
+allow statsd stats:fd use;
+allow statsd stats:fifo_file write;
+
+# Allow statsd to call back to stats with status updates.
+binder_call(statsd, stats)
+
+###
+### neverallow rules
+###
+
+neverallow {
+ domain
+ -dumpstate
+ -gmscore_app
+ -gpuservice
+ -incidentd
+ -platform_app
+ -priv_app
+ -shell
+ -stats
+ -statsd
+ -surfaceflinger
+ -system_app
+ -system_server
+ -traceur_app
+} stats_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/statsd.te b/prebuilts/api/30.0/private/statsd.te
new file mode 100644
index 0000000..1483156
--- /dev/null
+++ b/prebuilts/api/30.0/private/statsd.te
@@ -0,0 +1,23 @@
+typeattribute statsd coredomain;
+
+init_daemon_domain(statsd)
+
+# Allow to exec the perfetto cmdline client and pass it the trace config on
+# stdint through a pipe. It allows statsd to capture traces and hand them
+# to Android dropbox.
+allow statsd perfetto_exec:file rx_file_perms;
+domain_auto_trans(statsd, perfetto_exec, perfetto)
+
+# Grant statsd with permissions to register the services.
+allow statsd {
+ statscompanion_service
+}:service_manager find;
+
+# Allow incidentd to obtain the statsd incident section.
+allow statsd incidentd:fifo_file write;
+
+# Allow StatsCompanionService to pipe data to statsd.
+allow statsd system_server:fifo_file { read getattr };
+
+# Allow statsd to retrieve SF statistics over binder
+binder_call(statsd, surfaceflinger);
diff --git a/prebuilts/api/30.0/private/storaged.te b/prebuilts/api/30.0/private/storaged.te
new file mode 100644
index 0000000..b7d4ae9
--- /dev/null
+++ b/prebuilts/api/30.0/private/storaged.te
@@ -0,0 +1,67 @@
+# storaged daemon
+type storaged, domain, coredomain, mlstrustedsubject;
+type storaged_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(storaged)
+
+# Read access to pseudo filesystems
+r_dir_file(storaged, domain)
+
+# Read /proc/uid_io/stats
+allow storaged proc_uid_io_stats:file r_file_perms;
+
+# Read /data/system/packages.list
+allow storaged system_data_file:file r_file_perms;
+allow storaged packages_list_file:file r_file_perms;
+
+# Store storaged proto file
+allow storaged storaged_data_file:dir rw_dir_perms;
+allow storaged storaged_data_file:file create_file_perms;
+
+userdebug_or_eng(`
+ # Read access to debugfs
+ allow storaged debugfs_mmc:dir search;
+ allow storaged debugfs_mmc:file r_file_perms;
+')
+
+# Needed to provide debug dump output via dumpsys pipes.
+allow storaged shell:fd use;
+allow storaged shell:fifo_file write;
+
+# Needed for GMScore to call dumpsys storaged
+allow storaged priv_app:fd use;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+# Remove after no logs are seen for this rule.
+userdebug_or_eng(`
+ auditallow storaged priv_app:fd use;
+')
+allow storaged gmscore_app:fd use;
+allow storaged { privapp_data_file app_data_file }:file write;
+allow storaged permission_service:service_manager find;
+
+# Binder permissions
+add_service(storaged, storaged_service)
+
+binder_use(storaged)
+binder_call(storaged, system_server)
+
+hal_client_domain(storaged, hal_health)
+
+# Implements a dumpsys interface.
+allow storaged dumpstate:fd use;
+
+# use a subset of the package manager service
+allow storaged package_native_service:service_manager find;
+
+# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
+# running as root. See b/35323867 #3.
+dontaudit storaged self:global_capability_class_set { dac_override dac_read_search };
+
+# For collecting bugreports.
+allow storaged dumpstate:fifo_file write;
+
+###
+### neverallow
+###
+neverallow storaged domain:process ptrace;
+neverallow storaged self:capability_class_set *;
diff --git a/prebuilts/api/30.0/private/su.te b/prebuilts/api/30.0/private/su.te
new file mode 100644
index 0000000..16e47bb
--- /dev/null
+++ b/prebuilts/api/30.0/private/su.te
@@ -0,0 +1,23 @@
+userdebug_or_eng(`
+ typeattribute su coredomain;
+
+ domain_auto_trans(shell, su_exec, su)
+ # Allow dumpstate to call su on userdebug / eng builds to collect
+ # additional information.
+ domain_auto_trans(dumpstate, su_exec, su)
+
+ # Make sure that dumpstate runs the same from the "su" domain as
+ # from the "init" domain.
+ domain_auto_trans(su, dumpstate_exec, dumpstate)
+
+ # Put the incident command into its domain so it is the same on user, userdebug and eng.
+ domain_auto_trans(su, incident_exec, incident)
+
+ # Put the perfetto command into its domain so it is the same on user, userdebug and eng.
+ domain_auto_trans(su, perfetto_exec, perfetto)
+
+ # su is also permissive to permit setenforce.
+ permissive su;
+
+ app_domain(su)
+')
diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te
new file mode 100644
index 0000000..2e9ce19
--- /dev/null
+++ b/prebuilts/api/30.0/private/surfaceflinger.te
@@ -0,0 +1,143 @@
+# surfaceflinger - display compositor service
+
+typeattribute surfaceflinger coredomain;
+
+type surfaceflinger_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(surfaceflinger)
+tmpfs_domain(surfaceflinger)
+
+typeattribute surfaceflinger mlstrustedsubject;
+typeattribute surfaceflinger display_service_server;
+
+read_runtime_log_tags(surfaceflinger)
+
+# Perform HwBinder IPC.
+hal_client_domain(surfaceflinger, hal_graphics_allocator)
+hal_client_domain(surfaceflinger, hal_graphics_composer)
+typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs;
+hal_client_domain(surfaceflinger, hal_codec2)
+hal_client_domain(surfaceflinger, hal_omx)
+hal_client_domain(surfaceflinger, hal_configstore)
+hal_client_domain(surfaceflinger, hal_power)
+hal_client_domain(surfaceflinger, hal_bufferhub)
+allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
+
+# Perform Binder IPC.
+binder_use(surfaceflinger)
+binder_call(surfaceflinger, binderservicedomain)
+binder_call(surfaceflinger, appdomain)
+binder_call(surfaceflinger, bootanim)
+binder_call(surfaceflinger, system_server);
+binder_service(surfaceflinger)
+
+# Binder IPC to bu, presently runs in adbd domain.
+binder_call(surfaceflinger, adbd)
+
+# Read /proc/pid files for Binder clients.
+r_dir_file(surfaceflinger, binderservicedomain)
+r_dir_file(surfaceflinger, appdomain)
+
+# Access the GPU.
+allow surfaceflinger gpu_device:chr_file rw_file_perms;
+
+# Access /dev/graphics/fb0.
+allow surfaceflinger graphics_device:dir search;
+allow surfaceflinger graphics_device:chr_file rw_file_perms;
+
+# Access /dev/video1.
+allow surfaceflinger video_device:dir r_dir_perms;
+allow surfaceflinger video_device:chr_file rw_file_perms;
+
+# Create and use netlink kobject uevent sockets.
+allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Set properties.
+set_prop(surfaceflinger, system_prop)
+set_prop(surfaceflinger, exported_system_prop)
+set_prop(surfaceflinger, exported2_system_prop)
+set_prop(surfaceflinger, exported3_system_prop)
+set_prop(surfaceflinger, ctl_bootanim_prop)
+set_prop(surfaceflinger, surfaceflinger_display_prop)
+
+# Use open files supplied by an app.
+allow surfaceflinger appdomain:fd use;
+allow surfaceflinger { app_data_file privapp_data_file }:file { read write };
+
+# Allow writing surface traces to /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
+ allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
+')
+
+# Needed to register as a Perfetto producer.
+perfetto_producer(surfaceflinger)
+
+# Use socket supplied by adbd, for cmd gpu vkjson etc.
+allow surfaceflinger adbd:unix_stream_socket { read write getattr };
+
+# Allow a dumpstate triggered screenshot
+binder_call(surfaceflinger, dumpstate)
+binder_call(surfaceflinger, shell)
+r_dir_file(surfaceflinger, dumpstate)
+
+# media.player service
+
+# do not use add_service() as hal_graphics_composer_default may be the
+# provider as well
+#add_service(surfaceflinger, surfaceflinger_service)
+allow surfaceflinger surfaceflinger_service:service_manager { add find };
+
+add_service(surfaceflinger, vrflinger_vsync_service)
+
+allow surfaceflinger mediaserver_service:service_manager find;
+allow surfaceflinger permission_service:service_manager find;
+allow surfaceflinger power_service:service_manager find;
+allow surfaceflinger vr_manager_service:service_manager find;
+allow surfaceflinger window_service:service_manager find;
+allow surfaceflinger inputflinger_service:service_manager find;
+
+
+# allow self to set SCHED_FIFO
+allow surfaceflinger self:global_capability_class_set sys_nice;
+allow surfaceflinger proc_meminfo:file r_file_perms;
+r_dir_file(surfaceflinger, cgroup)
+r_dir_file(surfaceflinger, system_file)
+allow surfaceflinger tmpfs:dir r_dir_perms;
+allow surfaceflinger system_server:fd use;
+allow surfaceflinger system_server:unix_stream_socket { read write };
+allow surfaceflinger ion_device:chr_file r_file_perms;
+
+# pdx IPC
+pdx_server(surfaceflinger, display_client)
+pdx_server(surfaceflinger, display_manager)
+pdx_server(surfaceflinger, display_screenshot)
+pdx_server(surfaceflinger, display_vsync)
+
+pdx_client(surfaceflinger, bufferhub_client)
+pdx_client(surfaceflinger, performance_client)
+
+# Allow supplying timestats statistics to statsd
+allow surfaceflinger stats_service:service_manager find;
+allow surfaceflinger statsmanager_service:service_manager find;
+# TODO(146461633): remove this once native pullers talk to StatsManagerService
+binder_call(surfaceflinger, statsd);
+
+# Allow pushing jank event atoms to statsd
+userdebug_or_eng(`
+ unix_socket_send(surfaceflinger, statsdw, statsd)
+')
+
+# Surfaceflinger should not be reading default vendor-defined properties.
+dontaudit surfaceflinger vendor_default_prop:file read;
+
+###
+### Neverallow rules
+###
+### surfaceflinger should NEVER do any of this
+
+# Do not allow accessing SDcard files as unsafe ejection could
+# cause the kernel to kill the process.
+neverallow surfaceflinger sdcard_type:file rw_file_perms;
+
+# b/68864350
+dontaudit surfaceflinger unlabeled:dir search;
diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te
new file mode 100644
index 0000000..0b77bb3
--- /dev/null
+++ b/prebuilts/api/30.0/private/system_app.te
@@ -0,0 +1,171 @@
+###
+### Apps that run with the system UID, e.g. com.android.system.ui,
+### com.android.settings. These are not as privileged as the system
+### server.
+###
+
+typeattribute system_app coredomain;
+
+app_domain(system_app)
+net_domain(system_app)
+binder_service(system_app)
+
+# android.ui and system.ui
+allow system_app rootfs:dir getattr;
+
+# Read and write /data/data subdirectory.
+allow system_app system_app_data_file:dir create_dir_perms;
+allow system_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+# Read and write to /data/misc/user.
+allow system_app misc_user_data_file:dir create_dir_perms;
+allow system_app misc_user_data_file:file create_file_perms;
+
+# Access to vold-mounted storage for measuring free space
+allow system_app mnt_media_rw_file:dir search;
+
+# Access to apex files stored on /data (b/136063500)
+# Needed so that Settings can access NOTICE files inside apex
+# files located in the assets/ directory.
+allow system_app apex_data_file:dir search;
+allow system_app staging_data_file:file r_file_perms;
+
+# Read wallpaper file.
+allow system_app wallpaper_file:file r_file_perms;
+
+# Read icon file.
+allow system_app icon_file:file r_file_perms;
+
+# Write to properties
+set_prop(system_app, bluetooth_a2dp_offload_prop)
+set_prop(system_app, bluetooth_audio_hal_prop)
+set_prop(system_app, bluetooth_prop)
+set_prop(system_app, debug_prop)
+set_prop(system_app, system_prop)
+set_prop(system_app, exported_bluetooth_prop)
+set_prop(system_app, exported_system_prop)
+set_prop(system_app, exported2_system_prop)
+set_prop(system_app, exported3_system_prop)
+set_prop(system_app, logd_prop)
+set_prop(system_app, net_radio_prop)
+set_prop(system_app, system_radio_prop)
+set_prop(system_app, exported_system_radio_prop)
+set_prop(system_app, log_tag_prop)
+userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)')
+auditallow system_app net_radio_prop:property_service set;
+auditallow system_app system_radio_prop:property_service set;
+auditallow system_app exported_system_radio_prop:property_service set;
+# Allow Settings to enable Dynamic System Update
+set_prop(system_app, dynamic_system_prop)
+
+# ctl interface
+set_prop(system_app, ctl_default_prop)
+set_prop(system_app, ctl_bugreport_prop)
+
+# Allow developer settings to query gsid status
+get_prop(system_app, gsid_prop)
+
+# Create /data/anr/traces.txt.
+allow system_app anr_data_file:dir ra_dir_perms;
+allow system_app anr_data_file:file create_file_perms;
+
+# Settings need to access app name and icon from asec
+allow system_app asec_apk_file:file r_file_perms;
+
+# Allow system_app (adb data loader) to write data to /data/incremental
+allow system_app apk_data_file:file write;
+
+# Allow system app (adb data loader) to read logs
+allow system_app incremental_control_file:file r_file_perms;
+
+# Allow system apps (like Settings) to interact with statsd
+binder_call(system_app, statsd)
+
+# Allow system apps to interact with incidentd
+binder_call(system_app, incidentd)
+
+# Allow system apps to interact with gpuservice
+binder_call(system_app, gpuservice)
+
+# Allow system app to interact with Dumpstate HAL
+hal_client_domain(system_app, hal_dumpstate)
+
+allow system_app servicemanager:service_manager list;
+# TODO: scope this down? Too broad?
+allow system_app {
+ service_manager_type
+ -apex_service
+ -dnsresolver_service
+ -dumpstate_service
+ -installd_service
+ -iorapd_service
+ -lpdump_service
+ -netd_service
+ -system_suspend_control_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+ -default_android_service
+}:service_manager find;
+# suppress denials for services system_app should not be accessing.
+dontaudit system_app {
+ dnsresolver_service
+ dumpstate_service
+ installd_service
+ iorapd_service
+ netd_service
+ virtual_touchpad_service
+ vold_service
+ vr_hwc_service
+}:service_manager find;
+
+allow system_app keystore:keystore_key {
+ get_state
+ get
+ insert
+ delete
+ exist
+ list
+ reset
+ password
+ lock
+ unlock
+ is_empty
+ sign
+ verify
+ grant
+ duplicate
+ clear_uid
+ user_changed
+};
+
+# settings app reads /proc/version
+allow system_app {
+ proc_version
+}:file r_file_perms;
+
+# Settings app writes to /dev/stune/foreground/tasks.
+allow system_app cgroup:file w_file_perms;
+
+control_logd(system_app)
+read_runtime_log_tags(system_app)
+get_prop(system_app, device_logging_prop)
+
+# allow system apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow system_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
+
+###
+### Neverallow rules
+###
+
+# app domains which access /dev/fuse should not run as system_app
+neverallow system_app fuse_device:chr_file *;
+
+# Apps which run as UID=system should not rely on any attacker controlled
+# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we
+# allow writes to files passed by file descriptor to support dumpstate and
+# bug reports, but not reads.
+neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
+neverallow system_app shell_data_file:file { open read ioctl lock };
diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te
new file mode 100644
index 0000000..66c46ed
--- /dev/null
+++ b/prebuilts/api/30.0/private/system_server.te
@@ -0,0 +1,1172 @@
+#
+# System Server aka system_server spawned by zygote.
+# Most of the framework services run in this process.
+#
+
+typeattribute system_server coredomain;
+typeattribute system_server mlstrustedsubject;
+typeattribute system_server scheduler_service_server;
+typeattribute system_server sensor_service_server;
+typeattribute system_server stats_service_server;
+
+# Define a type for tmpfs-backed ashmem regions.
+tmpfs_domain(system_server)
+
+# Create a socket for connections from crash_dump.
+type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
+
+# Create a socket for connections from zygotes.
+type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket";
+
+allow system_server zygote_tmpfs:file read;
+allow system_server appdomain_tmpfs:file { getattr map read write };
+
+# For Incremental Service to check if incfs is available
+allow system_server proc_filesystems:file r_file_perms;
+
+# To create files and get permission to fill blocks on Incremental File System
+allow system_server incremental_control_file:file { ioctl r_file_perms };
+allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
+
+# To get signature of an APK installed on Incremental File System and fill in data blocks
+allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+
+# For art.
+allow system_server dalvikcache_data_file:dir r_dir_perms;
+allow system_server dalvikcache_data_file:file r_file_perms;
+
+# When running system server under --invoke-with, we'll try to load the boot image under the
+# system server domain, following links to the system partition.
+with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;')
+
+# /data/resource-cache
+allow system_server resourcecache_data_file:file r_file_perms;
+allow system_server resourcecache_data_file:dir r_dir_perms;
+
+# ptrace to processes in the same domain for debugging crashes.
+allow system_server self:process ptrace;
+
+# Child of the zygote.
+allow system_server zygote:fd use;
+allow system_server zygote:process sigchld;
+
+# May kill zygote on crashes.
+allow system_server {
+ app_zygote
+ crash_dump
+ webview_zygote
+ zygote
+}:process { sigkill signull };
+
+# Read /system/bin/app_process.
+allow system_server zygote_exec:file r_file_perms;
+
+# Needed to close the zygote socket, which involves getopt / getattr
+allow system_server zygote:unix_stream_socket { getopt getattr };
+
+# system server gets network and bluetooth permissions.
+net_domain(system_server)
+# in addition to ioctls whitelisted for all domains, also allow system_server
+# to use privileged ioctls commands. Needed to set up VPNs.
+allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
+bluetooth_domain(system_server)
+
+# Allow setup of tcp keepalive offload. This gives system_server the permission to
+# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to
+# be granted individually, except for a small set of safe values whitelisted in
+# public/domain.te.
+allow system_server appdomain:tcp_socket ioctl;
+
+# These are the capabilities assigned by the zygote to the
+# system server.
+allow system_server self:global_capability_class_set {
+ ipc_lock
+ kill
+ net_admin
+ net_bind_service
+ net_broadcast
+ net_raw
+ sys_boot
+ sys_nice
+ sys_ptrace
+ sys_time
+ sys_tty_config
+};
+
+# Trigger module auto-load.
+allow system_server kernel:system module_request;
+
+# Allow alarmtimers to be set
+allow system_server self:global_capability2_class_set wake_alarm;
+
+# Create and share netlink_netfilter_sockets for tetheroffload.
+allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+
+# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps.
+allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
+
+# Use netlink uevent sockets.
+allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Use generic netlink sockets.
+allow system_server self:netlink_socket create_socket_perms_no_ioctl;
+allow system_server self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+# libvintf reads the kernel config to verify vendor interface compatibility.
+allow system_server config_gz:file { read open };
+
+# Use generic "sockets" where the address family is not known
+# to the kernel. The ioctl permission is specifically omitted here, but may
+# be added to device specific policy along with the ioctl commands to be
+# whitelisted.
+allow system_server self:socket create_socket_perms_no_ioctl;
+
+# Set and get routes directly via netlink.
+allow system_server self:netlink_route_socket nlmsg_write;
+
+# Kill apps.
+allow system_server appdomain:process { getpgid sigkill signal };
+# signull allowed for kill(pid, 0) existence test.
+allow system_server appdomain:process { signull };
+
+# Set scheduling info for apps.
+allow system_server appdomain:process { getsched setsched };
+allow system_server audioserver:process { getsched setsched };
+allow system_server hal_audio:process { getsched setsched };
+allow system_server hal_bluetooth:process { getsched setsched };
+allow system_server hal_codec2_server:process { getsched setsched };
+allow system_server hal_omx_server:process { getsched setsched };
+allow system_server mediaswcodec:process { getsched setsched };
+allow system_server cameraserver:process { getsched setsched };
+allow system_server hal_camera:process { getsched setsched };
+allow system_server mediaserver:process { getsched setsched };
+allow system_server bootanim:process { getsched setsched };
+
+# Set scheduling info for psi monitor thread.
+# TODO: delete this line b/131761776
+allow system_server kernel:process { getsched setsched };
+
+# Allow system_server to write to /proc/<pid>/*
+allow system_server domain:file w_file_perms;
+
+# Read /proc/pid data for all domains. This is used by ProcessCpuTracker
+# within system_server to keep track of memory and CPU usage for
+# all processes on the device. In addition, /proc/pid files access is needed
+# for dumping stack traces of native processes.
+r_dir_file(system_server, domain)
+
+# Write /proc/uid_cputime/remove_uid_range.
+allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
+
+# Write /proc/uid_procstat/set.
+allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
+
+# Write to /proc/sysrq-trigger.
+allow system_server proc_sysrq:file rw_file_perms;
+
+# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
+allow system_server stats_data_file:dir { open read remove_name search write };
+allow system_server stats_data_file:file unlink;
+
+# Read /sys/kernel/debug/wakeup_sources.
+allow system_server debugfs_wakeup_sources:file r_file_perms;
+
+# Read /sys/kernel/ion/*.
+allow system_server sysfs_ion:file r_file_perms;
+
+# The DhcpClient and WifiWatchdog use packet_sockets
+allow system_server self:packet_socket create_socket_perms_no_ioctl;
+
+# 3rd party VPN clients require a tun_socket to be created
+allow system_server self:tun_socket create_socket_perms_no_ioctl;
+
+# Talk to init and various daemons via sockets.
+unix_socket_connect(system_server, lmkd, lmkd)
+unix_socket_connect(system_server, mtpd, mtp)
+unix_socket_connect(system_server, zygote, zygote)
+unix_socket_connect(system_server, racoon, racoon)
+unix_socket_connect(system_server, uncrypt, uncrypt)
+
+# Allow system_server to write to statsd.
+unix_socket_send(system_server, statsdw, statsd)
+
+# Communicate over a socket created by surfaceflinger.
+allow system_server surfaceflinger:unix_stream_socket { read write setopt };
+
+allow system_server gpuservice:unix_stream_socket { read write setopt };
+
+# Communicate over a socket created by webview_zygote.
+allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
+
+# Communicate over a socket created by app_zygote.
+allow system_server app_zygote:unix_stream_socket { read write connectto setopt };
+
+# Perform Binder IPC.
+binder_use(system_server)
+binder_call(system_server, appdomain)
+binder_call(system_server, binderservicedomain)
+binder_call(system_server, dumpstate)
+binder_call(system_server, fingerprintd)
+binder_call(system_server, gatekeeperd)
+binder_call(system_server, gpuservice)
+binder_call(system_server, idmap)
+binder_call(system_server, installd)
+binder_call(system_server, incidentd)
+binder_call(system_server, iorapd)
+binder_call(system_server, netd)
+binder_call(system_server, notify_traceur)
+binder_call(system_server, statsd)
+binder_call(system_server, storaged)
+binder_call(system_server, update_engine)
+binder_call(system_server, vold)
+binder_call(system_server, wificond)
+binder_call(system_server, wpantund)
+binder_service(system_server)
+
+# Use HALs
+hal_client_domain(system_server, hal_allocator)
+hal_client_domain(system_server, hal_audio)
+hal_client_domain(system_server, hal_authsecret)
+hal_client_domain(system_server, hal_broadcastradio)
+hal_client_domain(system_server, hal_codec2)
+hal_client_domain(system_server, hal_configstore)
+hal_client_domain(system_server, hal_contexthub)
+hal_client_domain(system_server, hal_face)
+hal_client_domain(system_server, hal_fingerprint)
+hal_client_domain(system_server, hal_gnss)
+hal_client_domain(system_server, hal_graphics_allocator)
+hal_client_domain(system_server, hal_health)
+hal_client_domain(system_server, hal_input_classifier)
+hal_client_domain(system_server, hal_ir)
+hal_client_domain(system_server, hal_light)
+hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_neuralnetworks)
+hal_client_domain(system_server, hal_oemlock)
+hal_client_domain(system_server, hal_omx)
+hal_client_domain(system_server, hal_power)
+hal_client_domain(system_server, hal_power_stats)
+hal_client_domain(system_server, hal_rebootescrow)
+hal_client_domain(system_server, hal_sensors)
+hal_client_domain(system_server, hal_tetheroffload)
+hal_client_domain(system_server, hal_thermal)
+hal_client_domain(system_server, hal_tv_cec)
+hal_client_domain(system_server, hal_tv_input)
+hal_client_domain(system_server, hal_usb)
+hal_client_domain(system_server, hal_usb_gadget)
+hal_client_domain(system_server, hal_vibrator)
+hal_client_domain(system_server, hal_vr)
+hal_client_domain(system_server, hal_weaver)
+hal_client_domain(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi_hostapd)
+hal_client_domain(system_server, hal_wifi_supplicant)
+
+# Talk with graphics composer fences
+allow system_server hal_graphics_composer:fd use;
+
+# Use RenderScript always-passthrough HAL
+allow system_server hal_renderscript_hwservice:hwservice_manager find;
+allow system_server same_process_hal_file:file { execute read open getattr map };
+
+# Talk to tombstoned to get ANR traces.
+unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
+
+# List HAL interfaces to get ANR traces.
+allow system_server hwservicemanager:hwservice_manager list;
+
+# Send signals to trigger ANR traces.
+allow system_server {
+ # This is derived from the list that system server defines as interesting native processes
+ # to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in
+ # frameworks/base/services/core/java/com/android/server/Watchdog.java.
+ audioserver
+ cameraserver
+ drmserver
+ gpuservice
+ inputflinger
+ mediadrmserver
+ mediaextractor
+ mediametrics
+ mediaserver
+ mediaswcodec
+ netd
+ sdcardd
+ statsd
+ surfaceflinger
+ vold
+
+ # This list comes from HAL_INTERFACES_OF_INTEREST in
+ # frameworks/base/services/core/java/com/android/server/Watchdog.java.
+ hal_audio_server
+ hal_bluetooth_server
+ hal_camera_server
+ hal_codec2_server
+ hal_face_server
+ hal_fingerprint_server
+ hal_gnss_server
+ hal_graphics_allocator_server
+ hal_graphics_composer_server
+ hal_health_server
+ hal_neuralnetworks_server
+ hal_omx_server
+ hal_power_stats_server
+ hal_sensors_server
+ hal_vr_server
+ system_suspend_server
+}:process { signal };
+
+# Use sockets received over binder from various services.
+allow system_server audioserver:tcp_socket rw_socket_perms;
+allow system_server audioserver:udp_socket rw_socket_perms;
+allow system_server mediaserver:tcp_socket rw_socket_perms;
+allow system_server mediaserver:udp_socket rw_socket_perms;
+
+# Use sockets received over binder from various services.
+allow system_server mediadrmserver:tcp_socket rw_socket_perms;
+allow system_server mediadrmserver:udp_socket rw_socket_perms;
+
+userdebug_or_eng(`perfetto_producer({ system_server })')
+
+# Get file context
+allow system_server file_contexts_file:file r_file_perms;
+# access for mac_permissions
+allow system_server mac_perms_file: file r_file_perms;
+# Check SELinux permissions.
+selinux_check_access(system_server)
+
+allow system_server sysfs_type:dir search;
+
+r_dir_file(system_server, sysfs_android_usb)
+allow system_server sysfs_android_usb:file w_file_perms;
+
+allow system_server sysfs_extcon:dir r_dir_perms;
+
+r_dir_file(system_server, sysfs_ipv4)
+allow system_server sysfs_ipv4:file w_file_perms;
+
+r_dir_file(system_server, sysfs_rtc)
+r_dir_file(system_server, sysfs_switch)
+r_dir_file(system_server, sysfs_wakeup_reasons)
+
+allow system_server sysfs_nfc_power_writable:file rw_file_perms;
+allow system_server sysfs_power:dir search;
+allow system_server sysfs_power:file rw_file_perms;
+allow system_server sysfs_thermal:dir search;
+allow system_server sysfs_thermal:file r_file_perms;
+
+# TODO: Remove when HALs are forced into separate processes
+allow system_server sysfs_vibrator:file { write append };
+
+# TODO: added to match above sysfs rule. Remove me?
+allow system_server sysfs_usb:file w_file_perms;
+
+# Access devices.
+allow system_server device:dir r_dir_perms;
+allow system_server mdns_socket:sock_file rw_file_perms;
+allow system_server gpu_device:chr_file rw_file_perms;
+allow system_server input_device:dir r_dir_perms;
+allow system_server input_device:chr_file rw_file_perms;
+allow system_server tty_device:chr_file rw_file_perms;
+allow system_server usbaccessory_device:chr_file rw_file_perms;
+allow system_server video_device:dir r_dir_perms;
+allow system_server video_device:chr_file rw_file_perms;
+allow system_server adbd_socket:sock_file rw_file_perms;
+allow system_server rtc_device:chr_file rw_file_perms;
+allow system_server audio_device:dir r_dir_perms;
+
+# write access to ALSA interfaces (/dev/snd/*) needed for MIDI
+allow system_server audio_device:chr_file rw_file_perms;
+
+# tun device used for 3rd party vpn apps
+allow system_server tun_device:chr_file rw_file_perms;
+allowxperm system_server tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
+
+# Manage data/ota_package
+allow system_server ota_package_file:dir rw_dir_perms;
+allow system_server ota_package_file:file create_file_perms;
+
+# Manage system data files.
+allow system_server system_data_file:dir create_dir_perms;
+allow system_server system_data_file:notdevfile_class_set create_file_perms;
+allow system_server packages_list_file:file create_file_perms;
+allow system_server keychain_data_file:dir create_dir_perms;
+allow system_server keychain_data_file:file create_file_perms;
+allow system_server keychain_data_file:lnk_file create_file_perms;
+
+# Manage /data/app.
+allow system_server apk_data_file:dir create_dir_perms;
+allow system_server apk_data_file:{ file lnk_file } { create_file_perms link };
+allow system_server apk_tmp_file:dir create_dir_perms;
+allow system_server apk_tmp_file:file create_file_perms;
+
+# Access input configuration files in the /vendor directory
+r_dir_file(system_server, vendor_keylayout_file)
+r_dir_file(system_server, vendor_keychars_file)
+r_dir_file(system_server, vendor_idc_file)
+
+# Access /vendor/{app,framework,overlay}
+r_dir_file(system_server, vendor_app_file)
+r_dir_file(system_server, vendor_framework_file)
+r_dir_file(system_server, vendor_overlay_file)
+
+# Manage /data/app-private.
+allow system_server apk_private_data_file:dir create_dir_perms;
+allow system_server apk_private_data_file:file create_file_perms;
+allow system_server apk_private_tmp_file:dir create_dir_perms;
+allow system_server apk_private_tmp_file:file create_file_perms;
+
+# Manage files within asec containers.
+allow system_server asec_apk_file:dir create_dir_perms;
+allow system_server asec_apk_file:file create_file_perms;
+allow system_server asec_public_file:file create_file_perms;
+
+# Manage /data/anr.
+#
+# TODO: Some of these permissions can be withdrawn once we've switched to the
+# new stack dumping mechanism, see b/32064548 and the rules below. In particular,
+# the system_server should never need to create a new anr_data_file:file or write
+# to one, but it will still need to read and append to existing files.
+allow system_server anr_data_file:dir create_dir_perms;
+allow system_server anr_data_file:file create_file_perms;
+
+# New stack dumping scheme : request an output FD from tombstoned via a unix
+# domain socket.
+#
+# Allow system_server to connect and write to the tombstoned java trace socket in
+# order to dump its traces. Also allow the system server to write its traces to
+# dumpstate during bugreport capture and incidentd during incident collection.
+unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
+allow system_server tombstoned:fd use;
+allow system_server dumpstate:fifo_file append;
+allow system_server incidentd:fifo_file append;
+# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`)
+userdebug_or_eng(`
+ allow system_server su:fifo_file append;
+')
+
+# Allow system_server to read pipes from incidentd (used to deliver incident reports
+# to dropbox)
+allow system_server incidentd:fifo_file read;
+
+# Read /data/misc/incidents - only read. The fd will be sent over binder,
+# with no DAC access to it, for dropbox to read.
+allow system_server incident_data_file:file read;
+
+# Manage /data/misc/prereboot.
+allow system_server prereboot_data_file:dir rw_dir_perms;
+allow system_server prereboot_data_file:file create_file_perms;
+
+# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over
+# binder.
+allow system_server perfetto_traces_data_file:file read;
+allow system_server perfetto:fd use;
+
+# Manage /data/backup.
+allow system_server backup_data_file:dir create_dir_perms;
+allow system_server backup_data_file:file create_file_perms;
+
+# Write to /data/system/dropbox
+allow system_server dropbox_data_file:dir create_dir_perms;
+allow system_server dropbox_data_file:file create_file_perms;
+
+# Write to /data/system/heapdump
+allow system_server heapdump_data_file:dir rw_dir_perms;
+allow system_server heapdump_data_file:file create_file_perms;
+
+# Manage /data/misc/adb.
+allow system_server adb_keys_file:dir create_dir_perms;
+allow system_server adb_keys_file:file create_file_perms;
+
+# Manage /data/misc/emergencynumberdb
+allow system_server emergency_data_file:dir create_dir_perms;
+allow system_server emergency_data_file:file create_file_perms;
+
+# Manage /data/misc/network_watchlist
+allow system_server network_watchlist_data_file:dir create_dir_perms;
+allow system_server network_watchlist_data_file:file create_file_perms;
+
+# Manage /data/misc/sms.
+# TODO: Split into a separate type?
+allow system_server radio_data_file:dir create_dir_perms;
+allow system_server radio_data_file:file create_file_perms;
+
+# Manage /data/misc/systemkeys.
+allow system_server systemkeys_data_file:dir create_dir_perms;
+allow system_server systemkeys_data_file:file create_file_perms;
+
+# Manage /data/misc/textclassifier.
+allow system_server textclassifier_data_file:dir create_dir_perms;
+allow system_server textclassifier_data_file:file create_file_perms;
+
+# Access /data/tombstones.
+allow system_server tombstone_data_file:dir r_dir_perms;
+allow system_server tombstone_data_file:file r_file_perms;
+
+# Manage /data/misc/vpn.
+allow system_server vpn_data_file:dir create_dir_perms;
+allow system_server vpn_data_file:file create_file_perms;
+
+# Manage /data/misc/wifi.
+allow system_server wifi_data_file:dir create_dir_perms;
+allow system_server wifi_data_file:file create_file_perms;
+
+# Manage /data/misc/zoneinfo.
+allow system_server zoneinfo_data_file:dir create_dir_perms;
+allow system_server zoneinfo_data_file:file create_file_perms;
+
+# Manage /data/app-staging.
+allow system_server staging_data_file:dir create_dir_perms;
+allow system_server staging_data_file:file create_file_perms;
+
+# Walk /data/data subdirectories.
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:dir { getattr read search };
+
+# Also permit for unlabeled /data/data subdirectories and
+# for unlabeled asec containers on upgrades from 4.2.
+allow system_server unlabeled:dir r_dir_perms;
+# Read pkg.apk file before it has been relabeled by vold.
+allow system_server unlabeled:file r_file_perms;
+
+# Populate com.android.providers.settings/databases/settings.db.
+allow system_server system_app_data_file:dir create_dir_perms;
+allow system_server system_app_data_file:file create_file_perms;
+
+# Receive and use open app data files passed over binder IPC.
+# Types extracted from seapp_contexts type= fields.
+allow system_server {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { getattr read write append map };
+
+# Access to /data/media for measuring disk usage.
+allow system_server media_rw_data_file:dir { search getattr open read };
+
+# Receive and use open /data/media files passed over binder IPC.
+# Also used for measuring disk usage.
+allow system_server media_rw_data_file:file { getattr read write append };
+
+# System server needs to setfscreate to packages_list_file when writing
+# /data/system/packages.list
+allow system_server system_server:process setfscreate;
+
+# Relabel apk files.
+allow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto };
+allow system_server { apk_data_file apk_private_data_file }:{ dir file } { relabelfrom relabelto };
+
+# Relabel wallpaper.
+allow system_server system_data_file:file relabelfrom;
+allow system_server wallpaper_file:file relabelto;
+allow system_server wallpaper_file:file { rw_file_perms rename unlink };
+
+# Backup of wallpaper imagery uses temporary hard links to avoid data churn
+allow system_server { system_data_file wallpaper_file }:file link;
+
+# ShortcutManager icons
+allow system_server system_data_file:dir relabelfrom;
+allow system_server shortcut_manager_icons:dir { create_dir_perms relabelto };
+allow system_server shortcut_manager_icons:file create_file_perms;
+
+# Manage ringtones.
+allow system_server ringtone_file:dir { create_dir_perms relabelto };
+allow system_server ringtone_file:file create_file_perms;
+
+# Relabel icon file.
+allow system_server icon_file:file relabelto;
+allow system_server icon_file:file { rw_file_perms unlink };
+
+# FingerprintService.java does a restorecon of the directory /data/system/users/[0-9]+/fpdata(/.*)?
+allow system_server system_data_file:dir relabelfrom;
+
+# server_configurable_flags_data_file is used for storing server configurable flags which
+# have been reset during current booting. system_server needs to read the data to perform related
+# disaster recovery actions.
+allow system_server server_configurable_flags_data_file:dir r_dir_perms;
+allow system_server server_configurable_flags_data_file:file r_file_perms;
+
+# Property Service write
+set_prop(system_server, system_prop)
+set_prop(system_server, exported_system_prop)
+set_prop(system_server, exported2_system_prop)
+set_prop(system_server, exported3_system_prop)
+set_prop(system_server, safemode_prop)
+set_prop(system_server, theme_prop)
+set_prop(system_server, dhcp_prop)
+set_prop(system_server, net_radio_prop)
+set_prop(system_server, net_dns_prop)
+set_prop(system_server, system_radio_prop)
+set_prop(system_server, exported_system_radio_prop)
+set_prop(system_server, debug_prop)
+set_prop(system_server, powerctl_prop)
+set_prop(system_server, fingerprint_prop)
+set_prop(system_server, exported_fingerprint_prop)
+set_prop(system_server, device_logging_prop)
+set_prop(system_server, dumpstate_options_prop)
+set_prop(system_server, overlay_prop)
+set_prop(system_server, exported_overlay_prop)
+set_prop(system_server, pm_prop)
+set_prop(system_server, exported_pm_prop)
+set_prop(system_server, socket_hook_prop)
+set_prop(system_server, audio_prop)
+userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
+
+# ctl interface
+set_prop(system_server, ctl_default_prop)
+set_prop(system_server, ctl_bugreport_prop)
+set_prop(system_server, ctl_gsid_prop)
+
+# cppreopt property
+set_prop(system_server, cppreopt_prop)
+
+# server configurable flags properties
+set_prop(system_server, device_config_input_native_boot_prop)
+set_prop(system_server, device_config_netd_native_prop)
+set_prop(system_server, device_config_activity_manager_native_boot_prop)
+set_prop(system_server, device_config_runtime_native_boot_prop)
+set_prop(system_server, device_config_runtime_native_prop)
+set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_storage_native_boot_prop)
+set_prop(system_server, device_config_sys_traced_prop)
+set_prop(system_server, device_config_window_manager_native_boot_prop)
+set_prop(system_server, device_config_configuration_prop)
+
+# BootReceiver to read ro.boot.bootreason
+get_prop(system_server, bootloader_boot_reason_prop)
+# PowerManager to read sys.boot.reason
+get_prop(system_server, system_boot_reason_prop)
+
+# Collect metrics on boot time created by init
+get_prop(system_server, boottime_prop)
+
+# Read device's serial number from system properties
+get_prop(system_server, serialno_prop)
+
+# Read/write the property which keeps track of whether this is the first start of system_server
+set_prop(system_server, firstboot_prop)
+
+# Audio service in system server can read exported audio properties,
+# such as camera shutter enforcement
+get_prop(system_server, exported_audio_prop)
+
+# system server reads this property to keep track of whether server configurable flags have been
+# reset during current boot.
+get_prop(system_server, device_config_reset_performed_prop)
+
+# Read/write the property that enables Test Harness Mode
+set_prop(system_server, test_harness_prop)
+
+# Read gsid.image_running.
+get_prop(system_server, gsid_prop)
+
+# Read the property that mocks an OTA
+get_prop(system_server, mock_ota_prop)
+
+# Read the property as feature flag for protecting apks with fs-verity.
+get_prop(system_server, apk_verity_prop)
+
+# Read wifi.interface
+get_prop(system_server, wifi_prop)
+
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
+# Create a socket for connections from debuggerd.
+allow system_server system_ndebug_socket:sock_file create_file_perms;
+
+# Create a socket for connections from zygotes.
+allow system_server system_unsolzygote_socket:sock_file create_file_perms;
+
+# Manage cache files.
+allow system_server cache_file:lnk_file r_file_perms;
+allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms };
+allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms };
+allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms;
+
+allow system_server system_file:dir r_dir_perms;
+allow system_server system_file:lnk_file r_file_perms;
+
+# ART locks profile files.
+allow system_server system_file:file lock;
+
+# LocationManager(e.g, GPS) needs to read and write
+# to uart driver and ctrl proc entry
+allow system_server gps_control:file rw_file_perms;
+
+# Allow system_server to use app-created sockets and pipes.
+allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown };
+allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write };
+
+# BackupManagerService needs to manipulate backup data files
+allow system_server cache_backup_file:dir rw_dir_perms;
+allow system_server cache_backup_file:file create_file_perms;
+# LocalTransport works inside /cache/backup
+allow system_server cache_private_backup_file:dir create_dir_perms;
+allow system_server cache_private_backup_file:file create_file_perms;
+
+# Allow system to talk to usb device
+allow system_server usb_device:chr_file rw_file_perms;
+allow system_server usb_device:dir r_dir_perms;
+
+# Read from HW RNG (needed by EntropyMixer).
+allow system_server hw_random_device:chr_file r_file_perms;
+
+# Read and delete files under /dev/fscklogs.
+r_dir_file(system_server, fscklogs)
+allow system_server fscklogs:dir { write remove_name };
+allow system_server fscklogs:file unlink;
+
+# logd access, system_server inherit logd write socket
+# (urge is to deprecate this long term)
+allow system_server zygote:unix_dgram_socket write;
+
+# Read from log daemon.
+read_logd(system_server)
+read_runtime_log_tags(system_server)
+
+# Be consistent with DAC permissions. Allow system_server to write to
+# /sys/module/lowmemorykiller/parameters/adj
+# /sys/module/lowmemorykiller/parameters/minfree
+allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
+
+# Read /sys/fs/pstore/console-ramoops
+# Don't worry about overly broad permissions for now, as there's
+# only one file in /sys/fs/pstore
+allow system_server pstorefs:dir r_dir_perms;
+allow system_server pstorefs:file r_file_perms;
+
+# /sys access
+allow system_server sysfs_zram:dir search;
+allow system_server sysfs_zram:file rw_file_perms;
+
+add_service(system_server, system_server_service);
+allow system_server audioserver_service:service_manager find;
+allow system_server batteryproperties_service:service_manager find;
+allow system_server cameraserver_service:service_manager find;
+allow system_server dataloader_manager_service:service_manager find;
+allow system_server dnsresolver_service:service_manager find;
+allow system_server drmserver_service:service_manager find;
+allow system_server dumpstate_service:service_manager find;
+allow system_server fingerprintd_service:service_manager find;
+allow system_server gatekeeper_service:service_manager find;
+allow system_server gpu_service:service_manager find;
+allow system_server gsi_service:service_manager find;
+allow system_server hal_fingerprint_service:service_manager find;
+allow system_server idmap_service:service_manager find;
+allow system_server incident_service:service_manager find;
+allow system_server incremental_service:service_manager find;
+allow system_server installd_service:service_manager find;
+allow system_server iorapd_service:service_manager find;
+allow system_server keystore_service:service_manager find;
+allow system_server mediaserver_service:service_manager find;
+allow system_server mediametrics_service:service_manager find;
+allow system_server mediaextractor_service:service_manager find;
+allow system_server mediadrmserver_service:service_manager find;
+allow system_server netd_service:service_manager find;
+allow system_server nfc_service:service_manager find;
+allow system_server radio_service:service_manager find;
+allow system_server stats_service:service_manager find;
+allow system_server storaged_service:service_manager find;
+allow system_server surfaceflinger_service:service_manager find;
+allow system_server update_engine_service:service_manager find;
+allow system_server vold_service:service_manager find;
+allow system_server wifinl80211_service:service_manager find;
+
+add_service(system_server, batteryproperties_service)
+
+allow system_server keystore:keystore_key {
+ get_state
+ get
+ insert
+ delete
+ exist
+ list
+ reset
+ password
+ lock
+ unlock
+ is_empty
+ sign
+ verify
+ grant
+ duplicate
+ clear_uid
+ add_auth
+ user_changed
+};
+
+# Allow system server to search and write to the persistent factory reset
+# protection partition. This block device does not get wiped in a factory reset.
+allow system_server block_device:dir search;
+allow system_server frp_block_device:blk_file rw_file_perms;
+allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
+
+# Clean up old cgroups
+allow system_server cgroup:dir { remove_name rmdir };
+
+# /oem access
+r_dir_file(system_server, oemfs)
+
+# Allow resolving per-user storage symlinks
+allow system_server { mnt_user_file storage_file }:dir { getattr search };
+allow system_server { mnt_user_file storage_file }:lnk_file { getattr read };
+
+# Allow statfs() on storage devices, which happens fast enough that
+# we shouldn't be killed during unsafe removal
+allow system_server sdcard_type:dir { getattr search };
+
+# Traverse into expanded storage
+allow system_server mnt_expand_file:dir r_dir_perms;
+
+# Allow system process to relabel the fingerprint directory after mkdir
+# and delete the directory and files when no longer needed
+allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
+allow system_server fingerprintd_data_file:file { getattr unlink };
+
+userdebug_or_eng(`
+ # Allow system server to create and write method traces in /data/misc/trace.
+ allow system_server method_trace_data_file:dir w_dir_perms;
+ allow system_server method_trace_data_file:file { create w_file_perms };
+
+ # Allow system server to read dmesg
+ allow system_server kernel:system syslog_read;
+
+ # Allow writing and removing window traces in /data/misc/wmtrace.
+ allow system_server wm_trace_data_file:dir rw_dir_perms;
+ allow system_server wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+')
+
+# For AppFuse.
+allow system_server vold:fd use;
+allow system_server fuse_device:chr_file { read write ioctl getattr };
+allow system_server app_fuse_file:file { read write getattr };
+
+# For configuring sdcardfs
+allow system_server configfs:dir { create_dir_perms };
+allow system_server configfs:file { getattr open create unlink write };
+
+# Connect to adbd and use a socket transferred from it.
+# Used for e.g. jdwp.
+allow system_server adbd:unix_stream_socket connectto;
+allow system_server adbd:fd use;
+allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+
+# Read service.adb.tls.port, persist.adb.wifi. properties
+get_prop(system_server, adbd_prop)
+
+# Set persist.adb.tls_server.enable property
+set_prop(system_server, system_adbd_prop)
+
+# Allow invoking tools like "timeout"
+allow system_server toolbox_exec:file rx_file_perms;
+
+# Allow system process to setup and measure fs-verity
+allowxperm system_server apk_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
+
+# Postinstall
+#
+# For OTA dexopt, allow calls coming from postinstall.
+binder_call(system_server, postinstall)
+
+allow system_server postinstall:fifo_file write;
+allow system_server update_engine:fd use;
+allow system_server update_engine:fifo_file write;
+
+# Access to /data/preloads
+allow system_server preloads_data_file:file { r_file_perms unlink };
+allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir };
+allow system_server preloads_media_file:file { r_file_perms unlink };
+allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
+
+r_dir_file(system_server, cgroup)
+allow system_server ion_device:chr_file r_file_perms;
+
+r_dir_file(system_server, proc_asound)
+r_dir_file(system_server, proc_net_type)
+r_dir_file(system_server, proc_qtaguid_stat)
+allow system_server {
+ proc_cmdline
+ proc_loadavg
+ proc_meminfo
+ proc_pagetypeinfo
+ proc_pipe_conf
+ proc_stat
+ proc_uid_cputime_showstat
+ proc_uid_io_stats
+ proc_uid_time_in_state
+ proc_uid_concurrent_active_time
+ proc_uid_concurrent_policy_time
+ proc_version
+ proc_vmallocinfo
+}:file r_file_perms;
+
+allow system_server proc_uid_time_in_state:dir r_dir_perms;
+allow system_server proc_uid_cpupower:file r_file_perms;
+
+r_dir_file(system_server, rootfs)
+
+# Allow WifiService to start, stop, and read wifi-specific trace events.
+allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:dir search;
+allow system_server debugfs_wifi_tracing:file rw_file_perms;
+
+# Allow system_server to read tracepoint ids in order to attach BPF programs to them.
+allow system_server debugfs_tracing:file r_file_perms;
+
+# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
+# asanwrapper.
+with_asan(`
+ allow system_server shell_exec:file rx_file_perms;
+ allow system_server asanwrapper_exec:file rx_file_perms;
+ allow system_server zygote_exec:file rx_file_perms;
+')
+
+# allow system_server to read the eBPF maps that stores the traffic stats information and update
+# the map after snapshot is recorded, and to read, update and run the maps and programs used for
+# time in state accounting
+allow system_server fs_bpf:dir search;
+allow system_server fs_bpf:file { read write };
+allow system_server bpfloader:bpf { map_read map_write prog_run };
+
+# ART Profiles.
+# Allow system_server to open profile snapshots for read.
+# System server never reads the actual content. It passes the descriptor to
+# to privileged apps which acquire the permissions to inspect the profiles.
+allow system_server user_profile_data_file:dir { getattr search };
+allow system_server user_profile_data_file:file { getattr open read };
+
+# System server may dump profile data for debuggable apps in the /data/misc/profman.
+# As such it needs to be able create files but it should never read from them.
+allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
+allow system_server profman_dump_data_file:dir w_dir_perms;
+
+# On userdebug build we may profile system server. Allow it to write and create its own profile.
+userdebug_or_eng(`
+ allow system_server user_profile_data_file:file create_file_perms;
+')
+# Allow system server to load JVMTI agents under control of a property.
+get_prop(system_server,system_jvmti_agent_prop)
+
+# UsbDeviceManager uses /dev/usb-ffs
+allow system_server functionfs:dir search;
+allow system_server functionfs:file rw_file_perms;
+
+# system_server contains time / time zone detection logic so reads the associated properties.
+get_prop(system_server, time_prop)
+
+# system_server reads this property to know it should expect the lmkd sends notification to it
+# on low memory kills.
+get_prop(system_server, system_lmk_prop)
+
+###
+### Neverallow rules
+###
+### system_server should NEVER do any of this
+
+# Do not allow opening files from external storage as unsafe ejection
+# could cause the kernel to kill the system_server.
+neverallow system_server sdcard_type:dir { open read write };
+neverallow system_server sdcard_type:file rw_file_perms;
+
+# system server should never be operating on zygote spawned app data
+# files directly. Rather, they should always be passed via a
+# file descriptor.
+# Types extracted from seapp_contexts type= fields, excluding
+# those types that system_server needs to open directly.
+neverallow system_server {
+ bluetooth_data_file
+ nfc_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { open create unlink link };
+
+# Forking and execing is inherently dangerous and racy. See, for
+# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them
+# Prevent the addition of new file execs to stop the problem from
+# getting worse. b/28035297
+neverallow system_server {
+ file_type
+ -toolbox_exec
+ -logcat_exec
+ with_asan(`-shell_exec -asanwrapper_exec -zygote_exec')
+}:file execute_no_trans;
+
+# Ensure that system_server doesn't perform any domain transitions other than
+# transitioning to the crash_dump domain when a crash occurs.
+neverallow system_server { domain -crash_dump }:process transition;
+neverallow system_server *:process dyntransition;
+
+# Only allow crash_dump to connect to system_ndebug_socket.
+neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
+
+# Only allow zygotes to connect to system_unsolzygote_socket.
+neverallow {
+ domain
+ -init
+ -system_server
+ -zygote
+ -app_zygote
+ -webview_zygote
+} system_unsolzygote_socket:sock_file { open write };
+
+# Only allow init, system_server, flags_health_check to set properties for server configurable flags
+neverallow {
+ domain
+ -init
+ -system_server
+ -flags_health_check
+} {
+ device_config_activity_manager_native_boot_prop
+ device_config_input_native_boot_prop
+ device_config_netd_native_prop
+ device_config_runtime_native_boot_prop
+ device_config_runtime_native_prop
+ device_config_media_native_prop
+ device_config_storage_native_boot_prop
+ device_config_sys_traced_prop
+ device_config_window_manager_native_boot_prop
+}:property_service set;
+
+# system_server should never be executing dex2oat. This is either
+# a bug (for example, bug 16317188), or represents an attempt by
+# system server to dynamically load a dex file, something we do not
+# want to allow.
+neverallow system_server dex2oat_exec:file no_x_file_perms;
+
+# system_server should never execute or load executable shared libraries
+# in /data. Executable files in /data are a persistence vector.
+# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
+neverallow system_server data_file_type:file no_x_file_perms;
+
+# The only block device system_server should be accessing is
+# the frp_block_device. This helps avoid a system_server to root
+# escalation by writing to raw block devices.
+neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms;
+
+# system_server should never use JIT functionality
+# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
+# in the section titled "A Short ROP Chain" for why.
+# However, in emulator builds without OpenGL passthrough, we use software
+# rendering via SwiftShader, which requires JIT support. These builds are
+# never shipped to users.
+ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
+ `allow system_server self:process execmem;',
+ `neverallow system_server self:process execmem;')
+neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
+
+# TODO: deal with tmpfs_domain pub/priv split properly
+neverallow system_server system_server_tmpfs:file execute;
+
+# Resources handed off by system_server_startup
+allow system_server system_server_startup:fd use;
+allow system_server system_server_startup_tmpfs:file { read write map };
+allow system_server system_server_startup:unix_dgram_socket write;
+
+# Allow system server to communicate to apexd
+allow system_server apex_service:service_manager find;
+allow system_server apexd:binder call;
+
+# Allow system server to scan /apex for flattened APEXes
+allow system_server apex_mnt_dir:dir r_dir_perms;
+
+# Allow system server to communicate to system-suspend's control interface
+allow system_server system_suspend_control_service:service_manager find;
+binder_call(system_server, system_suspend)
+binder_call(system_suspend, system_server)
+
+# Allow system server to communicate to system-suspend's wakelock interface
+wakelock_use(system_server)
+
+# Allow the system server to read files under /data/apex. The system_server
+# needs these privileges to compare file signatures while processing installs.
+#
+# Only apexd is allowed to create new entries or write to any file under /data/apex.
+allow system_server apex_data_file:dir { getattr search };
+allow system_server apex_data_file:file r_file_perms;
+
+# Allow the system server to read files under /vendor/apex. This is where
+# vendor APEX packages might be installed and system_server needs to parse
+# these packages to inspect the signatures and other metadata.
+allow system_server vendor_apex_file:dir { getattr search };
+allow system_server vendor_apex_file:file r_file_perms;
+
+# Allow the system server to manage relevant apex module data files.
+allow system_server apex_module_data_file:dir { getattr search };
+allow system_server apex_permission_data_file:dir create_dir_perms;
+allow system_server apex_permission_data_file:file create_file_perms;
+allow system_server apex_wifi_data_file:dir create_dir_perms;
+allow system_server apex_wifi_data_file:file create_file_perms;
+
+# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
+# communicate which slots are available for use.
+allow system_server metadata_file:dir search;
+allow system_server password_slot_metadata_file:dir rw_dir_perms;
+allow system_server password_slot_metadata_file:file create_file_perms;
+
+# Allow system server rw access to files in /metadata/staged-install folder
+allow system_server staged_install_file:dir rw_dir_perms;
+allow system_server staged_install_file:file create_file_perms;
+
+# Allow init to set sysprop used to compute stats about userspace reboot.
+set_prop(system_server, userspace_reboot_log_prop)
+
+# JVMTI agent settings are only readable from the system server.
+neverallow {
+ domain
+ -system_server
+ -dumpstate
+ -init
+ -vendor_init
+} {
+ system_jvmti_agent_prop
+}:file no_rw_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow system_server proc_pressure_mem:file rw_file_perms;
+
+# dexoptanalyzer is currently used only for secondary dex files which
+# system_server should never access.
+neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
+
+# No ptracing others
+neverallow system_server { domain -system_server }:process ptrace;
+
+# CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID
+# file read access. However, that is now unnecessary (b/34951864)
+neverallow system_server system_server:global_capability_class_set sys_resource;
+
+# Only system_server/init should access /metadata/password_slots.
+neverallow { domain -init -system_server } password_slot_metadata_file:dir *;
+neverallow {
+ domain
+ -init
+ -system_server
+} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
+neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+ binder_cache_system_server_prop:property_service set;
+
+# Allow system server to attach BPF programs to tracepoints. Deny read permission so that
+# system_server cannot use this access to read perf event data like process stacks.
+allow system_server self:perf_event { open write cpu kernel };
+neverallow system_server self:perf_event ~{ open write cpu kernel };
+
+# Do not allow any domain other than init or system server to set the property
+neverallow { domain -init -system_server } socket_hook_prop:property_service set;
diff --git a/prebuilts/api/30.0/private/system_server_startup.te b/prebuilts/api/30.0/private/system_server_startup.te
new file mode 100644
index 0000000..902941e
--- /dev/null
+++ b/prebuilts/api/30.0/private/system_server_startup.te
@@ -0,0 +1,16 @@
+type system_server_startup, domain, coredomain;
+type system_server_startup_tmpfs, file_type;
+
+tmpfs_domain(system_server_startup)
+
+# Create JIT memory
+allow system_server_startup self:process execmem;
+allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };
+
+# Allow system_server_startup to run setcon() and enter the
+# system_server domain
+allow system_server_startup self:process setcurrent;
+allow system_server_startup system_server:process dyntransition;
+
+# Child of the zygote.
+allow system_server_startup zygote:process sigchld;
diff --git a/prebuilts/api/30.0/private/system_suspend.te b/prebuilts/api/30.0/private/system_suspend.te
new file mode 100644
index 0000000..d33dc8e
--- /dev/null
+++ b/prebuilts/api/30.0/private/system_suspend.te
@@ -0,0 +1,26 @@
+type system_suspend, domain, coredomain, system_suspend_server;
+
+type system_suspend_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(system_suspend)
+
+# To serve ISuspendControlService.aidl.
+binder_use(system_suspend)
+add_service(system_suspend, system_suspend_control_service)
+
+# Access to /sys/power/{ wakeup_count, state } suspend interface.
+allow system_suspend sysfs_power:file rw_file_perms;
+
+# Access to wakeup and suspend stats.
+r_dir_file(system_suspend, sysfs_suspend_stats)
+r_dir_file(system_suspend, sysfs_wakeup)
+# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
+allow system_suspend sysfs_type:dir search;
+
+neverallow {
+ domain
+ -atrace # tracing
+ -dumpstate # bug reports
+ -system_suspend # implements system_suspend_control_service
+ -system_server # configures system_suspend via ISuspendControlService
+ -traceur_app # tracing
+} system_suspend_control_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/technical_debt.cil b/prebuilts/api/30.0/private/technical_debt.cil
new file mode 100644
index 0000000..fdcd0a3
--- /dev/null
+++ b/prebuilts/api/30.0/private/technical_debt.cil
@@ -0,0 +1,65 @@
+; THIS IS A WORKAROUND for the current limitations of the module policy language
+; This should be used sparingly until we figure out a saner way to achieve the
+; stuff below, for example, by improving typeattribute statement of module
+; language.
+;
+; NOTE: This file has no effect on recovery policy.
+
+; Apps, except isolated apps, are clients of Allocator HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_allocator_client;
+; typeattribute hal_allocator_client halclientdomain;
+(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset halclientdomain (hal_allocator_client))
+
+; Apps, except isolated apps, are clients of OMX-related services
+; Unfortunately, we can't currently express this in module policy language:
+(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
+
+; Apps, except isolated apps, are clients of Codec2-related services
+; Unfortunately, we can't currently express this in module policy language:
+(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
+
+; Apps, except isolated apps, are clients of Drm-related services
+; Unfortunately, we can't currently express this in module policy language:
+(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app))))))
+
+; Apps, except isolated apps, are clients of Configstore HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_configstore_client;
+(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
+
+; Apps, except isolated apps, are clients of Graphics Allocator HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client;
+(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app))))))
+
+; Apps, except isolated apps, are clients of Cas HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_cas_client;
+(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
+
+; Domains hosting Camera HAL implementations are clients of Allocator HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute hal_camera hal_allocator_client;
+(typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
+
+; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
+; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators;
+; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators;
+(typeattribute untrusted_app_visible_hwservice)
+(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice))
+(typeattribute untrusted_app_visible_halserver)
+(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver))
+
+; Apps, except isolated apps, are clients of BufferHub HAL
+; Unfortunately, we can't currently express this in module policy language:
+; typeattribute { appdomain -isolated_app } hal_cas_client;
+(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app))))))
diff --git a/prebuilts/api/30.0/private/tombstoned.te b/prebuilts/api/30.0/private/tombstoned.te
new file mode 100644
index 0000000..305f9d0
--- /dev/null
+++ b/prebuilts/api/30.0/private/tombstoned.te
@@ -0,0 +1,3 @@
+typeattribute tombstoned coredomain;
+
+init_daemon_domain(tombstoned)
diff --git a/prebuilts/api/30.0/private/toolbox.te b/prebuilts/api/30.0/private/toolbox.te
new file mode 100644
index 0000000..a2b958d
--- /dev/null
+++ b/prebuilts/api/30.0/private/toolbox.te
@@ -0,0 +1,3 @@
+typeattribute toolbox coredomain;
+
+init_daemon_domain(toolbox)
diff --git a/prebuilts/api/30.0/private/traced.te b/prebuilts/api/30.0/private/traced.te
new file mode 100644
index 0000000..2410d7e
--- /dev/null
+++ b/prebuilts/api/30.0/private/traced.te
@@ -0,0 +1,106 @@
+# Perfetto user-space tracing daemon (unprivileged)
+
+# type traced is defined under /public (because iorapd rules
+# under public/ need to refer to it).
+type traced_exec, system_file_type, exec_type, file_type;
+type traced_tmpfs, file_type;
+
+# Allow init to exec the daemon.
+init_daemon_domain(traced)
+tmpfs_domain(traced)
+
+# Allow apps in other MLS contexts (for multi-user) to access
+# share memory buffers created by traced.
+typeattribute traced_tmpfs mlstrustedobject;
+
+# Allow traced to start with a lower scheduling class and change
+# class accordingly to what defined in the config provided by
+# the privileged process that controls it.
+allow traced self:global_capability_class_set { sys_nice };
+
+# Allow to pass a file descriptor for the output trace from "perfetto" (the
+# cmdline client) and other shell binaries to traced and let traced write
+# directly into that (rather than returning the trace contents over the socket).
+allow traced perfetto:fd use;
+allow traced shell:fd use;
+allow traced shell:fifo_file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
+
+# Allow traceur to pass open file descriptors to traced, so traced can directly
+# write into the output file without doing roundtrips over IPC.
+allow traced traceur_app:fd use;
+allow traced trace_data_file:file { read write };
+
+# Allow iorapd to pass memfd descriptors to traced, so traced can directly
+# write into the shmem buffer file without doing roundtrips over IPC.
+allow traced iorapd:fd use;
+allow traced iorapd_tmpfs:file { read write };
+
+# Allow traced to use shared memory supplied by producers. Typically, traced
+# (i.e. the tracing service) creates the shared memory used for data transfer
+# from the producer. This rule allows an alternative scheme, where the producer
+# creates the shared memory, that is then adopted by traced (after validating
+# that it is appropriately sealed).
+# This list has to replicate the tmpfs domains of all applicable domains that
+# have perfetto_producer() macro applied to them.
+# perfetto_tmpfs excluded as it should never need to use the producer-supplied
+# shared memory scheme.
+allow traced {
+ appdomain_tmpfs
+ heapprofd_tmpfs
+ surfaceflinger_tmpfs
+ traced_probes_tmpfs
+ userdebug_or_eng(`system_server_tmpfs')
+}:file { getattr map read write };
+
+# Allow traced to notify Traceur when a trace ends by setting the
+# sys.trace.trace_end_signal property.
+set_prop(traced, system_trace_prop)
+# Allow to lazily start producers.
+set_prop(traced, traced_lazy_prop)
+
+###
+### Neverallow rules
+###
+### traced should NEVER do any of this
+
+# Disallow mapping executable memory (execstack and exec are already disallowed
+# globally in domain.te).
+neverallow traced self:process execmem;
+
+# Block device access.
+neverallow traced dev_type:blk_file { read write };
+
+# ptrace any other process
+neverallow traced domain:process ptrace;
+
+# Disallows access to /data files, still allowing to write to file descriptors
+# passed through the socket.
+neverallow traced {
+ data_file_type
+ -perfetto_traces_data_file
+ -system_data_file
+ -system_data_root_file
+ # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
+ # subsequent neverallow. Currently only getattr and search are allowed.
+ -vendor_data_file
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+}:dir *;
+neverallow traced { system_data_file }:dir ~{ getattr search };
+neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
+neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *;
+neverallow traced {
+ data_file_type
+ -zoneinfo_data_file
+ -perfetto_traces_data_file
+ -trace_data_file
+ with_native_coverage(`-method_trace_data_file')
+}:file ~write;
+
+# Only init is allowed to enter the traced domain via exec()
+neverallow { domain -init } traced:process transition;
+neverallow * traced:process dyntransition;
diff --git a/prebuilts/api/30.0/private/traced_perf.te b/prebuilts/api/30.0/private/traced_perf.te
new file mode 100644
index 0000000..9483e6c
--- /dev/null
+++ b/prebuilts/api/30.0/private/traced_perf.te
@@ -0,0 +1,58 @@
+# Performance profiler, backed by perf_event_open(2).
+# See go/perfetto-perf-android.
+typeattribute traced_perf coredomain;
+typeattribute traced_perf mlstrustedsubject;
+
+type traced_perf_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(traced_perf)
+perfetto_producer(traced_perf)
+
+# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide
+# profiling, but retain samples only for profileable processes.
+# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH
+# check (which would require a process:attach SELinux allow-rule).
+allow traced_perf self:perf_event { open cpu kernel read write tracepoint };
+
+# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a
+# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of
+# sampled stacks, which requires opening the backing libraries/executables (as
+# symbols are usually not mapped into the process space). Not all such files
+# are world-readable, e.g. odex files that included user profiles during
+# profile-guided optimization.
+allow traced_perf self:capability { kill dac_read_search };
+
+# Allow reading /system/data/packages.list.
+allow traced_perf packages_list_file:file r_file_perms;
+
+# Allow reading files for stack unwinding and symbolization.
+r_dir_file(traced_perf, nativetest_data_file)
+r_dir_file(traced_perf, system_file_type)
+r_dir_file(traced_perf, apk_data_file)
+r_dir_file(traced_perf, dalvikcache_data_file)
+r_dir_file(traced_perf, vendor_file_type)
+
+# Do not audit the cases where traced_perf attempts to access /proc/[pid] for
+# domains that it cannot read.
+dontaudit traced_perf domain:dir { search getattr open };
+
+# Do not audit failures to signal a process, as there are cases when this is
+# expected (native processes on debug builds use the policy for enforcing which
+# processes are profileable).
+dontaudit traced_perf domain:process signal;
+
+# Never allow access to app data files
+neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
+
+# Never allow profiling highly privileged processes.
+never_profile_heap(`{
+ bpfloader
+ init
+ kernel
+ keystore
+ llkd
+ logd
+ ueventd
+ vendor_init
+ vold
+}')
diff --git a/prebuilts/api/30.0/private/traced_probes.te b/prebuilts/api/30.0/private/traced_probes.te
new file mode 100644
index 0000000..dd6ece0
--- /dev/null
+++ b/prebuilts/api/30.0/private/traced_probes.te
@@ -0,0 +1,129 @@
+# Perfetto tracing probes, has tracefs access.
+type traced_probes_exec, system_file_type, exec_type, file_type;
+type traced_probes_tmpfs, file_type;
+
+# Allow init to exec the daemon.
+init_daemon_domain(traced_probes)
+tmpfs_domain(traced_probes)
+
+# Write trace data to the Perfetto traced damon. This requires connecting to its
+# producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(traced_probes)
+
+# Allow traced_probes to access tracefs.
+allow traced_probes debugfs_tracing:dir r_dir_perms;
+allow traced_probes debugfs_tracing:file rw_file_perms;
+allow traced_probes debugfs_trace_marker:file getattr;
+
+# TODO(primiano): temporarily I/O tracing categories are still
+# userdebug only until we nail down the blacklist/whitelist.
+userdebug_or_eng(`
+allow traced_probes debugfs_tracing_debug:dir r_dir_perms;
+allow traced_probes debugfs_tracing_debug:file rw_file_perms;
+')
+
+# Allow traced_probes to start with a higher scheduling class and then downgrade
+# itself.
+allow traced_probes self:global_capability_class_set { sys_nice };
+
+# Allow procfs access
+r_dir_file(traced_probes, domain)
+
+# Allow to read packages.list file.
+allow traced_probes packages_list_file:file r_file_perms;
+
+# Allow to log to kernel dmesg when starting / stopping ftrace.
+allow traced_probes kmsg_device:chr_file write;
+
+# Allow traced_probes to list the system partition.
+allow traced_probes system_file:dir { open read };
+
+# Allow traced_probes to list some of the data partition.
+allow traced_probes self:global_capability_class_set dac_read_search;
+
+allow traced_probes apk_data_file:dir { getattr open read search };
+allow traced_probes dalvikcache_data_file:dir { getattr open read search };
+userdebug_or_eng(`
+# search and getattr are granted via domain and coredomain, respectively.
+allow traced_probes system_data_file:dir { open read };
+')
+allow traced_probes system_app_data_file:dir { getattr open read search };
+allow traced_probes backup_data_file:dir { getattr open read search };
+allow traced_probes bootstat_data_file:dir { getattr open read search };
+allow traced_probes update_engine_data_file:dir { getattr open read search };
+allow traced_probes update_engine_log_data_file:dir { getattr open read search };
+allow traced_probes user_profile_data_file:dir { getattr open read search };
+
+# Allow traced_probes to run atrace. atrace pokes at system services to enable
+# their userspace TRACE macros.
+domain_auto_trans(traced_probes, atrace_exec, atrace);
+
+# Allow traced_probes to kill atrace on timeout.
+allow traced_probes atrace:process sigkill;
+
+# Allow traced_probes to access /proc files for system stats.
+# Note: trace data is NOT exposed to anything other than shell and privileged
+# system apps that have access to the traced consumer socket.
+allow traced_probes {
+ proc_meminfo
+ proc_vmstat
+ proc_stat
+}:file r_file_perms;
+
+# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters.
+hal_client_domain(traced_probes, hal_health)
+hal_client_domain(traced_probes, hal_power_stats)
+
+# Allow access to Atrace HAL for enabling vendor/device specific tracing categories.
+hal_client_domain(traced_probes, hal_atrace)
+
+# On debug builds allow to ingest system logs into the trace.
+userdebug_or_eng(`read_logd(traced_probes)')
+
+###
+### Neverallow rules
+###
+### traced_probes should NEVER do any of this
+
+# Disallow mapping executable memory (execstack and exec are already disallowed
+# globally in domain.te).
+neverallow traced_probes self:process execmem;
+
+# Block device access.
+neverallow traced_probes dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow traced_probes domain:process ptrace;
+
+# Disallows access to /data files.
+neverallow traced_probes {
+ data_file_type
+ -apk_data_file
+ -dalvikcache_data_file
+ -system_data_file
+ -system_data_root_file
+ -system_app_data_file
+ -backup_data_file
+ -bootstat_data_file
+ -update_engine_data_file
+ -update_engine_log_data_file
+ -user_profile_data_file
+ # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
+ # subsequent neverallow. Currently only getattr and search are allowed.
+ -vendor_data_file
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+}:dir *;
+neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
+neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
+neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
+neverallow traced_probes {
+ data_file_type
+ -zoneinfo_data_file
+ -packages_list_file
+ with_native_coverage(`-method_trace_data_file')
+}:file *;
+
+# Only init is allowed to enter the traced_probes domain via exec()
+neverallow { domain -init } traced_probes:process transition;
+neverallow * traced_probes:process dyntransition;
diff --git a/prebuilts/api/30.0/private/traceur_app.te b/prebuilts/api/30.0/private/traceur_app.te
new file mode 100644
index 0000000..94841df
--- /dev/null
+++ b/prebuilts/api/30.0/private/traceur_app.te
@@ -0,0 +1,22 @@
+typeattribute traceur_app coredomain;
+
+app_domain(traceur_app);
+allow traceur_app debugfs_tracing:file rw_file_perms;
+allow traceur_app debugfs_tracing_debug:dir r_dir_perms;
+
+userdebug_or_eng(`
+ allow traceur_app debugfs_tracing_debug:file rw_file_perms;
+')
+
+allow traceur_app trace_data_file:file create_file_perms;
+allow traceur_app trace_data_file:dir rw_dir_perms;
+allow traceur_app atrace_exec:file rx_file_perms;
+
+# To exec the perfetto cmdline client and pass it the trace config on
+# stdint through a pipe.
+allow traceur_app perfetto_exec:file rx_file_perms;
+
+# Allow to access traced's privileged consumer socket.
+unix_socket_connect(traceur_app, traced_consumer, traced)
+
+dontaudit traceur_app debugfs_tracing_debug:file audit_access;
diff --git a/prebuilts/api/30.0/private/tzdatacheck.te b/prebuilts/api/30.0/private/tzdatacheck.te
new file mode 100644
index 0000000..502735c
--- /dev/null
+++ b/prebuilts/api/30.0/private/tzdatacheck.te
@@ -0,0 +1,3 @@
+typeattribute tzdatacheck coredomain;
+
+init_daemon_domain(tzdatacheck)
diff --git a/prebuilts/api/30.0/private/ueventd.te b/prebuilts/api/30.0/private/ueventd.te
new file mode 100644
index 0000000..1bd6773
--- /dev/null
+++ b/prebuilts/api/30.0/private/ueventd.te
@@ -0,0 +1,3 @@
+typeattribute ueventd coredomain;
+
+tmpfs_domain(ueventd)
diff --git a/prebuilts/api/30.0/private/uncrypt.te b/prebuilts/api/30.0/private/uncrypt.te
new file mode 100644
index 0000000..e4e9224
--- /dev/null
+++ b/prebuilts/api/30.0/private/uncrypt.te
@@ -0,0 +1,3 @@
+typeattribute uncrypt coredomain;
+
+init_daemon_domain(uncrypt)
diff --git a/prebuilts/api/30.0/private/untrusted_app.te b/prebuilts/api/30.0/private/untrusted_app.te
new file mode 100644
index 0000000..6e7a99c
--- /dev/null
+++ b/prebuilts/api/30.0/private/untrusted_app.te
@@ -0,0 +1,16 @@
+###
+### Untrusted apps.
+###
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion >= 30.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app coredomain;
+
+app_domain(untrusted_app)
+untrusted_app_domain(untrusted_app)
+net_domain(untrusted_app)
+bluetooth_domain(untrusted_app)
diff --git a/prebuilts/api/30.0/private/untrusted_app_25.te b/prebuilts/api/30.0/private/untrusted_app_25.te
new file mode 100644
index 0000000..a1abc41
--- /dev/null
+++ b/prebuilts/api/30.0/private/untrusted_app_25.te
@@ -0,0 +1,53 @@
+###
+### Untrusted_app_25
+###
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion <= 25.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app_25 coredomain;
+
+app_domain(untrusted_app_25)
+untrusted_app_domain(untrusted_app_25)
+net_domain(untrusted_app_25)
+bluetooth_domain(untrusted_app_25)
+
+# b/35917228 - /proc/misc access
+# This will go away in a future Android release
+allow untrusted_app_25 proc_misc:file r_file_perms;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+allow untrusted_app_25 proc_tty_drivers:file r_file_perms;
+
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
+# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
+allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod;
+
+# The ability to call exec() on files in the apps home directories
+# for targetApi<=25. This is also allowed for targetAPIs 26, 27,
+# and 28 in untrusted_app_27.te.
+allow untrusted_app_25 app_data_file:file execute_no_trans;
+auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans };
+
+# The ability to invoke dex2oat. Historically required by ART, now only
+# allowed for targetApi<=28 for compat reasons.
+allow untrusted_app_25 dex2oat_exec:file rx_file_perms;
+userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;')
+
+# The ability to talk to /dev/ashmem directly. targetApi>=29 must use
+# ASharedMemory instead.
+allow untrusted_app_25 ashmem_device:chr_file rw_file_perms;
+auditallow untrusted_app_25 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_25 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/prebuilts/api/30.0/private/untrusted_app_27.te b/prebuilts/api/30.0/private/untrusted_app_27.te
new file mode 100644
index 0000000..b7b6d72
--- /dev/null
+++ b/prebuilts/api/30.0/private/untrusted_app_27.te
@@ -0,0 +1,41 @@
+###
+### Untrusted_27.
+###
+### This file defines the rules for untrusted apps running with
+### 25 < targetSdkVersion <= 28.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app_27 coredomain;
+
+app_domain(untrusted_app_27)
+untrusted_app_domain(untrusted_app_27)
+net_domain(untrusted_app_27)
+bluetooth_domain(untrusted_app_27)
+
+# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q.
+# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23
+allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod;
+
+# The ability to call exec() on files in the apps home directories
+# for targetApi 26, 27, and 28.
+allow untrusted_app_27 app_data_file:file execute_no_trans;
+auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans };
+
+# The ability to invoke dex2oat. Historically required by ART, now only
+# allowed for targetApi<=28 for compat reasons.
+allow untrusted_app_27 dex2oat_exec:file rx_file_perms;
+userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;')
+
+# The ability to talk to /dev/ashmem directly. targetApi>=29 must use
+# ASharedMemory instead.
+allow untrusted_app_27 ashmem_device:chr_file rw_file_perms;
+auditallow untrusted_app_27 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms;
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_27 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/prebuilts/api/30.0/private/untrusted_app_29.te b/prebuilts/api/30.0/private/untrusted_app_29.te
new file mode 100644
index 0000000..344ae89
--- /dev/null
+++ b/prebuilts/api/30.0/private/untrusted_app_29.te
@@ -0,0 +1,19 @@
+###
+### Untrusted_29.
+###
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion = 29.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app_29 coredomain;
+
+app_domain(untrusted_app_29)
+untrusted_app_domain(untrusted_app_29)
+net_domain(untrusted_app_29)
+bluetooth_domain(untrusted_app_29)
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_29 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/prebuilts/api/30.0/private/untrusted_app_all.te b/prebuilts/api/30.0/private/untrusted_app_all.te
new file mode 100644
index 0000000..d9fd5a1
--- /dev/null
+++ b/prebuilts/api/30.0/private/untrusted_app_all.te
@@ -0,0 +1,175 @@
+###
+### Untrusted_app_all.
+###
+### This file defines the rules shared by all untrusted app domains except
+### ephemeral_app for instant apps.
+### Apps are labeled based on mac_permissions.xml (maps signer and
+### optionally package name to seinfo value) and seapp_contexts (maps UID
+### and optionally seinfo value to domain for process and type for data
+### directory). The untrusted_app_all attribute is assigned to all default
+### seapp_contexts for any app with UID between APP_AID (10000)
+### and AID_ISOLATED_START (99000) if the app has no specific seinfo
+### value as determined from mac_permissions.xml. In current AOSP, this
+### attribute is assigned to all non-system apps as well as to any system apps
+### that are not signed by the platform key. To move
+### a system app into a specific domain, add a signer entry for it to
+### mac_permissions.xml and assign it one of the pre-existing seinfo values
+### or define and use a new seinfo value in both mac_permissions.xml and
+### seapp_contexts.
+###
+### Note that rules that should apply to all untrusted apps must be in app.te or also
+### added to ephemeral_app.te.
+
+# Some apps ship with shared libraries and binaries that they write out
+# to their sandbox directory and then execute.
+allow untrusted_app_all privapp_data_file:file { r_file_perms execute };
+allow untrusted_app_all app_data_file:file { r_file_perms execute };
+auditallow untrusted_app_all app_data_file:file execute;
+
+# Chrome Crashpad uses the the dynamic linker to load native executables
+# from an APK (b/112050209, crbug.com/928422)
+allow untrusted_app_all system_linker_exec:file execute_no_trans;
+
+# Follow priv-app symlinks. This is used for dynamite functionality.
+allow untrusted_app_all privapp_data_file:lnk_file r_file_perms;
+
+# Allow handling of less common filesystem objects
+allow untrusted_app_all app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
+
+# Allow loading and deleting executable shared libraries
+# within an application home directory. Such shared libraries would be
+# created by things like renderscript or via other mechanisms.
+allow untrusted_app_all app_exec_data_file:file { r_file_perms execute unlink };
+
+# ASEC
+allow untrusted_app_all asec_apk_file:file r_file_perms;
+allow untrusted_app_all asec_apk_file:dir r_dir_perms;
+# Execute libs in asec containers.
+allow untrusted_app_all asec_public_file:file { execute };
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+# TODO: Long term, we don't want apps probing into shell data files.
+# Figure out a way to remove these rules.
+allow untrusted_app_all shell_data_file:file r_file_perms;
+allow untrusted_app_all shell_data_file:dir r_dir_perms;
+
+# Allow traceur to pass file descriptors through a content provider to untrusted apps
+# for the purpose of sharing files through e.g. gmail
+allow untrusted_app_all trace_data_file:file { getattr read };
+
+# untrusted apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor
+neverallow untrusted_app_all trace_data_file:dir *;
+neverallow untrusted_app_all trace_data_file:file { no_w_file_perms open };
+
+# Allow to read staged apks.
+allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr};
+
+# Read and write system app data files passed over Binder.
+# Motivating case was /data/data/com.android.settings/cache/*.jpg for
+# cropping or taking user photos.
+allow untrusted_app_all system_app_data_file:file { read write getattr };
+
+#
+# Rules migrated from old app domains coalesced into untrusted_app.
+# This includes what used to be media_app, shared_app, and release_app.
+#
+
+# Access to /data/media.
+allow untrusted_app_all media_rw_data_file:dir create_dir_perms;
+allow untrusted_app_all media_rw_data_file:file create_file_perms;
+
+# Traverse into /mnt/media_rw for bypassing FUSE daemon
+# TODO: narrow this to just MediaProvider
+allow untrusted_app_all mnt_media_rw_file:dir search;
+
+# allow cts to query all services
+allow untrusted_app_all servicemanager:service_manager list;
+
+allow untrusted_app_all audioserver_service:service_manager find;
+allow untrusted_app_all cameraserver_service:service_manager find;
+allow untrusted_app_all drmserver_service:service_manager find;
+allow untrusted_app_all mediaserver_service:service_manager find;
+allow untrusted_app_all mediaextractor_service:service_manager find;
+allow untrusted_app_all mediametrics_service:service_manager find;
+allow untrusted_app_all mediadrmserver_service:service_manager find;
+allow untrusted_app_all nfc_service:service_manager find;
+allow untrusted_app_all radio_service:service_manager find;
+allow untrusted_app_all app_api_service:service_manager find;
+allow untrusted_app_all vr_manager_service:service_manager find;
+allow untrusted_app_all gpu_service:service_manager find;
+
+# Allow untrusted apps to interact with gpuservice
+binder_call(untrusted_app_all, gpuservice)
+
+# gdbserver for ndk-gdb ptrace attaches to app process.
+allow untrusted_app_all self:process ptrace;
+
+# Android Studio Instant Run has the application connect to a
+# runas_app socket listening in the abstract namespace.
+# https://developer.android.com/studio/run/
+# b/123297648
+allow untrusted_app_all runas_app:unix_stream_socket connectto;
+
+# Untrusted apps need to be able to send a SIGCHLD to runas_app
+# when running under a debugger (b/123612207)
+allow untrusted_app_all runas_app:process sigchld;
+
+# Cts: HwRngTest
+allow untrusted_app_all sysfs_hwrandom:dir search;
+allow untrusted_app_all sysfs_hwrandom:file r_file_perms;
+
+# Allow apps to view preloaded media content
+allow untrusted_app_all preloads_media_file:dir r_dir_perms;
+allow untrusted_app_all preloads_media_file:file r_file_perms;
+allow untrusted_app_all preloads_data_file:dir search;
+
+# Allow untrusted apps read / execute access to /vendor/app for there can
+# be pre-installed vendor apps that package a library within themselves.
+# TODO (b/37784178) Consider creating a special type for /vendor/app installed
+# apps.
+allow untrusted_app_all vendor_app_file:dir { open getattr read search };
+allow untrusted_app_all vendor_app_file:file { r_file_perms execute };
+allow untrusted_app_all vendor_app_file:lnk_file { open getattr read };
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(untrusted_app_all)
+
+# Allow profiling if the app opts in by being marked profileable/debuggable.
+can_profile_heap(untrusted_app_all)
+can_profile_perf(untrusted_app_all)
+
+# allow untrusted apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow untrusted_app_all system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
+
+# Allow the renderscript compiler to be run.
+domain_auto_trans(untrusted_app_all, rs_exec, rs)
+
+# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
+dontaudit untrusted_app_all net_dns_prop:file read;
+
+# These have been disallowed since Android O.
+# For P, we assume that apps are safely handling the denial.
+dontaudit untrusted_app_all proc_stat:file read;
+dontaudit untrusted_app_all proc_vmstat:file read;
+dontaudit untrusted_app_all proc_uptime:file read;
+
+# Allow the allocation and use of ptys
+# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
+create_pty(untrusted_app_all)
+
+# Allow access to kcov via its ioctl interface for coverage
+# guided kernel fuzzing.
+userdebug_or_eng(`
+ allow untrusted_app_all debugfs_kcov:file rw_file_perms;
+ allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
+')
+
+# Allow signalling simpleperf domain, which is the domain that the simpleperf
+# profiler runs as when executed by the app. The signals are used to control
+# the profiler (which would be profiling the app that is sending the signal).
+allow untrusted_app_all simpleperf:process signal;
diff --git a/prebuilts/api/30.0/private/update_engine.te b/prebuilts/api/30.0/private/update_engine.te
new file mode 100644
index 0000000..e4e7009
--- /dev/null
+++ b/prebuilts/api/30.0/private/update_engine.te
@@ -0,0 +1,7 @@
+typeattribute update_engine coredomain;
+
+init_daemon_domain(update_engine);
+
+# Allow to talk to gsid.
+allow update_engine gsi_service:service_manager find;
+binder_call(update_engine, gsid)
diff --git a/prebuilts/api/30.0/private/update_engine_common.te b/prebuilts/api/30.0/private/update_engine_common.te
new file mode 100644
index 0000000..a7fb584
--- /dev/null
+++ b/prebuilts/api/30.0/private/update_engine_common.te
@@ -0,0 +1,5 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+# The postinstall program is run by update_engine_common and will always be tagged as a
+# postinstall_file regardless of its attributes in the new system.
+domain_auto_trans(update_engine_common, postinstall_file, postinstall)
diff --git a/prebuilts/api/30.0/private/update_verifier.te b/prebuilts/api/30.0/private/update_verifier.te
new file mode 100644
index 0000000..1b934d9
--- /dev/null
+++ b/prebuilts/api/30.0/private/update_verifier.te
@@ -0,0 +1,3 @@
+typeattribute update_verifier coredomain;
+
+init_daemon_domain(update_verifier)
diff --git a/prebuilts/api/30.0/private/usbd.te b/prebuilts/api/30.0/private/usbd.te
new file mode 100644
index 0000000..13a0ad7
--- /dev/null
+++ b/prebuilts/api/30.0/private/usbd.te
@@ -0,0 +1,12 @@
+typeattribute usbd coredomain;
+
+init_daemon_domain(usbd)
+
+# Access usb gadget hal
+hal_client_domain(usbd, hal_usb_gadget)
+
+# Access persist.sys.usb.config
+get_prop(usbd, system_prop)
+
+# start adbd during boot if adb is enabled
+set_prop(usbd, ctl_default_prop)
diff --git a/prebuilts/api/30.0/private/users b/prebuilts/api/30.0/private/users
new file mode 100644
index 0000000..51b7b57
--- /dev/null
+++ b/prebuilts/api/30.0/private/users
@@ -0,0 +1 @@
+user u roles { r } level s0 range s0 - mls_systemhigh;
diff --git a/prebuilts/api/30.0/private/vdc.te b/prebuilts/api/30.0/private/vdc.te
new file mode 100644
index 0000000..bc7409e
--- /dev/null
+++ b/prebuilts/api/30.0/private/vdc.te
@@ -0,0 +1,3 @@
+typeattribute vdc coredomain;
+
+init_daemon_domain(vdc)
diff --git a/prebuilts/api/30.0/private/vendor_init.te b/prebuilts/api/30.0/private/vendor_init.te
new file mode 100644
index 0000000..6a68f1f
--- /dev/null
+++ b/prebuilts/api/30.0/private/vendor_init.te
@@ -0,0 +1,7 @@
+# Creating files on sysfs is impossible so this isn't a threat
+# Sometimes we have to write to non-existent files to avoid conditional
+# init behavior. See b/35303861 for an example.
+dontaudit vendor_init sysfs:dir write;
+
+# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
+allow vendor_init system_data_root_file:dir rw_dir_perms;
diff --git a/prebuilts/api/30.0/private/viewcompiler.te b/prebuilts/api/30.0/private/viewcompiler.te
new file mode 100644
index 0000000..d1f0964
--- /dev/null
+++ b/prebuilts/api/30.0/private/viewcompiler.te
@@ -0,0 +1,25 @@
+# viewcompiler
+type viewcompiler, domain, coredomain, mlstrustedsubject;
+type viewcompiler_exec, system_file_type, exec_type, file_type;
+type viewcompiler_tmpfs, file_type;
+
+# Reading an APK opens a ZipArchive, which unpack to tmpfs.
+# Use tmpfs_domain() which will give tmpfs files created by viewcompiler their
+# own label, which differs from other labels created by other processes.
+# This allows to distinguish in policy files created by viewcompiler vs other
+# processes.
+tmpfs_domain(viewcompiler)
+
+allow viewcompiler installd:fd use;
+
+# Include write permission for app data files so viewcompiler can generate
+# compiled layout dex files
+allow viewcompiler app_data_file:file { getattr write };
+
+# Allow the view compiler to read resources from the apps APK.
+allow viewcompiler apk_data_file:file { read map };
+
+# priv-apps are moving to a world where they can only execute
+# signed code. Make sure viewcompiler never can write to privapp
+# directories to avoid introducing unsigned executable code
+neverallow viewcompiler privapp_data_file:file no_w_file_perms;
diff --git a/prebuilts/api/30.0/private/virtual_touchpad.te b/prebuilts/api/30.0/private/virtual_touchpad.te
new file mode 100644
index 0000000..e735172
--- /dev/null
+++ b/prebuilts/api/30.0/private/virtual_touchpad.te
@@ -0,0 +1,3 @@
+typeattribute virtual_touchpad coredomain;
+
+init_daemon_domain(virtual_touchpad)
diff --git a/prebuilts/api/30.0/private/vold.te b/prebuilts/api/30.0/private/vold.te
new file mode 100644
index 0000000..dea24a5
--- /dev/null
+++ b/prebuilts/api/30.0/private/vold.te
@@ -0,0 +1,19 @@
+typeattribute vold coredomain;
+
+init_daemon_domain(vold)
+
+# Switch to more restrictive domains when executing common tools
+domain_auto_trans(vold, sgdisk_exec, sgdisk);
+domain_auto_trans(vold, sdcardd_exec, sdcardd);
+
+# For a handful of probing tools, we choose an even more restrictive
+# domain when working with untrusted block devices
+domain_trans(vold, blkid_exec, blkid);
+domain_trans(vold, blkid_exec, blkid_untrusted);
+domain_trans(vold, fsck_exec, fsck);
+domain_trans(vold, fsck_exec, fsck_untrusted);
+
+# Newly created storage dirs are always treated as mount stubs to prevent us
+# from accidentally writing when the mount point isn't present.
+type_transition vold storage_file:dir storage_stub_file;
+type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
diff --git a/prebuilts/api/30.0/private/vold_prepare_subdirs.te b/prebuilts/api/30.0/private/vold_prepare_subdirs.te
new file mode 100644
index 0000000..f3ec058
--- /dev/null
+++ b/prebuilts/api/30.0/private/vold_prepare_subdirs.te
@@ -0,0 +1,45 @@
+domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
+
+allow vold_prepare_subdirs system_file:file execute_no_trans;
+allow vold_prepare_subdirs shell_exec:file rx_file_perms;
+allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
+allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
+allow vold_prepare_subdirs vold:fd use;
+allow vold_prepare_subdirs vold:fifo_file { read write };
+allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
+allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
+allow vold_prepare_subdirs self:process setfscreate;
+allow vold_prepare_subdirs {
+ system_data_file
+ vendor_data_file
+}:dir { open read write add_name remove_name rmdir relabelfrom };
+allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
+ backup_data_file
+ face_vendor_data_file
+ fingerprint_vendor_data_file
+ iris_vendor_data_file
+ rollback_data_file
+ storaged_data_file
+ vold_data_file
+}:dir { create_dir_perms relabelto };
+allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
+ backup_data_file
+ face_vendor_data_file
+ fingerprint_vendor_data_file
+ iris_vendor_data_file
+ rollback_data_file
+ storaged_data_file
+ system_data_file
+ vold_data_file
+}:file { getattr unlink };
+allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
+
+dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
diff --git a/prebuilts/api/30.0/private/vr_hwc.te b/prebuilts/api/30.0/private/vr_hwc.te
new file mode 100644
index 0000000..053c03d
--- /dev/null
+++ b/prebuilts/api/30.0/private/vr_hwc.te
@@ -0,0 +1,6 @@
+typeattribute vr_hwc coredomain;
+
+# Daemon started by init.
+init_daemon_domain(vr_hwc)
+
+hal_server_domain(vr_hwc, hal_graphics_composer)
diff --git a/prebuilts/api/30.0/private/vzwomatrigger_app.te b/prebuilts/api/30.0/private/vzwomatrigger_app.te
new file mode 100644
index 0000000..8deb22b
--- /dev/null
+++ b/prebuilts/api/30.0/private/vzwomatrigger_app.te
@@ -0,0 +1,6 @@
+###
+### A domain for further sandboxing the VzwOmaTrigger app.
+###
+type vzwomatrigger_app, domain;
+
+app_domain(vzwomatrigger_app)
diff --git a/prebuilts/api/30.0/private/wait_for_keymaster.te b/prebuilts/api/30.0/private/wait_for_keymaster.te
new file mode 100644
index 0000000..85a28da
--- /dev/null
+++ b/prebuilts/api/30.0/private/wait_for_keymaster.te
@@ -0,0 +1,9 @@
+# wait_for_keymaster service
+type wait_for_keymaster, domain, coredomain;
+type wait_for_keymaster_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(wait_for_keymaster)
+
+hal_client_domain(wait_for_keymaster, hal_keymaster)
+
+allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
diff --git a/prebuilts/api/30.0/private/watchdogd.te b/prebuilts/api/30.0/private/watchdogd.te
new file mode 100644
index 0000000..91ece70
--- /dev/null
+++ b/prebuilts/api/30.0/private/watchdogd.te
@@ -0,0 +1,3 @@
+typeattribute watchdogd coredomain;
+
+init_daemon_domain(watchdogd)
diff --git a/prebuilts/api/30.0/private/webview_zygote.te b/prebuilts/api/30.0/private/webview_zygote.te
new file mode 100644
index 0000000..969ab9c
--- /dev/null
+++ b/prebuilts/api/30.0/private/webview_zygote.te
@@ -0,0 +1,153 @@
+# webview_zygote is an auxiliary zygote process that is used to spawn
+# isolated_app processes for rendering untrusted web content.
+
+typeattribute webview_zygote coredomain;
+
+# The webview_zygote needs to be able to transition domains.
+typeattribute webview_zygote mlstrustedsubject;
+
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
+tmpfs_domain(webview_zygote);
+
+# Allow reading/executing installed binaries to enable preloading the
+# installed WebView implementation.
+allow webview_zygote apk_data_file:dir r_dir_perms;
+allow webview_zygote apk_data_file:file { r_file_perms execute };
+
+# Access to the WebView relro file.
+allow webview_zygote shared_relro_file:dir search;
+allow webview_zygote shared_relro_file:file r_file_perms;
+
+# Set the UID/GID of the process.
+allow webview_zygote self:global_capability_class_set { setgid setuid };
+# Drop capabilities from bounding set.
+allow webview_zygote self:global_capability_class_set setpcap;
+# Switch SELinux context to app domains.
+allow webview_zygote self:process setcurrent;
+allow webview_zygote isolated_app:process dyntransition;
+
+# For art.
+allow webview_zygote dalvikcache_data_file:dir r_dir_perms;
+allow webview_zygote dalvikcache_data_file:lnk_file r_file_perms;
+allow webview_zygote dalvikcache_data_file:file { r_file_perms execute };
+
+# Allow webview_zygote to create JIT memory.
+allow webview_zygote self:process execmem;
+
+# Allow webview_zygote to stat the files that it opens. It must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384.
+allow webview_zygote debugfs_trace_marker:file getattr;
+
+# Allow webview_zygote to manage the pgroup of its children.
+allow webview_zygote system_server:process getpgid;
+
+# Interaction between the webview_zygote and its children.
+allow webview_zygote isolated_app:process setpgid;
+
+# TODO (b/63631799) fix this access
+# Suppress denials to storage. Webview zygote should not be accessing.
+dontaudit webview_zygote mnt_expand_file:dir getattr;
+
+# TODO (b/72957399) remove this when webview_zygote is reparented to
+# app_process zygote
+dontaudit webview_zygote dex2oat_exec:file execute;
+
+# Get seapp_contexts
+allow webview_zygote seapp_contexts_file:file r_file_perms;
+# Check validity of SELinux context before use.
+selinux_check_context(webview_zygote)
+# Check SELinux permissions.
+selinux_check_access(webview_zygote)
+
+# Directory listing in /system.
+allow webview_zygote system_file:dir r_dir_perms;
+
+# Read and inspect temporary files (like system properties) managed by zygote.
+allow webview_zygote zygote_tmpfs:file { read getattr };
+# Child of zygote.
+allow webview_zygote zygote:fd use;
+allow webview_zygote zygote:process sigchld;
+
+# Allow apps access to /vendor/overlay
+r_dir_file(webview_zygote, vendor_overlay_file)
+
+allow webview_zygote same_process_hal_file:file { execute read open getattr map };
+
+allow webview_zygote system_data_file:lnk_file r_file_perms;
+
+# Send unsolicited message to system_server
+unix_socket_send(webview_zygote, system_unsolzygote, system_server)
+
+#####
+##### Neverallow
+#####
+
+# Only permit transition to isolated_app.
+neverallow webview_zygote { domain -isolated_app }:process dyntransition;
+
+# Only setcon() transitions, no exec() based transitions, except for crash_dump.
+neverallow webview_zygote { domain -crash_dump }:process transition;
+
+# Must not exec() a program without changing domains.
+# Having said that, exec() above is not allowed.
+neverallow webview_zygote *:file execute_no_trans;
+
+# The only way to enter this domain is for the zygote to fork a new
+# webview_zygote child.
+neverallow { domain -zygote } webview_zygote:process dyntransition;
+
+# Disallow write access to properties.
+neverallow webview_zygote property_socket:sock_file write;
+neverallow webview_zygote property_type:property_service set;
+
+# Should not have any access to app data files.
+neverallow webview_zygote {
+ app_data_file
+ privapp_data_file
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+}:file { rwx_file_perms };
+
+neverallow webview_zygote {
+ service_manager_type
+ -activity_service
+ -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps shouldn't be able to access the driver directly.
+neverallow webview_zygote gpu_device:chr_file { rwx_file_perms };
+
+# Do not allow webview_zygote access to /cache.
+neverallow webview_zygote cache_file:dir ~{ r_dir_perms };
+neverallow webview_zygote cache_file:file ~{ read getattr };
+
+# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket,
+# unix_stream_socket, and netlink_selinux_socket.
+neverallow webview_zygote domain:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket
+ appletalk_socket netlink_route_socket netlink_tcpdiag_socket
+ netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket
+ sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket
+ x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket
+ pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
+ rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+ xdp_socket
+} *;
+
+# Do not allow access to Bluetooth-related system properties.
+# neverallow rules for Bluetooth-related data files are listed above.
+neverallow webview_zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/prebuilts/api/30.0/private/wificond.te b/prebuilts/api/30.0/private/wificond.te
new file mode 100644
index 0000000..5476e33
--- /dev/null
+++ b/prebuilts/api/30.0/private/wificond.te
@@ -0,0 +1,3 @@
+typeattribute wificond coredomain;
+
+init_daemon_domain(wificond)
diff --git a/prebuilts/api/30.0/private/wpantund.te b/prebuilts/api/30.0/private/wpantund.te
new file mode 100644
index 0000000..e91662c
--- /dev/null
+++ b/prebuilts/api/30.0/private/wpantund.te
@@ -0,0 +1,3 @@
+typeattribute wpantund coredomain;
+
+init_daemon_domain(wpantund)
diff --git a/prebuilts/api/30.0/private/zygote.te b/prebuilts/api/30.0/private/zygote.te
new file mode 100644
index 0000000..5f08f8d
--- /dev/null
+++ b/prebuilts/api/30.0/private/zygote.te
@@ -0,0 +1,239 @@
+# zygote
+typeattribute zygote coredomain;
+typeattribute zygote mlstrustedsubject;
+
+init_daemon_domain(zygote)
+tmpfs_domain(zygote)
+
+read_runtime_log_tags(zygote)
+
+# Override DAC on files and switch uid/gid.
+allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown };
+
+# Drop capabilities from bounding set.
+allow zygote self:global_capability_class_set setpcap;
+
+# Switch SELinux context to app domains.
+allow zygote self:process setcurrent;
+allow zygote system_server_startup:process dyntransition;
+allow zygote appdomain:process dyntransition;
+allow zygote webview_zygote:process dyntransition;
+allow zygote app_zygote:process dyntransition;
+
+# Allow zygote to read app /proc/pid dirs (b/10455872).
+allow zygote appdomain:dir { getattr search };
+allow zygote appdomain:file { r_file_perms };
+
+# Move children into the peer process group.
+allow zygote system_server:process { getpgid setpgid };
+allow zygote appdomain:process { getpgid setpgid };
+allow zygote webview_zygote:process { getpgid setpgid };
+allow zygote app_zygote:process { getpgid setpgid };
+
+# Read system data.
+allow zygote system_data_file:dir r_dir_perms;
+allow zygote system_data_file:file r_file_perms;
+
+# Write to /data/dalvik-cache.
+allow zygote dalvikcache_data_file:dir create_dir_perms;
+allow zygote dalvikcache_data_file:file create_file_perms;
+
+# Create symlinks in /data/dalvik-cache.
+allow zygote dalvikcache_data_file:lnk_file create_file_perms;
+
+# Write to /data/resource-cache.
+allow zygote resourcecache_data_file:dir rw_dir_perms;
+allow zygote resourcecache_data_file:file create_file_perms;
+
+# For updateability, the zygote may fetch the current boot
+# classpath from the dalvik cache. Integrity of the files
+# is ensured by fsverity protection (checked in art_apex_boot_integrity).
+allow zygote dalvikcache_data_file:file execute;
+
+# Bind mount on /data/data and mounted volumes
+allow zygote { system_data_file mnt_expand_file }:dir mounton;
+
+# Relabel /data/user /data/user_de and /data/data
+allow zygote tmpfs:{ dir lnk_file } relabelfrom;
+allow zygote system_data_file:{ dir lnk_file } relabelto;
+
+# Zygote opens /mnt/expand to mount CE DE storage on each vol
+allow zygote mnt_expand_file:dir { open read search relabelto };
+
+# Bind mount subdirectories on /data/misc/profiles/cur
+allow zygote { user_profile_data_file }:dir { mounton search };
+
+# Create and bind dirs on /data/data
+allow zygote tmpfs:dir { create_dir_perms mounton };
+
+# Goes into media directory and bind mount obb directory
+allow zygote media_rw_data_file:dir { getattr search };
+
+# Read if sdcardfs is supported
+allow zygote proc_filesystems:file r_file_perms;
+
+# Create symlink for /data/user/0
+allow zygote tmpfs:lnk_file create;
+
+allow zygote mirror_data_file:dir r_dir_perms;
+
+# Get inode of data directories
+allow zygote {
+ system_data_file
+ radio_data_file
+ app_data_file
+ shell_data_file
+ bluetooth_data_file
+ privapp_data_file
+ nfc_data_file
+ mnt_expand_file
+}:dir getattr;
+
+# Allow zygote to create JIT memory.
+allow zygote self:process execmem;
+allow zygote zygote_tmpfs:file execute;
+allow zygote ashmem_libcutils_device:chr_file execute;
+
+# Execute idmap and dex2oat within zygote's own domain.
+# TODO: Should either of these be transitioned to the same domain
+# used by installd or stay in-domain for zygote?
+allow zygote idmap_exec:file rx_file_perms;
+allow zygote dex2oat_exec:file rx_file_perms;
+
+# Allow apps access to /vendor/overlay
+r_dir_file(zygote, vendor_overlay_file)
+
+# Control cgroups.
+allow zygote cgroup:dir create_dir_perms;
+allow zygote cgroup:{ file lnk_file } r_file_perms;
+allow zygote self:global_capability_class_set sys_admin;
+
+# Allow zygote to stat the files that it opens. The zygote must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384.
+allow zygote pmsg_device:chr_file getattr;
+allow zygote debugfs_trace_marker:file getattr;
+
+# Get seapp_contexts
+allow zygote seapp_contexts_file:file r_file_perms;
+# Check validity of SELinux context before use.
+selinux_check_context(zygote)
+# Check SELinux permissions.
+selinux_check_access(zygote)
+
+# Native bridge functionality requires that zygote replaces
+# /proc/cpuinfo with /system/lib/<ISA>/cpuinfo using a bind mount
+allow zygote proc_cpuinfo:file mounton;
+
+# Allow remounting rootfs as MS_SLAVE.
+allow zygote rootfs:dir mounton;
+allow zygote tmpfs:filesystem { mount unmount };
+allow zygote fuse:filesystem { unmount };
+allow zygote sdcardfs:filesystem { unmount };
+
+# Allow creating user-specific storage source if started before vold.
+allow zygote mnt_user_file:dir { create_dir_perms mounton };
+allow zygote mnt_user_file:lnk_file create_file_perms;
+allow zygote mnt_user_file:file create_file_perms;
+
+# Allow mounting user-specific storage source if started before vold.
+allow zygote mnt_pass_through_file:dir { create_dir_perms mounton };
+
+# Allowed to mount user-specific storage into place
+allow zygote storage_file:dir { search mounton };
+
+# Allow mounting and creating files, dirs on sdcardfs.
+allow zygote { sdcard_type }:dir { create_dir_perms mounton };
+allow zygote { sdcard_type }:file { create_file_perms };
+
+# Handle --invoke-with command when launching Zygote with a wrapper command.
+allow zygote zygote_exec:file rx_file_perms;
+
+# Allow zygote to write to statsd.
+unix_socket_send(zygote, statsdw, statsd)
+
+# Root fs.
+r_dir_file(zygote, rootfs)
+
+# System file accesses.
+r_dir_file(zygote, system_file)
+
+# /oem accesses.
+allow zygote oemfs:dir search;
+
+userdebug_or_eng(`
+ # Allow zygote to create and write method traces in /data/misc/trace.
+ allow zygote method_trace_data_file:dir w_dir_perms;
+ allow zygote method_trace_data_file:file { create w_file_perms };
+')
+
+allow zygote ion_device:chr_file r_file_perms;
+allow zygote tmpfs:dir r_dir_perms;
+
+allow zygote same_process_hal_file:file { execute read open getattr map };
+
+# Let the zygote access overlays so it can initialize the AssetManager.
+get_prop(zygote, overlay_prop)
+get_prop(zygote, exported_overlay_prop)
+
+# Allow the zygote to access the runtime feature flag properties.
+get_prop(zygote, device_config_runtime_native_prop)
+get_prop(zygote, device_config_runtime_native_boot_prop)
+
+# Allow the zygote to access window manager native boot feature flags
+# to initialize WindowManager static properties.
+get_prop(zygote, device_config_window_manager_native_boot_prop)
+
+# ingore spurious denials
+dontaudit zygote self:global_capability_class_set sys_resource;
+
+# Ignore spurious denials calling access() on fuse
+# TODO(b/151316657): avoid the denials
+dontaudit zygote media_rw_data_file:dir setattr;
+
+# Allow zygote to use ashmem fds from system_server.
+allow zygote system_server:fd use;
+
+# Send unsolicited message to system_server
+unix_socket_send(zygote, system_unsolzygote, system_server)
+
+# Allow zygote to access media_variant_prop for static initialization
+get_prop(zygote, media_variant_prop)
+
+###
+### neverallow rules
+###
+
+# Ensure that all types assigned to app processes are included
+# in the appdomain attribute, so that all allow and neverallow rules
+# written on appdomain are applied to all app processes.
+# This is achieved by ensuring that it is impossible for zygote to
+# setcon (dyntransition) to any types other than those associated
+# with appdomain plus system_server_startup, webview_zygote and
+# app_zygote.
+neverallow zygote ~{
+ appdomain
+ system_server_startup
+ webview_zygote
+ app_zygote
+}:process dyntransition;
+
+# Zygote should never execute anything from /data except for /data/dalvik-cache files.
+neverallow zygote {
+ data_file_type
+ -dalvikcache_data_file # map PROT_EXEC
+}:file no_x_file_perms;
+
+# Do not allow access to Bluetooth-related system properties and files
+neverallow zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
+
+# Zygote should not be able to access app private data.
+neverallow zygote {
+ privapp_data_file
+ app_data_file
+}:dir ~getattr;
diff --git a/prebuilts/api/30.0/public/adbd.te b/prebuilts/api/30.0/public/adbd.te
new file mode 100644
index 0000000..4a1f633
--- /dev/null
+++ b/prebuilts/api/30.0/public/adbd.te
@@ -0,0 +1,11 @@
+# adbd seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type adbd, domain;
+type adbd_exec, exec_type, file_type, system_file_type;
+
+# Only init is allowed to enter the adbd domain via exec()
+neverallow { domain -init } adbd:process transition;
+neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/30.0/public/aidl_lazy_test_server.te b/prebuilts/api/30.0/public/aidl_lazy_test_server.te
new file mode 100644
index 0000000..626d008
--- /dev/null
+++ b/prebuilts/api/30.0/public/aidl_lazy_test_server.te
@@ -0,0 +1,9 @@
+type aidl_lazy_test_server, domain;
+type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
+
+userdebug_or_eng(`
+ binder_use(aidl_lazy_test_server)
+ binder_call(aidl_lazy_test_server, binderservicedomain)
+
+ add_service(aidl_lazy_test_server, aidl_lazy_test_service)
+')
diff --git a/prebuilts/api/30.0/public/apexd.te b/prebuilts/api/30.0/public/apexd.te
new file mode 100644
index 0000000..93c257f
--- /dev/null
+++ b/prebuilts/api/30.0/public/apexd.te
@@ -0,0 +1,15 @@
+# apexd -- manager for APEX packages
+type apexd, domain;
+type apexd_exec, exec_type, file_type, system_file_type;
+
+binder_use(apexd)
+add_service(apexd, apex_service)
+set_prop(apexd, apexd_prop)
+
+neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
+neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
+
+neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
+
+# only apexd can set apexd sysprop
+neverallow { domain -apexd -init } apexd_prop:property_service set;
diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te
new file mode 100644
index 0000000..e5b9fd6
--- /dev/null
+++ b/prebuilts/api/30.0/public/app.te
@@ -0,0 +1,594 @@
+###
+### Domain for all zygote spawned apps
+###
+### This file is the base policy for all zygote spawned apps.
+### Other policy files, such as isolated_app.te, untrusted_app.te, etc
+### extend from this policy. Only policies which should apply to ALL
+### zygote spawned apps should be added here.
+###
+type appdomain_tmpfs, file_type;
+
+# WebView and other application-specific JIT compilers
+allow appdomain self:process execmem;
+
+allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
+
+# Receive and use open file descriptors inherited from zygote.
+allow appdomain zygote:fd use;
+
+# gdbserver for ndk-gdb reads the zygote.
+# valgrind needs mmap exec for zygote
+allow appdomain zygote_exec:file rx_file_perms;
+
+# Notify zygote of death;
+allow appdomain zygote:process sigchld;
+
+# Read /data/dalvik-cache.
+allow appdomain dalvikcache_data_file:dir { search getattr };
+allow appdomain dalvikcache_data_file:file r_file_perms;
+
+# Read the /sdcard and /mnt/sdcard symlinks
+allow { appdomain -isolated_app } rootfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app } tmpfs:lnk_file r_file_perms;
+
+# Search /storage/emulated tmpfs mount.
+allow appdomain tmpfs:dir r_dir_perms;
+
+# Notify zygote of the wrapped process PID when using --invoke-with.
+allow appdomain zygote:fifo_file write;
+
+userdebug_or_eng(`
+ # Allow apps to create and write method traces in /data/misc/trace.
+ allow appdomain method_trace_data_file:dir w_dir_perms;
+ allow appdomain method_trace_data_file:file { create w_file_perms };
+')
+
+# Notify shell and adbd of death when spawned via runas for ndk-gdb.
+allow appdomain shell:process sigchld;
+allow appdomain adbd:process sigchld;
+
+# child shell or gdbserver pty access for runas.
+allow appdomain devpts:chr_file { getattr read write ioctl };
+
+# Use pipes and sockets provided by system_server via binder or local socket.
+allow appdomain system_server:fd use;
+allow appdomain system_server:fifo_file rw_file_perms;
+allow appdomain system_server:unix_stream_socket { read write setopt getattr getopt shutdown };
+allow appdomain system_server:tcp_socket { read write getattr getopt shutdown };
+
+# For AppFuse.
+allow appdomain vold:fd use;
+
+# Communication with other apps via fifos
+allow appdomain appdomain:fifo_file rw_file_perms;
+
+# Communicate with surfaceflinger.
+allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
+
+# App sandbox file accesses.
+allow { appdomain -isolated_app } { app_data_file privapp_data_file }:dir create_dir_perms;
+allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file create_file_perms;
+
+# Traverse into expanded storage
+allow appdomain mnt_expand_file:dir r_dir_perms;
+
+# Keychain and user-trusted credentials
+r_dir_file(appdomain, keychain_data_file)
+allow appdomain misc_user_data_file:dir r_dir_perms;
+allow appdomain misc_user_data_file:file r_file_perms;
+
+# TextClassifier
+r_dir_file({ appdomain -isolated_app }, textclassifier_data_file)
+
+# Access to OEM provided data and apps
+allow appdomain oemfs:dir r_dir_perms;
+allow appdomain oemfs:file rx_file_perms;
+
+# Execute the shell or other system executables.
+allow { appdomain -ephemeral_app } shell_exec:file rx_file_perms;
+allow { appdomain -ephemeral_app } toolbox_exec:file rx_file_perms;
+allow appdomain system_file:file x_file_perms;
+not_full_treble(`allow { appdomain -ephemeral_app } vendor_file:file x_file_perms;')
+
+# Renderscript needs the ability to read directories on /system
+allow appdomain system_file:dir r_dir_perms;
+allow appdomain system_file:lnk_file { getattr open read };
+# Renderscript specific permissions to open /system/vendor/lib64.
+not_full_treble(`
+ allow appdomain vendor_file_type:dir r_dir_perms;
+ allow appdomain vendor_file_type:lnk_file { getattr open read };
+')
+
+full_treble_only(`
+ # For looking up Renderscript vendor drivers
+ allow { appdomain -isolated_app } vendor_file:dir { open read };
+')
+
+# Allow apps access to /vendor/app except for privileged
+# apps which cannot be in /vendor.
+r_dir_file({ appdomain -ephemeral_app }, vendor_app_file)
+allow { appdomain -ephemeral_app } vendor_app_file:file execute;
+
+# Allow apps access to /vendor/overlay
+r_dir_file(appdomain, vendor_overlay_file)
+
+# Allow apps access to /vendor/framework
+# for vendor provided libraries.
+r_dir_file(appdomain, vendor_framework_file)
+
+# Allow apps read / execute access to vendor public libraries.
+allow appdomain vendor_public_lib_file:dir r_dir_perms;
+allow appdomain vendor_public_lib_file:file { execute read open getattr map };
+
+# Read/write wallpaper file (opened by system).
+allow appdomain wallpaper_file:file { getattr read write map };
+
+# Read/write cached ringtones (opened by system).
+allow appdomain ringtone_file:file { getattr read write map };
+
+# Read ShortcutManager icon files (opened by system).
+allow appdomain shortcut_manager_icons:file { getattr read map };
+
+# Read icon file (opened by system).
+allow appdomain icon_file:file { getattr read map };
+
+# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
+#
+# TODO: All of these permissions except for anr_data_file:file append can be
+# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548
+# and the rules below.
+allow appdomain anr_data_file:dir search;
+allow appdomain anr_data_file:file { open append };
+
+# New stack dumping scheme : request an output FD from tombstoned via a unix
+# domain socket.
+#
+# Allow apps to connect and write to the tombstoned java trace socket in
+# order to dump their traces. Also allow them to append traces to pipes
+# created by dumptrace. (Also see the rules below where they are given
+# additional permissions to dumpstate pipes for other aspects of bug report
+# creation).
+unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
+allow appdomain tombstoned:fd use;
+allow appdomain dumpstate:fifo_file append;
+allow appdomain incidentd:fifo_file append;
+
+# Allow apps to send dump information to dumpstate
+allow appdomain dumpstate:fd use;
+allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown };
+allow appdomain dumpstate:fifo_file { write getattr };
+allow appdomain shell_data_file:file { write getattr };
+
+# Allow apps to send dump information to incidentd
+allow appdomain incidentd:fd use;
+allow appdomain incidentd:fifo_file { write getattr };
+
+# Allow apps to send information to statsd socket.
+unix_socket_send(appdomain, statsdw, statsd)
+
+# Write profiles /data/misc/profiles
+allow appdomain user_profile_data_file:dir { search write add_name };
+allow appdomain user_profile_data_file:file create_file_perms;
+
+# Send heap dumps to system_server via an already open file descriptor
+# % adb shell am set-watch-heap com.android.systemui 1048576
+# % adb shell dumpsys procstats --start-testing
+# debuggable builds only.
+userdebug_or_eng(`
+ allow appdomain heapdump_data_file:file append;
+')
+
+# /proc/net access.
+# TODO(b/9496886) Audit access for removal.
+# proc_net access for the negated domains below is granted (or not) in their
+# individual .te files.
+r_dir_file({
+ appdomain
+ -ephemeral_app
+ -isolated_app
+ -platform_app
+ -priv_app
+ -shell
+ -system_app
+ -untrusted_app_all
+}, proc_net_type)
+# audit access for all these non-core app domains.
+userdebug_or_eng(`
+ auditallow {
+ appdomain
+ -ephemeral_app
+ -isolated_app
+ -platform_app
+ -priv_app
+ -shell
+ -su
+ -system_app
+ -untrusted_app_all
+ } proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+# Grant GPU access to all processes started by Zygote.
+# They need that to render the standard UI.
+allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms;
+
+# Use the Binder.
+binder_use(appdomain)
+# Perform binder IPC to binder services.
+binder_call(appdomain, binderservicedomain)
+# Perform binder IPC to other apps.
+binder_call(appdomain, appdomain)
+# Perform binder IPC to ephemeral apps.
+binder_call(appdomain, ephemeral_app)
+
+# Talk with graphics composer fences
+allow appdomain hal_graphics_composer:fd use;
+
+# Already connected, unnamed sockets being passed over some other IPC
+# hence no sock_file or connectto permission. This appears to be how
+# Chrome works, may need to be updated as more apps using isolated services
+# are examined.
+allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdown };
+
+# Backup ability for every app. BMS opens and passes the fd
+# to any app that has backup ability. Hence, no open permissions here.
+allow appdomain backup_data_file:file { read write getattr map };
+allow appdomain cache_backup_file:file { read write getattr map };
+allow appdomain cache_backup_file:dir getattr;
+# Backup ability using 'adb backup'
+allow appdomain system_data_file:lnk_file r_file_perms;
+allow appdomain system_data_file:file { getattr read map };
+
+# Allow read/stat of /data/media files passed by Binder or local socket IPC.
+allow { appdomain -isolated_app } media_rw_data_file:file { read getattr };
+
+# Read and write /data/data/com.android.providers.telephony files passed over Binder.
+allow { appdomain -isolated_app } radio_data_file:file { read write getattr };
+
+# Allow access to external storage; we have several visible mount points under /storage
+# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
+allow { appdomain -isolated_app -ephemeral_app } storage_file:dir r_dir_perms;
+allow { appdomain -isolated_app -ephemeral_app } storage_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:dir r_dir_perms;
+allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:lnk_file r_file_perms;
+
+# Read/write visible storage
+allow { appdomain -isolated_app -ephemeral_app } sdcard_type:dir create_dir_perms;
+allow { appdomain -isolated_app -ephemeral_app } sdcard_type:file create_file_perms;
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:dir create_dir_perms;
+allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:file create_file_perms;
+
+# Allow apps to use the USB Accessory interface.
+# http://developer.android.com/guide/topics/connectivity/usb/accessory.html
+#
+# USB devices are first opened by the system server (USBDeviceManagerService)
+# and the file descriptor is passed to the right Activity via binder.
+allow { appdomain -isolated_app -ephemeral_app } usb_device:chr_file { read write getattr ioctl };
+allow { appdomain -isolated_app -ephemeral_app } usbaccessory_device:chr_file { read write getattr };
+
+# For art.
+allow appdomain dalvikcache_data_file:file execute;
+allow appdomain dalvikcache_data_file:lnk_file r_file_perms;
+
+# Allow any app to read shared RELRO files.
+allow appdomain shared_relro_file:dir search;
+allow appdomain shared_relro_file:file r_file_perms;
+
+# Allow apps to read/execute installed binaries
+allow appdomain apk_data_file:dir r_dir_perms;
+allow appdomain apk_data_file:file rx_file_perms;
+
+# /data/resource-cache
+allow appdomain resourcecache_data_file:file r_file_perms;
+allow appdomain resourcecache_data_file:dir r_dir_perms;
+
+# logd access
+read_logd(appdomain)
+control_logd({ appdomain -ephemeral_app })
+# application inherit logd write socket (urge is to deprecate this long term)
+allow appdomain zygote:unix_dgram_socket write;
+
+allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify };
+
+use_keystore({ appdomain -isolated_app -ephemeral_app })
+
+use_credstore({ appdomain -isolated_app -ephemeral_app })
+
+allow appdomain console_device:chr_file { read write };
+
+# only allow unprivileged socket ioctl commands
+allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
+ ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
+
+allow { appdomain -isolated_app } ion_device:chr_file r_file_perms;
+
+# Allow AAudio apps to use shared memory file descriptors from the HAL
+allow { appdomain -isolated_app } hal_audio:fd use;
+
+# Allow app to access shared memory created by camera HAL1
+allow { appdomain -isolated_app } hal_camera:fd use;
+
+# RenderScript always-passthrough HAL
+allow { appdomain -isolated_app } hal_renderscript_hwservice:hwservice_manager find;
+allow appdomain same_process_hal_file:file { execute read open getattr map };
+
+# TODO: switch to meminfo service
+allow appdomain proc_meminfo:file r_file_perms;
+
+# For app fuse.
+allow appdomain app_fuse_file:file { getattr read append write map };
+
+pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
+pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
+pdx_client({ appdomain -isolated_app -ephemeral_app }, display_vsync)
+pdx_client({ appdomain -isolated_app -ephemeral_app }, performance_client)
+# Apps do not directly open the IPC socket for bufferhubd.
+pdx_use({ appdomain -isolated_app -ephemeral_app }, bufferhub_client)
+
+###
+### CTS-specific rules
+###
+
+# For cts/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java.
+# testRunAsHasCorrectCapabilities
+allow appdomain runas_exec:file getattr;
+# Others are either allowed elsewhere or not desired.
+
+# Apps receive an open tun fd from the framework for
+# device traffic. Do not allow untrusted app to directly open tun_device
+allow { appdomain -isolated_app -ephemeral_app } tun_device:chr_file { read write getattr append ioctl };
+allowxperm { appdomain -isolated_app -ephemeral_app } tun_device:chr_file ioctl TUNGETIFF;
+
+# Connect to adbd and use a socket transferred from it.
+# This is used for e.g. adb backup/restore.
+allow appdomain adbd:unix_stream_socket connectto;
+allow appdomain adbd:fd use;
+allow appdomain adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+
+allow appdomain cache_file:dir getattr;
+
+# Allow apps to run with asanwrapper.
+with_asan(`allow appdomain asanwrapper_exec:file rx_file_perms;')
+
+# Read access to FDs from the DropboxManagerService.
+allow appdomain dropbox_data_file:file { getattr read };
+
+# Read tmpfs types from these processes.
+allow appdomain audioserver_tmpfs:file { getattr map read write };
+allow appdomain system_server_tmpfs:file { getattr map read write };
+allow appdomain zygote_tmpfs:file { map read };
+
+###
+### Neverallow rules
+###
+### These are things that Android apps should NEVER be able to do
+###
+
+# Superuser capabilities.
+# bluetooth requires net_admin and wake_alarm. network stack app requires net_admin.
+neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
+
+# Block device access.
+neverallow appdomain dev_type:blk_file { read write };
+
+# Access to any of the following character devices.
+neverallow appdomain {
+ audio_device
+ camera_device
+ dm_device
+ radio_device
+ rpmsg_device
+ video_device
+}:chr_file { read write };
+
+# Note: Try expanding list of app domains in the future.
+neverallow { untrusted_app isolated_app shell } graphics_device:chr_file { read write };
+
+neverallow { appdomain -nfc } nfc_device:chr_file
+ { read write };
+neverallow { appdomain -bluetooth } hci_attach_dev:chr_file
+ { read write };
+neverallow appdomain tee_device:chr_file { read write };
+
+# Privileged netlink socket interfaces.
+neverallow { appdomain -network_stack }
+ domain:{
+ netlink_tcpdiag_socket
+ netlink_nflog_socket
+ netlink_xfrm_socket
+ netlink_audit_socket
+ netlink_dnrt_socket
+ } *;
+
+# These messages are broadcast messages from the kernel to userspace.
+# Do not allow the writing of netlink messages, which has been a source
+# of rooting vulns in the past.
+neverallow appdomain domain:netlink_kobject_uevent_socket { write append };
+
+# Sockets under /dev/socket that are not specifically typed.
+neverallow appdomain socket_device:sock_file write;
+
+# Unix domain sockets.
+neverallow appdomain adbd_socket:sock_file write;
+neverallow { appdomain -radio } rild_socket:sock_file write;
+
+# ptrace access to non-app domains.
+neverallow appdomain { domain -appdomain }:process ptrace;
+
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components
+# to apps. Crash_dump is excluded, as it needs ptrace access to
+# produce stack traces. llkd is excluded, as it needs ptrace access to
+# inspect stack traces for live lock conditions.
+
+neverallow {
+ domain
+ -appdomain
+ -crash_dump
+ userdebug_or_eng(`-llkd')
+} appdomain:process ptrace;
+
+# Read or write access to /proc/pid entries for any non-app domain.
+# A different form of hidepid=2 like protections
+neverallow appdomain { domain -appdomain }:file no_w_file_perms;
+neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
+
+# signal access to non-app domains.
+# sigchld allowed for parent death notification.
+# signull allowed for kill(pid, 0) existence test.
+# All others prohibited.
+# -perfetto is to allow shell (which is an appdomain) to kill perfetto
+# (see private/shell.te).
+neverallow appdomain { domain -appdomain -perfetto }:process
+ { sigkill sigstop signal };
+
+# Write to rootfs.
+neverallow appdomain rootfs:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Write to /system.
+neverallow appdomain system_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Write to entrypoint executables.
+neverallow appdomain exec_type:file
+ { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Write to system-owned parts of /data.
+# This is the default type for anything under /data not otherwise
+# specified in file_contexts. Define a different type for portions
+# that should be writable by apps.
+neverallow appdomain system_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+
+# Write to various other parts of /data.
+neverallow appdomain drm_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -platform_app -system_app }
+ apk_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -platform_app -system_app }
+ apk_tmp_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -platform_app }
+ apk_private_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -platform_app }
+ apk_private_tmp_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -shell }
+ shell_data_file:dir_file_class_set
+ { create setattr relabelfrom relabelto append unlink link rename };
+neverallow { appdomain -bluetooth }
+ bluetooth_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { domain -credstore -init } credstore_data_file:dir_file_class_set *;
+neverallow appdomain
+ keystore_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow appdomain
+ systemkeys_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow appdomain
+ wifi_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+neverallow appdomain
+ dhcp_data_file:dir_file_class_set
+ { create write setattr relabelfrom relabelto append unlink link rename };
+
+# access tmp apk files
+neverallow { appdomain -untrusted_app_all -platform_app -priv_app }
+ { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *;
+
+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *;
+neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read };
+
+# Access to factory files.
+neverallow appdomain efs_file:dir_file_class_set write;
+neverallow { appdomain -shell } efs_file:dir_file_class_set read;
+
+# Write to various pseudo file systems.
+neverallow { appdomain -bluetooth -nfc }
+ sysfs:dir_file_class_set write;
+neverallow appdomain
+ proc:dir_file_class_set write;
+
+# Access to syslog(2) or /proc/kmsg.
+neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
+
+# SELinux is not an API for apps to use
+neverallow { appdomain -shell } *:security { compute_av check_context };
+neverallow { appdomain -shell } *:netlink_selinux_socket *;
+
+# Ability to perform any filesystem operation other than statfs(2).
+# i.e. no mount(2), unmount(2), etc.
+neverallow appdomain fs_type:filesystem ~getattr;
+
+# prevent creation/manipulation of globally readable symlinks
+neverallow appdomain {
+ apk_data_file
+ cache_file
+ cache_recovery_file
+ dev_type
+ rootfs
+ system_file
+ tmpfs
+}:lnk_file no_w_file_perms;
+
+# Blacklist app domains not allowed to execute from /data
+neverallow {
+ bluetooth
+ isolated_app
+ nfc
+ radio
+ shared_relro
+ system_app
+} {
+ data_file_type
+ -dalvikcache_data_file
+ -system_data_file # shared libs in apks
+ -apk_data_file
+}:file no_x_file_perms;
+
+# Applications should use the activity model for receiving events
+neverallow {
+ appdomain
+ -shell # bugreport
+} input_device:chr_file ~getattr;
+
+# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# neverallow rules for access to Bluetooth-related data files are above.
+neverallow {
+ appdomain
+ -bluetooth
+ -system_app
+} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+
+# Apps cannot access proc_uid_time_in_state
+neverallow appdomain proc_uid_time_in_state:file *;
+
+# Apps cannot access proc_uid_concurrent_active_time
+neverallow appdomain proc_uid_concurrent_active_time:file *;
+
+# Apps cannot access proc_uid_concurrent_policy_time
+neverallow appdomain proc_uid_concurrent_policy_time:file *;
+
+# Apps cannot access proc_uid_cpupower
+neverallow appdomain proc_uid_cpupower:file *;
+
+# Apps may not read /proc/net/{tcp,tcp6,udp,udp6}. These files leak information across the
+# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to
+# perform UID lookups.
+neverallow { appdomain -shell } proc_net_tcp_udp:file *;
+
+# Apps cannot access bootstrap files. The bootstrap files are only for
+# extremely early processes (like init, etc.) which are started before
+# the runtime APEX is activated and Bionic libs are provided from there.
+# If app process accesses (or even load/execute) the bootstrap files,
+# it might cause problems such as ODR violation, etc.
+neverallow appdomain system_bootstrap_lib_file:file
+ { open read write append execute execute_no_trans map };
+neverallow appdomain system_bootstrap_lib_file:dir
+ { open read getattr search };
diff --git a/prebuilts/api/30.0/public/app_zygote.te b/prebuilts/api/30.0/public/app_zygote.te
new file mode 100644
index 0000000..4c1ec96
--- /dev/null
+++ b/prebuilts/api/30.0/public/app_zygote.te
@@ -0,0 +1,6 @@
+# app_zygote is an auxiliary zygote process that is used to spawn
+# isolated service processes for individual applications. It is
+# spawned from the regular zygote process as a "child zygote".
+
+type app_zygote, domain;
+type app_zygote_tmpfs, file_type;
diff --git a/prebuilts/api/30.0/public/asan_extract.te b/prebuilts/api/30.0/public/asan_extract.te
new file mode 100644
index 0000000..15c5a09
--- /dev/null
+++ b/prebuilts/api/30.0/public/asan_extract.te
@@ -0,0 +1,36 @@
+# asan_extract
+#
+# This command set moves the artifact corresponding to the current slot
+# from /data/ota to /data/dalvik-cache.
+
+with_asan(`
+ type asan_extract, domain, coredomain;
+ type asan_extract_exec, exec_type, file_type;
+
+ # Allow asan_extract to execute itself using #!/system/bin/sh
+ allow asan_extract shell_exec:file rx_file_perms;
+
+ # We execute log, rm, gzip and tar.
+ allow asan_extract toolbox_exec:file rx_file_perms;
+ allow asan_extract system_file:file execute_no_trans;
+
+ # asan_extract deletes old /data/lib.
+ allow asan_extract system_file:dir { open read remove_name rmdir write };
+ allow asan_extract system_file:file unlink;
+
+ # asan_extract untars ASAN libraries into /data.
+ allow asan_extract system_data_file:dir create_dir_perms ;
+ allow asan_extract system_data_file:{ file lnk_file } create_file_perms ;
+
+ # Relabel the libraries with restorecon.
+ allow asan_extract file_contexts_file:file r_file_perms;
+ allow asan_extract system_data_file:{ dir file } relabelfrom;
+ allow asan_extract system_file:dir { relabelto setattr };
+ allow asan_extract system_file:file relabelto;
+
+ # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
+ allow asan_extract system_data_file:file execute;
+
+ # We need to signal a reboot when done.
+ set_prop(asan_extract, powerctl_prop)
+')
diff --git a/prebuilts/api/30.0/public/attributes b/prebuilts/api/30.0/public/attributes
new file mode 100644
index 0000000..0c91692
--- /dev/null
+++ b/prebuilts/api/30.0/public/attributes
@@ -0,0 +1,373 @@
+######################################
+# Attribute declarations
+#
+
+# All types used for devices.
+# On change, update CHECK_FC_ASSERT_ATTRS
+# in tools/checkfc.c
+attribute dev_type;
+
+# All types used for processes.
+attribute domain;
+
+# All types used for filesystems.
+# On change, update CHECK_FC_ASSERT_ATTRS
+# definition in tools/checkfc.c.
+attribute fs_type;
+
+# All types used for context= mounts.
+attribute contextmount_type;
+
+# All types used for files that can exist on a labeled fs.
+# Do not use for pseudo file types.
+# On change, update CHECK_FC_ASSERT_ATTRS
+# definition in tools/checkfc.c.
+attribute file_type;
+
+# All types used for domain entry points.
+attribute exec_type;
+
+# All types used for /data files.
+attribute data_file_type;
+expandattribute data_file_type false;
+# All types in /data, not in /data/vendor
+attribute core_data_file_type;
+expandattribute core_data_file_type false;
+
+# All types in /system
+attribute system_file_type;
+
+# All types in /vendor
+attribute vendor_file_type;
+
+# All types used for procfs files.
+attribute proc_type;
+expandattribute proc_type false;
+
+# Types in /proc/net, excluding qtaguid types.
+# TODO(b/9496886) Lock down access to /proc/net.
+# This attribute is used to audit access to proc_net. it is temporary and will
+# be removed.
+attribute proc_net_type;
+expandattribute proc_net_type true;
+
+# All types used for sysfs files.
+attribute sysfs_type;
+
+# All types use for debugfs files.
+attribute debugfs_type;
+
+# Attribute used for all sdcards
+attribute sdcard_type;
+
+# All types used for nodes/hosts.
+attribute node_type;
+
+# All types used for network interfaces.
+attribute netif_type;
+
+# All types used for network ports.
+attribute port_type;
+
+# All types used for property service
+# On change, update CHECK_PC_ASSERT_ATTRS
+# definition in tools/checkfc.c.
+attribute property_type;
+
+# All properties defined in core SELinux policy. Should not be
+# used by device specific properties
+attribute core_property_type;
+
+# All properties used to configure log filtering.
+attribute log_property_type;
+
+# All properties that are not specific to device but are added from
+# outside of AOSP. (e.g. OEM-specific properties)
+# These properties are not accessible from device-specific domains
+attribute extended_core_property_type;
+
+# Properties used for representing ownership. All properties should have one
+# of: system_property_type, product_property_type, or vendor_property_type.
+
+# All properties defined by /system.
+attribute system_property_type;
+expandattribute system_property_type false;
+
+# All /system-defined properties used only in /system.
+attribute system_internal_property_type;
+expandattribute system_internal_property_type false;
+
+# All /system-defined properties which can't be written outside /system.
+attribute system_restricted_property_type;
+expandattribute system_restricted_property_type false;
+
+# All /system-defined properties with no restrictions.
+attribute system_public_property_type;
+expandattribute system_public_property_type false;
+
+# All properties defined by /product.
+# Currently there are no enforcements between /system and /product, so for now
+# /product attributes are just replaced to /system attributes.
+define(`product_property_type', `system_property_type')
+define(`product_internal_type', `system_internal_property_type')
+define(`product_restricted_type', `system_restricted_property_type')
+define(`product_public_type', `system_public_property_type')
+
+# All properties defined by /vendor.
+attribute vendor_property_type;
+expandattribute vendor_property_type false;
+
+# All /vendor-defined properties used only in /vendor.
+attribute vendor_internal_property_type;
+expandattribute vendor_internal_property_type false;
+
+# All /vendor-defined properties which can't be written outside /vendor.
+attribute vendor_restricted_property_type;
+expandattribute vendor_restricted_property_type false;
+
+# All /vendor-defined properties with no restrictions.
+attribute vendor_public_property_type;
+expandattribute vendor_public_property_type false;
+
+# All service_manager types created by system_server
+attribute system_server_service;
+
+# services which should be available to all but isolated apps
+attribute app_api_service;
+
+# services which should be available to all ephemeral apps
+attribute ephemeral_app_api_service;
+
+# services which export only system_api
+attribute system_api_service;
+
+# services which served by vendor and also using the copy of libbinder on
+# system (for instance via libbinder_ndk). services using a different copy
+# of libbinder currently need their own context manager (e.g.
+# vndservicemanager)
+attribute vendor_service;
+
+# All types used for services managed by servicemanager.
+# On change, update CHECK_SC_ASSERT_ATTRS
+# definition in tools/checkfc.c.
+attribute service_manager_type;
+
+# All types used for services managed by hwservicemanager
+attribute hwservice_manager_type;
+
+# All HwBinder services guaranteed to be passthrough. These services always run
+# in the process of their clients, and thus operate with the same access as
+# their clients.
+attribute same_process_hwservice;
+
+# All HwBinder services guaranteed to be offered only by core domain components
+attribute coredomain_hwservice;
+
+# All HwBinder services that untrusted apps can't directly access
+attribute protected_hwservice;
+
+# All types used for services managed by vndservicemanager
+attribute vndservice_manager_type;
+
+
+# All domains that can override MLS restrictions.
+# i.e. processes that can read up and write down.
+attribute mlstrustedsubject;
+
+# All types that can override MLS restrictions.
+# i.e. files that can be read by lower and written by higher
+attribute mlstrustedobject;
+
+# All domains used for apps.
+attribute appdomain;
+
+# All third party apps.
+attribute untrusted_app_all;
+
+# All domains used for apps with network access.
+attribute netdomain;
+
+# All domains used for apps with bluetooth access.
+attribute bluetoothdomain;
+
+# All domains used for binder service domains.
+attribute binderservicedomain;
+
+# update_engine related domains that need to apply an update and run
+# postinstall. This includes the background daemon and the sideload tool from
+# recovery for A/B devices.
+attribute update_engine_common;
+
+# All core domains (as opposed to vendor/device-specific domains)
+attribute coredomain;
+
+# All socket devices owned by core domain components
+attribute coredomain_socket;
+expandattribute coredomain_socket false;
+
+# All vendor domains which violate the requirement of not using Binder
+# TODO(b/35870313): Remove this once there are no violations
+attribute binder_in_vendor_violators;
+expandattribute binder_in_vendor_violators false;
+
+# All vendor domains which violate the requirement of not using sockets for
+# communicating with core components
+# TODO(b/36577153): Remove this once there are no violations
+attribute socket_between_core_and_vendor_violators;
+expandattribute socket_between_core_and_vendor_violators false;
+
+# All vendor domains which violate the requirement of not executing
+# system processes
+# TODO(b/36463595)
+attribute vendor_executes_system_violators;
+expandattribute vendor_executes_system_violators false;
+
+# All domains which violate the requirement of not sharing files by path
+# between between vendor and core domains.
+# TODO(b/34980020)
+attribute data_between_core_and_vendor_violators;
+expandattribute data_between_core_and_vendor_violators false;
+
+# All system domains which violate the requirement of not executing vendor
+# binaries/libraries.
+# TODO(b/62041836)
+attribute system_executes_vendor_violators;
+expandattribute system_executes_vendor_violators false;
+
+# All system domains which violate the requirement of not writing vendor
+# properties.
+# TODO(b/78598545): Remove this once there are no violations
+attribute system_writes_vendor_properties_violators;
+expandattribute system_writes_vendor_properties_violators false;
+
+# All system domains which violate the requirement of not writing to
+# /mnt/vendor/*. Must not be used on devices launched with P or later.
+attribute system_writes_mnt_vendor_violators;
+expandattribute system_writes_mnt_vendor_violators false;
+
+# hwservices that are accessible from untrusted applications
+# WARNING: Use of this attribute should be avoided unless
+# absolutely necessary. It is a temporary allowance to aid the
+# transition to treble and will be removed in a future platform
+# version, requiring all hwservices that are labeled with this
+# attribute to be submitted to AOSP in order to maintain their
+# app-visibility.
+attribute untrusted_app_visible_hwservice_violators;
+expandattribute untrusted_app_visible_hwservice_violators false;
+
+# halserver domains that are accessible to untrusted applications. These
+# domains are typically those hosting hwservices attributed by the
+# untrusted_app_visible_hwservice_violators.
+# WARNING: Use of this attribute should be avoided unless absolutely necessary.
+# It is a temporary allowance to aid the transition to treble and will be
+# removed in the future platform version, requiring all halserver domains that
+# are labeled with this attribute to be submitted to AOSP in order to maintain
+# their app-visibility.
+attribute untrusted_app_visible_halserver_violators;
+expandattribute untrusted_app_visible_halserver_violators false;
+
+# PDX services
+attribute pdx_endpoint_dir_type;
+attribute pdx_endpoint_socket_type;
+expandattribute pdx_endpoint_socket_type false;
+attribute pdx_channel_socket_type;
+expandattribute pdx_channel_socket_type false;
+
+pdx_service_attributes(display_client)
+pdx_service_attributes(display_manager)
+pdx_service_attributes(display_screenshot)
+pdx_service_attributes(display_vsync)
+pdx_service_attributes(performance_client)
+pdx_service_attributes(bufferhub_client)
+
+# All HAL servers
+attribute halserverdomain;
+# All HAL clients
+attribute halclientdomain;
+expandattribute halclientdomain true;
+
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
+# HALs
+hal_attribute(allocator);
+hal_attribute(atrace);
+hal_attribute(audio);
+hal_attribute(audiocontrol);
+hal_attribute(authsecret);
+hal_attribute(bluetooth);
+hal_attribute(bootctl);
+hal_attribute(bufferhub);
+hal_attribute(broadcastradio);
+hal_attribute(camera);
+hal_attribute(can_bus);
+hal_attribute(can_controller);
+hal_attribute(cas);
+hal_attribute(codec2);
+hal_attribute(configstore);
+hal_attribute(confirmationui);
+hal_attribute(contexthub);
+hal_attribute(drm);
+hal_attribute(dumpstate);
+hal_attribute(evs);
+hal_attribute(face);
+hal_attribute(fingerprint);
+hal_attribute(gatekeeper);
+hal_attribute(gnss);
+hal_attribute(graphics_allocator);
+hal_attribute(graphics_composer);
+hal_attribute(health);
+hal_attribute(health_storage);
+hal_attribute(identity);
+hal_attribute(input_classifier);
+hal_attribute(ir);
+hal_attribute(keymaster);
+hal_attribute(light);
+hal_attribute(lowpan);
+hal_attribute(memtrack);
+hal_attribute(neuralnetworks);
+hal_attribute(nfc);
+hal_attribute(oemlock);
+hal_attribute(omx);
+hal_attribute(power);
+hal_attribute(power_stats);
+hal_attribute(rebootescrow);
+hal_attribute(secure_element);
+hal_attribute(sensors);
+hal_attribute(telephony);
+hal_attribute(tetheroffload);
+hal_attribute(thermal);
+hal_attribute(tv_cec);
+hal_attribute(tv_input);
+hal_attribute(tv_tuner);
+hal_attribute(usb);
+hal_attribute(usb_gadget);
+hal_attribute(vehicle);
+hal_attribute(vibrator);
+hal_attribute(vr);
+hal_attribute(weaver);
+hal_attribute(wifi);
+hal_attribute(wifi_hostapd);
+hal_attribute(wifi_supplicant);
+
+# HwBinder services offered across the core-vendor boundary
+#
+# We annotate server domains with x_server to loosen the coupling between
+# system and vendor images. For example, it should be possible to move a service
+# from one core domain to another, without having to update the vendor image
+# which contains clients of this service.
+
+attribute automotive_display_service_server;
+attribute camera_service_server;
+attribute display_service_server;
+attribute scheduler_service_server;
+attribute sensor_service_server;
+attribute stats_service_server;
+attribute system_suspend_server;
+attribute wifi_keystore_service_server;
+
+# All types used for super partition block devices.
+attribute super_block_device_type;
diff --git a/prebuilts/api/30.0/public/audioserver.te b/prebuilts/api/30.0/public/audioserver.te
new file mode 100644
index 0000000..a8a33cc
--- /dev/null
+++ b/prebuilts/api/30.0/public/audioserver.te
@@ -0,0 +1,6 @@
+# audioserver - audio services daemon
+type audioserver, domain;
+type audioserver_tmpfs, file_type;
+
+# Allow audioserver to signal audio HAL processes and dump their stacks.
+allow audioserver hal_audio_server:process signal;
diff --git a/prebuilts/api/30.0/public/blkid.te b/prebuilts/api/30.0/public/blkid.te
new file mode 100644
index 0000000..dabe014
--- /dev/null
+++ b/prebuilts/api/30.0/public/blkid.te
@@ -0,0 +1,2 @@
+# blkid called from vold
+type blkid, domain;
diff --git a/prebuilts/api/30.0/public/blkid_untrusted.te b/prebuilts/api/30.0/public/blkid_untrusted.te
new file mode 100644
index 0000000..4be4c0c
--- /dev/null
+++ b/prebuilts/api/30.0/public/blkid_untrusted.te
@@ -0,0 +1,2 @@
+# blkid for untrusted block devices
+type blkid_untrusted, domain;
diff --git a/prebuilts/api/30.0/public/bluetooth.te b/prebuilts/api/30.0/public/bluetooth.te
new file mode 100644
index 0000000..9b3442a
--- /dev/null
+++ b/prebuilts/api/30.0/public/bluetooth.te
@@ -0,0 +1,2 @@
+# bluetooth subsystem
+type bluetooth, domain;
diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te
new file mode 100644
index 0000000..bd2bec6
--- /dev/null
+++ b/prebuilts/api/30.0/public/bootanim.te
@@ -0,0 +1,43 @@
+# bootanimation oneshot service
+type bootanim, domain;
+type bootanim_exec, system_file_type, exec_type, file_type;
+
+hal_client_domain(bootanim, hal_configstore)
+hal_client_domain(bootanim, hal_graphics_allocator)
+hal_client_domain(bootanim, hal_graphics_composer)
+
+binder_use(bootanim)
+binder_call(bootanim, surfaceflinger)
+binder_call(bootanim, audioserver)
+
+hwbinder_use(bootanim)
+
+allow bootanim gpu_device:chr_file rw_file_perms;
+
+# /oem access
+allow bootanim oemfs:dir search;
+allow bootanim oemfs:file r_file_perms;
+
+allow bootanim audio_device:dir r_dir_perms;
+allow bootanim audio_device:chr_file rw_file_perms;
+
+allow bootanim audioserver_service:service_manager find;
+allow bootanim surfaceflinger_service:service_manager find;
+allow bootanim surfaceflinger:unix_stream_socket { read write };
+
+# Allow access to ion memory allocation device
+allow bootanim ion_device:chr_file rw_file_perms;
+allow bootanim hal_graphics_allocator:fd use;
+
+# Fences
+allow bootanim hal_graphics_composer:fd use;
+
+# Read access to pseudo filesystems.
+allow bootanim proc_meminfo:file r_file_perms;
+
+# System file accesses.
+allow bootanim system_file:dir r_dir_perms;
+
+# Read ro.boot.bootreason b/30654343
+get_prop(bootanim, bootloader_boot_reason_prop)
+
diff --git a/prebuilts/api/30.0/public/bootstat.te b/prebuilts/api/30.0/public/bootstat.te
new file mode 100644
index 0000000..e91f2a5
--- /dev/null
+++ b/prebuilts/api/30.0/public/bootstat.te
@@ -0,0 +1,64 @@
+# bootstat command
+type bootstat, domain;
+type bootstat_exec, system_file_type, exec_type, file_type;
+
+read_runtime_log_tags(bootstat)
+
+# Allow persistent storage in /data/misc/bootstat.
+allow bootstat bootstat_data_file:dir rw_dir_perms;
+allow bootstat bootstat_data_file:file create_file_perms;
+
+# Collect metrics on boot time created by init
+get_prop(bootstat, boottime_prop)
+
+# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
+set_prop(bootstat, bootloader_boot_reason_prop)
+set_prop(bootstat, system_boot_reason_prop)
+set_prop(bootstat, last_boot_reason_prop)
+allow bootstat metadata_file:dir search;
+allow bootstat metadata_bootstat_file:dir rw_dir_perms;
+allow bootstat metadata_bootstat_file:file create_file_perms;
+
+# ToDo: TBI move access for the following to a system health HAL
+
+# Allow access to /sys/fs/pstore/ and syslog
+allow bootstat pstorefs:dir search;
+allow bootstat pstorefs:file r_file_perms;
+allow bootstat kernel:system syslog_read;
+
+# Allow access to reading the logs to read aspects of system health
+read_logd(bootstat)
+
+# Allow bootstat write to statsd.
+unix_socket_send(bootstat, statsdw, statsd)
+
+# ToDo: end
+
+neverallow {
+ domain
+ -bootanim
+ -bootstat
+ -dumpstate
+ userdebug_or_eng(`-incidentd')
+ -init
+ -recovery
+ -shell
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+ -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+
+neverallow {
+ domain
+ -bootstat
+ -init
+} system_boot_reason_prop:property_service set;
diff --git a/prebuilts/api/30.0/public/bufferhubd.te b/prebuilts/api/30.0/public/bufferhubd.te
new file mode 100644
index 0000000..37edb5d
--- /dev/null
+++ b/prebuilts/api/30.0/public/bufferhubd.te
@@ -0,0 +1,25 @@
+# bufferhubd
+type bufferhubd, domain, mlstrustedsubject;
+type bufferhubd_exec, system_file_type, exec_type, file_type;
+
+hal_client_domain(bufferhubd, hal_graphics_allocator)
+
+# TODO(b/112338294): remove these after migrate to Binder
+pdx_server(bufferhubd, bufferhub_client)
+pdx_client(bufferhubd, performance_client)
+
+# Access the GPU.
+allow bufferhubd gpu_device:chr_file rw_file_perms;
+
+# Access /dev/ion
+allow bufferhubd ion_device:chr_file r_file_perms;
+
+# Receive sync fence FDs from hal_omx_server. Note that hal_omx_server never directly
+# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
+# those two: it talks to hal_omx_server via Binder and talks to bufferhubd via PDX.
+# Thus, there is no need to use pdx_client macro.
+allow bufferhubd hal_omx_server:fd use;
+
+# Codec2 is similar to OMX
+allow bufferhubd hal_codec2_server:fd use;
+
diff --git a/prebuilts/api/30.0/public/camera_service_server.te b/prebuilts/api/30.0/public/camera_service_server.te
new file mode 100644
index 0000000..352e1b7
--- /dev/null
+++ b/prebuilts/api/30.0/public/camera_service_server.te
@@ -0,0 +1 @@
+add_hwservice(camera_service_server, fwk_camera_hwservice)
diff --git a/prebuilts/api/30.0/public/cameraserver.te b/prebuilts/api/30.0/public/cameraserver.te
new file mode 100644
index 0000000..13ef1f7
--- /dev/null
+++ b/prebuilts/api/30.0/public/cameraserver.te
@@ -0,0 +1,74 @@
+# cameraserver - camera daemon
+type cameraserver, domain;
+type cameraserver_exec, system_file_type, exec_type, file_type;
+type cameraserver_tmpfs, file_type;
+
+binder_use(cameraserver)
+binder_call(cameraserver, binderservicedomain)
+binder_call(cameraserver, appdomain)
+binder_service(cameraserver)
+
+hal_client_domain(cameraserver, hal_camera)
+
+hal_client_domain(cameraserver, hal_graphics_allocator)
+
+allow cameraserver ion_device:chr_file rw_file_perms;
+
+# Talk with graphics composer fences
+allow cameraserver hal_graphics_composer:fd use;
+
+add_service(cameraserver, cameraserver_service)
+add_hwservice(cameraserver, fwk_camera_hwservice)
+
+allow cameraserver activity_service:service_manager find;
+allow cameraserver appops_service:service_manager find;
+allow cameraserver audioserver_service:service_manager find;
+allow cameraserver batterystats_service:service_manager find;
+allow cameraserver cameraproxy_service:service_manager find;
+allow cameraserver mediaserver_service:service_manager find;
+allow cameraserver processinfo_service:service_manager find;
+allow cameraserver scheduling_policy_service:service_manager find;
+allow cameraserver sensor_privacy_service:service_manager find;
+allow cameraserver surfaceflinger_service:service_manager find;
+
+allow cameraserver hidl_token_hwservice:hwservice_manager find;
+
+###
+### neverallow rules
+###
+
+# cameraserver should never execute any executable without a
+# domain transition
+neverallow cameraserver { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Allow shell commands from ADB for CTS testing/dumping
+allow cameraserver adbd:fd use;
+allow cameraserver adbd:unix_stream_socket { read write };
+allow cameraserver shell:fd use;
+allow cameraserver shell:unix_stream_socket { read write };
+allow cameraserver shell:fifo_file { read write };
+
+# Allow to talk with media codec
+allow cameraserver mediametrics_service:service_manager find;
+hal_client_domain(cameraserver, hal_codec2)
+hal_client_domain(cameraserver, hal_omx)
+hal_client_domain(cameraserver, hal_allocator)
+
+# Allow shell commands from ADB for CTS testing/dumping
+userdebug_or_eng(`
+ allow cameraserver su:fd use;
+ allow cameraserver su:fifo_file { read write };
+ allow cameraserver su:unix_stream_socket { read write };
+')
diff --git a/prebuilts/api/30.0/public/charger.te b/prebuilts/api/30.0/public/charger.te
new file mode 100644
index 0000000..4b341ea
--- /dev/null
+++ b/prebuilts/api/30.0/public/charger.te
@@ -0,0 +1,48 @@
+type charger, domain;
+type charger_exec, system_file_type, exec_type, file_type;
+
+# Write to /dev/kmsg
+allow charger kmsg_device:chr_file rw_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(charger, rootfs)
+r_dir_file(charger, cgroup)
+
+# Allow to read /sys/class/power_supply directory
+allow charger sysfs_type:dir r_dir_perms;
+
+allow charger self:global_capability_class_set { sys_tty_config };
+allow charger self:global_capability_class_set sys_boot;
+
+wakelock_use(charger)
+
+allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Read/write to /sys/power/state
+allow charger sysfs_power:file rw_file_perms;
+
+r_dir_file(charger, sysfs_batteryinfo)
+
+# Read /sys/fs/pstore/console-ramoops
+# Don't worry about overly broad permissions for now, as there's
+# only one file in /sys/fs/pstore
+allow charger pstorefs:dir r_dir_perms;
+allow charger pstorefs:file r_file_perms;
+
+allow charger graphics_device:dir r_dir_perms;
+allow charger graphics_device:chr_file rw_file_perms;
+allow charger input_device:dir r_dir_perms;
+allow charger input_device:chr_file r_file_perms;
+allow charger tty_device:chr_file rw_file_perms;
+allow charger proc_sysrq:file rw_file_perms;
+
+# charger needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(charger, system_prop)
+set_prop(charger, exported_system_prop)
+set_prop(charger, exported2_system_prop)
+set_prop(charger, exported3_system_prop)
+
+get_prop(charger, charger_prop)
+
+hal_client_domain(charger, hal_health)
diff --git a/prebuilts/api/30.0/public/crash_dump.te b/prebuilts/api/30.0/public/crash_dump.te
new file mode 100644
index 0000000..5188d19
--- /dev/null
+++ b/prebuilts/api/30.0/public/crash_dump.te
@@ -0,0 +1,68 @@
+type crash_dump, domain;
+type crash_dump_exec, system_file_type, exec_type, file_type;
+
+# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
+# which will result in an audit log even when it's allowed to trace.
+dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
+
+userdebug_or_eng(`
+ allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
+
+ # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
+ allow crash_dump kmsg_debug_device:chr_file { open append };
+')
+
+# Use inherited file descriptors
+allow crash_dump domain:fd use;
+
+# Read/write IPC pipes inherited from crashing processes.
+allow crash_dump domain:fifo_file { read write };
+
+# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
+allow crash_dump domain:fifo_file { append };
+
+r_dir_file(crash_dump, domain)
+allow crash_dump exec_type:file r_file_perms;
+
+# Read /data/dalvik-cache.
+allow crash_dump dalvikcache_data_file:dir { search getattr };
+allow crash_dump dalvikcache_data_file:file r_file_perms;
+
+# Read APK files.
+r_dir_file(crash_dump, apk_data_file);
+
+# Read all /vendor
+r_dir_file(crash_dump, { vendor_file same_process_hal_file })
+
+# Talk to tombstoned
+unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
+
+# Talk to ActivityManager.
+unix_socket_connect(crash_dump, system_ndebug, system_server)
+
+# Append to ANR files.
+allow crash_dump anr_data_file:file { append getattr };
+
+# Append to tombstone files.
+allow crash_dump tombstone_data_file:file { append getattr };
+
+# crash_dump writes out logcat logs at the bottom of tombstones,
+# which is super useful in some cases.
+unix_socket_connect(crash_dump, logdr, logd)
+
+# Crash dump is not intended to access the following files. Since these
+# are WAI, suppress the denials to clean up the logs.
+dontaudit crash_dump {
+ core_data_file_type
+ vendor_file_type
+}:dir search;
+dontaudit crash_dump system_data_file:file read;
+dontaudit crash_dump property_type:file read;
+
+###
+### neverallow assertions
+###
+
+# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
+# Do not allow the execution of crash_dump without a domain transition.
+neverallow domain crash_dump_exec:file execute_no_trans;
diff --git a/prebuilts/api/30.0/public/credstore.te b/prebuilts/api/30.0/public/credstore.te
new file mode 100644
index 0000000..db16a8d
--- /dev/null
+++ b/prebuilts/api/30.0/public/credstore.te
@@ -0,0 +1,16 @@
+type credstore, domain;
+type credstore_exec, system_file_type, exec_type, file_type;
+
+# credstore daemon
+binder_use(credstore)
+binder_service(credstore)
+binder_call(credstore, system_server)
+
+allow credstore credstore_data_file:dir create_dir_perms;
+allow credstore credstore_data_file:file create_file_perms;
+
+add_service(credstore, credstore_service)
+allow credstore sec_key_att_app_id_provider_service:service_manager find;
+allow credstore dropbox_service:service_manager find;
+
+r_dir_file(credstore, cgroup)
diff --git a/prebuilts/api/30.0/public/device.te b/prebuilts/api/30.0/public/device.te
new file mode 100644
index 0000000..32563d6
--- /dev/null
+++ b/prebuilts/api/30.0/public/device.te
@@ -0,0 +1,114 @@
+# Device types
+type device, dev_type, fs_type;
+type ashmem_device, dev_type, mlstrustedobject;
+type ashmem_libcutils_device, dev_type, mlstrustedobject;
+type audio_device, dev_type;
+type binder_device, dev_type, mlstrustedobject;
+type hwbinder_device, dev_type, mlstrustedobject;
+type vndbinder_device, dev_type;
+type block_device, dev_type;
+type camera_device, dev_type;
+type dm_device, dev_type;
+type keychord_device, dev_type;
+type loop_control_device, dev_type;
+type loop_device, dev_type;
+type pmsg_device, dev_type, mlstrustedobject;
+type radio_device, dev_type;
+type ram_device, dev_type;
+type rtc_device, dev_type;
+type vold_device, dev_type;
+type console_device, dev_type;
+type fscklogs, dev_type;
+# GPU (used by most UI apps)
+type gpu_device, dev_type, mlstrustedobject;
+type graphics_device, dev_type;
+type hw_random_device, dev_type;
+type input_device, dev_type;
+type port_device, dev_type;
+type lowpan_device, dev_type;
+type mtp_device, dev_type, mlstrustedobject;
+type nfc_device, dev_type;
+type ptmx_device, dev_type, mlstrustedobject;
+type kmsg_device, dev_type;
+type kmsg_debug_device, dev_type;
+type null_device, dev_type, mlstrustedobject;
+type random_device, dev_type, mlstrustedobject;
+type secure_element_device, dev_type;
+type sensors_device, dev_type;
+type serial_device, dev_type;
+type socket_device, dev_type;
+type owntty_device, dev_type, mlstrustedobject;
+type tty_device, dev_type;
+type video_device, dev_type;
+type zero_device, dev_type, mlstrustedobject;
+type fuse_device, dev_type, mlstrustedobject;
+type iio_device, dev_type;
+type ion_device, dev_type, mlstrustedobject;
+type qtaguid_device, dev_type;
+type watchdog_device, dev_type;
+type uhid_device, dev_type;
+type uio_device, dev_type;
+type tun_device, dev_type, mlstrustedobject;
+type usbaccessory_device, dev_type, mlstrustedobject;
+type usb_device, dev_type, mlstrustedobject;
+type usb_serial_device, dev_type;
+type properties_device, dev_type;
+type properties_serial, dev_type;
+type property_info, dev_type;
+
+# All devices have a uart for the hci
+# attach service. The uart dev node
+# varies per device. This type
+# is used in per device policy
+type hci_attach_dev, dev_type;
+
+# All devices have a rpmsg device for
+# achieving remoteproc and rpmsg modules
+type rpmsg_device, dev_type;
+
+# Partition layout block device
+type root_block_device, dev_type;
+
+# factory reset protection block device
+type frp_block_device, dev_type;
+
+# System block device mounted on /system.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type system_block_device, dev_type;
+
+# Recovery block device.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type recovery_block_device, dev_type;
+
+# boot block device.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type boot_block_device, dev_type;
+
+# Userdata block device mounted on /data.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type userdata_block_device, dev_type;
+
+# Cache block device mounted on /cache.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type cache_block_device, dev_type;
+
+# Block device for any swap partition.
+type swap_block_device, dev_type;
+
+# Metadata block device used for encryption metadata.
+# Assign this type to the partition specified by the encryptable=
+# mount option in your fstab file in the entry for userdata.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type metadata_block_device, dev_type;
+
+# The 'misc' partition used by recovery and A/B.
+# Documented at https://source.android.com/devices/bootloader/partitions-images
+type misc_block_device, dev_type;
+
+# 'super' partition to be used for logical partitioning.
+type super_block_device, super_block_device_type, dev_type;
+
+# sdcard devices; normally vold uses the vold_block_device label and creates a
+# separate device node. gsid, however, accesses the original devide node
+# created through uevents, so we use a separate label.
+type sdcard_block_device, dev_type;
diff --git a/prebuilts/api/30.0/public/dhcp.te b/prebuilts/api/30.0/public/dhcp.te
new file mode 100644
index 0000000..4f2369d
--- /dev/null
+++ b/prebuilts/api/30.0/public/dhcp.te
@@ -0,0 +1,30 @@
+type dhcp, domain;
+type dhcp_exec, system_file_type, exec_type, file_type;
+
+net_domain(dhcp)
+
+allow dhcp cgroup:dir { create write add_name };
+allow dhcp self:global_capability_class_set { setgid setuid net_admin net_raw net_bind_service };
+allow dhcp self:packet_socket create_socket_perms_no_ioctl;
+allow dhcp self:netlink_route_socket nlmsg_write;
+allow dhcp shell_exec:file rx_file_perms;
+allow dhcp system_file:file rx_file_perms;
+not_full_treble(`allow dhcp vendor_file:file rx_file_perms;')
+
+# dhcpcd runs dhcpcd-hooks/*, which runs getprop / setprop (toolbox_exec)
+allow dhcp toolbox_exec:file rx_file_perms;
+
+# For /proc/sys/net/ipv4/conf/*/promote_secondaries
+allow dhcp proc_net_type:file write;
+
+set_prop(dhcp, dhcp_prop)
+set_prop(dhcp, pan_result_prop)
+
+allow dhcp dhcp_data_file:dir create_dir_perms;
+allow dhcp dhcp_data_file:file create_file_perms;
+
+# PAN connections
+allow dhcp netd:fd use;
+allow dhcp netd:fifo_file rw_file_perms;
+allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write };
+allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket netlink_nflog_socket } { read write };
diff --git a/prebuilts/api/30.0/public/display_service_server.te b/prebuilts/api/30.0/public/display_service_server.te
new file mode 100644
index 0000000..c5839fa
--- /dev/null
+++ b/prebuilts/api/30.0/public/display_service_server.te
@@ -0,0 +1 @@
+add_hwservice(display_service_server, fwk_display_hwservice)
diff --git a/prebuilts/api/30.0/public/dnsmasq.te b/prebuilts/api/30.0/public/dnsmasq.te
new file mode 100644
index 0000000..86f1eb1
--- /dev/null
+++ b/prebuilts/api/30.0/public/dnsmasq.te
@@ -0,0 +1,28 @@
+# DNS, DHCP services
+type dnsmasq, domain;
+type dnsmasq_exec, system_file_type, exec_type, file_type;
+
+net_domain(dnsmasq)
+allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls;
+
+# TODO: Run with dhcp group to avoid need for dac_override.
+allow dnsmasq self:global_capability_class_set { dac_override dac_read_search };
+
+allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid };
+
+allow dnsmasq dhcp_data_file:dir w_dir_perms;
+allow dnsmasq dhcp_data_file:file create_file_perms;
+
+# Inherit and use open files from netd.
+allow dnsmasq netd:fd use;
+allow dnsmasq netd:fifo_file { getattr read write };
+# TODO: Investigate whether these inherited sockets should be closed on exec.
+allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
+allow dnsmasq netd:netlink_nflog_socket { read write };
+allow dnsmasq netd:netlink_route_socket { read write };
+allow dnsmasq netd:unix_stream_socket { getattr read write };
+allow dnsmasq netd:unix_dgram_socket { read write };
+allow dnsmasq netd:udp_socket { read write };
+
+# sometimes a network device vanishes and we try to load module netdev-{devicename}
+dontaudit dnsmasq kernel:system module_request;
diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te
new file mode 100644
index 0000000..8cb4950
--- /dev/null
+++ b/prebuilts/api/30.0/public/domain.te
@@ -0,0 +1,1420 @@
+# Rules for all domains.
+
+# Allow reaping by init.
+allow domain init:process sigchld;
+
+# Intra-domain accesses.
+allow domain self:process {
+ fork
+ sigchld
+ sigkill
+ sigstop
+ signull
+ signal
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ getattr
+ setrlimit
+};
+allow domain self:fd use;
+allow domain proc:dir r_dir_perms;
+allow domain proc_net_type:dir search;
+r_dir_file(domain, self)
+allow domain self:{ fifo_file file } rw_file_perms;
+allow domain self:unix_dgram_socket { create_socket_perms sendto };
+allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
+
+# Inherit or receive open files from others.
+allow domain init:fd use;
+
+userdebug_or_eng(`
+ allow domain su:fd use;
+ allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown };
+ allow domain su:unix_dgram_socket sendto;
+
+ allow { domain -init } su:binder { call transfer };
+
+ # Running something like "pm dump com.android.bluetooth" requires
+ # fifo writes
+ allow domain su:fifo_file { write getattr };
+
+ # allow "gdbserver --attach" to work for su.
+ allow domain su:process sigchld;
+
+ # Allow writing coredumps to /cores/*
+ allow domain coredump_file:file create_file_perms;
+ allow domain coredump_file:dir ra_dir_perms;
+')
+
+with_native_coverage(`
+ # Allow writing coverage information to /data/misc/trace
+ allow domain method_trace_data_file:dir create_dir_perms;
+ allow domain method_trace_data_file:file create_file_perms;
+')
+
+# Root fs.
+allow domain tmpfs:dir { getattr search };
+allow domain rootfs:dir search;
+allow domain rootfs:lnk_file { read getattr };
+
+# Device accesses.
+allow domain device:dir search;
+allow domain dev_type:lnk_file r_file_perms;
+allow domain devpts:dir search;
+allow domain socket_device:dir r_dir_perms;
+allow domain owntty_device:chr_file rw_file_perms;
+allow domain null_device:chr_file rw_file_perms;
+allow domain zero_device:chr_file rw_file_perms;
+
+# /dev/ashmem is being deprecated by means of constraining and eventually
+# removing all "open" permissions. We preserve the other permissions.
+allow domain ashmem_device:chr_file { getattr read ioctl lock map append write };
+# This device is used by libcutils, which is accessible to everyone.
+allow domain ashmem_libcutils_device:chr_file rw_file_perms;
+
+# /dev/binder can be accessed by ... everyone! :)
+allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
+
+# /dev/binderfs needs to be accessed by everyone too!
+allow domain binderfs:dir { getattr search };
+allow domain binderfs_logs_proc:dir search;
+
+allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
+allow domain ptmx_device:chr_file rw_file_perms;
+allow domain random_device:chr_file rw_file_perms;
+allow domain proc_random:dir r_dir_perms;
+allow domain proc_random:file r_file_perms;
+allow domain properties_device:dir { search getattr };
+allow domain properties_serial:file r_file_perms;
+allow domain property_info:file r_file_perms;
+
+# Public readable properties
+get_prop(domain, debug_prop)
+get_prop(domain, exported_config_prop)
+get_prop(domain, exported_default_prop)
+get_prop(domain, exported_dumpstate_prop)
+get_prop(domain, exported_fingerprint_prop)
+get_prop(domain, exported_radio_prop)
+get_prop(domain, exported_secure_prop)
+get_prop(domain, exported_system_prop)
+get_prop(domain, exported_vold_prop)
+get_prop(domain, exported2_default_prop)
+get_prop(domain, logd_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, vendor_socket_hook_prop)
+get_prop(domain, vndk_prop)
+
+# Binder cache properties are world-readable
+get_prop(domain, binder_cache_bluetooth_server_prop)
+get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
+
+# Let everyone read log properties, so that liblog can avoid sending unloggable
+# messages to logd.
+get_prop(domain, log_property_type)
+dontaudit domain property_type:file audit_access;
+allow domain property_contexts_file:file r_file_perms;
+
+allow domain init:key search;
+allow domain vold:key search;
+
+# logd access
+write_logd(domain)
+
+# Directory/link file access for path resolution.
+allow domain {
+ system_file
+ system_lib_file
+ system_seccomp_policy_file
+ system_security_cacerts_file
+}:dir r_dir_perms;
+allow domain system_file:lnk_file { getattr read };
+
+# Global access to /system/etc/security/cacerts/*, /system/etc/seccomp_policy/*, /system/lib[64]/*,
+# /(system|product|system_ext)/etc/(group|passwd), linker and its config.
+allow domain system_seccomp_policy_file:file r_file_perms;
+# cacerts are accessible from public Java API.
+allow domain system_security_cacerts_file:file r_file_perms;
+allow domain system_group_file:file r_file_perms;
+allow domain system_passwd_file:file r_file_perms;
+allow domain system_linker_exec:file { execute read open getattr map };
+allow domain system_linker_config_file:file r_file_perms;
+allow domain system_lib_file:file { execute read open getattr map };
+# To allow following symlinks at /system/bin/linker, /system/lib/libc.so, etc.
+allow domain system_linker_exec:lnk_file { read open getattr };
+allow domain system_lib_file:lnk_file { read open getattr };
+
+allow domain system_event_log_tags_file:file r_file_perms;
+
+allow { appdomain coredomain } system_file:file { execute read open getattr map };
+
+# Make sure system/vendor split doesn not affect non-treble
+# devices
+not_full_treble(`
+ allow domain system_file:file { execute read open getattr map };
+ allow domain vendor_file_type:dir { search getattr };
+ allow domain vendor_file_type:file { execute read open getattr map };
+ allow domain vendor_file_type:lnk_file { getattr read };
+')
+
+# All domains are allowed to open and read directories
+# that contain HAL implementations (e.g. passthrough
+# HALs require clients to have these permissions)
+allow domain vendor_hal_file:dir r_dir_perms;
+
+# Everyone can read and execute all same process HALs
+allow domain same_process_hal_file:dir r_dir_perms;
+allow {
+ domain
+ -coredomain # access is explicitly granted to individual coredomains
+} same_process_hal_file:file { execute read open getattr map };
+
+# Any process can load vndk-sp libraries, which are system libraries
+# used by same process HALs
+allow domain vndk_sp_file:dir r_dir_perms;
+allow domain vndk_sp_file:file { execute read open getattr map };
+
+# All domains get access to /vendor/etc
+allow domain vendor_configs_file:dir r_dir_perms;
+allow domain vendor_configs_file:file { read open getattr map };
+
+full_treble_only(`
+ # Allow all domains to be able to follow /system/vendor and/or
+ # /vendor/odm symlinks.
+ allow domain vendor_file_type:lnk_file { getattr open read };
+
+ # This is required to be able to search & read /vendor/lib64
+ # in order to lookup vendor libraries. The execute permission
+ # for coredomains is granted *only* for same process HALs
+ allow domain vendor_file:dir { getattr search };
+
+ # Allow reading and executing out of /vendor to all vendor domains
+ allow { domain -coredomain } vendor_file_type:dir r_dir_perms;
+ allow { domain -coredomain } vendor_file_type:file { read open getattr execute map };
+ allow { domain -coredomain } vendor_file_type:lnk_file { getattr read };
+')
+
+# read and stat any sysfs symlinks
+allow domain sysfs:lnk_file { getattr read };
+
+# libc references /data/misc/zoneinfo and /system/usr/share/zoneinfo for
+# timezone related information.
+# This directory is considered to be a VNDK-stable
+allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms;
+allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms;
+
+# Lots of processes access current CPU information
+r_dir_file(domain, sysfs_devices_system_cpu)
+
+r_dir_file(domain, sysfs_usb);
+
+# If kernel CONFIG_TRANSPARENT_HUGEPAGE is enabled, libjemalloc5 (statically
+# included by libc) reads /sys/kernel/mm/transparent_hugepage/enabled.
+allow domain sysfs_transparent_hugepage:dir search;
+allow domain sysfs_transparent_hugepage:file r_file_perms;
+
+# files under /data.
+not_full_treble(`
+ allow domain system_data_file:dir getattr;
+')
+allow { coredomain appdomain } system_data_file:dir getattr;
+# /data has the label system_data_root_file. Vendor components need the search
+# permission on system_data_root_file for path traversal to /data/vendor.
+allow domain system_data_root_file:dir { search getattr } ;
+allow domain system_data_file:dir search;
+# TODO restrict this to non-coredomain
+allow domain vendor_data_file:dir { getattr search };
+
+# required by the dynamic linker
+allow domain proc:lnk_file { getattr read };
+
+# /proc/cpuinfo
+allow domain proc_cpuinfo:file r_file_perms;
+
+# /dev/cpu_variant:.*
+allow domain dev_cpu_variant:file r_file_perms;
+
+# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
+allow domain proc_perf:file r_file_perms;
+
+# toybox loads libselinux which stats /sys/fs/selinux/
+allow domain selinuxfs:dir search;
+allow domain selinuxfs:file getattr;
+allow domain sysfs:dir search;
+allow domain selinuxfs:filesystem getattr;
+
+# Almost all processes log tracing information to
+# /sys/kernel/debug/tracing/trace_marker
+# The reason behind this is documented in b/6513400
+allow domain debugfs:dir search;
+allow domain debugfs_tracing:dir search;
+allow domain debugfs_tracing_debug:dir search;
+allow domain debugfs_trace_marker:file w_file_perms;
+
+# Filesystem access.
+allow domain fs_type:filesystem getattr;
+allow domain fs_type:dir getattr;
+
+# Restrict all domains to a whitelist for common socket types. Additional
+# ioctl commands may be added to individual domains, but this sets safe
+# defaults for all processes. Note that granting this whitelist to domain does
+# not grant the ioctl permission on these socket types. That must be granted
+# separately.
+allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket }
+ ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
+# default whitelist for unix sockets.
+allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket }
+ ioctl unpriv_unix_sock_ioctls;
+
+# Restrict PTYs to only whitelisted ioctls.
+# Note that granting this whitelist to domain does
+# not grant the wider ioctl permission. That must be granted
+# separately.
+allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
+
+# All domains must clearly enumerate what ioctls they use
+# on filesystem objects (plain files, directories, symbolic links,
+# named pipes, and named sockets). We start off with a safe set.
+allowxperm domain { file_type fs_type domain dev_type }:{ dir notdevfile_class_set blk_file } ioctl { FIOCLEX FIONCLEX };
+
+# If a domain has ioctl access to tun_device, it must clearly enumerate the
+# ioctls used. Safe defaults are listed below.
+allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX };
+
+# Allow a process to make a determination whether a file descriptor
+# for a plain file or pipe (fifo_file) is a tty. Note that granting
+# this whitelist to domain does not grant the ioctl permission to
+# these files. That must be granted separately.
+allowxperm domain { file_type fs_type }:file ioctl { TCGETS };
+allowxperm domain domain:fifo_file ioctl { TCGETS };
+
+# If a domain has access to perform an ioctl on a block device, allow these
+# very common, benign ioctls
+allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
+
+# Support sqlite F2FS specific optimizations
+# ioctl permission on the specific file type is still required
+# TODO: consider only compiling these rules if we know the
+# /data partition is F2FS
+allowxperm domain { file_type sdcard_type }:file ioctl {
+ F2FS_IOC_ABORT_VOLATILE_WRITE
+ F2FS_IOC_COMMIT_ATOMIC_WRITE
+ F2FS_IOC_GET_FEATURES
+ F2FS_IOC_GET_PIN_FILE
+ F2FS_IOC_SET_PIN_FILE
+ F2FS_IOC_START_ATOMIC_WRITE
+};
+
+# Workaround for policy compiler being too aggressive and removing hwservice_manager_type
+# when it's not explicitly used in allow rules
+allow { domain -domain } hwservice_manager_type:hwservice_manager { add find };
+# Workaround for policy compiler being too aggressive and removing vndservice_manager_type
+# when it's not explicitly used in allow rules
+allow { domain -domain } vndservice_manager_type:service_manager { add find };
+
+# Under ASAN, processes will try to read /data, as the sanitized libraries are there.
+with_asan(`allow domain system_data_file:dir getattr;')
+# Under ASAN, /system/asan.options needs to be globally accessible.
+with_asan(`allow domain system_asan_options_file:file r_file_perms;')
+
+# read APEX dir and stat any symlink pointing to APEXs.
+allow domain apex_mnt_dir:dir { getattr search };
+allow domain apex_mnt_dir:lnk_file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# All ioctls on file-like objects (except chr_file and blk_file) and
+# sockets must be restricted to a whitelist.
+neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 };
+
+# b/68014825 and https://android-review.googlesource.com/516535
+# rfc6093 says that processes should not use the TCP urgent mechanism
+neverallowxperm domain domain:socket_class_set ioctl { SIOCATMARK };
+
+# TIOCSTI is only ever used for exploits. Block it.
+# b/33073072, b/7530569
+# http://www.openwall.com/lists/oss-security/2016/09/26/14
+neverallowxperm * devpts:chr_file ioctl TIOCSTI;
+
+# Do not allow any domain other than init to create unlabeled files.
+neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
+
+# Limit device node creation to these whitelisted domains.
+neverallow {
+ domain
+ -kernel
+ -init
+ -ueventd
+ -vold
+} self:global_capability_class_set mknod;
+
+# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
+neverallow * self:memprotect mmap_zero;
+
+# No domain needs mac_override as it is unused by SELinux.
+neverallow * self:global_capability2_class_set mac_override;
+
+# Disallow attempts to set contexts not defined in current policy
+# This helps guarantee that unknown or dangerous contents will not ever
+# be set.
+neverallow * self:global_capability2_class_set mac_admin;
+
+# Once the policy has been loaded there shall be none to modify the policy.
+# It is sealed.
+neverallow * kernel:security load_policy;
+
+# Only init prior to switching context should be able to set enforcing mode.
+# init starts in kernel domain and switches to init domain via setcon in
+# the init.rc, so the setenforce occurs while still in kernel. After
+# switching domains, there is never any need to setenforce again by init.
+neverallow * kernel:security setenforce;
+neverallow { domain -kernel } kernel:security setcheckreqprot;
+
+# No booleans in AOSP policy, so no need to ever set them.
+neverallow * kernel:security setbool;
+
+# Adjusting the AVC cache threshold.
+# Not presently allowed to anything in policy, but possibly something
+# that could be set from init.rc.
+neverallow { domain -init } kernel:security setsecparam;
+
+# Only init, ueventd, shell and system_server should be able to access HW RNG
+neverallow {
+ domain
+ -init
+ -shell # For CTS and is restricted to getattr in shell.te
+ -system_server
+ -ueventd
+} hw_random_device:chr_file *;
+# b/78174219 b/64114943
+neverallow {
+ domain
+ -shell # stat of /dev, getattr only
+ -ueventd
+} keychord_device:chr_file *;
+
+# Ensure that all entrypoint executables are in exec_type or postinstall_file.
+neverallow * { file_type -exec_type -postinstall_file }:file entrypoint;
+
+# The dynamic linker always calls access(2) on the path. Don't generate SElinux
+# denials since the linker does not actually access the path in case the path
+# does not exist or isn't accessible for the process.
+dontaudit domain postinstall_mnt_dir:dir audit_access;
+
+#Ensure that nothing in userspace can access /dev/port
+neverallow {
+ domain
+ -shell # Shell user should not have any abilities outside of getattr
+ -ueventd
+} port_device:chr_file *;
+neverallow * port_device:chr_file ~{ create relabelto unlink setattr getattr };
+# Only init should be able to configure kernel usermodehelpers or
+# security-sensitive proc settings.
+neverallow { domain -init } usermodehelper:file { append write };
+neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
+neverallow { domain -init -vendor_init } proc_security:file { append open read write };
+
+# Init can't do anything with binder calls. If this neverallow rule is being
+# triggered, it's probably due to a service with no SELinux domain.
+neverallow * init:binder *;
+neverallow * vendor_init:binder *;
+
+# Don't allow raw read/write/open access to block_device
+# Rather force a relabel to a more specific type
+neverallow { domain -kernel -init -recovery } block_device:blk_file { open read write };
+
+# Do not allow renaming of block files or character files
+# Ability to do so can lead to possible use in an exploit chain
+# e.g. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html
+neverallow * *:{ blk_file chr_file } rename;
+
+# Don't allow raw read/write/open access to generic devices.
+# Rather force a relabel to a more specific type.
+neverallow domain device:chr_file { open read write };
+
+# Files from cache should never be executed
+neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute;
+
+# Protect most domains from executing arbitrary content from /data.
+neverallow {
+ domain
+ -appdomain
+} {
+ data_file_type
+ -dalvikcache_data_file
+ -system_data_file # shared libs in apks
+ -apk_data_file
+}:file no_x_file_perms;
+
+# The test files and executables MUST not be accessible to any domain
+neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
+neverallow domain nativetest_data_file:dir no_w_dir_perms;
+neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
+
+# Only the init property service should write to /data/property and /dev/__properties__
+neverallow { domain -init } property_data_file:dir no_w_dir_perms;
+neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms };
+neverallow { domain -init } property_type:file { no_w_file_perms no_x_file_perms };
+neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_perms };
+neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms };
+
+# Nobody should be doing writes to /system & /vendor
+# These partitions are intended to be read-only and must never be
+# modified. Doing so would violate important Android security guarantees
+# and invalidate dm-verity signatures.
+neverallow {
+ domain
+ with_asan(`-asan_extract')
+ recovery_only(`userdebug_or_eng(`-fastbootd')')
+} {
+ system_file_type
+ vendor_file_type
+ exec_type
+}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
+
+neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
+
+# Don't allow mounting on top of /system files or directories
+neverallow * exec_type:dir_file_class_set mounton;
+neverallow { domain -init } { system_file_type vendor_file_type }:dir_file_class_set mounton;
+
+# Nothing should be writing to files in the rootfs.
+neverallow * rootfs:file { create write setattr relabelto append unlink link rename };
+
+# Restrict context mounts to specific types marked with
+# the contextmount_type attribute.
+neverallow * {fs_type -contextmount_type}:filesystem relabelto;
+
+# Ensure that context mount types are not writable, to ensure that
+# the write to /system restriction above is not bypassed via context=
+# mount to another type.
+neverallow * contextmount_type:dir_file_class_set
+ { create setattr relabelfrom relabelto append link rename };
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } contextmount_type:dir_file_class_set { write unlink };
+
+# Do not allow service_manager add for default service labels.
+# Instead domains should use a more specific type such as
+# system_app_service rather than the generic type.
+# New service_types are defined in {,hw,vnd}service.te and new mappings
+# from service name to service_type are defined in {,hw,vnd}service_contexts.
+neverallow * default_android_service:service_manager *;
+neverallow * default_android_vndservice:service_manager *;
+neverallow * default_android_hwservice:hwservice_manager *;
+
+# Looking up the base class/interface of all HwBinder services is a bad idea.
+# hwservicemanager currently offer such lookups only to make it so that security
+# decisions are expressed in SELinux policy. However, it's unclear whether this
+# lookup has security implications. If it doesn't, hwservicemanager should be
+# modified to not offer this lookup.
+# This rule can be removed if hwservicemanager is modified to not permit these
+# lookups.
+neverallow * hidl_base_hwservice:hwservice_manager find;
+
+# Require that domains explicitly label unknown properties, and do not allow
+# anyone but init to modify unknown properties.
+neverallow { domain -init -vendor_init } default_prop:property_service set;
+neverallow { domain -init -vendor_init } mmc_prop:property_service set;
+neverallow { domain -init -vendor_init } vndk_prop:property_service set;
+
+compatible_property_only(`
+ neverallow { domain -init } default_prop:property_service set;
+ neverallow { domain -init } mmc_prop:property_service set;
+ neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
+ neverallow { domain -init } exported_secure_prop:property_service set;
+ neverallow { domain -init } exported2_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
+')
+
+# Only core domains are allowed to access package_manager properties
+neverallow { domain -init -system_server } pm_prop:property_service set;
+neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
+
+compatible_property_only(`
+ neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set;
+ neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
+')
+
+# Do not allow reading device's serial number from system properties except form
+# a few whitelisted domains.
+neverallow {
+ domain
+ -adbd
+ -dumpstate
+ -fastbootd
+ -hal_camera_server
+ -hal_cas_server
+ -hal_drm_server
+ userdebug_or_eng(`-incidentd')
+ -init
+ -mediadrmserver
+ -mediaserver
+ -recovery
+ -shell
+ -system_server
+ -vendor_init
+} serialno_prop:file r_file_perms;
+
+# Do not allow reading the last boot timestamp from system properties
+neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
+
+neverallow {
+ domain
+ -init
+ -recovery
+ -system_server
+ -shell # Shell is further restricted in shell.te
+ -ueventd # Further restricted in ueventd.te
+} frp_block_device:blk_file no_rw_file_perms;
+
+# The metadata block device is set aside for device encryption and
+# verified boot metadata. It may be reset at will and should not
+# be used by other domains.
+neverallow {
+ domain
+ -init
+ -recovery
+ -vold
+ -e2fs
+ -fsck
+ -fastbootd
+} metadata_block_device:blk_file { append link rename write open read ioctl lock };
+
+# No domain other than recovery, update_engine and fastbootd can write to system partition(s).
+neverallow {
+ domain
+ -fastbootd
+ userdebug_or_eng(`-fsck')
+ userdebug_or_eng(`-init')
+ -recovery
+ -update_engine
+} system_block_device:blk_file { write append };
+
+# No domains other than a select few can access the misc_block_device. This
+# block device is reserved for OTA use.
+# Do not assert this rule on userdebug/eng builds, due to some devices using
+# this partition for testing purposes.
+neverallow {
+ domain
+ userdebug_or_eng(`-domain') # exclude debuggable builds
+ -fastbootd
+ -hal_bootctl_server
+ -init
+ -uncrypt
+ -update_engine
+ -vendor_init
+ -vendor_misc_writer
+ -vold
+ -recovery
+ -ueventd
+} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
+
+# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
+neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr;
+# The service managers are only allowed to access their own device node
+neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms;
+neverallow servicemanager vndbinder_device:chr_file no_rw_file_perms;
+neverallow hwservicemanager binder_device:chr_file no_rw_file_perms;
+neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms;
+neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
+neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
+
+# system services cant add vendor services
+neverallow {
+ coredomain
+} vendor_service:service_manager add;
+
+full_treble_only(`
+ # vendor services cant add system services
+ neverallow {
+ domain
+ -coredomain
+ -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone
+ } {
+ service_manager_type
+ -vendor_service
+ }:service_manager add;
+')
+
+full_treble_only(`
+ # Vendor apps are permited to use only stable public services. If they were to use arbitrary
+ # services which can change any time framework/core is updated, breakage is likely.
+ neverallow {
+ appdomain
+ -coredomain
+ } {
+ service_manager_type
+ -app_api_service
+ -ephemeral_app_api_service
+ -audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
+ -cameraserver_service
+ -drmserver_service
+ -hal_light_service # TODO(b/148154485) remove once all violators are gone
+ -credstore_service
+ -keystore_service
+ -mediadrmserver_service
+ -mediaextractor_service
+ -mediametrics_service
+ -mediaserver_service
+ -nfc_service
+ -radio_service
+ -virtual_touchpad_service
+ -vr_hwc_service
+ -vr_manager_service
+ }:service_manager find;
+')
+
+# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
+full_treble_only(`
+ neverallow {
+ coredomain
+ -shell
+ userdebug_or_eng(`-su')
+ -ueventd # uevent is granted create for this device, but we still neverallow I/O below
+ } vndbinder_device:chr_file rw_file_perms;
+')
+full_treble_only(`
+ neverallow ueventd vndbinder_device:chr_file { read write append ioctl };
+')
+full_treble_only(`
+ neverallow {
+ coredomain
+ -shell
+ userdebug_or_eng(`-su')
+ } vndservice_manager_type:service_manager *;
+')
+full_treble_only(`
+ neverallow {
+ coredomain
+ -shell
+ userdebug_or_eng(`-su')
+ } vndservicemanager:binder *;
+')
+
+# On full TREBLE devices, socket communications between core components and vendor components are
+# not permitted.
+ # Most general rules first, more specific rules below.
+
+ # Core domains are not permitted to initiate communications to vendor domain sockets.
+ # We are not restricting the use of already established sockets because it is fine for a process
+ # to obtain an already established socket via some public/official/stable API and then exchange
+ # data with its peer over that socket. The wire format in this scenario is dicatated by the API
+ # and thus does not break the core-vendor separation.
+full_treble_only(`
+ neverallow_establish_socket_comms({
+ coredomain
+ -init
+ -adbd
+ }, {
+ domain
+ -coredomain
+ -socket_between_core_and_vendor_violators
+ });
+')
+ # Vendor domains are not permitted to initiate communications to core domain sockets
+full_treble_only(`
+ neverallow_establish_socket_comms({
+ domain
+ -coredomain
+ -appdomain
+ -socket_between_core_and_vendor_violators
+ }, {
+ coredomain
+ -logd # Logging by writing to logd Unix domain socket is public API
+ -netd # netdomain needs this
+ -mdnsd # netdomain needs this
+ userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
+ -init
+ -tombstoned # linker to tombstoned
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+ });
+')
+
+ # Vendor domains are not permitted to initiate create/open sockets owned by core domains
+full_treble_only(`
+ neverallow {
+ domain
+ -coredomain
+ -appdomain # appdomain restrictions below
+ -data_between_core_and_vendor_violators # b/70393317
+ -socket_between_core_and_vendor_violators
+ -vendor_init
+ } {
+ coredomain_socket
+ core_data_file_type
+ unlabeled # used only by core domains
+ }:sock_file ~{ append getattr ioctl read write };
+')
+full_treble_only(`
+ neverallow {
+ appdomain
+ -coredomain
+ } {
+ coredomain_socket
+ unlabeled # used only by core domains
+ core_data_file_type
+ -app_data_file
+ -privapp_data_file
+ -pdx_endpoint_socket_type # used by VR layer
+ -pdx_channel_socket_type # used by VR layer
+ }:sock_file ~{ append getattr ioctl read write };
+')
+
+ # Core domains are not permitted to create/open sockets owned by vendor domains
+full_treble_only(`
+ neverallow {
+ coredomain
+ -init
+ -ueventd
+ -socket_between_core_and_vendor_violators
+ } {
+ file_type
+ dev_type
+ -coredomain_socket
+ -core_data_file_type
+ -unlabeled
+ }:sock_file ~{ append getattr ioctl read write };
+')
+
+# On TREBLE devices, vendor and system components are only allowed to share
+# files by passing open FDs over hwbinder. Ban all directory access and all file
+# accesses other than what can be applied to an open FD such as
+# ioctl/stat/read/write/append. This is enforced by segregating /data.
+# Vendor domains may directly access file in /data/vendor by path, but may only
+# access files outside of /data/vendor via an open FD passed over hwbinder.
+# Likewise, core domains may only directly access files outside /data/vendor by
+# path and files in /data/vendor by open FD.
+full_treble_only(`
+ # only coredomains may only access core_data_file_type, particularly not
+ # /data/vendor
+ neverallow {
+ coredomain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -data_between_core_and_vendor_violators
+ -init
+ -vold_prepare_subdirs
+ } {
+ data_file_type
+ -core_data_file_type
+ }:file_class_set ~{ append getattr ioctl read write map };
+')
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -data_between_core_and_vendor_violators
+ -init
+ -vold_prepare_subdirs
+ } {
+ data_file_type
+ -core_data_file_type
+ # TODO(b/72998741) Remove exemption. Further restricted in a subsequent
+ # neverallow. Currently only getattr and search are allowed.
+ -vendor_data_file
+ }:dir *;
+
+')
+full_treble_only(`
+ # vendor domains may only access files in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ -vendor_init
+ } {
+ core_data_file_type
+ # libc includes functions like mktime and localtime which attempt to access
+ # files in /data/misc/zoneinfo/tzdata and /system/usr/share/zoneinfo/tzdata.
+ # These functions are considered vndk-stable and thus must be allowed for
+ # all processes.
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+ }:file_class_set ~{ append getattr ioctl read write map };
+ neverallow {
+ vendor_init
+ -data_between_core_and_vendor_violators
+ } {
+ core_data_file_type
+ -unencrypted_data_file
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+ }:file_class_set ~{ append getattr ioctl read write map };
+ # vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
+ # The vendor init binary lives on the system partition so there is not a concern with stability.
+ neverallow vendor_init unencrypted_data_file:file ~r_file_perms;
+')
+full_treble_only(`
+ # vendor domains may only access dirs in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators
+ -vendor_init
+ } {
+ core_data_file_type
+ -system_data_file # default label for files on /data. Covered below...
+ -system_data_root_file
+ -vendor_data_file
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+ }:dir *;
+ neverallow {
+ vendor_init
+ -data_between_core_and_vendor_violators
+ } {
+ core_data_file_type
+ -unencrypted_data_file
+ -system_data_file
+ -system_data_root_file
+ -vendor_data_file
+ -zoneinfo_data_file
+ with_native_coverage(`-method_trace_data_file')
+ }:dir *;
+ # vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
+ # The vendor init binary lives on the system partition so there is not a concern with stability.
+ neverallow vendor_init unencrypted_data_file:dir ~search;
+')
+full_treble_only(`
+ # vendor domains may only access dirs in /data/vendor, never core_data_file_types
+ neverallow {
+ domain
+ -appdomain # TODO(b/34980020) remove exemption for appdomain
+ -coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ } {
+ system_data_file # default label for files on /data. Covered below
+ }:dir ~{ getattr search };
+')
+
+full_treble_only(`
+ # coredomains may not access dirs in /data/vendor.
+ neverallow {
+ coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ -init
+ -vold # vold creates per-user storage for both system and vendor
+ -vold_prepare_subdirs
+ } {
+ vendor_data_file # default label for files on /data. Covered below
+ }:dir ~{ getattr search };
+')
+
+full_treble_only(`
+ # coredomains may not access dirs in /data/vendor.
+ neverallow {
+ coredomain
+ -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up
+ -init
+ } {
+ vendor_data_file # default label for files on /data/vendor{,_ce,_de}.
+ }:file_class_set ~{ append getattr ioctl read write map };
+')
+
+full_treble_only(`
+ # Non-vendor domains are not allowed to file execute shell
+ # from vendor
+ neverallow {
+ coredomain
+ -init
+ -shell
+ -ueventd
+ } vendor_shell_exec:file { execute execute_no_trans };
+')
+
+full_treble_only(`
+ # Do not allow vendor components to execute files from system
+ # except for the ones whitelist here.
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_executes_system_violators
+ -vendor_init
+ } {
+ system_file_type
+ -system_lib_file
+ -system_linker_exec
+ -crash_dump_exec
+ -iorap_prefetcherd_exec
+ -iorap_inode2filename_exec
+ -netutils_wrapper_exec
+ userdebug_or_eng(`-tcpdump_exec')
+ }:file { entrypoint execute execute_no_trans };
+')
+
+full_treble_only(`
+ # Do not allow system components to execute files from vendor
+ # except for the ones whitelisted here.
+ neverallow {
+ coredomain
+ -init
+ -shell
+ -system_executes_vendor_violators
+ -ueventd
+ } {
+ vendor_file_type
+ -same_process_hal_file
+ -vndk_sp_file
+ -vendor_app_file
+ -vendor_public_lib_file
+ }:file execute;
+')
+
+full_treble_only(`
+ neverallow {
+ coredomain
+ -shell
+ -system_executes_vendor_violators
+ } {
+ vendor_file_type
+ -same_process_hal_file
+ }:file execute_no_trans;
+')
+
+full_treble_only(`
+ # Do not allow system components access to /vendor files except for the
+ # ones whitelisted here.
+ neverallow {
+ coredomain
+ # TODO(b/37168747): clean up fwk access to /vendor
+ -crash_dump
+ -init # starts vendor executables
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -kernel # loads /vendor/firmware
+ userdebug_or_eng(`-heapprofd')
+ -shell
+ -system_executes_vendor_violators
+ -traced_perf # library/binary access for symbolization
+ -ueventd # reads /vendor/ueventd.rc
+ -vold # loads incremental fs driver
+ } {
+ vendor_file_type
+ -same_process_hal_file
+ -vendor_app_file
+ -vendor_apex_file
+ -vendor_configs_file
+ -vendor_service_contexts_file
+ -vendor_framework_file
+ -vendor_idc_file
+ -vendor_keychars_file
+ -vendor_keylayout_file
+ -vendor_overlay_file
+ -vendor_public_lib_file
+ -vendor_task_profiles_file
+ -vndk_sp_file
+ }:file *;
+')
+
+full_treble_only(`
+ # Do not allow vendor components access to /system files except for the
+ # ones whitelisted here.
+ neverallow {
+ domain
+ -appdomain
+ -coredomain
+ -vendor_executes_system_violators
+ # vendor_init needs access to init_exec for domain transition. vendor_init
+ # neverallows are covered in public/vendor_init.te
+ -vendor_init
+ } {
+ system_file_type
+ -crash_dump_exec
+ -file_contexts_file
+ -iorap_inode2filename_exec
+ -netutils_wrapper_exec
+ -property_contexts_file
+ -system_event_log_tags_file
+ -system_group_file
+ -system_lib_file
+ with_asan(`-system_asan_options_file')
+ -system_linker_exec
+ -system_linker_config_file
+ -system_passwd_file
+ -system_seccomp_policy_file
+ -system_security_cacerts_file
+ -system_zoneinfo_file
+ -task_profiles_file
+ userdebug_or_eng(`-tcpdump_exec')
+ }:file *;
+')
+
+# Only system_server should be able to send commands via the zygote socket
+neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto;
+neverallow { domain -system_server } zygote_socket:sock_file write;
+
+neverallow { domain -system_server -webview_zygote -app_zygote } webview_zygote:unix_stream_socket connectto;
+neverallow { domain -system_server } webview_zygote:sock_file write;
+neverallow { domain -system_server } app_zygote:sock_file write;
+
+neverallow {
+ domain
+ -tombstoned
+ -crash_dump
+ -dumpstate
+ -incidentd
+ -system_server
+
+ # Processes that can't exec crash_dump
+ -hal_codec2_server
+ -hal_omx_server
+ -mediaextractor
+} tombstoned_crash_socket:unix_stream_socket connectto;
+
+# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
+# the tombstoned intercept socket.
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write;
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
+
+# Android does not support System V IPCs.
+#
+# The reason for this is due to the fact that, by design, they lead to global
+# kernel resource leakage.
+#
+# For example, there is no way to automatically release a SysV semaphore
+# allocated in the kernel when:
+#
+# - a buggy or malicious process exits
+# - a non-buggy and non-malicious process crashes or is explicitly killed.
+#
+# Killing processes automatically to make room for new ones is an
+# important part of Android's application lifecycle implementation. This means
+# that, even assuming only non-buggy and non-malicious code, it is very likely
+# that over time, the kernel global tables used to implement SysV IPCs will fill
+# up.
+neverallow * *:{ shm sem msg msgq } *;
+
+# Do not mount on top of symlinks, fifos, or sockets.
+# Feature parity with Chromium LSM.
+neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
+
+# Nobody should be able to execute su on user builds.
+# On userdebug/eng builds, only dumpstate, shell, and
+# su itself execute su.
+neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms;
+
+# Do not allow the introduction of new execmod rules. Text relocations
+# and modification of executable pages are unsafe.
+# The only exceptions are for NDK text relocations associated with
+# https://code.google.com/p/android/issues/detail?id=23203
+# which, long term, need to go away.
+neverallow * {
+ file_type
+ -apk_data_file
+ -app_data_file
+ -asec_public_file
+}:file execmod;
+
+# Do not allow making the stack or heap executable.
+# We would also like to minimize execmem but it seems to be
+# required by some device-specific service domains.
+neverallow * self:process { execstack execheap };
+
+# Do not allow the introduction of new execmod rules. Text relocations
+# and modification of executable pages are unsafe.
+neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod;
+
+neverallow { domain -init } proc:{ file dir } mounton;
+
+# Ensure that all types assigned to processes are included
+# in the domain attribute, so that all allow and neverallow rules
+# written on domain are applied to all processes.
+# This is achieved by ensuring that it is impossible to transition
+# from a domain to a non-domain type and vice versa.
+# TODO - rework this: neverallow domain ~domain:process { transition dyntransition };
+neverallow ~domain domain:process { transition dyntransition };
+
+#
+# Only system_app and system_server should be creating or writing
+# their files. The proper way to share files is to setup
+# type transitions to a more specific type or assigning a type
+# to its parent directory via a file_contexts entry.
+# Example type transition:
+# mydomain.te:file_type_auto_trans(mydomain, system_data_file, new_file_type)
+#
+neverallow {
+ domain
+ -system_server
+ -system_app
+ -init
+ -toolbox # TODO(b/141108496) We want to remove toolbox
+ -installd # for relabelfrom and unlink, check for this in explicit neverallow
+ -vold_prepare_subdirs # For unlink
+ with_asan(`-asan_extract')
+} system_data_file:file no_w_file_perms;
+# do not grant anything greater than r_file_perms and relabelfrom unlink
+# to installd
+neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink };
+
+# respect system_app sandboxes
+neverallow {
+ domain
+ -appdomain # finer-grained rules for appdomain are listed below
+ -system_server #populate com.android.providers.settings/databases/settings.db.
+ -installd # creation of app sandbox
+ -iorap_inode2filename
+ -traced_probes # resolve inodes for i/o tracing.
+ # only needs open and read, the rest is neverallow in
+ # traced_probes.te.
+} system_app_data_file:dir_file_class_set { create unlink open };
+neverallow {
+ isolated_app
+ untrusted_app_all # finer-grained rules for appdomain are listed below
+ ephemeral_app
+ priv_app
+} system_app_data_file:dir_file_class_set { create unlink open };
+
+#
+# Only these domains should transition to shell domain. This domain is
+# permissible for the "shell user". If you need a process to exec a shell
+# script with differing privilege, define a domain and set up a transition.
+#
+neverallow {
+ domain
+ -adbd
+ -init
+ -runas
+ -zygote
+} shell:process { transition dyntransition };
+
+# Only domains spawned from zygote, runas and simpleperf_app_runner may have
+# the appdomain attribute. simpleperf is excluded as a domain transitioned to
+# when running an app-scoped profiling session.
+neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } {
+ appdomain -shell -simpleperf userdebug_or_eng(`-su')
+}:process { transition dyntransition };
+
+# Minimize read access to shell- or app-writable symlinks.
+# This is to prevent malicious symlink attacks.
+neverallow {
+ domain
+ -appdomain
+ -installd
+} { app_data_file privapp_data_file }:lnk_file read;
+
+neverallow {
+ domain
+ -shell
+ userdebug_or_eng(`-uncrypt')
+ -installd
+} shell_data_file:lnk_file read;
+
+# In addition to the symlink reading restrictions above, restrict
+# write access to shell owned directories. The /data/local/tmp
+# directory is untrustworthy, and non-whitelisted domains should
+# not be trusting any content in those directories.
+neverallow {
+ domain
+ -adbd
+ -dumpstate
+ -installd
+ -init
+ -shell
+ -vold
+} shell_data_file:dir no_w_dir_perms;
+
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -dumpstate
+ -init
+ -installd
+ -simpleperf_app_runner
+ -system_server # why?
+ userdebug_or_eng(`-uncrypt')
+} shell_data_file:dir { open search };
+
+# Same as above for /data/local/tmp files. We allow shell files
+# to be passed around by file descriptor, but not directly opened.
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -dumpstate
+ -installd
+ userdebug_or_eng(`-uncrypt')
+} shell_data_file:file open;
+
+# servicemanager and vndservicemanager are the only processes which handle the
+# service_manager list request
+neverallow * ~{
+ servicemanager
+ vndservicemanager
+ }:service_manager list;
+
+# hwservicemanager is the only process which handles hw list requests
+neverallow * ~{
+ hwservicemanager
+ }:hwservice_manager list;
+
+# only service_manager_types can be added to service_manager
+# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find };
+
+# Prevent assigning non property types to properties
+# TODO - rework this: neverallow * ~property_type:property_service set;
+
+# Domain types should never be assigned to any files other
+# than the /proc/pid files associated with a process. The
+# executable file used to enter a domain should be labeled
+# with its own _exec type, not with the domain type.
+# Conventionally, this looks something like:
+# $ cat mydaemon.te
+# type mydaemon, domain;
+# type mydaemon_exec, exec_type, file_type;
+# init_daemon_domain(mydaemon)
+# $ grep mydaemon file_contexts
+# /system/bin/mydaemon -- u:object_r:mydaemon_exec:s0
+neverallow * domain:file { execute execute_no_trans entrypoint };
+
+# Do not allow access to the generic debugfs label. This is too broad.
+# Instead, if access to part of debugfs is desired, it should have a
+# more specific label.
+# TODO: fix dumpstate
+neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no_rw_file_perms;
+
+# Do not allow executable files in debugfs.
+neverallow domain debugfs_type:file { execute execute_no_trans };
+
+# Don't allow access to the FUSE control filesystem, except to vold and init's
+neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
+
+# Profiles contain untrusted data and profman parses that. We should only run
+# in from installd forked processes.
+neverallow {
+ domain
+ -installd
+ -profman
+} profman_exec:file no_x_file_perms;
+
+# Enforce restrictions on kernel module origin.
+# Do not allow kernel module loading except from system,
+# vendor, and boot partitions.
+neverallow * ~{ system_file_type vendor_file_type rootfs }:system module_load;
+
+# Only allow filesystem caps to be set at build time. Runtime changes
+# to filesystem capabilities are not permitted.
+neverallow * self:global_capability_class_set setfcap;
+
+# Enforce AT_SECURE for executing crash_dump.
+neverallow domain crash_dump:process noatsecure;
+
+# Do not permit non-core domains to register HwBinder services which are
+# guaranteed to be provided by core domains only.
+neverallow ~coredomain coredomain_hwservice:hwservice_manager add;
+
+# Do not permit the registeration of HwBinder services which are guaranteed to
+# be passthrough only (i.e., run in the process of their clients instead of a
+# separate server process).
+neverallow * same_process_hwservice:hwservice_manager add;
+
+# On TREBLE devices, most coredomains should not access vendor_files.
+# TODO(b/71553434): Remove exceptions here.
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain
+ -bootanim
+ -crash_dump
+ -heapprofd
+ -init
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -kernel
+ -traced_perf
+ -ueventd
+ } vendor_file:file { no_w_file_perms no_x_file_perms open };
+')
+
+# If an already existing file is opened with O_CREAT, the kernel might generate
+# a false report of a create denial. Silence these denials and make sure that
+# inappropriate permissions are not granted.
+
+# These filesystems don't allow files or directories to be created, so the permission
+# to do so should never be granted.
+neverallow domain {
+ proc_type
+ sysfs_type
+}:dir { add_name create link remove_name rename reparent rmdir write };
+
+# cgroupfs directories can be created, but not files within them.
+neverallow domain cgroup:file create;
+
+dontaudit domain proc_type:dir write;
+dontaudit domain sysfs_type:dir write;
+dontaudit domain cgroup:file create;
+
+# These are only needed in permissive mode - in enforcing mode the
+# directory write check fails and so these are never attempted.
+userdebug_or_eng(`
+ dontaudit domain proc_type:dir add_name;
+ dontaudit domain sysfs_type:dir add_name;
+ dontaudit domain proc_type:file create;
+ dontaudit domain sysfs_type:file create;
+')
+
+# Platform must not have access to /mnt/vendor.
+neverallow {
+ coredomain
+ -init
+ -ueventd
+ -vold
+ -system_writes_mnt_vendor_violators
+} mnt_vendor_file:dir *;
+
+# Only apps are allowed access to vendor public libraries.
+full_treble_only(`
+ neverallow {
+ coredomain
+ -appdomain
+ } vendor_public_lib_file:file { execute execute_no_trans };
+')
+
+# Vendor domian must not have access to /mnt/product.
+neverallow {
+ domain
+ -coredomain
+} mnt_product_file:dir *;
+
+# Platform must not have access to sysfs_batteryinfo, but should do it via health HAL and healthd
+full_treble_only(`
+ neverallow {
+ coredomain
+ -healthd
+ -shell
+ # Generate uevents for health info
+ -ueventd
+ # Recovery uses health HAL passthrough implementation.
+ -recovery
+ # Charger uses health HAL passthrough implementation.
+ -charger
+ # TODO(b/110891300): remove this exception
+ -incidentd
+ } sysfs_batteryinfo:file { open read };
+')
+
+neverallow {
+ domain
+ -hal_codec2_server
+ -hal_omx_server
+} hal_codec2_hwservice:hwservice_manager add;
+
+# Only apps targetting < Q are allowed to open /dev/ashmem directly.
+# Apps must use ASharedMemory NDK API. Native code must use libcutils API.
+neverallow {
+ domain
+ -ephemeral_app # We don't distinguish ephemeral apps based on target API.
+ -untrusted_app_25
+ -untrusted_app_27
+} ashmem_device:chr_file open;
diff --git a/prebuilts/api/30.0/public/drmserver.te b/prebuilts/api/30.0/public/drmserver.te
new file mode 100644
index 0000000..e2c6638
--- /dev/null
+++ b/prebuilts/api/30.0/public/drmserver.te
@@ -0,0 +1,62 @@
+# drmserver - DRM service
+type drmserver, domain;
+type drmserver_exec, system_file_type, exec_type, file_type;
+
+typeattribute drmserver mlstrustedsubject;
+
+net_domain(drmserver)
+
+# Perform Binder IPC to system server.
+binder_use(drmserver)
+binder_call(drmserver, system_server)
+binder_call(drmserver, appdomain)
+binder_call(drmserver, mediametrics)
+binder_service(drmserver)
+# Inherit or receive open files from system_server.
+allow drmserver system_server:fd use;
+
+# Perform Binder IPC to mediaserver
+binder_call(drmserver, mediaserver)
+
+allow drmserver sdcard_type:dir search;
+allow drmserver drm_data_file:dir create_dir_perms;
+allow drmserver drm_data_file:file create_file_perms;
+allow drmserver { app_data_file privapp_data_file }:file { read write getattr map };
+allow drmserver sdcard_type:file { read write getattr map };
+r_dir_file(drmserver, efs_file)
+
+type drmserver_socket, file_type;
+
+# /data/app/tlcd_sock socket file.
+# Clearly, /data/app is the most logical place to create a socket. Not.
+allow drmserver apk_data_file:dir rw_dir_perms;
+allow drmserver drmserver_socket:sock_file create_file_perms;
+# Delete old socket file if present.
+allow drmserver apk_data_file:sock_file unlink;
+
+# After taking a video, drmserver looks at the video file.
+r_dir_file(drmserver, media_rw_data_file)
+
+# Read resources from open apk files passed over Binder.
+allow drmserver apk_data_file:file { read getattr map };
+allow drmserver asec_apk_file:file { read getattr map };
+allow drmserver ringtone_file:file { read getattr map };
+
+# Read /data/data/com.android.providers.telephony files passed over Binder.
+allow drmserver radio_data_file:file { read getattr map };
+
+# /oem access
+allow drmserver oemfs:dir search;
+allow drmserver oemfs:file r_file_perms;
+
+# overlay package access
+allow drmserver vendor_overlay_file:file { read map };
+
+add_service(drmserver, drmserver_service)
+allow drmserver permission_service:service_manager find;
+allow drmserver mediametrics_service:service_manager find;
+
+selinux_check_access(drmserver)
+
+r_dir_file(drmserver, cgroup)
+r_dir_file(drmserver, system_file)
diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te
new file mode 100644
index 0000000..8d99a3c
--- /dev/null
+++ b/prebuilts/api/30.0/public/dumpstate.te
@@ -0,0 +1,360 @@
+# dumpstate
+type dumpstate, domain, mlstrustedsubject;
+type dumpstate_exec, system_file_type, exec_type, file_type;
+
+net_domain(dumpstate)
+binder_use(dumpstate)
+wakelock_use(dumpstate)
+
+# Allow setting process priority, protect from OOM killer, and dropping
+# privileges by switching UID / GID
+allow dumpstate self:global_capability_class_set { setuid setgid sys_resource };
+
+# Allow dumpstate to scan through /proc/pid for all processes
+r_dir_file(dumpstate, domain)
+
+allow dumpstate self:global_capability_class_set {
+ # Send signals to processes
+ kill
+ # Run iptables
+ net_raw
+ net_admin
+};
+
+# Allow executing files on system, such as:
+# /system/bin/toolbox
+# /system/bin/logcat
+# /system/bin/dumpsys
+allow dumpstate system_file:file execute_no_trans;
+not_full_treble(`allow dumpstate vendor_file:file execute_no_trans;')
+allow dumpstate toolbox_exec:file rx_file_perms;
+
+# hidl searches for files in /system/lib(64)/hw/
+allow dumpstate system_file:dir r_dir_perms;
+
+# Create and write into /data/anr/
+allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid };
+allow dumpstate anr_data_file:dir rw_dir_perms;
+allow dumpstate anr_data_file:file create_file_perms;
+
+# Allow reading /data/system/uiderrors.txt
+# TODO: scope this down.
+allow dumpstate system_data_file:file r_file_perms;
+
+# Allow dumpstate to append into privileged apps private files.
+allow dumpstate privapp_data_file:file append;
+
+# Read dmesg
+allow dumpstate self:global_capability2_class_set syslog;
+allow dumpstate kernel:system syslog_read;
+
+# Read /sys/fs/pstore/console-ramoops
+allow dumpstate pstorefs:dir r_dir_perms;
+allow dumpstate pstorefs:file r_file_perms;
+
+# Get process attributes
+allow dumpstate domain:process getattr;
+
+# Signal java processes to dump their stack
+allow dumpstate { appdomain system_server zygote }:process signal;
+
+# Signal native processes to dump their stack.
+allow dumpstate {
+ # This list comes from native_processes_to_dump in dumputils/dump_utils.c
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediadrmserver
+ mediaextractor
+ mediametrics
+ mediaserver
+ mediaswcodec
+ sdcardd
+ surfaceflinger
+ vold
+
+ # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
+ hal_audio_server
+ hal_bluetooth_server
+ hal_camera_server
+ hal_codec2_server
+ hal_drm_server
+ hal_face_server
+ hal_fingerprint_server
+ hal_graphics_allocator_server
+ hal_graphics_composer_server
+ hal_health_server
+ hal_neuralnetworks_server
+ hal_omx_server
+ hal_power_server
+ hal_power_stats_server
+ hal_sensors_server
+ hal_thermal_server
+ hal_vr_server
+ system_suspend_server
+}:process signal;
+
+# Connect to tombstoned to intercept dumps.
+unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned)
+
+# Access to /sys
+allow dumpstate sysfs_type:dir r_dir_perms;
+
+allow dumpstate {
+ sysfs_devices_block
+ sysfs_dm
+ sysfs_loop
+ sysfs_usb
+ sysfs_zram
+}:file r_file_perms;
+
+# Other random bits of data we want to collect
+allow dumpstate debugfs:file r_file_perms;
+auditallow dumpstate debugfs:file r_file_perms;
+
+allow dumpstate debugfs_mmc:file r_file_perms;
+
+# df for
+allow dumpstate {
+ block_device
+ cache_file
+ metadata_file
+ rootfs
+ selinuxfs
+ storage_file
+ tmpfs
+}:dir { search getattr };
+allow dumpstate fuse_device:chr_file getattr;
+allow dumpstate { dm_device cache_block_device }:blk_file getattr;
+allow dumpstate { cache_file rootfs }:lnk_file { getattr read };
+
+# Read /dev/cpuctl and /dev/cpuset
+r_dir_file(dumpstate, cgroup)
+
+# Allow dumpstate to make binder calls to any binder service
+binder_call(dumpstate, binderservicedomain)
+binder_call(dumpstate, { appdomain netd wificond })
+
+dump_hal(hal_identity)
+dump_hal(hal_dumpstate)
+dump_hal(hal_wifi)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_neuralnetworks)
+# Vibrate the device after we are done collecting the bugreport
+hal_client_domain(dumpstate, hal_vibrator)
+
+# Reading /proc/PID/maps of other processes
+allow dumpstate self:global_capability_class_set sys_ptrace;
+
+# Allow the bugreport service to create a file in
+# /data/data/com.android.shell/files/bugreports/bugreport
+allow dumpstate shell_data_file:dir create_dir_perms;
+allow dumpstate shell_data_file:file create_file_perms;
+
+# Run a shell.
+allow dumpstate shell_exec:file rx_file_perms;
+
+# For running am and similar framework commands.
+# Run /system/bin/app_process.
+allow dumpstate zygote_exec:file rx_file_perms;
+
+# For Bluetooth
+allow dumpstate bluetooth_data_file:dir search;
+allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
+allow dumpstate bluetooth_logs_data_file:file r_file_perms;
+
+# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
+allow dumpstate gpu_device:chr_file rw_file_perms;
+
+# logd access
+read_logd(dumpstate)
+control_logd(dumpstate)
+read_runtime_log_tags(dumpstate)
+
+# Read files in /proc
+allow dumpstate {
+ proc_buddyinfo
+ proc_cmdline
+ proc_meminfo
+ proc_modules
+ proc_net_type
+ proc_pipe_conf
+ proc_pagetypeinfo
+ proc_qtaguid_ctrl
+ proc_qtaguid_stat
+ proc_slabinfo
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat
+}:file r_file_perms;
+
+# Read network state info files.
+allow dumpstate net_data_file:dir search;
+allow dumpstate net_data_file:file r_file_perms;
+
+# List sockets via ss.
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
+
+# Access /data/tombstones.
+allow dumpstate tombstone_data_file:dir r_dir_perms;
+allow dumpstate tombstone_data_file:file r_file_perms;
+
+# Access /cache/recovery
+allow dumpstate cache_recovery_file:dir r_dir_perms;
+allow dumpstate cache_recovery_file:file r_file_perms;
+
+# Access /data/misc/recovery
+allow dumpstate recovery_data_file:dir r_dir_perms;
+allow dumpstate recovery_data_file:file r_file_perms;
+
+#Access /data/misc/update_engine_log
+allow dumpstate update_engine_log_data_file:dir r_dir_perms;
+allow dumpstate update_engine_log_data_file:file r_file_perms;
+
+# Access /data/misc/profiles/{cur,ref}/
+userdebug_or_eng(`
+ allow dumpstate user_profile_data_file:dir r_dir_perms;
+ allow dumpstate user_profile_data_file:file r_file_perms;
+')
+
+# Access /data/misc/logd
+allow dumpstate misc_logd_file:dir r_dir_perms;
+allow dumpstate misc_logd_file:file r_file_perms;
+
+# Access /data/misc/prereboot
+allow dumpstate prereboot_data_file:dir r_dir_perms;
+allow dumpstate prereboot_data_file:file r_file_perms;
+
+allow dumpstate app_fuse_file:dir r_dir_perms;
+allow dumpstate overlayfs_file:dir r_dir_perms;
+
+allow dumpstate {
+ service_manager_type
+ -apex_service
+ -dumpstate_service
+ -gatekeeper_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+ -default_android_service
+}:service_manager find;
+# suppress denials for services dumpstate should not be accessing.
+dontaudit dumpstate {
+ apex_service
+ dumpstate_service
+ gatekeeper_service
+ virtual_touchpad_service
+ vold_service
+ vr_hwc_service
+}:service_manager find;
+
+# Most of these are neverallowed.
+dontaudit dumpstate hwservice_manager_type:hwservice_manager find;
+
+allow dumpstate servicemanager:service_manager list;
+allow dumpstate hwservicemanager:hwservice_manager list;
+
+allow dumpstate devpts:chr_file rw_file_perms;
+
+# Set properties.
+# dumpstate_prop is used to share state with the Shell app.
+set_prop(dumpstate, dumpstate_prop)
+set_prop(dumpstate, exported_dumpstate_prop)
+# dumpstate_options_prop is used to pass extra command-line args.
+set_prop(dumpstate, dumpstate_options_prop)
+
+# Read any system properties
+get_prop(dumpstate, property_type)
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow dumpstate media_rw_data_file:dir getattr;
+allow dumpstate proc_interrupts:file r_file_perms;
+allow dumpstate proc_zoneinfo:file r_file_perms;
+
+# Create a service for talking back to system_server
+add_service(dumpstate, dumpstate_service)
+
+# use /dev/ion for screen capture
+allow dumpstate ion_device:chr_file r_file_perms;
+
+# Allow dumpstate to run top
+allow dumpstate proc_stat:file r_file_perms;
+
+allow dumpstate proc_pressure_cpu:file r_file_perms;
+allow dumpstate proc_pressure_mem:file r_file_perms;
+allow dumpstate proc_pressure_io:file r_file_perms;
+
+# Allow dumpstate to talk to installd over binder
+binder_call(dumpstate, installd);
+
+# Allow dumpstate to talk to iorapd over binder.
+binder_call(dumpstate, iorapd)
+
+# Allow dumpstate to run ip xfrm policy
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+
+# Allow dumpstate to run iotop
+allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4) have a new class for sockets
+allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+# Allow dumpstate to run ss
+allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
+
+# Allow dumpstate to read linkerconfig directory
+allow dumpstate linkerconfig_file:dir { read open };
+
+# For when dumpstate runs df
+dontaudit dumpstate {
+ mnt_vendor_file
+ mirror_data_file
+ mnt_user_file
+}:dir search;
+dontaudit dumpstate {
+ apex_mnt_dir
+ linkerconfig_file
+ mirror_data_file
+ mnt_user_file
+}:dir getattr;
+
+# Allow dumpstate to talk to bufferhubd over binder
+binder_call(dumpstate, bufferhubd);
+
+# Allow dumpstate to talk to mediaswcodec over binder
+binder_call(dumpstate, mediaswcodec);
+
+# Allow dumpstate to talk to these stable AIDL services over binder
+binder_call(dumpstate, hal_rebootescrow_server)
+allow hal_rebootescrow_server dumpstate:fifo_file write;
+allow hal_rebootescrow_server dumpstate:fd use;
+
+# Allow dumpstate to kill vendor dumpstate service by init
+set_prop(dumpstate, ctl_dumpstate_prop)
+
+#Access /data/misc/snapshotctl_log
+allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
+allow dumpstate snapshotctl_log_data_file:file r_file_perms;
+
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs:dir r_dir_perms;
+allow dumpstate binderfs_logs:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
+# only system_server, dumpstate, traceur_app and shell can find the dumpstate service
+neverallow {
+ domain
+ -system_server
+ -shell
+ -traceur_app
+ -dumpstate
+} dumpstate_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/e2fs.te b/prebuilts/api/30.0/public/e2fs.te
new file mode 100644
index 0000000..dd5bd69
--- /dev/null
+++ b/prebuilts/api/30.0/public/e2fs.te
@@ -0,0 +1,26 @@
+type e2fs, domain, coredomain;
+type e2fs_exec, system_file_type, exec_type, file_type;
+
+allow e2fs devpts:chr_file { read write getattr ioctl };
+
+allow e2fs dev_type:blk_file getattr;
+allow e2fs block_device:dir search;
+allow e2fs userdata_block_device:blk_file rw_file_perms;
+allow e2fs metadata_block_device:blk_file rw_file_perms;
+allow e2fs dm_device:blk_file rw_file_perms;
+allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+
+allow e2fs {
+ proc_filesystems
+ proc_mounts
+ proc_swaps
+}:file r_file_perms;
+
+# access /sys/fs/ext4/features
+allow e2fs sysfs_fs_ext4_features:dir search;
+allow e2fs sysfs_fs_ext4_features:file r_file_perms;
+
+# access SELinux context files
+allow e2fs file_contexts_file:file r_file_perms;
diff --git a/prebuilts/api/30.0/public/ephemeral_app.te b/prebuilts/api/30.0/public/ephemeral_app.te
new file mode 100644
index 0000000..dc39a22
--- /dev/null
+++ b/prebuilts/api/30.0/public/ephemeral_app.te
@@ -0,0 +1,14 @@
+###
+### Ephemeral apps.
+###
+### This file defines the security policy for apps with the ephemeral
+### feature.
+###
+### The ephemeral_app domain is a reduced permissions sandbox allowing
+### ephemeral applications to be safely installed and run. Non ephemeral
+### applications may also opt-in to ephemeral to take advantage of the
+### additional security features.
+###
+### PackageManager flags an app as ephemeral at install time.
+
+type ephemeral_app, domain;
diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te
new file mode 100644
index 0000000..8787817
--- /dev/null
+++ b/prebuilts/api/30.0/public/fastbootd.te
@@ -0,0 +1,141 @@
+# fastbootd (used in recovery init.rc for /sbin/fastbootd)
+
+# Declare the domain unconditionally so we can always reference it
+# in neverallow rules.
+type fastbootd, domain;
+
+# But the allow rules are only included in the recovery policy.
+# Otherwise fastbootd is only allowed the domain rules.
+recovery_only(`
+ # fastbootd can only use HALs in passthrough mode
+ passthrough_hal_client_domain(fastbootd, hal_bootctl)
+
+ # Access /dev/usb-ffs/fastbootd/ep0
+ allow fastbootd functionfs:dir search;
+ allow fastbootd functionfs:file rw_file_perms;
+
+ allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
+ # Log to serial
+ allow fastbootd kmsg_device:chr_file { open getattr write };
+
+ # battery info
+ allow fastbootd sysfs_batteryinfo:file r_file_perms;
+
+ allow fastbootd device:dir r_dir_perms;
+
+ # Reboot the device
+ set_prop(fastbootd, powerctl_prop)
+
+ # Read serial number of the device from system properties
+ get_prop(fastbootd, serialno_prop)
+
+ # For dev/block/by-name dir
+ allow fastbootd block_device:dir r_dir_perms;
+
+ # Needed for DM_DEV_CREATE ioctl call
+ allow fastbootd self:capability sys_admin;
+
+ # Set sys.usb.ffs.ready.
+ set_prop(fastbootd, ffs_prop)
+ set_prop(fastbootd, exported_ffs_prop)
+
+ unix_socket_connect(fastbootd, recovery, recovery)
+
+ # Required for flashing
+ allow fastbootd dm_device:chr_file rw_file_perms;
+ allow fastbootd dm_device:blk_file rw_file_perms;
+
+ allow fastbootd cache_block_device:blk_file rw_file_perms;
+ allow fastbootd super_block_device_type:blk_file rw_file_perms;
+ allow fastbootd {
+ boot_block_device
+ metadata_block_device
+ system_block_device
+ userdata_block_device
+ }:blk_file { w_file_perms getattr ioctl };
+
+ # For disabling/wiping GSI, and for modifying/deleting files created via
+ # libfiemap.
+ allow fastbootd metadata_block_device:blk_file r_file_perms;
+ allow fastbootd {rootfs tmpfs}:dir mounton;
+ allow fastbootd metadata_file:dir { search getattr };
+ allow fastbootd gsi_metadata_file:dir rw_dir_perms;
+ allow fastbootd gsi_metadata_file:file create_file_perms;
+
+ allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+
+ allowxperm fastbootd {
+ metadata_block_device
+ userdata_block_device
+ dm_device
+ cache_block_device
+ }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
+
+ allow fastbootd misc_block_device:blk_file rw_file_perms;
+
+ allow fastbootd proc_cmdline:file r_file_perms;
+ allow fastbootd rootfs:dir r_dir_perms;
+
+ # Needed to read fstab node from device tree.
+ allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
+ allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
+
+ # Needed because libdm reads sysfs to validate when a dm path is ready.
+ r_dir_file(fastbootd, sysfs_dm)
+
+ # Needed for realpath() call to resolve symlinks.
+ allow fastbootd block_device:dir getattr;
+ userdebug_or_eng(`
+ # Refined manipulation of /mnt/scratch, without these perms resorts
+ # to deleting scratch partition when partition(s) are flashed.
+ allow fastbootd self:process setfscreate;
+ allow fastbootd cache_file:dir search;
+ allow fastbootd proc_filesystems:file { getattr open read };
+ allow fastbootd self:capability sys_rawio;
+ dontaudit fastbootd kernel:system module_request;
+ allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
+ allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
+ allow fastbootd {
+ system_file_type
+ unlabeled
+ vendor_file_type
+ }:dir { remove_name rmdir search write };
+ allow fastbootd {
+ overlayfs_file
+ system_file_type
+ unlabeled
+ vendor_file_type
+ }:{ file lnk_file } unlink;
+ allow fastbootd tmpfs:dir rw_dir_perms;
+ allow fastbootd labeledfs:filesystem { mount unmount };
+ get_prop(fastbootd, persistent_properties_ready_prop)
+ ')
+
+ # Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(fastbootd, gsid_prop)
+ allow fastbootd gsi_metadata_file:dir search;
+ allow fastbootd ota_metadata_file:dir rw_dir_perms;
+ allow fastbootd ota_metadata_file:file create_file_perms;
+
+ # Determine allocation scheme (whether B partitions needs to be
+ # at the second half of super.
+ get_prop(fastbootd, virtual_ab_prop)
+
+ # Needed for TCP protocol
+ allow fastbootd node:tcp_socket node_bind;
+ allow fastbootd port:tcp_socket name_bind;
+ allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
+
+ # Get fastbootd protocol property
+ get_prop(fastbootd, fastbootd_protocol_prop)
+')
+
+###
+### neverallow rules
+###
+
+# Write permission is required to wipe userdata
+# until recovery supports vold.
+neverallow fastbootd {
+ data_file_type
+}:file { no_x_file_perms };
diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te
new file mode 100644
index 0000000..91257e2
--- /dev/null
+++ b/prebuilts/api/30.0/public/file.te
@@ -0,0 +1,550 @@
+# Filesystem types
+type labeledfs, fs_type;
+type pipefs, fs_type;
+type sockfs, fs_type;
+type rootfs, fs_type;
+type proc, fs_type, proc_type;
+type binderfs, fs_type;
+type binderfs_logs, fs_type;
+type binderfs_logs_proc, fs_type;
+# Security-sensitive proc nodes that should not be writable to most.
+type proc_security, fs_type, proc_type;
+type proc_drop_caches, fs_type, proc_type;
+type proc_overcommit_memory, fs_type, proc_type;
+type proc_min_free_order_shift, fs_type, proc_type;
+type proc_kpageflags, fs_type, proc_type;
+# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
+type usermodehelper, fs_type, proc_type;
+type sysfs_usermodehelper, fs_type, sysfs_type;
+type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type;
+type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
+type proc_bluetooth_writable, fs_type, proc_type;
+type proc_abi, fs_type, proc_type;
+type proc_asound, fs_type, proc_type;
+type proc_buddyinfo, fs_type, proc_type;
+type proc_cmdline, fs_type, proc_type;
+type proc_cpuinfo, fs_type, proc_type;
+type proc_dirty, fs_type, proc_type;
+type proc_diskstats, fs_type, proc_type;
+type proc_extra_free_kbytes, fs_type, proc_type;
+type proc_filesystems, fs_type, proc_type;
+type proc_fs_verity, fs_type, proc_type;
+type proc_hostname, fs_type, proc_type;
+type proc_hung_task, fs_type, proc_type;
+type proc_interrupts, fs_type, proc_type;
+type proc_iomem, fs_type, proc_type;
+type proc_keys, fs_type, proc_type;
+type proc_kmsg, fs_type, proc_type;
+type proc_loadavg, fs_type, proc_type;
+type proc_lowmemorykiller, fs_type, proc_type;
+type proc_max_map_count, fs_type, proc_type;
+type proc_meminfo, fs_type, proc_type;
+type proc_misc, fs_type, proc_type;
+type proc_modules, fs_type, proc_type;
+type proc_mounts, fs_type, proc_type;
+type proc_net, fs_type, proc_type, proc_net_type;
+type proc_net_tcp_udp, fs_type, proc_type;
+type proc_page_cluster, fs_type, proc_type;
+type proc_pagetypeinfo, fs_type, proc_type;
+type proc_panic, fs_type, proc_type;
+type proc_perf, fs_type, proc_type;
+type proc_pid_max, fs_type, proc_type;
+type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
+type proc_random, fs_type, proc_type;
+type proc_sched, fs_type, proc_type;
+type proc_slabinfo, fs_type, proc_type;
+type proc_stat, fs_type, proc_type;
+type proc_swaps, fs_type, proc_type;
+type proc_sysrq, fs_type, proc_type;
+type proc_timer, fs_type, proc_type;
+type proc_tty_drivers, fs_type, proc_type;
+type proc_uid_cputime_showstat, fs_type, proc_type;
+type proc_uid_cputime_removeuid, fs_type, proc_type;
+type proc_uid_io_stats, fs_type, proc_type;
+type proc_uid_procstat_set, fs_type, proc_type;
+type proc_uid_time_in_state, fs_type, proc_type;
+type proc_uid_concurrent_active_time, fs_type, proc_type;
+type proc_uid_concurrent_policy_time, fs_type, proc_type;
+type proc_uid_cpupower, fs_type, proc_type;
+type proc_uptime, fs_type, proc_type;
+type proc_version, fs_type, proc_type;
+type proc_vmallocinfo, fs_type, proc_type;
+type proc_vmstat, fs_type, proc_type;
+type proc_zoneinfo, fs_type, proc_type;
+type selinuxfs, fs_type, mlstrustedobject;
+type fusectlfs, fs_type;
+type cgroup, fs_type, mlstrustedobject;
+type cgroup_bpf, fs_type;
+type sysfs, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_android_usb, fs_type, sysfs_type;
+type sysfs_uio, sysfs_type, fs_type;
+type sysfs_batteryinfo, fs_type, sysfs_type;
+type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_devices_block, fs_type, sysfs_type;
+type sysfs_dm, fs_type, sysfs_type;
+type sysfs_dm_verity, fs_type, sysfs_type;
+type sysfs_dt_firmware_android, fs_type, sysfs_type;
+type sysfs_extcon, fs_type, sysfs_type;
+type sysfs_ion, fs_type, sysfs_type;
+type sysfs_ipv4, fs_type, sysfs_type;
+type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_leds, fs_type, sysfs_type;
+type sysfs_loop, fs_type, sysfs_type;
+type sysfs_hwrandom, fs_type, sysfs_type;
+type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_wake_lock, fs_type, sysfs_type;
+type sysfs_net, fs_type, sysfs_type;
+type sysfs_power, fs_type, sysfs_type;
+type sysfs_rtc, fs_type, sysfs_type;
+type sysfs_suspend_stats, fs_type, sysfs_type;
+type sysfs_switch, fs_type, sysfs_type;
+type sysfs_transparent_hugepage, fs_type, sysfs_type;
+type sysfs_usb, fs_type, sysfs_type;
+type sysfs_wakeup, fs_type, sysfs_type;
+type sysfs_wakeup_reasons, fs_type, sysfs_type;
+type sysfs_fs_ext4_features, sysfs_type, fs_type;
+type sysfs_fs_f2fs, sysfs_type, fs_type;
+type fs_bpf, fs_type;
+type configfs, fs_type;
+# /sys/devices/system/cpu
+type sysfs_devices_system_cpu, fs_type, sysfs_type;
+# /sys/module/lowmemorykiller
+type sysfs_lowmemorykiller, fs_type, sysfs_type;
+# /sys/module/wlan/parameters/fwpath
+type sysfs_wlan_fwpath, fs_type, sysfs_type;
+type sysfs_vibrator, fs_type, sysfs_type;
+
+type sysfs_thermal, sysfs_type, fs_type;
+
+type sysfs_zram, fs_type, sysfs_type;
+type sysfs_zram_uevent, fs_type, sysfs_type;
+type inotify, fs_type, mlstrustedobject;
+type devpts, fs_type, mlstrustedobject;
+type tmpfs, fs_type;
+type shm, fs_type;
+type mqueue, fs_type;
+type fuse, sdcard_type, fs_type, mlstrustedobject;
+type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
+type vfat, sdcard_type, fs_type, mlstrustedobject;
+type exfat, sdcard_type, fs_type, mlstrustedobject;
+type debugfs, fs_type, debugfs_type;
+type debugfs_kprobes, fs_type, debugfs_type;
+type debugfs_mmc, fs_type, debugfs_type;
+type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
+type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
+type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject;
+type debugfs_tracing_instances, fs_type, debugfs_type;
+type debugfs_wakeup_sources, fs_type, debugfs_type;
+type debugfs_wifi_tracing, fs_type, debugfs_type;
+type securityfs, fs_type;
+
+type pstorefs, fs_type;
+type functionfs, fs_type, mlstrustedobject;
+type oemfs, fs_type, contextmount_type;
+type usbfs, fs_type;
+type binfmt_miscfs, fs_type;
+type app_fusefs, fs_type, contextmount_type;
+
+# File types
+type unlabeled, file_type;
+
+# Default type for anything under /system.
+type system_file, system_file_type, file_type;
+# Default type for /system/asan.options
+type system_asan_options_file, system_file_type, file_type;
+# Type for /system/etc/event-log-tags (liblog implementation detail)
+type system_event_log_tags_file, system_file_type, file_type;
+# Default type for anything under /system/lib[64].
+type system_lib_file, system_file_type, file_type;
+# system libraries that are available only to bootstrap processes
+type system_bootstrap_lib_file, system_file_type, file_type;
+# Default type for the group file /system/etc/group.
+type system_group_file, system_file_type, file_type;
+# Default type for linker executable /system/bin/linker[64].
+type system_linker_exec, system_file_type, file_type;
+# Default type for linker config /system/etc/ld.config.*.
+type system_linker_config_file, system_file_type, file_type;
+# Default type for the passwd file /system/etc/passwd.
+type system_passwd_file, system_file_type, file_type;
+# Default type for linker config /system/etc/seccomp_policy/*.
+type system_seccomp_policy_file, system_file_type, file_type;
+# Default type for cacerts in /system/etc/security/cacerts/*.
+type system_security_cacerts_file, system_file_type, file_type;
+# Default type for /system/bin/tcpdump.
+type tcpdump_exec, system_file_type, exec_type, file_type;
+# Default type for zoneinfo files in /system/usr/share/zoneinfo/*.
+type system_zoneinfo_file, system_file_type, file_type;
+# Cgroups description file under /system/etc/cgroups.json
+type cgroup_desc_file, system_file_type, file_type;
+# Vendor cgroups description file under /vendor/etc/cgroups.json
+type vendor_cgroup_desc_file, vendor_file_type, file_type;
+# Task profiles file under /system/etc/task_profiles.json
+type task_profiles_file, system_file_type, file_type;
+# Vendor task profiles file under /vendor/etc/task_profiles.json
+type vendor_task_profiles_file, vendor_file_type, file_type;
+# Type for /system/apex/com.android.art
+type art_apex_dir, system_file_type, file_type;
+# /linkerconfig(/.*)?
+type linkerconfig_file, file_type;
+# Control files under /data/incremental
+type incremental_control_file, file_type, data_file_type, core_data_file_type;
+
+# Default type for directories search for
+# HAL implementations
+type vendor_hal_file, vendor_file_type, file_type;
+# Default type for under /vendor or /system/vendor
+type vendor_file, vendor_file_type, file_type;
+# Default type for everything in /vendor/app
+type vendor_app_file, vendor_file_type, file_type;
+# Default type for everything under /vendor/etc/
+type vendor_configs_file, vendor_file_type, file_type;
+# Default type for all *same process* HALs and their lib/bin dependencies.
+# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so
+type same_process_hal_file, vendor_file_type, file_type;
+# Default type for vndk-sp libs. /vendor/lib/vndk-sp
+type vndk_sp_file, vendor_file_type, file_type;
+# Default type for everything in /vendor/framework
+type vendor_framework_file, vendor_file_type, file_type;
+# Default type for everything in /vendor/overlay
+type vendor_overlay_file, vendor_file_type, file_type;
+# Type for all vendor public libraries. These libs should only be exposed to
+# apps. ABI stability of these libs is vendor's responsibility.
+type vendor_public_lib_file, vendor_file_type, file_type;
+
+# Input configuration
+type vendor_keylayout_file, vendor_file_type, file_type;
+type vendor_keychars_file, vendor_file_type, file_type;
+type vendor_idc_file, vendor_file_type, file_type;
+
+# /metadata partition itself
+type metadata_file, file_type;
+# Vold files within /metadata
+type vold_metadata_file, file_type;
+# GSI files within /metadata
+type gsi_metadata_file, file_type;
+# system_server shares Weaver slot information in /metadata
+type password_slot_metadata_file, file_type;
+# APEX files within /metadata
+type apex_metadata_file, file_type;
+# libsnapshot files within /metadata
+type ota_metadata_file, file_type;
+# property files within /metadata/bootstat
+type metadata_bootstat_file, file_type;
+# Staged install files within /metadata/staged-install
+type staged_install_file, file_type;
+
+# Type for /dev/cpu_variant:.*.
+type dev_cpu_variant, file_type;
+# Speedup access for trusted applications to the runtime event tags
+type runtime_event_log_tags_file, file_type;
+# Type for /system/bin/logcat.
+type logcat_exec, system_file_type, exec_type, file_type;
+# Speedup access to cgroup map file
+type cgroup_rc_file, file_type;
+# /cores for coredumps on userdebug / eng builds
+type coredump_file, file_type;
+# Type of /data itself
+type system_data_root_file, file_type, data_file_type, core_data_file_type;
+# Default type for anything under /data.
+type system_data_file, file_type, data_file_type, core_data_file_type;
+# Type for /data/system/packages.list.
+# TODO(b/129332765): Narrow down permissions to this.
+# Find out users of system_data_file that should be granted only this.
+type packages_list_file, file_type, data_file_type, core_data_file_type;
+# Default type for anything under /data/vendor{_ce,_de}.
+type vendor_data_file, file_type, data_file_type;
+# Unencrypted data
+type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
+# installd-create files in /data/misc/installd such as layout_version
+type install_data_file, file_type, data_file_type, core_data_file_type;
+# /data/drm - DRM plugin data
+type drm_data_file, file_type, data_file_type, core_data_file_type;
+# /data/adb - adb debugging files
+type adb_data_file, file_type, data_file_type, core_data_file_type;
+# /data/anr - ANR traces
+type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/tombstones - core dumps
+type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/vendor/tombstones/wifi - vendor wifi dumps
+type tombstone_wifi_data_file, file_type, data_file_type;
+# /data/apex - APEX data files
+type apex_data_file, file_type, data_file_type, core_data_file_type;
+# /data/app - user-installed apps
+type apk_data_file, file_type, data_file_type, core_data_file_type;
+type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/app-private - forward-locked apps
+type apk_private_data_file, file_type, data_file_type, core_data_file_type;
+type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/dalvik-cache
+type dalvikcache_data_file, file_type, data_file_type, core_data_file_type;
+# /data/ota
+type ota_data_file, file_type, data_file_type, core_data_file_type;
+# /data/ota_package
+type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/misc/profiles
+type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/misc/profman
+type profman_dump_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/prereboot
+type prereboot_data_file, file_type, data_file_type, core_data_file_type;
+# /data/resource-cache
+type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
+# /data/local - writable by shell
+type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/property
+type property_data_file, file_type, data_file_type, core_data_file_type;
+# /data/bootchart
+type bootchart_data_file, file_type, data_file_type, core_data_file_type;
+# /data/system/dropbox
+type dropbox_data_file, file_type, data_file_type, core_data_file_type;
+# /data/system/heapdump
+type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/nativetest
+type nativetest_data_file, file_type, data_file_type, core_data_file_type;
+# /data/system_de/0/ringtones
+type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/preloads
+type preloads_data_file, file_type, data_file_type, core_data_file_type;
+# /data/preloads/media
+type preloads_media_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/dhcp and /data/misc/dhcp-6.8.2
+type dhcp_data_file, file_type, data_file_type, core_data_file_type;
+# /data/server_configurable_flags
+type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type;
+# /data/app-staging
+type staging_data_file, file_type, data_file_type, core_data_file_type;
+# /vendor/apex
+type vendor_apex_file, vendor_file_type, file_type;
+
+# Mount locations managed by vold
+type mnt_media_rw_file, file_type;
+type mnt_user_file, file_type;
+type mnt_pass_through_file, file_type;
+type mnt_expand_file, file_type;
+type mnt_sdcard_file, file_type;
+type storage_file, file_type;
+
+# Label for storage dirs which are just mount stubs
+type mnt_media_rw_stub_file, file_type;
+type storage_stub_file, file_type;
+
+# Mount location for read-write vendor partitions.
+type mnt_vendor_file, file_type;
+
+# Mount location for read-write product partitions.
+type mnt_product_file, file_type;
+
+# Mount point used for APEX images
+type apex_mnt_dir, file_type;
+
+# /postinstall: Mount point used by update_engine to run postinstall.
+type postinstall_mnt_dir, file_type;
+# Files inside the /postinstall mountpoint are all labeled as postinstall_file.
+type postinstall_file, file_type;
+# /postinstall/apex: Mount point used for APEX images within /postinstall.
+type postinstall_apex_mnt_dir, file_type;
+
+# /data_mirror: Contains mirror directory for storing all apps data.
+type mirror_data_file, file_type, core_data_file_type;
+
+# /data/misc subdirectories
+type adb_keys_file, file_type, data_file_type, core_data_file_type;
+type apex_module_data_file, file_type, data_file_type, core_data_file_type;
+type apex_permission_data_file, file_type, data_file_type, core_data_file_type;
+type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
+type apex_wifi_data_file, file_type, data_file_type, core_data_file_type;
+type audio_data_file, file_type, data_file_type, core_data_file_type;
+type audioserver_data_file, file_type, data_file_type, core_data_file_type;
+type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
+type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type;
+type bootstat_data_file, file_type, data_file_type, core_data_file_type;
+type boottrace_data_file, file_type, data_file_type, core_data_file_type;
+type camera_data_file, file_type, data_file_type, core_data_file_type;
+type credstore_data_file, file_type, data_file_type, core_data_file_type;
+type gatekeeper_data_file, file_type, data_file_type, core_data_file_type;
+type incident_data_file, file_type, data_file_type, core_data_file_type;
+type keychain_data_file, file_type, data_file_type, core_data_file_type;
+type keystore_data_file, file_type, data_file_type, core_data_file_type;
+type media_data_file, file_type, data_file_type, core_data_file_type;
+type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+type misc_user_data_file, file_type, data_file_type, core_data_file_type;
+type net_data_file, file_type, data_file_type, core_data_file_type;
+type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
+type nfc_data_file, file_type, data_file_type, core_data_file_type;
+type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+type recovery_data_file, file_type, data_file_type, core_data_file_type;
+type shared_relro_file, file_type, data_file_type, core_data_file_type;
+type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type;
+type stats_data_file, file_type, data_file_type, core_data_file_type;
+type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
+type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
+type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+type vpn_data_file, file_type, data_file_type, core_data_file_type;
+type wifi_data_file, file_type, data_file_type, core_data_file_type;
+type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
+type vold_data_file, file_type, data_file_type, core_data_file_type;
+type iorapd_data_file, file_type, data_file_type, core_data_file_type;
+type tee_data_file, file_type, data_file_type;
+type update_engine_data_file, file_type, data_file_type, core_data_file_type;
+type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/trace for method traces on userdebug / eng builds
+type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+type gsi_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/data subdirectories - app sandboxes
+type app_data_file, file_type, data_file_type, core_data_file_type;
+# /data/data subdirectories - priv-app sandboxes
+type privapp_data_file, file_type, data_file_type, core_data_file_type;
+# /data/data subdirectory for system UID apps.
+type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Compatibility with type name used in Android 4.3 and 4.4.
+# Default type for anything under /cache
+type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for /cache/overlay /mnt/scratch/overlay
+type overlayfs_file, file_type, data_file_type, core_data_file_type;
+# Type for /cache/backup_stage/* (fd interchange with apps)
+type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# type for anything under /cache/backup (local transport storage)
+type cache_private_backup_file, file_type, data_file_type, core_data_file_type;
+# Type for anything under /cache/recovery
+type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Default type for anything under /efs
+type efs_file, file_type;
+# Type for wallpaper file.
+type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for shortcut manager icon file.
+type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for user icon file.
+type icon_file, file_type, data_file_type, core_data_file_type;
+# /mnt/asec
+type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Elements of asec files (/mnt/asec) that are world readable
+type asec_public_file, file_type, data_file_type, core_data_file_type;
+# /data/app-asec
+type asec_image_file, file_type, data_file_type, core_data_file_type;
+# /data/backup and /data/secure/backup
+type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# All devices have bluetooth efs files. But they
+# vary per device, so this type is used in per
+# device policy
+type bluetooth_efs_file, file_type;
+# Type for fingerprint template file
+type fingerprintd_data_file, file_type, data_file_type, core_data_file_type;
+# Type for _new_ fingerprint template file
+type fingerprint_vendor_data_file, file_type, data_file_type;
+# Type for appfuse file.
+type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# Type for face template file
+type face_vendor_data_file, file_type, data_file_type;
+# Type for iris template file
+type iris_vendor_data_file, file_type, data_file_type;
+
+# Socket types
+type adbd_socket, file_type, coredomain_socket;
+type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
+type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject;
+type dumpstate_socket, file_type, coredomain_socket;
+type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject;
+type lmkd_socket, file_type, coredomain_socket;
+type logd_socket, file_type, coredomain_socket, mlstrustedobject;
+type logdr_socket, file_type, coredomain_socket, mlstrustedobject;
+type logdw_socket, file_type, coredomain_socket, mlstrustedobject;
+type mdns_socket, file_type, coredomain_socket;
+type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject;
+type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type;
+type mtpd_socket, file_type, coredomain_socket;
+type property_socket, file_type, coredomain_socket, mlstrustedobject;
+type racoon_socket, file_type, coredomain_socket;
+type recovery_socket, file_type, coredomain_socket;
+type rild_socket, file_type;
+type rild_debug_socket, file_type;
+type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
+type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
+type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
+type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
+type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
+type tombstoned_java_trace_socket, file_type, mlstrustedobject;
+type tombstoned_intercept_socket, file_type, coredomain_socket;
+type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
+type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject;
+type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
+type uncrypt_socket, file_type, coredomain_socket;
+type wpa_socket, file_type, data_file_type, core_data_file_type;
+type zygote_socket, file_type, coredomain_socket;
+type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject;
+# UART (for GPS) control proc file
+type gps_control, file_type;
+
+# PDX endpoint types
+type pdx_display_dir, pdx_endpoint_dir_type, file_type;
+type pdx_performance_dir, pdx_endpoint_dir_type, file_type;
+type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type;
+
+pdx_service_socket_types(display_client, pdx_display_dir)
+pdx_service_socket_types(display_manager, pdx_display_dir)
+pdx_service_socket_types(display_screenshot, pdx_display_dir)
+pdx_service_socket_types(display_vsync, pdx_display_dir)
+pdx_service_socket_types(performance_client, pdx_performance_dir)
+pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir)
+
+# file_contexts files
+type file_contexts_file, system_file_type, file_type;
+
+# mac_permissions file
+type mac_perms_file, system_file_type, file_type;
+
+# property_contexts file
+type property_contexts_file, system_file_type, file_type;
+
+# seapp_contexts file
+type seapp_contexts_file, system_file_type, file_type;
+
+# sepolicy files binary and others
+type sepolicy_file, system_file_type, file_type;
+
+# service_contexts file
+type service_contexts_file, system_file_type, file_type;
+
+# vendor service_contexts file
+type vendor_service_contexts_file, vendor_file_type, file_type;
+
+# nonplat service_contexts file (only accessible on non full-treble devices)
+type nonplat_service_contexts_file, vendor_file_type, file_type;
+
+# hwservice_contexts file
+type hwservice_contexts_file, system_file_type, file_type;
+
+# vndservice_contexts file
+type vndservice_contexts_file, file_type;
+
+# Allow files to be created in their appropriate filesystems.
+allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
+allow cgroup_bpf tmpfs:filesystem associate;
+allow cgroup_rc_file tmpfs:filesystem associate;
+allow sysfs_type sysfs:filesystem associate;
+allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
+allow file_type labeledfs:filesystem associate;
+allow file_type tmpfs:filesystem associate;
+allow file_type rootfs:filesystem associate;
+allow dev_type tmpfs:filesystem associate;
+allow app_fuse_file app_fusefs:filesystem associate;
+allow postinstall_file self:filesystem associate;
+
+# asanwrapper (run a sanitized app_process, to be used with wrap properties)
+with_asan(`type asanwrapper_exec, exec_type, file_type;')
+
+# Deprecated in SDK version 28
+type audiohal_data_file, file_type, data_file_type, core_data_file_type;
+
+# It's a bug to assign the file_type attribute and fs_type attribute
+# to any type. Do not allow it.
+#
+# For example, the following is a bug:
+# type apk_data_file, file_type, data_file_type, fs_type;
+# Should be:
+# type apk_data_file, file_type, data_file_type;
+neverallow fs_type file_type:filesystem associate;
diff --git a/prebuilts/api/30.0/public/fingerprintd.te b/prebuilts/api/30.0/public/fingerprintd.te
new file mode 100644
index 0000000..ff7a884
--- /dev/null
+++ b/prebuilts/api/30.0/public/fingerprintd.te
@@ -0,0 +1,26 @@
+type fingerprintd, domain;
+type fingerprintd_exec, system_file_type, exec_type, file_type;
+
+binder_use(fingerprintd)
+
+# Scan through /system/lib64/hw looking for installed HALs
+allow fingerprintd system_file:dir r_dir_perms;
+
+# need to find KeyStore and add self
+add_service(fingerprintd, fingerprintd_service)
+
+# allow HAL module to read dir contents
+allow fingerprintd fingerprintd_data_file:file { create_file_perms };
+
+# allow HAL module to read/write/unlink contents of this dir
+allow fingerprintd fingerprintd_data_file:dir rw_dir_perms;
+
+# Need to add auth tokens to KeyStore
+use_keystore(fingerprintd)
+allow fingerprintd keystore:keystore_key { add_auth };
+
+# For permissions checking
+binder_call(fingerprintd, system_server);
+allow fingerprintd permission_service:service_manager find;
+
+allow fingerprintd ion_device:chr_file r_file_perms;
diff --git a/prebuilts/api/30.0/public/flags_health_check.te b/prebuilts/api/30.0/public/flags_health_check.te
new file mode 100644
index 0000000..6315d44
--- /dev/null
+++ b/prebuilts/api/30.0/public/flags_health_check.te
@@ -0,0 +1,35 @@
+# The flags_health_check command run by init.
+type flags_health_check, domain, coredomain;
+type flags_health_check_exec, system_file_type, exec_type, file_type;
+
+set_prop(flags_health_check, device_config_boot_count_prop)
+set_prop(flags_health_check, device_config_reset_performed_prop)
+set_prop(flags_health_check, device_config_runtime_native_boot_prop)
+set_prop(flags_health_check, device_config_runtime_native_prop)
+set_prop(flags_health_check, device_config_input_native_boot_prop)
+set_prop(flags_health_check, device_config_netd_native_prop)
+set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_storage_native_boot_prop)
+set_prop(flags_health_check, device_config_sys_traced_prop)
+set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_configuration_prop)
+
+allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
+allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
+
+# system property device_config_boot_count_prop is used for deciding when to perform server
+# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
+# wrong timing, trigger server configurable flag related disaster recovery, which will override
+# server configured values of all flags with default values.
+neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
+
+# system property device_config_reset_performed_prop is used for indicating whether server
+# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
+# cause bad server configurable flags synced back to device.
+neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
+
+# server_configurable_flags_data_file is used for storing whether server configurable flags which
+# have been reset during current booting. Mistakenly modified by unrelated components can
+# cause bad server configurable flags synced back to device.
+neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
diff --git a/prebuilts/api/30.0/public/fsck.te b/prebuilts/api/30.0/public/fsck.te
new file mode 100644
index 0000000..7a9fbee
--- /dev/null
+++ b/prebuilts/api/30.0/public/fsck.te
@@ -0,0 +1,68 @@
+# Any fsck program run by init
+type fsck, domain;
+type fsck_exec, system_file_type, exec_type, file_type;
+
+# /dev/__null__ created by init prior to policy load,
+# open fd inherited by fsck.
+allow fsck tmpfs:chr_file { read write ioctl };
+
+# Inherit and use pty created by android_fork_execvp_ext().
+allow fsck devpts:chr_file { read write ioctl getattr };
+
+# Allow stdin/out back to vold
+allow fsck vold:fd use;
+allow fsck vold:fifo_file { read write getattr };
+
+# Run fsck on certain block devices
+allow fsck block_device:dir search;
+allow fsck userdata_block_device:blk_file rw_file_perms;
+allow fsck cache_block_device:blk_file rw_file_perms;
+allow fsck dm_device:blk_file rw_file_perms;
+userdebug_or_eng(`
+allow fsck system_block_device:blk_file rw_file_perms;
+')
+
+# For the block devices where we have ioctl access,
+# allow at a minimum the following common fsck ioctls.
+allowxperm fsck dev_type:blk_file ioctl {
+ BLKDISCARDZEROES
+ BLKROGET
+};
+
+# To determine if it is safe to run fsck on a filesystem, e2fsck
+# must first determine if the filesystem is mounted. To do that,
+# e2fsck scans through /proc/mounts and collects all the mounted
+# block devices. With that information, it runs stat() on each block
+# device, comparing the major and minor numbers to the filesystem
+# passed in on the command line. If there is a match, then the filesystem
+# is currently mounted and running fsck is dangerous.
+# Allow stat access to all block devices so that fsck can compare
+# major/minor values.
+allow fsck dev_type:blk_file getattr;
+
+allow fsck {
+ proc_mounts
+ proc_swaps
+}:file r_file_perms;
+allow fsck rootfs:dir r_dir_perms;
+
+###
+### neverallow rules
+###
+
+# fsck should never be run on these block devices
+neverallow fsck {
+ boot_block_device
+ frp_block_device
+ recovery_block_device
+ root_block_device
+ swap_block_device
+ system_block_device
+ userdebug_or_eng(`-system_block_device')
+ vold_device
+}:blk_file no_rw_file_perms;
+
+# Only allow entry from init or vold via fsck binaries
+neverallow { domain -init -vold } fsck:process transition;
+neverallow * fsck:process dyntransition;
+neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/public/fsck_untrusted.te b/prebuilts/api/30.0/public/fsck_untrusted.te
new file mode 100644
index 0000000..8510c94
--- /dev/null
+++ b/prebuilts/api/30.0/public/fsck_untrusted.te
@@ -0,0 +1,49 @@
+# Any fsck program run on untrusted block devices
+type fsck_untrusted, domain;
+
+# Inherit and use pty created by android_fork_execvp_ext().
+allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
+
+# Allow stdin/out back to vold
+allow fsck_untrusted vold:fd use;
+allow fsck_untrusted vold:fifo_file { read write getattr };
+
+# Run fsck on vold block devices
+allow fsck_untrusted block_device:dir search;
+allow fsck_untrusted vold_device:blk_file rw_file_perms;
+
+allow fsck_untrusted proc_mounts:file r_file_perms;
+
+# To determine if it is safe to run fsck on a filesystem, e2fsck
+# must first determine if the filesystem is mounted. To do that,
+# e2fsck scans through /proc/mounts and collects all the mounted
+# block devices. With that information, it runs stat() on each block
+# device, comparing the major and minor numbers to the filesystem
+# passed in on the command line. If there is a match, then the filesystem
+# is currently mounted and running fsck is dangerous.
+# Allow stat access to all block devices so that fsck can compare
+# major/minor values.
+allow fsck_untrusted dev_type:blk_file getattr;
+
+###
+### neverallow rules
+###
+
+# Untrusted fsck should never be run on block devices holding sensitive data
+neverallow fsck_untrusted {
+ boot_block_device
+ frp_block_device
+ metadata_block_device
+ recovery_block_device
+ root_block_device
+ swap_block_device
+ system_block_device
+ userdata_block_device
+ cache_block_device
+ dm_device
+}:blk_file no_rw_file_perms;
+
+# Only allow entry from vold via fsck binaries
+neverallow { domain -vold } fsck_untrusted:process transition;
+neverallow * fsck_untrusted:process dyntransition;
+neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/public/fwk_bufferhub.te b/prebuilts/api/30.0/public/fwk_bufferhub.te
new file mode 100644
index 0000000..03486bd
--- /dev/null
+++ b/prebuilts/api/30.0/public/fwk_bufferhub.te
@@ -0,0 +1,4 @@
+binder_call(hal_bufferhub_client, hal_bufferhub_server)
+binder_call(hal_bufferhub_server, hal_bufferhub_client)
+
+hal_attribute_hwservice(hal_bufferhub, fwk_bufferhub_hwservice)
diff --git a/prebuilts/api/30.0/public/gatekeeperd.te b/prebuilts/api/30.0/public/gatekeeperd.te
new file mode 100644
index 0000000..dc46d07
--- /dev/null
+++ b/prebuilts/api/30.0/public/gatekeeperd.te
@@ -0,0 +1,41 @@
+type gatekeeperd, domain;
+type gatekeeperd_exec, system_file_type, exec_type, file_type;
+
+# gatekeeperd
+binder_service(gatekeeperd)
+binder_use(gatekeeperd)
+
+### Rules needed when Gatekeeper HAL runs inside gatekeeperd process.
+### These rules should eventually be granted only when needed.
+allow gatekeeperd ion_device:chr_file r_file_perms;
+# Load HAL implementation
+allow gatekeeperd system_file:dir r_dir_perms;
+###
+
+### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process.
+### These rules should eventually be granted only when needed.
+hal_client_domain(gatekeeperd, hal_gatekeeper)
+###
+
+# need to find KeyStore and add self
+add_service(gatekeeperd, gatekeeper_service)
+
+# Need to add auth tokens to KeyStore
+use_keystore(gatekeeperd)
+allow gatekeeperd keystore:keystore_key { add_auth };
+
+# For permissions checking
+allow gatekeeperd system_server:binder call;
+allow gatekeeperd permission_service:service_manager find;
+
+# for SID file access
+allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms;
+allow gatekeeperd gatekeeper_data_file:file create_file_perms;
+
+# For hardware properties retrieval
+allow gatekeeperd hardware_properties_service:service_manager find;
+
+# For checking whether GSI is running
+get_prop(gatekeeperd, gsid_prop)
+
+r_dir_file(gatekeeperd, cgroup)
diff --git a/prebuilts/api/30.0/public/global_macros b/prebuilts/api/30.0/public/global_macros
new file mode 100644
index 0000000..2c87fde
--- /dev/null
+++ b/prebuilts/api/30.0/public/global_macros
@@ -0,0 +1,51 @@
+#####################################
+# Common groupings of object classes.
+#
+define(`capability_class_set', `{ capability capability2 cap_userns cap2_userns }')
+define(`global_capability_class_set', `{ capability cap_userns }')
+define(`global_capability2_class_set', `{ capability2 cap2_userns }')
+
+define(`devfile_class_set', `{ chr_file blk_file }')
+define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
+define(`file_class_set', `{ devfile_class_set notdevfile_class_set }')
+define(`dir_file_class_set', `{ dir file_class_set }')
+
+define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }')
+define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
+define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
+define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
+define(`network_socket_class_set', `{ icmp_socket rawip_socket tcp_socket udp_socket }')
+
+define(`ipc_class_set', `{ sem msgq shm ipc }')
+
+#####################################
+# Common groupings of permissions.
+#
+define(`x_file_perms', `{ getattr execute execute_no_trans map }')
+define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_reads }')
+define(`w_file_perms', `{ open append write lock map }')
+define(`rx_file_perms', `{ r_file_perms x_file_perms }')
+define(`ra_file_perms', `{ r_file_perms append }')
+define(`rw_file_perms', `{ r_file_perms w_file_perms }')
+define(`rwx_file_perms', `{ rw_file_perms x_file_perms }')
+define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }')
+
+define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_reads }')
+define(`w_dir_perms', `{ open search write add_name remove_name lock }')
+define(`ra_dir_perms', `{ r_dir_perms add_name write }')
+define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }')
+define(`create_dir_perms', `{ create reparent rename rmdir setattr rw_dir_perms }')
+
+define(`r_ipc_perms', `{ getattr read associate unix_read }')
+define(`w_ipc_perms', `{ write unix_write }')
+define(`rw_ipc_perms', `{ r_ipc_perms w_ipc_perms }')
+define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }')
+
+#####################################
+# Common socket permission sets.
+define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }')
+define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }')
+define(`create_socket_perms', `{ create rw_socket_perms }')
+define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }')
+define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
+define(`create_stream_socket_perms', `{ create rw_stream_socket_perms }')
diff --git a/prebuilts/api/30.0/public/gmscore_app.te b/prebuilts/api/30.0/public/gmscore_app.te
new file mode 100644
index 0000000..b574bf3
--- /dev/null
+++ b/prebuilts/api/30.0/public/gmscore_app.te
@@ -0,0 +1,5 @@
+###
+### A domain for further sandboxing the PrebuiltGMSCore app.
+###
+
+type gmscore_app, domain;
diff --git a/prebuilts/api/30.0/public/gpuservice.te b/prebuilts/api/30.0/public/gpuservice.te
new file mode 100644
index 0000000..c862d0b
--- /dev/null
+++ b/prebuilts/api/30.0/public/gpuservice.te
@@ -0,0 +1,2 @@
+# gpuservice - server for gpu stats and other gpu related services
+type gpuservice, domain;
diff --git a/prebuilts/api/30.0/public/hal_allocator.te b/prebuilts/api/30.0/public/hal_allocator.te
new file mode 100644
index 0000000..6417b62
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_allocator.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server
+binder_call(hal_allocator_client, hal_allocator_server)
+
+hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice)
+allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find;
+allow hal_allocator_client same_process_hal_file:file { execute read open getattr map };
diff --git a/prebuilts/api/30.0/public/hal_atrace.te b/prebuilts/api/30.0/public/hal_atrace.te
new file mode 100644
index 0000000..51d9237
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_atrace.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_atrace_client, hal_atrace_server)
+
+hal_attribute_hwservice(hal_atrace, hal_atrace_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_audio.te b/prebuilts/api/30.0/public/hal_audio.te
new file mode 100644
index 0000000..5958f2c
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_audio.te
@@ -0,0 +1,37 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_audio_client, hal_audio_server)
+binder_call(hal_audio_server, hal_audio_client)
+
+hal_attribute_hwservice(hal_audio, hal_audio_hwservice)
+
+allow hal_audio ion_device:chr_file r_file_perms;
+
+r_dir_file(hal_audio, proc)
+r_dir_file(hal_audio, proc_asound)
+allow hal_audio_server audio_device:dir r_dir_perms;
+allow hal_audio_server audio_device:chr_file rw_file_perms;
+
+# Needed to provide debug dump output via dumpsys' pipes.
+allow hal_audio shell:fd use;
+allow hal_audio shell:fifo_file write;
+allow hal_audio dumpstate:fd use;
+allow hal_audio dumpstate:fifo_file write;
+
+# Needed to allow sound trigger hal to access shared memory from apps.
+allow hal_audio_server appdomain:fd use;
+
+# allow hal audio to use vnbinder
+vndbinder_use(hal_audio)
+
+###
+### neverallow rules
+###
+
+# Should never execute any executable without a domain transition
+neverallow hal_audio_server { file_type fs_type }:file execute_no_trans;
+
+# Only audio HAL may directly access the audio hardware
+neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *;
+
+get_prop(hal_audio, bluetooth_a2dp_offload_prop)
+get_prop(hal_audio, bluetooth_audio_hal_prop)
diff --git a/prebuilts/api/30.0/public/hal_audiocontrol.te b/prebuilts/api/30.0/public/hal_audiocontrol.te
new file mode 100644
index 0000000..4a52b89
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_audiocontrol.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_audiocontrol_client, hal_audiocontrol_server)
+binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
+
+hal_attribute_hwservice(hal_audiocontrol, hal_audiocontrol_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_authsecret.te b/prebuilts/api/30.0/public/hal_authsecret.te
new file mode 100644
index 0000000..daf8d48
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_authsecret.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_authsecret_client, hal_authsecret_server)
+
+hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_bluetooth.te b/prebuilts/api/30.0/public/hal_bluetooth.te
new file mode 100644
index 0000000..97177ba
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_bluetooth.te
@@ -0,0 +1,32 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_bluetooth_client, hal_bluetooth_server)
+binder_call(hal_bluetooth_server, hal_bluetooth_client)
+
+hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice)
+
+wakelock_use(hal_bluetooth);
+
+# The HAL toggles rfkill to power the chip off/on.
+allow hal_bluetooth self:global_capability_class_set net_admin;
+
+# bluetooth factory file accesses.
+r_dir_file(hal_bluetooth, bluetooth_efs_file)
+
+allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
+
+# sysfs access.
+r_dir_file(hal_bluetooth, sysfs_type)
+allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
+allow hal_bluetooth self:global_capability2_class_set wake_alarm;
+
+# Allow write access to bluetooth-specific properties
+set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(hal_bluetooth, bluetooth_audio_hal_prop)
+set_prop(hal_bluetooth, bluetooth_prop)
+set_prop(hal_bluetooth, exported_bluetooth_prop)
+
+# /proc access (bluesleep etc.).
+allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_bluetooth self:global_capability_class_set sys_nice;
diff --git a/prebuilts/api/30.0/public/hal_bootctl.te b/prebuilts/api/30.0/public/hal_bootctl.te
new file mode 100644
index 0000000..be9975f
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_bootctl.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_bootctl_client, hal_bootctl_server)
+binder_call(hal_bootctl_server, hal_bootctl_client)
+
+hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_broadcastradio.te b/prebuilts/api/30.0/public/hal_broadcastradio.te
new file mode 100644
index 0000000..84a2597
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_broadcastradio.te
@@ -0,0 +1,4 @@
+binder_call(hal_broadcastradio_client, hal_broadcastradio_server)
+binder_call(hal_broadcastradio_server, hal_broadcastradio_client)
+
+hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_camera.te b/prebuilts/api/30.0/public/hal_camera.te
new file mode 100644
index 0000000..77216e4
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_camera.te
@@ -0,0 +1,36 @@
+# HwBinder IPC from clients to server and callbacks
+binder_call(hal_camera_client, hal_camera_server)
+binder_call(hal_camera_server, hal_camera_client)
+
+hal_attribute_hwservice(hal_camera, hal_camera_hwservice)
+
+allow hal_camera device:dir r_dir_perms;
+allow hal_camera video_device:dir r_dir_perms;
+allow hal_camera video_device:chr_file rw_file_perms;
+allow hal_camera camera_device:chr_file rw_file_perms;
+allow hal_camera ion_device:chr_file rw_file_perms;
+# Both the client and the server need to use the graphics allocator
+allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use;
+
+# Allow hal_camera to use fd from app,gralloc,and ashmem HAL
+allow hal_camera { appdomain -isolated_app }:fd use;
+allow hal_camera surfaceflinger:fd use;
+allow hal_camera hal_allocator_server:fd use;
+
+# Needed to provide debug dump output via dumpsys' pipes.
+allow hal_camera shell:fd use;
+allow hal_camera shell:fifo_file write;
+
+###
+### neverallow rules
+###
+
+# hal_camera should never execute any executable without a
+# domain transition
+neverallow hal_camera_server { file_type fs_type }:file execute_no_trans;
+
+# hal_camera should never need network access. Disallow network sockets.
+neverallow hal_camera_server domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Only camera HAL may directly access the camera hardware
+neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *;
diff --git a/prebuilts/api/30.0/public/hal_can.te b/prebuilts/api/30.0/public/hal_can.te
new file mode 100644
index 0000000..c75495b
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_can.te
@@ -0,0 +1,9 @@
+# CAN controller
+binder_call(hal_can_controller_client, hal_can_controller_server)
+add_hwservice(hal_can_controller_server, hal_can_controller_hwservice)
+allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager find;
+
+# CAN bus
+binder_call(hal_can_bus_client, hal_can_bus_server)
+add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
+allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/30.0/public/hal_cas.te b/prebuilts/api/30.0/public/hal_cas.te
new file mode 100644
index 0000000..7de6a13
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_cas.te
@@ -0,0 +1,34 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_cas_client, hal_cas_server)
+binder_call(hal_cas_server, hal_cas_client)
+
+hal_attribute_hwservice(hal_cas, hal_cas_hwservice)
+allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
+
+# Permit reading device's serial number from system properties
+get_prop(hal_cas_server, serialno_prop)
+
+# Read files already opened under /data
+allow hal_cas system_data_file:file { getattr read };
+
+# Read access to pseudo filesystems
+r_dir_file(hal_cas, cgroup)
+allow hal_cas cgroup:dir { search write };
+allow hal_cas cgroup:file w_file_perms;
+
+# Allow access to ion memory allocation device
+allow hal_cas ion_device:chr_file rw_file_perms;
+allow hal_cas hal_graphics_allocator:fd use;
+
+allow hal_cas tee_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# hal_cas should never execute any executable without a
+# domain transition
+neverallow hal_cas_server { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm hal_cas_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/prebuilts/api/30.0/public/hal_codec2.te b/prebuilts/api/30.0/public/hal_codec2.te
new file mode 100644
index 0000000..8c7816a
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_codec2.te
@@ -0,0 +1,25 @@
+get_prop(hal_codec2_client, media_variant_prop)
+get_prop(hal_codec2_server, media_variant_prop)
+
+binder_call(hal_codec2_client, hal_codec2_server)
+binder_call(hal_codec2_server, hal_codec2_client)
+
+hal_attribute_hwservice(hal_codec2, hal_codec2_hwservice)
+
+# The following permissions are added to hal_codec2_server because vendor and
+# vndk libraries provided for Codec2 implementation need them.
+
+# Allow server access to composer sync fences
+allow hal_codec2_server hal_graphics_composer:fd use;
+
+# Allow both server and client access to ion
+allow hal_codec2_server ion_device:chr_file r_file_perms;
+
+# Allow server access to camera HAL's fences
+allow hal_codec2_server hal_camera:fd use;
+
+# Receive gralloc buffer FDs from bufferhubd.
+allow hal_codec2_server bufferhubd:fd use;
+
+allow hal_codec2_client ion_device:chr_file r_file_perms;
+
diff --git a/prebuilts/api/30.0/public/hal_configstore.te b/prebuilts/api/30.0/public/hal_configstore.te
new file mode 100644
index 0000000..069da47
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_configstore.te
@@ -0,0 +1,69 @@
+# HwBinder IPC from client to server
+binder_call(hal_configstore_client, hal_configstore_server)
+
+hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs)
+
+# hal_configstore runs with a strict seccomp filter. Use crash_dump's
+# fallback path to collect crash data.
+crash_dump_fallback(hal_configstore_server)
+
+###
+### neverallow rules
+###
+
+# Should never execute an executable without a domain transition
+neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans;
+
+# Should never need network access. Disallow sockets except for
+# for unix stream/dgram sockets used for logging/debugging.
+neverallow hal_configstore_server domain:{
+ rawip_socket tcp_socket udp_socket
+ netlink_route_socket netlink_selinux_socket
+ socket netlink_socket packet_socket key_socket appletalk_socket
+ netlink_tcpdiag_socket netlink_nflog_socket
+ netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
+ netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
+ netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
+ netlink_rdma_socket netlink_crypto_socket
+} *;
+neverallow hal_configstore_server {
+ domain
+ -hal_configstore_server
+ -logd
+ userdebug_or_eng(`-su')
+ -tombstoned
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+}:{ unix_dgram_socket unix_stream_socket } *;
+
+# Should never need access to anything on /data
+neverallow hal_configstore_server {
+ data_file_type
+ -anr_data_file # for crash dump collection
+ -tombstone_data_file # for crash dump collection
+ -zoneinfo_data_file # granted to domain
+ with_native_coverage(`-method_trace_data_file')
+}:{ file fifo_file sock_file } *;
+
+# Should never need sdcard access
+neverallow hal_configstore_server {
+ sdcard_type
+ fuse sdcardfs vfat exfat # manual expansion for completeness
+}:dir ~getattr;
+neverallow hal_configstore_server {
+ sdcard_type
+ fuse sdcardfs vfat exfat # manual expansion for completeness
+}:file *;
+
+# Do not permit access to service_manager and vndservice_manager
+neverallow hal_configstore_server *:service_manager *;
+
+# No privileged capabilities
+neverallow hal_configstore_server self:capability_class_set *;
+
+# No ptracing other processes
+neverallow hal_configstore_server *:process ptrace;
+
+# no relabeling
+neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto };
diff --git a/prebuilts/api/30.0/public/hal_confirmationui.te b/prebuilts/api/30.0/public/hal_confirmationui.te
new file mode 100644
index 0000000..5d2e4b7
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_confirmationui.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_confirmationui_client, hal_confirmationui_server)
+
+hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_contexthub.te b/prebuilts/api/30.0/public/hal_contexthub.te
new file mode 100644
index 0000000..34acb38
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_contexthub.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_contexthub_client, hal_contexthub_server)
+binder_call(hal_contexthub_server, hal_contexthub_client)
+
+hal_attribute_hwservice(hal_contexthub, hal_contexthub_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_drm.te b/prebuilts/api/30.0/public/hal_drm.te
new file mode 100644
index 0000000..5987491
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_drm.te
@@ -0,0 +1,52 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_drm_client, hal_drm_server)
+binder_call(hal_drm_server, hal_drm_client)
+
+hal_attribute_hwservice(hal_drm, hal_drm_hwservice)
+
+allow hal_drm hidl_memory_hwservice:hwservice_manager find;
+
+# Required by Widevine DRM (b/22990512)
+allow hal_drm self:process execmem;
+
+# Permit reading device's serial number from system properties
+get_prop(hal_drm, serialno_prop)
+
+# Read files already opened under /data
+allow hal_drm system_data_file:file { getattr read };
+
+# Read access to pseudo filesystems
+r_dir_file(hal_drm, cgroup)
+allow hal_drm cgroup:dir { search write };
+allow hal_drm cgroup:file w_file_perms;
+
+# Allow access to ion memory allocation device
+allow hal_drm ion_device:chr_file rw_file_perms;
+allow hal_drm hal_graphics_allocator:fd use;
+
+# Allow access to hidl_memory allocation service
+allow hal_drm hal_allocator_server:fd use;
+
+# Allow access to fds allocated by mediaserver
+allow hal_drm mediaserver:fd use;
+
+allow hal_drm sysfs:file r_file_perms;
+
+allow hal_drm tee_device:chr_file rw_file_perms;
+
+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
+# only allow unprivileged socket ioctl commands
+allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
+ ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
+
+###
+### neverallow rules
+###
+
+# hal_drm should never execute any executable without a
+# domain transition
+neverallow hal_drm_server { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm hal_drm_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/prebuilts/api/30.0/public/hal_dumpstate.te b/prebuilts/api/30.0/public/hal_dumpstate.te
new file mode 100644
index 0000000..b7676ed
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_dumpstate.te
@@ -0,0 +1,10 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_dumpstate_client, hal_dumpstate_server)
+binder_call(hal_dumpstate_server, hal_dumpstate_client)
+
+hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice)
+
+# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
+allow hal_dumpstate shell_data_file:file write;
+# allow reading /proc/interrupts for all hal impls
+allow hal_dumpstate proc_interrupts:file r_file_perms;
diff --git a/prebuilts/api/30.0/public/hal_evs.te b/prebuilts/api/30.0/public/hal_evs.te
new file mode 100644
index 0000000..789333a
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_evs.te
@@ -0,0 +1,5 @@
+hwbinder_use(hal_evs_client)
+hwbinder_use(hal_evs_server)
+binder_call(hal_evs_client, hal_evs_server)
+binder_call(hal_evs_server, hal_evs_client)
+hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_face.te b/prebuilts/api/30.0/public/hal_face.te
new file mode 100644
index 0000000..b250586
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_face.te
@@ -0,0 +1,12 @@
+# Allow HwBinder IPC from client to server, and vice versa for callbacks.
+binder_call(hal_face_client, hal_face_server)
+binder_call(hal_face_server, hal_face_client)
+
+hal_attribute_hwservice(hal_face, hal_face_hwservice)
+
+# Allow access to the ion memory allocation device.
+allow hal_face ion_device:chr_file r_file_perms;
+
+# Allow read/write access to the face template directory.
+allow hal_face face_vendor_data_file:file create_file_perms;
+allow hal_face face_vendor_data_file:dir rw_dir_perms;
diff --git a/prebuilts/api/30.0/public/hal_fingerprint.te b/prebuilts/api/30.0/public/hal_fingerprint.te
new file mode 100644
index 0000000..b673e29
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_fingerprint.te
@@ -0,0 +1,16 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_fingerprint_client, hal_fingerprint_server)
+binder_call(hal_fingerprint_server, hal_fingerprint_client)
+
+hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
+
+# For memory allocation
+allow hal_fingerprint ion_device:chr_file r_file_perms;
+
+allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms };
+allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms;
+
+r_dir_file(hal_fingerprint, cgroup)
+r_dir_file(hal_fingerprint, sysfs)
+
+
diff --git a/prebuilts/api/30.0/public/hal_gatekeeper.te b/prebuilts/api/30.0/public/hal_gatekeeper.te
new file mode 100644
index 0000000..b918f88
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_gatekeeper.te
@@ -0,0 +1,7 @@
+binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
+
+hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
+
+# TEE access.
+allow hal_gatekeeper tee_device:chr_file rw_file_perms;
+allow hal_gatekeeper ion_device:chr_file r_file_perms;
diff --git a/prebuilts/api/30.0/public/hal_gnss.te b/prebuilts/api/30.0/public/hal_gnss.te
new file mode 100644
index 0000000..9bfc4ec
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_gnss.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_gnss_client, hal_gnss_server)
+binder_call(hal_gnss_server, hal_gnss_client)
+
+hal_attribute_hwservice(hal_gnss, hal_gnss_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_graphics_allocator.te b/prebuilts/api/30.0/public/hal_graphics_allocator.te
new file mode 100644
index 0000000..991e147
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_graphics_allocator.te
@@ -0,0 +1,13 @@
+# HwBinder IPC from client to server
+binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server)
+
+hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice)
+allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_graphics_allocator_client same_process_hal_file:file { execute read open getattr map };
+
+# GPU device access
+allow hal_graphics_allocator gpu_device:chr_file rw_file_perms;
+allow hal_graphics_allocator ion_device:chr_file r_file_perms;
+
+# allow to run with real-time scheduling policy
+allow hal_graphics_allocator self:global_capability_class_set sys_nice;
diff --git a/prebuilts/api/30.0/public/hal_graphics_composer.te b/prebuilts/api/30.0/public/hal_graphics_composer.te
new file mode 100644
index 0000000..cb4a130
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_graphics_composer.te
@@ -0,0 +1,31 @@
+type hal_graphics_composer_server_tmpfs, file_type;
+attribute hal_graphics_composer_client_tmpfs;
+expandattribute hal_graphics_composer_client_tmpfs true;
+
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_graphics_composer_client, hal_graphics_composer_server)
+binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
+allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write };
+allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write };
+
+hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice)
+
+# Coordinate with hal_graphics_mapper
+allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# GPU device access
+allow hal_graphics_composer gpu_device:chr_file rw_file_perms;
+allow hal_graphics_composer ion_device:chr_file r_file_perms;
+allow hal_graphics_composer hal_graphics_allocator:fd use;
+
+# Access /dev/graphics/fb0.
+allow hal_graphics_composer graphics_device:dir search;
+allow hal_graphics_composer graphics_device:chr_file rw_file_perms;
+
+# Fences
+allow hal_graphics_composer system_server:fd use;
+allow hal_graphics_composer bootanim:fd use;
+allow hal_graphics_composer appdomain:fd use;
+
+# allow self to set SCHED_FIFO
+allow hal_graphics_composer self:global_capability_class_set sys_nice;
diff --git a/prebuilts/api/30.0/public/hal_health.te b/prebuilts/api/30.0/public/hal_health.te
new file mode 100644
index 0000000..dc7d083
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_health.te
@@ -0,0 +1,27 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_health_client, hal_health_server)
+binder_call(hal_health_server, hal_health_client)
+
+hal_attribute_hwservice(hal_health, hal_health_hwservice)
+
+# Common rules for a health service.
+
+# Allow to listen to uevents for updates
+allow hal_health_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Allow to read /sys/class/power_supply directory
+allow hal_health_server sysfs:dir r_dir_perms;
+
+# Allow to read files under /sys/class/power_supply. Implementations typically have symlinks
+# to vendor specific files. Vendors should mark sysfs_batteryinfo on all files read by health
+# HAL service.
+r_dir_file(hal_health_server, sysfs_batteryinfo)
+
+# Allow to wake up to send periodic events
+wakelock_use(hal_health_server)
+
+# Write to /dev/kmsg
+allow hal_health_server kmsg_device:chr_file { getattr w_file_perms };
+
+# Allow to use timerfd to wake itself up periodically to send health info.
+allow hal_health_server self:capability2 wake_alarm;
diff --git a/prebuilts/api/30.0/public/hal_health_storage.te b/prebuilts/api/30.0/public/hal_health_storage.te
new file mode 100644
index 0000000..61e609b
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_health_storage.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_health_storage_client, hal_health_storage_server)
+binder_call(hal_health_storage_server, hal_health_storage_client)
+
+hal_attribute_hwservice(hal_health_storage, hal_health_storage_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_identity.te b/prebuilts/api/30.0/public/hal_identity.te
new file mode 100644
index 0000000..3a95743
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_identity.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_identity_client, hal_identity_server)
+
+add_service(hal_identity_server, hal_identity_service)
+binder_call(hal_identity_server, servicemanager)
+
+allow hal_identity_client hal_identity_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/hal_input_classifier.te b/prebuilts/api/30.0/public/hal_input_classifier.te
new file mode 100644
index 0000000..70a4b7d
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_input_classifier.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_input_classifier_client, hal_input_classifier_server)
+
+hal_attribute_hwservice(hal_input_classifier, hal_input_classifier_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_ir.te b/prebuilts/api/30.0/public/hal_ir.te
new file mode 100644
index 0000000..29555f7
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_ir.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_ir_client, hal_ir_server)
+binder_call(hal_ir_server, hal_ir_client)
+
+hal_attribute_hwservice(hal_ir, hal_ir_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_keymaster.te b/prebuilts/api/30.0/public/hal_keymaster.te
new file mode 100644
index 0000000..3e164ad
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_keymaster.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_keymaster_client, hal_keymaster_server)
+
+hal_attribute_hwservice(hal_keymaster, hal_keymaster_hwservice)
+
+allow hal_keymaster tee_device:chr_file rw_file_perms;
+allow hal_keymaster ion_device:chr_file r_file_perms;
diff --git a/prebuilts/api/30.0/public/hal_light.te b/prebuilts/api/30.0/public/hal_light.te
new file mode 100644
index 0000000..7054d7b
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_light.te
@@ -0,0 +1,19 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_light_client, hal_light_server)
+binder_call(hal_light_server, hal_light_client)
+
+hal_attribute_hwservice(hal_light, hal_light_hwservice)
+
+# client finds and uses server via service_manager
+allow hal_light_client hal_light_service:service_manager find;
+binder_use(hal_light_client)
+
+# server adds itself via service_manager
+add_service(hal_light_server, hal_light_service)
+binder_call(hal_light_server, servicemanager)
+
+allow hal_light_server dumpstate:fifo_file write;
+
+allow hal_light sysfs_leds:lnk_file read;
+allow hal_light sysfs_leds:file rw_file_perms;
+allow hal_light sysfs_leds:dir r_dir_perms;
diff --git a/prebuilts/api/30.0/public/hal_lowpan.te b/prebuilts/api/30.0/public/hal_lowpan.te
new file mode 100644
index 0000000..6fb95e9
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_lowpan.te
@@ -0,0 +1,20 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_lowpan_client, hal_lowpan_server)
+binder_call(hal_lowpan_server, hal_lowpan_client)
+
+
+# Allow hal_lowpan_client to be able to find the hal_lowpan_server
+hal_attribute_hwservice(hal_lowpan, hal_lowpan_hwservice)
+
+# hal_lowpan domain can write/read to/from lowpan_prop
+set_prop(hal_lowpan_server, lowpan_prop)
+
+# Allow hal_lowpan_server to open lowpan_devices
+allow hal_lowpan_server lowpan_device:chr_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# Only LoWPAN HAL may directly access LoWPAN hardware
+neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr;
diff --git a/prebuilts/api/30.0/public/hal_memtrack.te b/prebuilts/api/30.0/public/hal_memtrack.te
new file mode 100644
index 0000000..ed93a29
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_memtrack.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_memtrack_client, hal_memtrack_server)
+
+hal_attribute_hwservice(hal_memtrack, hal_memtrack_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_neuralnetworks.te b/prebuilts/api/30.0/public/hal_neuralnetworks.te
new file mode 100644
index 0000000..228d990
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_neuralnetworks.te
@@ -0,0 +1,30 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
+binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
+
+hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
+allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_allocator:fd use;
+allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_graphics_allocator:fd use;
+
+# Allow NN HAL service to use a client-provided fd residing in /data/data/.
+allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
+allow hal_neuralnetworks_server privapp_data_file:file { read write getattr map };
+
+# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
+allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
+
+# Allow NN HAL service to read a client-provided ION memory fd.
+allow hal_neuralnetworks_server ion_device:chr_file r_file_perms;
+
+# Allow NN HAL service to use a client-provided fd residing in /storage
+allow hal_neuralnetworks_server storage_file:file { getattr map read };
+
+# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
+# property to determine whether to deny NNAPI extensions use for apps
+# on product partition (apps in GSI are not allowed to use NNAPI extensions).
+get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop);
+# This property is only expected to be found in /product/build.prop,
+# allow to be set only by init.
+neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set;
diff --git a/prebuilts/api/30.0/public/hal_neverallows.te b/prebuilts/api/30.0/public/hal_neverallows.te
new file mode 100644
index 0000000..4117878
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_neverallows.te
@@ -0,0 +1,61 @@
+# only HALs responsible for network hardware should have privileged
+# network capabilities
+neverallow {
+ halserverdomain
+ -hal_bluetooth_server
+ -hal_can_controller_server
+ -hal_wifi_server
+ -hal_wifi_hostapd_server
+ -hal_wifi_supplicant_server
+ -hal_telephony_server
+} self:global_capability_class_set { net_admin net_raw };
+
+# Unless a HAL's job is to communicate over the network, or control network
+# hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network. Using this exemption for non-automotive builds
+# will result in CTS failure.
+neverallow {
+ halserverdomain
+ -hal_automotive_socket_exemption
+ -hal_can_controller_server
+ -hal_tetheroffload_server
+ -hal_wifi_server
+ -hal_wifi_hostapd_server
+ -hal_wifi_supplicant_server
+ -hal_telephony_server
+} domain:{ tcp_socket udp_socket rawip_socket } *;
+
+###
+# HALs are defined as an attribute and so a given domain could hypothetically
+# have multiple HALs in it (or even all of them) with the subsequent policy of
+# the domain comprised of the union of all the HALs.
+#
+# This is a problem because
+# 1) Security sensitive components should only be accessed by specific HALs.
+# 2) hwbinder_call and the restrictions it provides cannot be reasoned about in
+# the platform.
+# 3) The platform cannot reason about defense in depth if there are
+# monolithic domains etc.
+#
+# As an example, hal_keymaster and hal_gatekeeper can access the TEE and while
+# its OK for them to share a process its not OK with them to share processes
+# with other hals.
+#
+# The following neverallow rules, in conjuntion with CTS tests, assert that
+# these security principles are adhered to.
+#
+# Do not allow a hal to exec another process without a domain transition.
+# TODO remove exemptions.
+neverallow {
+ halserverdomain
+ -hal_dumpstate_server
+ -hal_telephony_server
+} { file_type fs_type }:file execute_no_trans;
+# Do not allow a process other than init to transition into a HAL domain.
+neverallow { domain -init } halserverdomain:process transition;
+# Only allow transitioning to a domain by running its executable. Do not
+# allow transitioning into a HAL domain by use of seclabel in an
+# init.*.rc script.
+neverallow * halserverdomain:process dyntransition;
diff --git a/prebuilts/api/30.0/public/hal_nfc.te b/prebuilts/api/30.0/public/hal_nfc.te
new file mode 100644
index 0000000..7cef4a1
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_nfc.te
@@ -0,0 +1,11 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_nfc_client, hal_nfc_server)
+binder_call(hal_nfc_server, hal_nfc_client)
+
+hal_attribute_hwservice(hal_nfc, hal_nfc_hwservice)
+
+# Set NFC properties (used by bcm2079x HAL).
+set_prop(hal_nfc, nfc_prop)
+
+# NFC device access.
+allow hal_nfc nfc_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/public/hal_oemlock.te b/prebuilts/api/30.0/public/hal_oemlock.te
new file mode 100644
index 0000000..26b2b42
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_oemlock.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_oemlock_client, hal_oemlock_server)
+
+hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_omx.te b/prebuilts/api/30.0/public/hal_omx.te
new file mode 100644
index 0000000..8e74383
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_omx.te
@@ -0,0 +1,49 @@
+# applies all permissions to hal_omx NOT hal_omx_server
+# since OMX must always be in its own process.
+
+binder_call(hal_omx_server, binderservicedomain)
+binder_call(hal_omx_server, { appdomain -isolated_app })
+
+# Allow hal_omx_server access to composer sync fences
+allow hal_omx_server hal_graphics_composer:fd use;
+
+allow hal_omx_server ion_device:chr_file rw_file_perms;
+allow hal_omx_server hal_camera:fd use;
+
+crash_dump_fallback(hal_omx_server)
+
+# Recieve gralloc buffer FDs from bufferhubd. Note that hal_omx_server never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to hal_omx_server via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use pdx_client macro.
+allow hal_omx_server bufferhubd:fd use;
+
+hal_attribute_hwservice(hal_omx, hal_omx_hwservice)
+
+allow hal_omx_client hidl_token_hwservice:hwservice_manager find;
+
+get_prop(hal_omx_client, media_variant_prop)
+get_prop(hal_omx_server, media_variant_prop)
+
+binder_call(hal_omx_client, hal_omx_server)
+binder_call(hal_omx_server, hal_omx_client)
+
+###
+### neverallow rules
+###
+
+# hal_omx_server should never execute any executable without a
+# domain transition
+neverallow hal_omx_server { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow hal_omx_server domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/hal_power.te b/prebuilts/api/30.0/public/hal_power.te
new file mode 100644
index 0000000..c94771b
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_power.te
@@ -0,0 +1,10 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_power_client, hal_power_server)
+binder_call(hal_power_server, hal_power_client)
+
+hal_attribute_hwservice(hal_power, hal_power_hwservice)
+
+add_service(hal_power_server, hal_power_service)
+binder_call(hal_power_server, servicemanager)
+binder_call(hal_power_client, servicemanager)
+allow hal_power_client hal_power_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/hal_power_stats.te b/prebuilts/api/30.0/public/hal_power_stats.te
new file mode 100644
index 0000000..2c04008
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_power_stats.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_power_stats_client, hal_power_stats_server)
+binder_call(hal_power_stats_server, hal_power_stats_client)
+
+hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_rebootescrow.te b/prebuilts/api/30.0/public/hal_rebootescrow.te
new file mode 100644
index 0000000..4352630
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_rebootescrow.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_rebootescrow_client, hal_rebootescrow_server)
+
+add_service(hal_rebootescrow_server, hal_rebootescrow_service)
+binder_use(hal_rebootescrow_server)
+
+allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/hal_secure_element.te b/prebuilts/api/30.0/public/hal_secure_element.te
new file mode 100644
index 0000000..3724d35
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_secure_element.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_secure_element_client, hal_secure_element_server)
+binder_call(hal_secure_element_server, hal_secure_element_client)
+
+hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_sensors.te b/prebuilts/api/30.0/public/hal_sensors.te
new file mode 100644
index 0000000..06e76f1
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_sensors.te
@@ -0,0 +1,14 @@
+# HwBinder IPC from client to server
+binder_call(hal_sensors_client, hal_sensors_server)
+
+hal_attribute_hwservice(hal_sensors, hal_sensors_hwservice)
+
+# Allow sensor hals to access ashmem memory allocated by apps
+allow hal_sensors { appdomain -isolated_app }:fd use;
+
+# Allow sensor hals to access ashmem memory allocated by android.hidl.allocator
+# fd is passed in from framework sensorservice HAL.
+allow hal_sensors hal_allocator:fd use;
+
+# allow to run with real-time scheduling policy
+allow hal_sensors self:global_capability_class_set sys_nice;
diff --git a/prebuilts/api/30.0/public/hal_telephony.te b/prebuilts/api/30.0/public/hal_telephony.te
new file mode 100644
index 0000000..3e4b65d
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_telephony.te
@@ -0,0 +1,42 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_telephony_client, hal_telephony_server)
+binder_call(hal_telephony_server, hal_telephony_client)
+
+hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)
+
+allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
+
+allow hal_telephony_server self:netlink_route_socket nlmsg_write;
+allow hal_telephony_server kernel:system module_request;
+allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
+allow hal_telephony_server cgroup:dir create_dir_perms;
+allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
+allow hal_telephony_server radio_device:chr_file rw_file_perms;
+allow hal_telephony_server radio_device:blk_file r_file_perms;
+allow hal_telephony_server efs_file:dir create_dir_perms;
+allow hal_telephony_server efs_file:file create_file_perms;
+allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
+allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
+allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;
+
+# property service
+set_prop(hal_telephony_server, radio_prop)
+set_prop(hal_telephony_server, exported_radio_prop)
+set_prop(hal_telephony_server, exported2_radio_prop)
+set_prop(hal_telephony_server, exported3_radio_prop)
+
+allow hal_telephony_server tty_device:chr_file rw_file_perms;
+
+# Allow hal_telephony_server to create and use netlink sockets.
+allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Access to wake locks
+wakelock_use(hal_telephony_server)
+
+r_dir_file(hal_telephony_server, proc_net_type)
+r_dir_file(hal_telephony_server, sysfs_type)
+
+# granting the ioctl permission for hal_telephony_server should be device specific
+allow hal_telephony_server self:socket create_socket_perms_no_ioctl;
diff --git a/prebuilts/api/30.0/public/hal_tetheroffload.te b/prebuilts/api/30.0/public/hal_tetheroffload.te
new file mode 100644
index 0000000..cf51723
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_tetheroffload.te
@@ -0,0 +1,8 @@
+## HwBinder IPC from client to server, and callbacks
+binder_call(hal_tetheroffload_client, hal_tetheroffload_server)
+binder_call(hal_tetheroffload_server, hal_tetheroffload_client)
+
+hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice)
+
+# allow the client to pass the server already open netlink sockets
+allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write };
diff --git a/prebuilts/api/30.0/public/hal_thermal.te b/prebuilts/api/30.0/public/hal_thermal.te
new file mode 100644
index 0000000..2115da1
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_thermal.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_thermal_client, hal_thermal_server)
+binder_call(hal_thermal_server, hal_thermal_client)
+
+hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_tv_cec.te b/prebuilts/api/30.0/public/hal_tv_cec.te
new file mode 100644
index 0000000..6584904
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_tv_cec.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_tv_cec_client, hal_tv_cec_server)
+binder_call(hal_tv_cec_server, hal_tv_cec_client)
+
+hal_attribute_hwservice(hal_tv_cec, hal_tv_cec_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_tv_input.te b/prebuilts/api/30.0/public/hal_tv_input.te
new file mode 100644
index 0000000..5a5bdda
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_tv_input.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from clients into server, and callbacks
+binder_call(hal_tv_input_client, hal_tv_input_server)
+binder_call(hal_tv_input_server, hal_tv_input_client)
+
+hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_tv_tuner.te b/prebuilts/api/30.0/public/hal_tv_tuner.te
new file mode 100644
index 0000000..0da4ec7
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_tv_tuner.te
@@ -0,0 +1,4 @@
+binder_call(hal_tv_tuner_client, hal_tv_tuner_server)
+binder_call(hal_tv_tuner_server, hal_tv_tuner_client)
+
+hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_usb.te b/prebuilts/api/30.0/public/hal_usb.te
new file mode 100644
index 0000000..38bc49a
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_usb.te
@@ -0,0 +1,18 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_usb_client, hal_usb_server)
+binder_call(hal_usb_server, hal_usb_client)
+
+hal_attribute_hwservice(hal_usb, hal_usb_hwservice)
+
+allow hal_usb self:netlink_kobject_uevent_socket create;
+allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket getopt;
+allow hal_usb self:netlink_kobject_uevent_socket bind;
+allow hal_usb self:netlink_kobject_uevent_socket read;
+allow hal_usb sysfs:dir open;
+allow hal_usb sysfs:dir read;
+allow hal_usb sysfs:file read;
+allow hal_usb sysfs:file open;
+allow hal_usb sysfs:file write;
+allow hal_usb sysfs:file getattr;
+
diff --git a/prebuilts/api/30.0/public/hal_usb_gadget.te b/prebuilts/api/30.0/public/hal_usb_gadget.te
new file mode 100644
index 0000000..a474652
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_usb_gadget.te
@@ -0,0 +1,13 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
+binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
+
+hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
+
+# Configuring usb gadget functions
+allow hal_usb_gadget_server configfs:lnk_file { read create unlink};
+allow hal_usb_gadget_server configfs:dir rw_dir_perms;
+allow hal_usb_gadget_server configfs:file create_file_perms;
+allow hal_usb_gadget_server functionfs:dir { read search };
+allow hal_usb_gadget_server functionfs:file read;
+
diff --git a/prebuilts/api/30.0/public/hal_vehicle.te b/prebuilts/api/30.0/public/hal_vehicle.te
new file mode 100644
index 0000000..6855d14
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_vehicle.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_vehicle_client, hal_vehicle_server)
+binder_call(hal_vehicle_server, hal_vehicle_client)
+
+
+hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_vibrator.te b/prebuilts/api/30.0/public/hal_vibrator.te
new file mode 100644
index 0000000..a34621d
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_vibrator.te
@@ -0,0 +1,16 @@
+# HwBinder IPC client/server
+binder_call(hal_vibrator_client, hal_vibrator_server)
+binder_call(hal_vibrator_server, hal_vibrator_client);
+
+hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
+
+add_service(hal_vibrator_server, hal_vibrator_service)
+binder_call(hal_vibrator_server, servicemanager)
+
+allow hal_vibrator_client hal_vibrator_service:service_manager find;
+
+allow hal_vibrator_server dumpstate:fifo_file write;
+
+# vibrator sysfs rw access
+allow hal_vibrator sysfs_vibrator:file rw_file_perms;
+allow hal_vibrator sysfs_vibrator:dir search;
diff --git a/prebuilts/api/30.0/public/hal_vr.te b/prebuilts/api/30.0/public/hal_vr.te
new file mode 100644
index 0000000..e52c77f
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_vr.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_vr_client, hal_vr_server)
+binder_call(hal_vr_server, hal_vr_client)
+
+hal_attribute_hwservice(hal_vr, hal_vr_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_weaver.te b/prebuilts/api/30.0/public/hal_weaver.te
new file mode 100644
index 0000000..36d1306
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_weaver.te
@@ -0,0 +1,4 @@
+# HwBinder IPC from client to server
+binder_call(hal_weaver_client, hal_weaver_server)
+
+hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice)
diff --git a/prebuilts/api/30.0/public/hal_wifi.te b/prebuilts/api/30.0/public/hal_wifi.te
new file mode 100644
index 0000000..ecc1359
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_wifi.te
@@ -0,0 +1,31 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_wifi_client, hal_wifi_server)
+binder_call(hal_wifi_server, hal_wifi_client)
+
+hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice)
+
+r_dir_file(hal_wifi, proc_net_type)
+r_dir_file(hal_wifi, sysfs_type)
+
+set_prop(hal_wifi, exported_wifi_prop)
+set_prop(hal_wifi, wifi_prop)
+
+# allow hal wifi set interfaces up and down and get the factory MAC
+allow hal_wifi self:udp_socket create_socket_perms;
+allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
+
+allow hal_wifi self:global_capability_class_set { net_admin net_raw };
+# allow hal_wifi to speak to nl80211 in the kernel
+allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl;
+# hal_wifi writes firmware paths to this file.
+allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };
+# allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded
+allow hal_wifi proc_modules:file { getattr open read };
+# Allow hal_wifi to send dump info to dumpstate
+allow hal_wifi dumpstate:fifo_file write;
+
+# allow hal_wifi to write into /data/vendor/tombstones/wifi
+allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms;
+allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms;
diff --git a/prebuilts/api/30.0/public/hal_wifi_hostapd.te b/prebuilts/api/30.0/public/hal_wifi_hostapd.te
new file mode 100644
index 0000000..12d72b6
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_wifi_hostapd.te
@@ -0,0 +1,27 @@
+# HwBinder IPC from client to server
+binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server)
+binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client)
+
+hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
+
+allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw };
+
+allow hal_wifi_hostapd_server sysfs_net:dir search;
+
+# Allow hal_wifi_hostapd to access /proc/net/psched
+allow hal_wifi_hostapd_server proc_net_type:file { getattr open read };
+
+# Various socket permissions.
+allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls;
+allow hal_wifi_hostapd_server self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_wifi_hostapd_server self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_wifi_hostapd_server self:packet_socket create_socket_perms_no_ioctl;
+allow hal_wifi_hostapd_server self:netlink_route_socket nlmsg_write;
+
+###
+### neverallow rules
+###
+
+# hal_wifi_hostapd should not trust any data from sdcards
+neverallow hal_wifi_hostapd_server sdcard_type:dir ~getattr;
+neverallow hal_wifi_hostapd_server sdcard_type:file *;
diff --git a/prebuilts/api/30.0/public/hal_wifi_supplicant.te b/prebuilts/api/30.0/public/hal_wifi_supplicant.te
new file mode 100644
index 0000000..6004c33
--- /dev/null
+++ b/prebuilts/api/30.0/public/hal_wifi_supplicant.te
@@ -0,0 +1,28 @@
+# HwBinder IPC from client to server
+binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server)
+binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
+
+hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
+
+# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
+
+r_dir_file(hal_wifi_supplicant, sysfs_type)
+r_dir_file(hal_wifi_supplicant, proc_net_type)
+
+allow hal_wifi_supplicant kernel:system module_request;
+allow hal_wifi_supplicant self:global_capability_class_set { setuid net_admin setgid net_raw };
+allow hal_wifi_supplicant cgroup:dir create_dir_perms;
+allow hal_wifi_supplicant self:netlink_route_socket nlmsg_write;
+allow hal_wifi_supplicant self:netlink_socket create_socket_perms_no_ioctl;
+allow hal_wifi_supplicant self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow hal_wifi_supplicant self:packet_socket create_socket_perms;
+allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
+
+###
+### neverallow rules
+###
+
+# wpa_supplicant should not trust any data from sdcards
+neverallow hal_wifi_supplicant_server sdcard_type:dir ~getattr;
+neverallow hal_wifi_supplicant_server sdcard_type:file *;
diff --git a/prebuilts/api/30.0/public/healthd.te b/prebuilts/api/30.0/public/healthd.te
new file mode 100644
index 0000000..7ea23e1
--- /dev/null
+++ b/prebuilts/api/30.0/public/healthd.te
@@ -0,0 +1,56 @@
+# healthd - battery/charger monitoring service daemon
+type healthd, domain;
+type healthd_exec, system_file_type, exec_type, file_type;
+
+# Write to /dev/kmsg
+allow healthd kmsg_device:chr_file rw_file_perms;
+
+# Read access to pseudo filesystems.
+allow healthd sysfs_type:dir search;
+# Allow to read /sys/class/power_supply directory.
+allow healthd sysfs:dir r_dir_perms;
+r_dir_file(healthd, rootfs)
+r_dir_file(healthd, cgroup)
+
+allow healthd self:global_capability_class_set { sys_tty_config };
+allow healthd self:global_capability_class_set sys_boot;
+dontaudit healthd self:global_capability_class_set sys_resource;
+
+allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+wakelock_use(healthd)
+
+hal_client_domain(healthd, hal_health)
+
+# Read/write to /sys/power/state
+allow healthd sysfs_power:file rw_file_perms;
+
+# TODO: added to match above sysfs rule. Remove me?
+allow healthd sysfs_usb:file write;
+
+r_dir_file(healthd, sysfs_batteryinfo)
+
+###
+### healthd: charger mode
+###
+
+# Read /sys/fs/pstore/console-ramoops
+# Don't worry about overly broad permissions for now, as there's
+# only one file in /sys/fs/pstore
+allow healthd pstorefs:dir r_dir_perms;
+allow healthd pstorefs:file r_file_perms;
+
+allow healthd graphics_device:dir r_dir_perms;
+allow healthd graphics_device:chr_file rw_file_perms;
+allow healthd input_device:dir r_dir_perms;
+allow healthd input_device:chr_file r_file_perms;
+allow healthd tty_device:chr_file rw_file_perms;
+allow healthd ashmem_device:chr_file execute;
+allow healthd proc_sysrq:file rw_file_perms;
+
+# Healthd needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(healthd, system_prop)
+set_prop(healthd, exported_system_prop)
+set_prop(healthd, exported2_system_prop)
+set_prop(healthd, exported3_system_prop)
diff --git a/prebuilts/api/30.0/public/heapprofd.te b/prebuilts/api/30.0/public/heapprofd.te
new file mode 100644
index 0000000..7ceb23f
--- /dev/null
+++ b/prebuilts/api/30.0/public/heapprofd.te
@@ -0,0 +1 @@
+type heapprofd, domain, coredomain;
diff --git a/prebuilts/api/30.0/public/hwservice.te b/prebuilts/api/30.0/public/hwservice.te
new file mode 100644
index 0000000..6f223dd
--- /dev/null
+++ b/prebuilts/api/30.0/public/hwservice.te
@@ -0,0 +1,102 @@
+# hwservice types. By default most of the HALs are protected_hwservice, which means
+# access from untrusted apps is prohibited.
+type default_android_hwservice, hwservice_manager_type, protected_hwservice;
+type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_audio_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_camera_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_health_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_ir_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_light_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_power_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_usb_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vr_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice;
+type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice;
+
+# Following is the hwservices that are explicitly not marked with protected_hwservice.
+# These are directly accessible from untrusted apps.
+# - same process services: because they by definition run in the process
+# of the client and thus have the same access as the client domain in which
+# the process runs
+# - coredomain_hwservice: are considered safer than ordinary hwservices which
+# are from vendor partition
+# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
+# designed for use by any domain.
+# - hal_graphics_allocator_hwservice: because these operations are also offered
+# by surfaceflinger Binder service, which apps are permitted to access
+# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
+# Binder service which apps were permitted to access.
+# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
+# - hal_drm_hwservice: versions > API 29 are designed specifically with
+# untrusted app access in mind.
+type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hal_cas_hwservice, hwservice_manager_type;
+type hal_codec2_hwservice, hwservice_manager_type;
+type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
+type hal_drm_hwservice, hwservice_manager_type;
+type hal_graphics_allocator_hwservice, hwservice_manager_type;
+type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
+type hal_neuralnetworks_hwservice, hwservice_manager_type;
+type hal_omx_hwservice, hwservice_manager_type;
+type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
+type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hidl_base_hwservice, hwservice_manager_type;
+type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
+type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };
diff --git a/prebuilts/api/30.0/public/hwservicemanager.te b/prebuilts/api/30.0/public/hwservicemanager.te
new file mode 100644
index 0000000..7f03815
--- /dev/null
+++ b/prebuilts/api/30.0/public/hwservicemanager.te
@@ -0,0 +1,22 @@
+# hwservicemanager - the Binder context manager for HAL services
+type hwservicemanager, domain, mlstrustedsubject;
+type hwservicemanager_exec, system_file_type, exec_type, file_type;
+
+# Note that we do not use the binder_* macros here.
+# hwservicemanager provides name service (aka context manager)
+# for hwbinder.
+# Additionally, it initiates binder IPC calls to
+# clients who request service notifications. The permission
+# to do this is granted in the hwbinder_use macro.
+allow hwservicemanager self:binder set_context_mgr;
+
+set_prop(hwservicemanager, hwservicemanager_prop)
+
+# Scan through /system/lib64/hw looking for installed HALs
+allow hwservicemanager system_file:dir r_dir_perms;
+
+# Read hwservice_contexts
+allow hwservicemanager hwservice_contexts_file:file r_file_perms;
+
+# Check SELinux permissions.
+selinux_check_access(hwservicemanager)
diff --git a/prebuilts/api/30.0/public/idmap.te b/prebuilts/api/30.0/public/idmap.te
new file mode 100644
index 0000000..f41f573
--- /dev/null
+++ b/prebuilts/api/30.0/public/idmap.te
@@ -0,0 +1,31 @@
+# idmap, when executed by installd
+type idmap, domain;
+type idmap_exec, system_file_type, exec_type, file_type;
+
+# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
+# Use open file to /data/resource-cache file inherited from installd.
+allow idmap installd:fd use;
+allow idmap resourcecache_data_file:file create_file_perms;
+allow idmap resourcecache_data_file:dir rw_dir_perms;
+
+# Ignore reading /proc/<pid>/maps after a fork.
+dontaudit idmap installd:file read;
+
+# Open and read from target and overlay apk files passed by argument.
+allow idmap apk_data_file:file r_file_perms;
+allow idmap apk_data_file:dir search;
+
+# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
+allow idmap { apk_tmp_file apk_private_tmp_file }:dir search;
+
+# Allow apps access to /vendor/app
+r_dir_file(idmap, vendor_app_file)
+
+# Allow apps access to /vendor/overlay
+r_dir_file(idmap, vendor_overlay_file)
+
+# Allow the idmap2d binary to register as a service and communicate via AIDL
+binder_use(idmap)
+binder_service(idmap)
+add_service(idmap, idmap_service)
diff --git a/prebuilts/api/30.0/public/incident.te b/prebuilts/api/30.0/public/incident.te
new file mode 100644
index 0000000..ce57bf6
--- /dev/null
+++ b/prebuilts/api/30.0/public/incident.te
@@ -0,0 +1,8 @@
+# The incident command is used to call into the incidentd service to
+# take an incident report (binary, shared bugreport), download incident
+# reports that have already been taken, and monitor for new ones.
+# It doesn't do anything else.
+
+# incident
+type incident, domain;
+
diff --git a/prebuilts/api/30.0/public/incident_helper.te b/prebuilts/api/30.0/public/incident_helper.te
new file mode 100644
index 0000000..bca1018
--- /dev/null
+++ b/prebuilts/api/30.0/public/incident_helper.te
@@ -0,0 +1,5 @@
+# The incident_helper is called by incidentd and
+# can only read/write data from/to incidentd
+
+# incident_helper
+type incident_helper, domain;
diff --git a/prebuilts/api/30.0/public/incidentd.te b/prebuilts/api/30.0/public/incidentd.te
new file mode 100644
index 0000000..b03249c
--- /dev/null
+++ b/prebuilts/api/30.0/public/incidentd.te
@@ -0,0 +1,3 @@
+# incidentd
+type incidentd, domain;
+
diff --git a/prebuilts/api/30.0/public/init.te b/prebuilts/api/30.0/public/init.te
new file mode 100644
index 0000000..403b4c5
--- /dev/null
+++ b/prebuilts/api/30.0/public/init.te
@@ -0,0 +1,634 @@
+# init is its own domain.
+type init, domain, mlstrustedsubject;
+type init_exec, system_file_type, exec_type, file_type;
+type init_tmpfs, file_type;
+
+# /dev/__null__ node created by init.
+allow init tmpfs:chr_file { create setattr unlink rw_file_perms };
+
+#
+# init direct restorecon calls.
+#
+# /dev/kmsg
+allow init tmpfs:chr_file relabelfrom;
+allow init kmsg_device:chr_file { getattr write relabelto };
+# /dev/kmsg_debug
+userdebug_or_eng(`
+ allow init kmsg_debug_device:chr_file { open write relabelto };
+')
+# /dev/__properties__
+allow init properties_device:dir relabelto;
+allow init properties_serial:file { write relabelto };
+allow init property_type:file { append create getattr map open read relabelto rename setattr unlink write };
+# /dev/__properties__/property_info
+allow init properties_device:file create_file_perms;
+allow init property_info:file relabelto;
+# /dev/event-log-tags
+allow init device:file relabelfrom;
+allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
+# /dev/socket
+allow init { device socket_device }:dir relabelto;
+# allow init to establish connection and communicate with lmkd
+unix_socket_connect(init, lmkd, lmkd)
+# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
+allow init { null_device ptmx_device random_device } : chr_file relabelto;
+# /dev/device-mapper, /dev/block(/.*)?
+allow init tmpfs:{ chr_file blk_file } relabelfrom;
+allow init tmpfs:blk_file getattr;
+allow init block_device:{ dir blk_file lnk_file } relabelto;
+allow init dm_device:{ chr_file blk_file } relabelto;
+allow init kernel:fd use;
+# restorecon for early mount device symlinks
+allow init tmpfs:lnk_file { getattr read relabelfrom };
+allow init {
+ metadata_block_device
+ misc_block_device
+ recovery_block_device
+ system_block_device
+ userdata_block_device
+}:{ blk_file lnk_file } relabelto;
+
+allow init super_block_device:lnk_file relabelto;
+
+# Create /mnt/sdcard -> /storage/self/primary symlink.
+allow init mnt_sdcard_file:lnk_file create;
+
+# setrlimit
+allow init self:global_capability_class_set sys_resource;
+
+# Remove /dev/.booting and load /debug_ramdisk/* files
+allow init tmpfs:file { getattr unlink };
+
+# Access pty created for fsck.
+allow init devpts:chr_file { read write open };
+
+# Create /dev/fscklogs files.
+allow init fscklogs:file create_file_perms;
+
+# Access /dev/__null__ node created prior to initial policy load.
+allow init tmpfs:chr_file write;
+
+# Access /dev/console.
+allow init console_device:chr_file rw_file_perms;
+
+# Access /dev/tty0.
+allow init tty_device:chr_file rw_file_perms;
+
+# Call mount(2).
+allow init self:global_capability_class_set sys_admin;
+
+# Call setns(2).
+allow init self:global_capability_class_set sys_chroot;
+
+# Create and mount on directories in /.
+allow init rootfs:dir create_dir_perms;
+allow init {
+ rootfs
+ cache_file
+ cgroup
+ linkerconfig_file
+ storage_file
+ mnt_user_file
+ system_data_file
+ system_data_root_file
+ system_file
+ vendor_file
+ postinstall_mnt_dir
+ mirror_data_file
+}:dir mounton;
+allow init cgroup_bpf:dir { create mounton };
+
+# Mount bpf fs on sys/fs/bpf
+allow init fs_bpf:dir mounton;
+
+# Mount on /dev/usb-ffs/adb.
+allow init device:dir mounton;
+
+# Mount tmpfs on /apex
+allow init apex_mnt_dir:dir mounton;
+
+# Bind-mount on /system/apex/com.android.art
+allow init art_apex_dir:dir mounton;
+
+# Create and remove symlinks in /.
+allow init rootfs:lnk_file { create unlink };
+
+# Mount debugfs on /sys/kernel/debug.
+allow init sysfs:dir mounton;
+
+# Create cgroups mount points in tmpfs and mount cgroups on them.
+allow init tmpfs:dir create_dir_perms;
+allow init tmpfs:dir mounton;
+allow init cgroup:dir create_dir_perms;
+allow init cgroup:file rw_file_perms;
+allow init cgroup_rc_file:file rw_file_perms;
+allow init cgroup_desc_file:file r_file_perms;
+allow init vendor_cgroup_desc_file:file r_file_perms;
+
+# /config
+allow init configfs:dir mounton;
+allow init configfs:dir create_dir_perms;
+allow init configfs:{ file lnk_file } create_file_perms;
+
+# /metadata
+allow init metadata_file:dir mounton;
+
+# Use tmpfs as /data, used for booting when /data is encrypted
+allow init tmpfs:dir relabelfrom;
+
+# Create directories under /dev/cpuctl after chowning it to system.
+allow init self:global_capability_class_set { dac_override dac_read_search };
+
+# Set system clock.
+allow init self:global_capability_class_set sys_time;
+
+allow init self:global_capability_class_set { sys_rawio mknod };
+
+# Mounting filesystems from block devices.
+allow init dev_type:blk_file r_file_perms;
+allowxperm init dev_type:blk_file ioctl BLKROSET;
+
+# Mounting filesystems.
+# Only allow relabelto for types used in context= mount options,
+# which should all be assigned the contextmount_type attribute.
+# This can be done in device-specific policy via type or typeattribute
+# declarations.
+allow init fs_type:filesystem ~relabelto;
+allow init unlabeled:filesystem ~relabelto;
+allow init contextmount_type:filesystem relabelto;
+
+# Allow read-only access to context= mounted filesystems.
+allow init contextmount_type:dir r_dir_perms;
+allow init contextmount_type:notdevfile_class_set r_file_perms;
+
+# restorecon /adb_keys or any other rootfs files and directories to a more
+# specific type.
+allow init rootfs:{ dir file } relabelfrom;
+
+# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
+# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
+# system/core/init.rc requires at least cache_file and data_file_type.
+# init.<board>.rc files often include device-specific types, so
+# we just allow all file types except /system files here.
+allow init self:global_capability_class_set { chown fowner fsetid };
+
+allow init {
+ file_type
+ -app_data_file
+ -exec_type
+ -misc_logd_file
+ -nativetest_data_file
+ -privapp_data_file
+ -system_app_data_file
+ -system_file_type
+ -vendor_file_type
+}:dir { create search getattr open read setattr ioctl };
+
+allow init {
+ file_type
+ -app_data_file
+ -exec_type
+ -iorapd_data_file
+ -credstore_data_file
+ -keystore_data_file
+ -misc_logd_file
+ -nativetest_data_file
+ -privapp_data_file
+ -shell_data_file
+ -system_app_data_file
+ -system_file_type
+ -vendor_file_type
+ -vold_data_file
+}:dir { write add_name remove_name rmdir relabelfrom };
+
+allow init {
+ file_type
+ -app_data_file
+ -exec_type
+ -gsi_data_file
+ -iorapd_data_file
+ -credstore_data_file
+ -keystore_data_file
+ -misc_logd_file
+ -nativetest_data_file
+ -privapp_data_file
+ -runtime_event_log_tags_file
+ -shell_data_file
+ -system_app_data_file
+ -system_file_type
+ -vendor_file_type
+ -vold_data_file
+}:file { create getattr open read write setattr relabelfrom unlink map };
+
+allow init {
+ file_type
+ -app_data_file
+ -exec_type
+ -gsi_data_file
+ -iorapd_data_file
+ -credstore_data_file
+ -keystore_data_file
+ -misc_logd_file
+ -nativetest_data_file
+ -privapp_data_file
+ -shell_data_file
+ -system_app_data_file
+ -system_file_type
+ -vendor_file_type
+ -vold_data_file
+}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
+
+allow init {
+ file_type
+ -apex_mnt_dir
+ -app_data_file
+ -exec_type
+ -gsi_data_file
+ -iorapd_data_file
+ -credstore_data_file
+ -keystore_data_file
+ -misc_logd_file
+ -nativetest_data_file
+ -privapp_data_file
+ -shell_data_file
+ -system_app_data_file
+ -system_file_type
+ -vendor_file_type
+ -vold_data_file
+}:lnk_file { create getattr setattr relabelfrom unlink };
+
+allow init cache_file:lnk_file r_file_perms;
+
+allow init {
+ file_type
+ -system_file_type
+ -vendor_file_type
+ -exec_type
+ -app_data_file
+ -privapp_data_file
+}:dir_file_class_set relabelto;
+
+allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom };
+allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr };
+allow init dev_type:dir create_dir_perms;
+allow init dev_type:lnk_file create;
+
+# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
+allow init debugfs_tracing:file w_file_perms;
+
+# Setup and control wifi event tracing (see wifi-events.rc)
+allow init debugfs_tracing_instances:dir create_dir_perms;
+allow init debugfs_tracing_instances:file w_file_perms;
+allow init debugfs_wifi_tracing:file w_file_perms;
+
+# chown/chmod on pseudo files.
+allow init {
+ fs_type
+ -contextmount_type
+ -keychord_device
+ -proc_type
+ -sdcard_type
+ -sysfs_type
+ -rootfs
+}:file { open read setattr };
+allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
+
+allow init {
+ binder_device
+ console_device
+ devpts
+ dm_device
+ hwbinder_device
+ hw_random_device
+ input_device
+ kmsg_device
+ null_device
+ owntty_device
+ pmsg_device
+ ptmx_device
+ random_device
+ tty_device
+ zero_device
+}:chr_file { read open };
+
+# chown/chmod on devices.
+allow init {
+ dev_type
+ -keychord_device
+ -port_device
+}:chr_file setattr;
+
+# Unlabeled file access for upgrades from 4.2.
+allow init unlabeled:dir { create_dir_perms relabelfrom };
+allow init unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
+
+# Any operation that can modify the kernel ring buffer, e.g. clear
+# or a read that consumes the messages that were read.
+allow init kernel:system syslog_mod;
+allow init self:global_capability2_class_set syslog;
+
+# init access to /proc.
+r_dir_file(init, proc_net_type)
+allow init proc_filesystems:file r_file_perms;
+
+userdebug_or_eng(`
+ # Overlayfs workdir write access check during mount to permit remount,rw
+ allow init overlayfs_file:dir { relabelfrom mounton write };
+ allow init overlayfs_file:file { append };
+ allow init system_block_device:blk_file { write };
+')
+
+allow init {
+ proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_cmdline
+ proc_diskstats
+ proc_kmsg # Open /proc/kmsg for logd service.
+ proc_meminfo
+ proc_stat # Read /proc/stat for bootchart.
+ proc_uptime
+ proc_version
+}:file r_file_perms;
+
+allow init {
+ proc_abi
+ proc_dirty
+ proc_hostname
+ proc_hung_task
+ proc_extra_free_kbytes
+ proc_net_type
+ proc_max_map_count
+ proc_min_free_order_shift
+ proc_overcommit_memory # /proc/sys/vm/overcommit_memory
+ proc_panic
+ proc_page_cluster
+ proc_perf
+ proc_sched
+ proc_sysrq
+}:file w_file_perms;
+
+allow init {
+ proc_security
+}:file rw_file_perms;
+
+# init chmod/chown access to /proc files.
+allow init {
+ proc_cmdline
+ proc_kmsg
+ proc_net
+ proc_qtaguid_stat
+ proc_slabinfo
+ proc_sysrq
+ proc_qtaguid_ctrl
+ proc_vmallocinfo
+}:file setattr;
+
+# init access to /sys files.
+allow init {
+ sysfs_android_usb
+ sysfs_dm_verity
+ sysfs_leds
+ sysfs_power
+ sysfs_fs_f2fs
+ sysfs_dm
+}:file w_file_perms;
+
+allow init {
+ sysfs_dt_firmware_android
+ sysfs_fs_ext4_features
+}:file r_file_perms;
+
+allow init {
+ sysfs_zram
+}:file rw_file_perms;
+
+# allow init to create loop devices with /dev/loop-control
+allow init loop_control_device:chr_file rw_file_perms;
+allow init loop_device:blk_file rw_file_perms;
+allowxperm init loop_device:blk_file ioctl {
+ LOOP_SET_FD
+ LOOP_CLR_FD
+ LOOP_CTL_GET_FREE
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+};
+
+# Allow init to write to vibrator/trigger
+allow init sysfs_vibrator:file w_file_perms;
+
+# init chmod/chown access to /sys files.
+allow init {
+ sysfs_android_usb
+ sysfs_devices_system_cpu
+ sysfs_ipv4
+ sysfs_leds
+ sysfs_lowmemorykiller
+ sysfs_power
+ sysfs_vibrator
+ sysfs_wake_lock
+ sysfs_zram
+}:file setattr;
+
+# Set usermodehelpers.
+allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms;
+
+allow init self:global_capability_class_set net_admin;
+
+# Reboot.
+allow init self:global_capability_class_set sys_boot;
+
+# Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd".
+# Init will also walk through the directory as part of a recursive restorecon.
+allow init misc_logd_file:dir { add_name open create read getattr setattr search write };
+allow init misc_logd_file:file { open create getattr setattr write };
+
+# Support "adb shell stop"
+allow init self:global_capability_class_set kill;
+allow init domain:process { getpgid sigkill signal };
+
+# Init creates credstore's directory on boot, and walks through
+# the directory as part of a recursive restorecon.
+allow init credstore_data_file:dir { open create read getattr setattr search };
+allow init credstore_data_file:file { getattr };
+
+# Init creates keystore's directory on boot, and walks through
+# the directory as part of a recursive restorecon.
+allow init keystore_data_file:dir { open create read getattr setattr search };
+allow init keystore_data_file:file { getattr };
+
+# Init creates vold's directory on boot, and walks through
+# the directory as part of a recursive restorecon.
+allow init vold_data_file:dir { open create read getattr setattr search };
+allow init vold_data_file:file { getattr };
+
+# Init creates /data/local/tmp at boot
+allow init shell_data_file:dir { open create read getattr setattr search };
+allow init shell_data_file:file { getattr };
+
+# Set UID, GID, and adjust capability bounding set for services.
+allow init self:global_capability_class_set { setuid setgid setpcap };
+
+# For bootchart to read the /proc/$pid/cmdline file of each process,
+# we need to have following line to allow init to have access
+# to different domains.
+r_dir_file(init, domain)
+
+# Use setexeccon(), setfscreatecon(), and setsockcreatecon().
+# setexec is for services with seclabel options.
+# setfscreate is for labeling directories and socket files.
+# setsockcreate is for labeling local/unix domain sockets.
+allow init self:process { setexec setfscreate setsockcreate };
+
+# Get file context
+allow init file_contexts_file:file r_file_perms;
+
+# sepolicy access
+allow init sepolicy_file:file r_file_perms;
+
+# Perform SELinux access checks on setting properties.
+selinux_check_access(init)
+
+# Ask the kernel for the new context on services to label their sockets.
+allow init kernel:security compute_create;
+
+# Create sockets for the services.
+allow init domain:unix_stream_socket { create bind setopt };
+allow init domain:unix_dgram_socket { create bind setopt };
+
+# Create /data/property and files within it.
+allow init property_data_file:dir create_dir_perms;
+allow init property_data_file:file create_file_perms;
+
+# Set any property.
+allow init property_type:property_service set;
+
+# Send an SELinux userspace denial to the kernel audit subsystem,
+# so it can be picked up and processed by logd. These denials are
+# generated when an attempt to set a property is denied by policy.
+allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };
+allow init self:global_capability_class_set audit_write;
+
+# Run "ifup lo" to bring up the localhost interface
+allow init self:udp_socket { create ioctl };
+# in addition to unpriv ioctls granted to all domains, init also needs:
+allowxperm init self:udp_socket ioctl SIOCSIFFLAGS;
+allow init self:global_capability_class_set net_raw;
+
+# Set scheduling info for psi monitor thread.
+# TODO: delete or revise this line b/131761776
+allow init kernel:process { getsched setsched };
+
+# swapon() needs write access to swap device
+# system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all
+allow init swap_block_device:blk_file rw_file_perms;
+
+# Read from /dev/hw_random if present.
+# system/core/init/init.c - mix_hwrng_into_linux_rng_action
+allow init hw_random_device:chr_file r_file_perms;
+
+# Create and access /dev files without a specific type,
+# e.g. /dev/.coldboot_done, /dev/.booting
+# TODO: Move these files into their own type unless they are
+# only ever accessed by init.
+allow init device:file create_file_perms;
+
+# keychord retrieval from /dev/input/ devices
+allow init input_device:dir r_dir_perms;
+allow init input_device:chr_file rw_file_perms;
+
+# Access device mapper for setting up dm-verity
+allow init dm_device:chr_file rw_file_perms;
+allow init dm_device:blk_file rw_file_perms;
+
+# Access metadata block device for storing dm-verity state
+allow init metadata_block_device:blk_file rw_file_perms;
+
+# Read /sys/fs/pstore/console-ramoops to detect restarts caused
+# by dm-verity detecting corrupted blocks
+allow init pstorefs:dir search;
+allow init pstorefs:file r_file_perms;
+allow init kernel:system syslog_read;
+
+# linux keyring configuration
+allow init init:key { write search setattr };
+
+# Allow init to create /data/unencrypted
+allow init unencrypted_data_file:dir create_dir_perms;
+
+# Set encryption policy on dirs in /data
+allowxperm init { data_file_type unlabeled }:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+};
+
+# Raw writes to misc block device
+allow init misc_block_device:blk_file w_file_perms;
+
+r_dir_file(init, system_file)
+r_dir_file(init, vendor_file_type)
+
+allow init system_data_file:file { getattr read };
+allow init system_data_file:lnk_file r_file_perms;
+
+# For init to be able to run shell scripts from vendor
+allow init vendor_shell_exec:file execute;
+
+# Metadata setup
+allow init vold_metadata_file:dir create_dir_perms;
+allow init vold_metadata_file:file getattr;
+allow init metadata_bootstat_file:dir create_dir_perms;
+allow init metadata_bootstat_file:file w_file_perms;
+
+# Allow init to touch PSI monitors
+allow init proc_pressure_mem:file { rw_file_perms setattr };
+
+# init is using bootstrap bionic
+allow init system_bootstrap_lib_file:dir r_dir_perms;
+allow init system_bootstrap_lib_file:file { execute read open getattr map };
+
+# stat the root dir of fuse filesystems (for the mount handler)
+allow init fuse:dir { search getattr };
+
+###
+### neverallow rules
+###
+
+# The init domain is only entered via an exec based transition from the
+# kernel domain, never via setcon().
+neverallow domain init:process dyntransition;
+neverallow { domain -kernel } init:process transition;
+neverallow init { file_type fs_type -init_exec }:file entrypoint;
+
+# Never read/follow symlinks created by shell or untrusted apps.
+neverallow init shell_data_file:lnk_file read;
+neverallow init { app_data_file privapp_data_file }:lnk_file read;
+
+# init should never execute a program without changing to another domain.
+neverallow init { file_type fs_type }:file execute_no_trans;
+
+# The use of sensitive environment variables, such as LD_PRELOAD, is disallowed
+# when init is executing other binaries. The use of LD_PRELOAD for init spawned
+# services is generally considered a no-no, as it injects libraries which the
+# binary was not expecting. This is especially problematic for APEXes. The use
+# of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
+# code into a process which wasn't expecting that code, with potentially
+# unexpected side effects. (b/140789528)
+neverallow init *:process noatsecure;
+
+# init can never add binder services
+neverallow init service_manager_type:service_manager { add find };
+# init can never list binder services
+neverallow init servicemanager:service_manager list;
+
+# Init should not be creating subdirectories in /data/local/tmp
+neverallow init shell_data_file:dir { write add_name remove_name };
+
+# Init should not access sysfs node that are not explicitly labeled.
+neverallow init sysfs:file { open read write };
+
+# No domain should be allowed to ptrace init.
+neverallow * init:process ptrace;
+
+# init owns the root of /data
+# TODO(b/140259336) We want to remove vendor_init
+# TODO(b/141108496) We want to remove toolbox
+neverallow { domain -init -toolbox -vendor_init -vold } system_data_root_file:dir { write add_name remove_name };
diff --git a/prebuilts/api/30.0/public/inputflinger.te b/prebuilts/api/30.0/public/inputflinger.te
new file mode 100644
index 0000000..c3f4da8
--- /dev/null
+++ b/prebuilts/api/30.0/public/inputflinger.te
@@ -0,0 +1,15 @@
+# inputflinger
+type inputflinger, domain;
+type inputflinger_exec, system_file_type, exec_type, file_type;
+
+binder_use(inputflinger)
+binder_service(inputflinger)
+
+binder_call(inputflinger, system_server)
+
+wakelock_use(inputflinger)
+
+allow inputflinger input_device:dir r_dir_perms;
+allow inputflinger input_device:chr_file rw_file_perms;
+
+r_dir_file(inputflinger, cgroup)
diff --git a/prebuilts/api/30.0/public/installd.te b/prebuilts/api/30.0/public/installd.te
new file mode 100644
index 0000000..c8cc89d
--- /dev/null
+++ b/prebuilts/api/30.0/public/installd.te
@@ -0,0 +1,190 @@
+# installer daemon
+type installd, domain;
+type installd_exec, system_file_type, exec_type, file_type;
+typeattribute installd mlstrustedsubject;
+allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin };
+
+# Allow labeling of files under /data/app/com.example/oat/
+allow installd dalvikcache_data_file:dir relabelto;
+allow installd dalvikcache_data_file:file { relabelto link };
+
+# Allow movement of APK files between volumes
+allow installd apk_data_file:dir { create_dir_perms relabelfrom };
+allow installd apk_data_file:file { create_file_perms relabelfrom link };
+allow installd apk_data_file:lnk_file { create r_file_perms unlink };
+
+# FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY (or in old implementation used in installd,
+# FS_IOC_SET_VERITY_MEASUREMENT) ioctls on APKs in /data/app, to support fsverity.
+# TODO(b/120629632): this path is deprecated, remove when possible.
+allowxperm installd apk_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
+
+allow installd asec_apk_file:file r_file_perms;
+allow installd apk_tmp_file:file { r_file_perms unlink };
+allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
+allow installd oemfs:dir r_dir_perms;
+allow installd oemfs:file r_file_perms;
+allow installd cgroup:dir create_dir_perms;
+allow installd mnt_expand_file:dir { search getattr };
+# Check validity of SELinux context before use.
+selinux_check_context(installd)
+
+r_dir_file(installd, rootfs)
+# Scan through APKs in /system/app and /system/priv-app
+r_dir_file(installd, system_file)
+# Scan through APKs in /vendor/app
+r_dir_file(installd, vendor_app_file)
+# Scan through JARs in /vendor/framework
+r_dir_file(installd, vendor_framework_file)
+# Scan through Runtime Resource Overlay APKs in /vendor/overlay
+r_dir_file(installd, vendor_overlay_file)
+# Get file context
+allow installd file_contexts_file:file r_file_perms;
+# Get seapp_context
+allow installd seapp_contexts_file:file r_file_perms;
+
+# Search /data/app-asec and stat files in it.
+allow installd asec_image_file:dir search;
+allow installd asec_image_file:file getattr;
+
+# Create /data/user and /data/user/0 if necessary.
+# Also required to initially create /data/data subdirectories
+# and lib symlinks before the setfilecon call. May want to
+# move symlink creation after setfilecon in installd.
+allow installd system_data_file:dir create_dir_perms;
+# Also, allow read for lnk_file so that we can process /data/user/0 links when
+# optimizing application code.
+allow installd system_data_file:lnk_file { create getattr read setattr unlink };
+
+# Manage lower filesystem via pass_through mounts
+allow installd mnt_pass_through_file:dir r_dir_perms;
+
+# Upgrade /data/media for multi-user if necessary.
+allow installd media_rw_data_file:dir create_dir_perms;
+allow installd media_rw_data_file:file { getattr unlink };
+# restorecon new /data/media directory.
+allow installd system_data_file:dir relabelfrom;
+allow installd media_rw_data_file:dir relabelto;
+
+# Delete /data/media files through sdcardfs, instead of going behind its back
+allow installd tmpfs:dir r_dir_perms;
+allow installd storage_file:dir search;
+allow installd sdcard_type:dir { search open read write remove_name getattr rmdir };
+allow installd sdcard_type:file { getattr unlink };
+
+# Create app's mirror data directory in /data_mirror, and bind mount the real directory to it
+allow installd mirror_data_file:dir { create_dir_perms mounton };
+
+# Upgrade /data/misc/keychain for multi-user if necessary.
+allow installd misc_user_data_file:dir create_dir_perms;
+allow installd misc_user_data_file:file create_file_perms;
+allow installd keychain_data_file:dir create_dir_perms;
+allow installd keychain_data_file:file {r_file_perms unlink};
+
+# Create /data/misc/installd/layout_version.* file
+allow installd install_data_file:file create_file_perms;
+allow installd install_data_file:dir rw_dir_perms;
+
+# Create files under /data/dalvik-cache.
+allow installd dalvikcache_data_file:dir create_dir_perms;
+allow installd dalvikcache_data_file:file create_file_perms;
+allow installd dalvikcache_data_file:lnk_file getattr;
+
+# Create files under /data/resource-cache.
+allow installd resourcecache_data_file:dir rw_dir_perms;
+allow installd resourcecache_data_file:file create_file_perms;
+
+# Upgrade from unlabeled userdata.
+# Just need enough to remove and/or relabel it.
+allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir };
+allow installd unlabeled:notdevfile_class_set { getattr relabelfrom rename unlink setattr };
+# Read pkg.apk file for input during dexopt.
+allow installd unlabeled:file r_file_perms;
+
+# Upgrade from before system_app_data_file was used for system UID apps.
+# Just need enough to relabel it and to unlink removed package files.
+# Directory access covered by earlier rule above.
+allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlink };
+
+# Manage /data/data subdirectories, including initially labeling them
+# upon creation via setfilecon or running restorecon_recursive,
+# setting owner/mode, creating symlinks within them, and deleting them
+# upon package uninstall.
+
+# Types extracted from seapp_contexts type= fields.
+allow installd {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:dir { create_dir_perms relabelfrom relabelto };
+
+allow installd {
+ system_app_data_file
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:notdevfile_class_set { create_file_perms relabelfrom relabelto };
+
+# Allow zygote to unmount mirror directories
+allow installd labeledfs:filesystem unmount;
+
+# Similar for the files under /data/misc/profiles/
+allow installd user_profile_data_file:dir create_dir_perms;
+allow installd user_profile_data_file:file create_file_perms;
+allow installd user_profile_data_file:dir rmdir;
+allow installd user_profile_data_file:file unlink;
+
+# Files created/updated by profman dumps.
+allow installd profman_dump_data_file:dir { search add_name write };
+allow installd profman_dump_data_file:file { create setattr open write };
+
+# Create and use pty created by android_fork_execvp().
+allow installd devpts:chr_file rw_file_perms;
+
+# execute toybox for app relocation
+allow installd toolbox_exec:file rx_file_perms;
+
+# Allow installd to publish a binder service and make binder calls.
+binder_use(installd)
+add_service(installd, installd_service)
+allow installd dumpstate:fifo_file { getattr write };
+
+# Allow installd to call into the system server so it can check permissions.
+binder_call(installd, system_server)
+allow installd permission_service:service_manager find;
+
+# Allow installd to read and write quotas
+allow installd block_device:dir { search };
+allow installd labeledfs:filesystem { quotaget quotamod };
+
+# Allow installd to delete from /data/preloads when trimming data caches
+# TODO b/34690396 Remove when time-based purge policy for preloads is implemented in system_server
+allow installd preloads_data_file:file { r_file_perms unlink };
+allow installd preloads_data_file:dir { r_dir_perms write remove_name rmdir };
+allow installd preloads_media_file:file { r_file_perms unlink };
+allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir };
+
+# Allow installd to read /proc/filesystems
+allow installd proc_filesystems:file r_file_perms;
+
+###
+### Neverallow rules
+###
+
+# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder
+neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find;
+neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call;
+neverallow installd {
+ domain
+ -system_server
+ -servicemanager
+ userdebug_or_eng(`-su')
+}:binder call;
diff --git a/prebuilts/api/30.0/public/ioctl_defines b/prebuilts/api/30.0/public/ioctl_defines
new file mode 100644
index 0000000..4cc3bba
--- /dev/null
+++ b/prebuilts/api/30.0/public/ioctl_defines
@@ -0,0 +1,2728 @@
+define(`ADD_NEW_DISK', `0x40140921')
+define(`ADV7842_CMD_RAM_TEST', `0x000056c0')
+define(`AGPIOC_ACQUIRE', `0x00004101')
+define(`AGPIOC_ALLOCATE', `0xc0084106')
+define(`AGPIOC_BIND', `0x40084108')
+define(`AGPIOC_CHIPSET_FLUSH', `0x0000410a')
+define(`AGPIOC_DEALLOCATE', `0x40044107')
+define(`AGPIOC_INFO', `0x80084100')
+define(`AGPIOC_PROTECT', `0x40084105')
+define(`AGPIOC_RELEASE', `0x00004102')
+define(`AGPIOC_RESERVE', `0x40084104')
+define(`AGPIOC_SETUP', `0x40084103')
+define(`AGPIOC_UNBIND', `0x40084109')
+define(`AMDKFD_IOC_CREATE_QUEUE', `0xc0584b02')
+define(`AMDKFD_IOC_DESTROY_QUEUE', `0xc0084b03')
+define(`AMDKFD_IOC_GET_CLOCK_COUNTERS', `0xc0284b05')
+define(`AMDKFD_IOC_GET_PROCESS_APERTURES', `0x81904b06')
+define(`AMDKFD_IOC_GET_VERSION', `0x80084b01')
+define(`AMDKFD_IOC_SET_MEMORY_POLICY', `0x40204b04')
+define(`AMDKFD_IOC_UPDATE_QUEUE', `0x40184b07')
+define(`ANDROID_ALARM_SET_RTC', `0x40106105')
+define(`ANDROID_ALARM_WAIT', `0x00006101')
+define(`APEI_ERST_CLEAR_RECORD', `0x40084501')
+define(`APEI_ERST_GET_RECORD_COUNT', `0x80044502')
+define(`APM_IOC_STANDBY', `0x00004101')
+define(`APM_IOC_SUSPEND', `0x00004102')
+define(`ASHMEM_GET_NAME', `0x81007702')
+define(`ASHMEM_GET_PIN_STATUS', `0x00007709')
+define(`ASHMEM_GET_PROT_MASK', `0x00007706')
+define(`ASHMEM_GET_SIZE', `0x00007704')
+define(`ASHMEM_PIN', `0x40087707')
+define(`ASHMEM_PURGE_ALL_CACHES', `0x0000770a')
+define(`ASHMEM_SET_NAME', `0x41007701')
+define(`ASHMEM_SET_PROT_MASK', `0x40087705')
+define(`ASHMEM_SET_SIZE', `0x40087703')
+define(`ASHMEM_UNPIN', `0x40087708')
+define(`ATM_ADDADDR', `0x40106188')
+define(`ATM_ADDLECSADDR', `0x4010618e')
+define(`ATM_ADDPARTY', `0x401061f4')
+define(`ATMARPD_CTRL', `0x000061e1')
+define(`ATMARP_ENCAP', `0x000061e5')
+define(`ATMARP_MKIP', `0x000061e2')
+define(`ATMARP_SETENTRY', `0x000061e3')
+define(`ATM_DELADDR', `0x40106189')
+define(`ATM_DELLECSADDR', `0x4010618f')
+define(`ATM_DROPPARTY', `0x400461f5')
+define(`ATM_GETADDR', `0x40106186')
+define(`ATM_GETCIRANGE', `0x4010618a')
+define(`ATM_GETESI', `0x40106185')
+define(`ATM_GETLECSADDR', `0x40106190')
+define(`ATM_GETLINKRATE', `0x40106181')
+define(`ATM_GETLOOP', `0x40106152')
+define(`ATM_GETNAMES', `0x40106183')
+define(`ATM_GETSTAT', `0x40106150')
+define(`ATM_GETSTATZ', `0x40106151')
+define(`ATM_GETTYPE', `0x40106184')
+define(`ATMLEC_CTRL', `0x000061d0')
+define(`ATMLEC_DATA', `0x000061d1')
+define(`ATMLEC_MCAST', `0x000061d2')
+define(`ATMMPC_CTRL', `0x000061d8')
+define(`ATMMPC_DATA', `0x000061d9')
+define(`ATM_NEWBACKENDIF', `0x400261f3')
+define(`ATM_QUERYLOOP', `0x40106154')
+define(`ATM_RSTADDR', `0x40106187')
+define(`ATM_SETBACKEND', `0x400261f2')
+define(`ATM_SETCIRANGE', `0x4010618b')
+define(`ATM_SETESI', `0x4010618c')
+define(`ATM_SETESIF', `0x4010618d')
+define(`ATM_SETLOOP', `0x40106153')
+define(`ATM_SETSC', `0x400461f1')
+define(`ATMSIGD_CTRL', `0x000061f0')
+define(`ATMTCP_CREATE', `0x0000618e')
+define(`ATMTCP_REMOVE', `0x0000618f')
+define(`AUDIO_BILINGUAL_CHANNEL_SELECT', `0x00006f14')
+define(`AUDIO_CHANNEL_SELECT', `0x00006f09')
+define(`AUDIO_CLEAR_BUFFER', `0x00006f0c')
+define(`AUDIO_CONTINUE', `0x00006f04')
+define(`AUDIO_GET_CAPABILITIES', `0x80046f0b')
+define(`AUDIO_GET_PTS', `0x80086f13')
+define(`AUDIO_GET_STATUS', `0x80206f0a')
+define(`AUDIO_PAUSE', `0x00006f03')
+define(`AUDIO_PLAY', `0x00006f02')
+define(`AUDIO_SELECT_SOURCE', `0x00006f05')
+define(`AUDIO_SET_ATTRIBUTES', `0x40026f11')
+define(`AUDIO_SET_AV_SYNC', `0x00006f07')
+define(`AUDIO_SET_BYPASS_MODE', `0x00006f08')
+define(`AUDIO_SET_EXT_ID', `0x00006f10')
+define(`AUDIO_SET_ID', `0x00006f0d')
+define(`AUDIO_SET_KARAOKE', `0x400c6f12')
+define(`AUDIO_SET_MIXER', `0x40086f0e')
+define(`AUDIO_SET_MUTE', `0x00006f06')
+define(`AUDIO_SET_STREAMTYPE', `0x00006f0f')
+define(`AUDIO_STOP', `0x00006f01')
+define(`AUTOFS_DEV_IOCTL_ASKUMOUNT', `0xc018937d')
+define(`AUTOFS_DEV_IOCTL_CATATONIC', `0xc0189379')
+define(`AUTOFS_DEV_IOCTL_CLOSEMOUNT', `0xc0189375')
+define(`AUTOFS_DEV_IOCTL_EXPIRE', `0xc018937c')
+define(`AUTOFS_DEV_IOCTL_FAIL', `0xc0189377')
+define(`AUTOFS_DEV_IOCTL_ISMOUNTPOINT', `0xc018937e')
+define(`AUTOFS_DEV_IOCTL_OPENMOUNT', `0xc0189374')
+define(`AUTOFS_DEV_IOCTL_PROTOSUBVER', `0xc0189373')
+define(`AUTOFS_DEV_IOCTL_PROTOVER', `0xc0189372')
+define(`AUTOFS_DEV_IOCTL_READY', `0xc0189376')
+define(`AUTOFS_DEV_IOCTL_REQUESTER', `0xc018937b')
+define(`AUTOFS_DEV_IOCTL_SETPIPEFD', `0xc0189378')
+define(`AUTOFS_DEV_IOCTL_TIMEOUT', `0xc018937a')
+define(`AUTOFS_DEV_IOCTL_VERSION', `0xc0189371')
+define(`AUTOFS_IOC_ASKUMOUNT', `0x80049370')
+define(`AUTOFS_IOC_CATATONIC', `0x00009362')
+define(`AUTOFS_IOC_EXPIRE', `0x810c9365')
+define(`AUTOFS_IOC_EXPIRE_MULTI', `0x40049366')
+define(`AUTOFS_IOC_FAIL', `0x00009361')
+define(`AUTOFS_IOC_PROTOSUBVER', `0x80049367')
+define(`AUTOFS_IOC_PROTOVER', `0x80049363')
+define(`AUTOFS_IOC_READY', `0x00009360')
+define(`AUTOFS_IOC_SETTIMEOUT', `0xc0089364')
+define(`AUTOFS_IOC_SETTIMEOUT32', `0xc0049364')
+define(`BC_ACQUIRE', `0x40046305')
+define(`BC_ACQUIRE_DONE', `0x40106309')
+define(`BC_ACQUIRE_RESULT', `0x40046302')
+define(`BC_ATTEMPT_ACQUIRE', `0x4008630a')
+define(`BC_CLEAR_DEATH_NOTIFICATION', `0x400c630f')
+define(`BC_DEAD_BINDER_DONE', `0x40086310')
+define(`BC_DECREFS', `0x40046307')
+define(`BC_ENTER_LOOPER', `0x0000630c')
+define(`BC_EXIT_LOOPER', `0x0000630d')
+define(`BC_FREE_BUFFER', `0x40086303')
+define(`BC_INCREFS', `0x40046304')
+define(`BC_INCREFS_DONE', `0x40106308')
+define(`BC_REGISTER_LOOPER', `0x0000630b')
+define(`BC_RELEASE', `0x40046306')
+define(`BC_REPLY', `0x40406301')
+define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
+define(`BC_TRANSACTION', `0x40406300')
+define(`BINDER_SET_CONTEXT_MGR', `0x40046207')
+define(`BINDER_SET_IDLE_PRIORITY', `0x40046206')
+define(`BINDER_SET_IDLE_TIMEOUT', `0x40086203')
+define(`BINDER_SET_MAX_THREADS', `0x40046205')
+define(`BINDER_THREAD_EXIT', `0x40046208')
+define(`BINDER_VERSION', `0xc0046209')
+define(`BINDER_WRITE_READ', `0xc0306201')
+define(`BLKALIGNOFF', `0x0000127a')
+define(`BLKBSZGET', `0x80081270')
+define(`BLKBSZSET', `0x40081271')
+define(`BLKDISCARD', `0x00001277')
+define(`BLKDISCARDZEROES', `0x0000127c')
+define(`BLKFLSBUF', `0x00001261')
+define(`BLKFRAGET', `0x00001265')
+define(`BLKFRASET', `0x00001264')
+define(`BLKGETSIZE', `0x00001260')
+define(`BLKGETSIZE64', `0x80081272')
+define(`BLKI2OGRSTRAT', `0x80043201')
+define(`BLKI2OGWSTRAT', `0x80043202')
+define(`BLKI2OSRSTRAT', `0x40043203')
+define(`BLKI2OSWSTRAT', `0x40043204')
+define(`BLKIOMIN', `0x00001278')
+define(`BLKIOOPT', `0x00001279')
+define(`BLKPBSZGET', `0x0000127b')
+define(`BLKPG', `0x00001269')
+define(`BLKRAGET', `0x00001263')
+define(`BLKRASET', `0x00001262')
+define(`BLKROGET', `0x0000125e')
+define(`BLKROSET', `0x0000125d')
+define(`BLKROTATIONAL', `0x0000127e')
+define(`BLKRRPART', `0x0000125f')
+define(`BLKSECDISCARD', `0x0000127d')
+define(`BLKSECTGET', `0x00001267')
+define(`BLKSECTSET', `0x00001266')
+define(`BLKSSZGET', `0x00001268')
+define(`BLKTRACESETUP', `0xc0481273')
+define(`BLKTRACESTART', `0x00001274')
+define(`BLKTRACESTOP', `0x00001275')
+define(`BLKTRACETEARDOWN', `0x00001276')
+define(`BLKZEROOUT', `0x0000127f')
+define(`BR2684_SETFILT', `0x401c6190')
+define(`BR_ACQUIRE', `0x80107208')
+define(`BR_ACQUIRE_RESULT', `0x80047204')
+define(`BR_ATTEMPT_ACQUIRE', `0x8018720b')
+define(`BR_CLEAR_DEATH_NOTIFICATION_DONE', `0x80087210')
+define(`BR_DEAD_BINDER', `0x8008720f')
+define(`BR_DEAD_REPLY', `0x00007205')
+define(`BR_DECREFS', `0x8010720a')
+define(`BR_ERROR', `0x80047200')
+define(`BR_FAILED_REPLY', `0x00007211')
+define(`BR_FINISHED', `0x0000720e')
+define(`BR_INCREFS', `0x80107207')
+define(`BR_NOOP', `0x0000720c')
+define(`BR_OK', `0x00007201')
+define(`BR_RELEASE', `0x80107209')
+define(`BR_REPLY', `0x80407203')
+define(`BR_SPAWN_LOOPER', `0x0000720d')
+define(`BR_TRANSACTION', `0x80407202')
+define(`BR_TRANSACTION_COMPLETE', `0x00007206')
+define(`BT819_FIFO_RESET_HIGH', `0x00006201')
+define(`BT819_FIFO_RESET_LOW', `0x00006200')
+define(`BTRFS_IOC_ADD_DEV', `0x5000940a')
+define(`BTRFS_IOC_BALANCE', `0x5000940c')
+define(`BTRFS_IOC_BALANCE_CTL', `0x40049421')
+define(`BTRFS_IOC_BALANCE_PROGRESS', `0x84009422')
+define(`BTRFS_IOC_BALANCE_V2', `0xc4009420')
+define(`BTRFS_IOC_CLONE', `0x40049409')
+define(`BTRFS_IOC_CLONE_RANGE', `0x4020940d')
+define(`BTRFS_IOC_DEFAULT_SUBVOL', `0x40089413')
+define(`BTRFS_IOC_DEFRAG', `0x50009402')
+define(`BTRFS_IOC_DEFRAG_RANGE', `0x40309410')
+define(`BTRFS_IOC_DEVICES_READY', `0x90009427')
+define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
+define(`BTRFS_IOC_DEV_REPLACE', `0xca289435')
+define(`BTRFS_IOC_FILE_EXTENT_SAME', `0xc0189436')
+define(`BTRFS_IOC_FS_INFO', `0x8400941f')
+define(`BTRFS_IOC_GET_DEV_STATS', `0xc4089434')
+define(`BTRFS_IOC_GET_FEATURES', `0x80189439')
+define(`BTRFS_IOC_GET_FSLABEL', `0x81009431')
+define(`BTRFS_IOC_GET_SUPPORTED_FEATURES', `0x80489439')
+define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
+define(`BTRFS_IOC_INO_PATHS', `0xc0389423')
+define(`BTRFS_IOC_LOGICAL_INO', `0xc0389424')
+define(`BTRFS_IOC_QGROUP_ASSIGN', `0x40189429')
+define(`BTRFS_IOC_QGROUP_CREATE', `0x4010942a')
+define(`BTRFS_IOC_QGROUP_LIMIT', `0x8030942b')
+define(`BTRFS_IOC_QUOTA_CTL', `0xc0109428')
+define(`BTRFS_IOC_QUOTA_RESCAN', `0x4040942c')
+define(`BTRFS_IOC_QUOTA_RESCAN_STATUS', `0x8040942d')
+define(`BTRFS_IOC_QUOTA_RESCAN_WAIT', `0x0000942e')
+define(`BTRFS_IOC_RESIZE', `0x50009403')
+define(`BTRFS_IOC_RM_DEV', `0x5000940b')
+define(`BTRFS_IOC_SCAN_DEV', `0x50009404')
+define(`BTRFS_IOC_SCRUB', `0xc400941b')
+define(`BTRFS_IOC_SCRUB_CANCEL', `0x0000941c')
+define(`BTRFS_IOC_SCRUB_PROGRESS', `0xc400941d')
+define(`BTRFS_IOC_SEND', `0x40489426')
+define(`BTRFS_IOC_SET_FEATURES', `0x40309439')
+define(`BTRFS_IOC_SET_FSLABEL', `0x41009432')
+define(`BTRFS_IOC_SET_RECEIVED_SUBVOL', `0xc0c89425')
+define(`BTRFS_IOC_SNAP_CREATE', `0x50009401')
+define(`BTRFS_IOC_SNAP_CREATE_V2', `0x50009417')
+define(`BTRFS_IOC_SNAP_DESTROY', `0x5000940f')
+define(`BTRFS_IOC_SPACE_INFO', `0xc0109414')
+define(`BTRFS_IOC_START_SYNC', `0x80089418')
+define(`BTRFS_IOC_SUBVOL_CREATE', `0x5000940e')
+define(`BTRFS_IOC_SUBVOL_CREATE_V2', `0x50009418')
+define(`BTRFS_IOC_SUBVOL_GETFLAGS', `0x80089419')
+define(`BTRFS_IOC_SUBVOL_SETFLAGS', `0x4008941a')
+define(`BTRFS_IOC_SYNC', `0x00009408')
+define(`BTRFS_IOC_TRANS_END', `0x00009407')
+define(`BTRFS_IOC_TRANS_START', `0x00009406')
+define(`BTRFS_IOC_TREE_SEARCH', `0xd0009411')
+define(`BTRFS_IOC_TREE_SEARCH_V2', `0xc0709411')
+define(`BTRFS_IOC_WAIT_SYNC', `0x40089416')
+define(`CA_GET_CAP', `0x80106f81')
+define(`CA_GET_DESCR_INFO', `0x80086f83')
+define(`CA_GET_MSG', `0x810c6f84')
+define(`CA_GET_SLOT_INFO', `0x800c6f82')
+define(`CAPI_CLR_FLAGS', `0x80044325')
+define(`CAPI_GET_ERRCODE', `0x80024321')
+define(`CAPI_GET_FLAGS', `0x80044323')
+define(`CAPI_GET_MANUFACTURER', `0xc0044306')
+define(`CAPI_GET_PROFILE', `0xc0404309')
+define(`CAPI_GET_SERIAL', `0xc0044308')
+define(`CAPI_GET_VERSION', `0xc0104307')
+define(`CAPI_INSTALLED', `0x80024322')
+define(`CAPI_MANUFACTURER_CMD', `0xc0104320')
+define(`CAPI_NCCI_GETUNIT', `0x80044327')
+define(`CAPI_NCCI_OPENCOUNT', `0x80044326')
+define(`CAPI_REGISTER', `0x400c4301')
+define(`CAPI_SET_FLAGS', `0x80044324')
+define(`CA_RESET', `0x00006f80')
+define(`CA_SEND_MSG', `0x410c6f85')
+define(`CA_SET_DESCR', `0x40106f86')
+define(`CA_SET_PID', `0x40086f87')
+define(`CCISS_BIG_PASSTHRU', `0xc0604212')
+define(`CCISS_DEREGDISK', `0x0000420c')
+define(`CCISS_GETBUSTYPES', `0x80044207')
+define(`CCISS_GETDRIVVER', `0x80044209')
+define(`CCISS_GETFIRMVER', `0x80044208')
+define(`CCISS_GETHEARTBEAT', `0x80044206')
+define(`CCISS_GETINTINFO', `0x80084202')
+define(`CCISS_GETLUNINFO', `0x800c4211')
+define(`CCISS_GETNODENAME', `0x80104204')
+define(`CCISS_GETPCIINFO', `0x80084201')
+define(`CCISS_PASSTHRU', `0xc058420b')
+define(`CCISS_REGNEWD', `0x0000420e')
+define(`CCISS_REGNEWDISK', `0x4004420d')
+define(`CCISS_RESCANDISK', `0x00004210')
+define(`CCISS_REVALIDVOLS', `0x0000420a')
+define(`CCISS_SETINTINFO', `0x40084203')
+define(`CCISS_SETNODENAME', `0x40104205')
+define(`CDROMAUDIOBUFSIZ', `0x00005382')
+define(`CDROM_CHANGER_NSLOTS', `0x00005328')
+define(`CDROM_CLEAR_OPTIONS', `0x00005321')
+define(`CDROMCLOSETRAY', `0x00005319')
+define(`CDROM_DEBUG', `0x00005330')
+define(`CDROM_DISC_STATUS', `0x00005327')
+define(`CDROM_DRIVE_STATUS', `0x00005326')
+define(`CDROMEJECT', `0x00005309')
+define(`CDROMEJECT_SW', `0x0000530f')
+define(`CDROM_GET_CAPABILITY', `0x00005331')
+define(`CDROM_GET_MCN', `0x00005311')
+define(`CDROMGETSPINDOWN', `0x0000531d')
+define(`CDROM_LAST_WRITTEN', `0x00005395')
+define(`CDROM_LOCKDOOR', `0x00005329')
+define(`CDROM_MEDIA_CHANGED', `0x00005325')
+define(`CDROMMULTISESSION', `0x00005310')
+define(`CDROM_NEXT_WRITABLE', `0x00005394')
+define(`CDROMPAUSE', `0x00005301')
+define(`CDROMPLAYBLK', `0x00005317')
+define(`CDROMPLAYMSF', `0x00005303')
+define(`CDROMPLAYTRKIND', `0x00005304')
+define(`CDROMREADALL', `0x00005318')
+define(`CDROMREADAUDIO', `0x0000530e')
+define(`CDROMREADCOOKED', `0x00005315')
+define(`CDROMREADMODE1', `0x0000530d')
+define(`CDROMREADMODE2', `0x0000530c')
+define(`CDROMREADRAW', `0x00005314')
+define(`CDROMREADTOCENTRY', `0x00005306')
+define(`CDROMREADTOCHDR', `0x00005305')
+define(`CDROMRESET', `0x00005312')
+define(`CDROMRESUME', `0x00005302')
+define(`CDROMSEEK', `0x00005316')
+define(`CDROM_SELECT_DISC', `0x00005323')
+define(`CDROM_SELECT_SPEED', `0x00005322')
+define(`CDROM_SEND_PACKET', `0x00005393')
+define(`CDROM_SET_OPTIONS', `0x00005320')
+define(`CDROMSETSPINDOWN', `0x0000531e')
+define(`CDROMSTART', `0x00005308')
+define(`CDROMSTOP', `0x00005307')
+define(`CDROMSUBCHNL', `0x0000530b')
+define(`CDROMVOLCTRL', `0x0000530a')
+define(`CDROMVOLREAD', `0x00005313')
+define(`CHIOEXCHANGE', `0x401c6302')
+define(`CHIOGELEM', `0x406c6310')
+define(`CHIOGPARAMS', `0x80146306')
+define(`CHIOGPICKER', `0x80046304')
+define(`CHIOGSTATUS', `0x40106308')
+define(`CHIOGVPARAMS', `0x80706313')
+define(`CHIOINITELEM', `0x00006311')
+define(`CHIOMOVE', `0x40146301')
+define(`CHIOPOSITION', `0x400c6303')
+define(`CHIOSPICKER', `0x40046305')
+define(`CHIOSVOLTAG', `0x40306312')
+define(`CIOC_KERNEL_VERSION', `0xc008630a')
+define(`CLEAR_ARRAY', `0x00000920')
+define(`CM_IOCARDOFF', `0x00006304')
+define(`CM_IOCGATR', `0xc0086301')
+define(`CM_IOCGSTATUS', `0x80086300')
+define(`CM_IOCSPTS', `0x40086302')
+define(`CM_IOCSRDR', `0x00006303')
+define(`CM_IOSDBGLVL', `0x400863fa')
+define(`CXL_IOCTL_GET_PROCESS_ELEMENT', `0x8004ca01')
+define(`CXL_IOCTL_START_WORK', `0x4040ca00')
+define(`DM_DEV_CREATE', `0xc138fd03')
+define(`DM_DEV_REMOVE', `0xc138fd04')
+define(`DM_DEV_RENAME', `0xc138fd05')
+define(`DM_DEV_SET_GEOMETRY', `0xc138fd0f')
+define(`DM_DEV_STATUS', `0xc138fd07')
+define(`DM_DEV_SUSPEND', `0xc138fd06')
+define(`DM_DEV_WAIT', `0xc138fd08')
+define(`DM_LIST_DEVICES', `0xc138fd02')
+define(`DM_LIST_VERSIONS', `0xc138fd0d')
+define(`DM_REMOVE_ALL', `0xc138fd01')
+define(`DM_TABLE_CLEAR', `0xc138fd0a')
+define(`DM_TABLE_DEPS', `0xc138fd0b')
+define(`DM_TABLE_LOAD', `0xc138fd09')
+define(`DM_TABLE_STATUS', `0xc138fd0c')
+define(`DM_TARGET_MSG', `0xc138fd0e')
+define(`DM_VERSION', `0xc138fd00')
+define(`DMX_ADD_PID', `0x40026f33')
+define(`DMX_GET_CAPS', `0x80086f30')
+define(`DMX_GET_PES_PIDS', `0x800a6f2f')
+define(`DMX_GET_STC', `0xc0106f32')
+define(`DMX_REMOVE_PID', `0x40026f34')
+define(`DMX_SET_BUFFER_SIZE', `0x00006f2d')
+define(`DMX_SET_FILTER', `0x403c6f2b')
+define(`DMX_SET_PES_FILTER', `0x40146f2c')
+define(`DMX_SET_SOURCE', `0x40046f31')
+define(`DMX_START', `0x00006f29')
+define(`DMX_STOP', `0x00006f2a')
+define(`DRM_IOCTL_ADD_BUFS', `0xc0206416')
+define(`DRM_IOCTL_ADD_CTX', `0xc0086420')
+define(`DRM_IOCTL_ADD_DRAW', `0xc0046427')
+define(`DRM_IOCTL_ADD_MAP', `0xc0286415')
+define(`DRM_IOCTL_AGP_ACQUIRE', `0x00006430')
+define(`DRM_IOCTL_AGP_ALLOC', `0xc0206434')
+define(`DRM_IOCTL_AGP_BIND', `0x40106436')
+define(`DRM_IOCTL_AGP_ENABLE', `0x40086432')
+define(`DRM_IOCTL_AGP_FREE', `0x40206435')
+define(`DRM_IOCTL_AGP_INFO', `0x80386433')
+define(`DRM_IOCTL_AGP_RELEASE', `0x00006431')
+define(`DRM_IOCTL_AGP_UNBIND', `0x40106437')
+define(`DRM_IOCTL_AUTH_MAGIC', `0x40046411')
+define(`DRM_IOCTL_BLOCK', `0xc0046412')
+define(`DRM_IOCTL_CONTROL', `0x40086414')
+define(`DRM_IOCTL_DMA', `0xc0406429')
+define(`DRM_IOCTL_DROP_MASTER', `0x0000641f')
+define(`DRM_IOCTL_EXYNOS_G2D_EXEC', `0xc0086462')
+define(`DRM_IOCTL_EXYNOS_G2D_GET_VER', `0xc0086460')
+define(`DRM_IOCTL_EXYNOS_G2D_SET_CMDLIST', `0xc0286461')
+define(`DRM_IOCTL_EXYNOS_GEM_CREATE', `0xc0106440')
+define(`DRM_IOCTL_EXYNOS_GEM_GET', `0xc0106444')
+define(`DRM_IOCTL_EXYNOS_IPP_CMD_CTRL', `0xc0086473')
+define(`DRM_IOCTL_EXYNOS_IPP_GET_PROPERTY', `0xc0506470')
+define(`DRM_IOCTL_EXYNOS_IPP_QUEUE_BUF', `0xc0286472')
+define(`DRM_IOCTL_EXYNOS_IPP_SET_PROPERTY', `0xc0606471')
+define(`DRM_IOCTL_EXYNOS_VIDI_CONNECTION', `0xc0106447')
+define(`DRM_IOCTL_FINISH', `0x4008642c')
+define(`DRM_IOCTL_FREE_BUFS', `0x4010641a')
+define(`DRM_IOCTL_GEM_CLOSE', `0x40086409')
+define(`DRM_IOCTL_GEM_FLINK', `0xc008640a')
+define(`DRM_IOCTL_GEM_OPEN', `0xc010640b')
+define(`DRM_IOCTL_GET_CAP', `0xc010640c')
+define(`DRM_IOCTL_GET_CLIENT', `0xc0286405')
+define(`DRM_IOCTL_GET_CTX', `0xc0086423')
+define(`DRM_IOCTL_GET_MAGIC', `0x80046402')
+define(`DRM_IOCTL_GET_MAP', `0xc0286404')
+define(`DRM_IOCTL_GET_SAREA_CTX', `0xc010641d')
+define(`DRM_IOCTL_GET_STATS', `0x80f86406')
+define(`DRM_IOCTL_GET_UNIQUE', `0xc0106401')
+define(`DRM_IOCTL_I810_CLEAR', `0x400c6442')
+define(`DRM_IOCTL_I810_COPY', `0x40106447')
+define(`DRM_IOCTL_I810_DOCOPY', `0x00006448')
+define(`DRM_IOCTL_I810_FLIP', `0x0000644e')
+define(`DRM_IOCTL_I810_FLUSH', `0x00006443')
+define(`DRM_IOCTL_I810_FSTATUS', `0x0000644a')
+define(`DRM_IOCTL_I810_GETAGE', `0x00006444')
+define(`DRM_IOCTL_I810_GETBUF', `0xc0186445')
+define(`DRM_IOCTL_I810_INIT', `0x40406440')
+define(`DRM_IOCTL_I810_MC', `0x4020644c')
+define(`DRM_IOCTL_I810_OV0FLIP', `0x0000644b')
+define(`DRM_IOCTL_I810_OV0INFO', `0x80086449')
+define(`DRM_IOCTL_I810_RSTATUS', `0x0000644d')
+define(`DRM_IOCTL_I810_SWAP', `0x00006446')
+define(`DRM_IOCTL_I810_VERTEX', `0x400c6441')
+define(`DRM_IOCTL_I915_ALLOC', `0xc0186448')
+define(`DRM_IOCTL_I915_BATCHBUFFER', `0x40206443')
+define(`DRM_IOCTL_I915_CMDBUFFER', `0x4020644b')
+define(`DRM_IOCTL_I915_DESTROY_HEAP', `0x4004644c')
+define(`DRM_IOCTL_I915_FLIP', `0x00006442')
+define(`DRM_IOCTL_I915_FLUSH', `0x00006441')
+define(`DRM_IOCTL_I915_FREE', `0x40086449')
+define(`DRM_IOCTL_I915_GEM_BUSY', `0xc0086457')
+define(`DRM_IOCTL_I915_GEM_CONTEXT_CREATE', `0xc008646d')
+define(`DRM_IOCTL_I915_GEM_CONTEXT_DESTROY', `0x4008646e')
+define(`DRM_IOCTL_I915_GEM_CREATE', `0xc010645b')
+define(`DRM_IOCTL_I915_GEM_ENTERVT', `0x00006459')
+define(`DRM_IOCTL_I915_GEM_EXECBUFFER', `0x40286454')
+define(`DRM_IOCTL_I915_GEM_EXECBUFFER2', `0x40406469')
+define(`DRM_IOCTL_I915_GEM_GET_APERTURE', `0x80106463')
+define(`DRM_IOCTL_I915_GEM_GET_CACHING', `0xc0086470')
+define(`DRM_IOCTL_I915_GEM_GET_TILING', `0xc0106462')
+define(`DRM_IOCTL_I915_GEM_INIT', `0x40106453')
+define(`DRM_IOCTL_I915_GEM_LEAVEVT', `0x0000645a')
+define(`DRM_IOCTL_I915_GEM_MADVISE', `0xc00c6466')
+define(`DRM_IOCTL_I915_GEM_MMAP', `0xc020645e')
+define(`DRM_IOCTL_I915_GEM_MMAP_GTT', `0xc0106464')
+define(`DRM_IOCTL_I915_GEM_PIN', `0xc0186455')
+define(`DRM_IOCTL_I915_GEM_PREAD', `0x4020645c')
+define(`DRM_IOCTL_I915_GEM_PWRITE', `0x4020645d')
+define(`DRM_IOCTL_I915_GEM_SET_CACHING', `0x4008646f')
+define(`DRM_IOCTL_I915_GEM_SET_DOMAIN', `0x400c645f')
+define(`DRM_IOCTL_I915_GEM_SET_TILING', `0xc0106461')
+define(`DRM_IOCTL_I915_GEM_SW_FINISH', `0x40046460')
+define(`DRM_IOCTL_I915_GEM_THROTTLE', `0x00006458')
+define(`DRM_IOCTL_I915_GEM_UNPIN', `0x40086456')
+define(`DRM_IOCTL_I915_GEM_USERPTR', `0xc0186473')
+define(`DRM_IOCTL_I915_GEM_WAIT', `0xc010646c')
+define(`DRM_IOCTL_I915_GETPARAM', `0xc0106446')
+define(`DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID', `0xc0086465')
+define(`DRM_IOCTL_I915_GET_RESET_STATS', `0xc0186472')
+define(`DRM_IOCTL_I915_GET_SPRITE_COLORKEY', `0xc014646b')
+define(`DRM_IOCTL_I915_GET_VBLANK_PIPE', `0x8004644e')
+define(`DRM_IOCTL_I915_HWS_ADDR', `0x40106451')
+define(`DRM_IOCTL_I915_INIT', `0x40446440')
+define(`DRM_IOCTL_I915_INIT_HEAP', `0x400c644a')
+define(`DRM_IOCTL_I915_IRQ_EMIT', `0xc0086444')
+define(`DRM_IOCTL_I915_IRQ_WAIT', `0x40046445')
+define(`DRM_IOCTL_I915_OVERLAY_ATTRS', `0xc02c6468')
+define(`DRM_IOCTL_I915_OVERLAY_PUT_IMAGE', `0x402c6467')
+define(`DRM_IOCTL_I915_REG_READ', `0xc0106471')
+define(`DRM_IOCTL_I915_SETPARAM', `0x40086447')
+define(`DRM_IOCTL_I915_SET_SPRITE_COLORKEY', `0xc014646b')
+define(`DRM_IOCTL_I915_SET_VBLANK_PIPE', `0x4004644d')
+define(`DRM_IOCTL_I915_VBLANK_SWAP', `0xc00c644f')
+define(`DRM_IOCTL_INFO_BUFS', `0xc0106418')
+define(`DRM_IOCTL_IRQ_BUSID', `0xc0106403')
+define(`DRM_IOCTL_LOCK', `0x4008642a')
+define(`DRM_IOCTL_MAP_BUFS', `0xc0186419')
+define(`DRM_IOCTL_MARK_BUFS', `0x40206417')
+define(`DRM_IOCTL_MGA_BLIT', `0x40346448')
+define(`DRM_IOCTL_MGA_CLEAR', `0x40146444')
+define(`DRM_IOCTL_MGA_DMA_BOOTSTRAP', `0xc020644c')
+define(`DRM_IOCTL_MGA_FLUSH', `0x40086441')
+define(`DRM_IOCTL_MGA_GETPARAM', `0xc0106449')
+define(`DRM_IOCTL_MGA_ILOAD', `0x400c6447')
+define(`DRM_IOCTL_MGA_INDICES', `0x40106446')
+define(`DRM_IOCTL_MGA_INIT', `0x40806440')
+define(`DRM_IOCTL_MGA_RESET', `0x00006442')
+define(`DRM_IOCTL_MGA_SET_FENCE', `0x4004644a')
+define(`DRM_IOCTL_MGA_SWAP', `0x00006443')
+define(`DRM_IOCTL_MGA_VERTEX', `0x400c6445')
+define(`DRM_IOCTL_MGA_WAIT_FENCE', `0xc004644b')
+define(`DRM_IOCTL_MOD_CTX', `0x40086422')
+define(`DRM_IOCTL_MODE_ADDFB', `0xc01c64ae')
+define(`DRM_IOCTL_MODE_ADDFB2', `0xc04464b8')
+define(`DRM_IOCTL_MODE_ATTACHMODE', `0xc04864a8')
+define(`DRM_IOCTL_MODE_CREATE_DUMB', `0xc02064b2')
+define(`DRM_IOCTL_MODE_CURSOR', `0xc01c64a3')
+define(`DRM_IOCTL_MODE_CURSOR2', `0xc02464bb')
+define(`DRM_IOCTL_MODE_DESTROY_DUMB', `0xc00464b4')
+define(`DRM_IOCTL_MODE_DETACHMODE', `0xc04864a9')
+define(`DRM_IOCTL_MODE_DIRTYFB', `0xc01864b1')
+define(`DRM_IOCTL_MODE_GETCONNECTOR', `0xc05064a7')
+define(`DRM_IOCTL_MODE_GETCRTC', `0xc06864a1')
+define(`DRM_IOCTL_MODE_GETENCODER', `0xc01464a6')
+define(`DRM_IOCTL_MODE_GETFB', `0xc01c64ad')
+define(`DRM_IOCTL_MODE_GETGAMMA', `0xc02064a4')
+define(`DRM_IOCTL_MODE_GETPLANE', `0xc02064b6')
+define(`DRM_IOCTL_MODE_GETPLANERESOURCES', `0xc01064b5')
+define(`DRM_IOCTL_MODE_GETPROPBLOB', `0xc01064ac')
+define(`DRM_IOCTL_MODE_GETPROPERTY', `0xc04064aa')
+define(`DRM_IOCTL_MODE_GETRESOURCES', `0xc04064a0')
+define(`DRM_IOCTL_MODE_MAP_DUMB', `0xc01064b3')
+define(`DRM_IOCTL_MODE_OBJ_GETPROPERTIES', `0xc02064b9')
+define(`DRM_IOCTL_MODE_OBJ_SETPROPERTY', `0xc01864ba')
+define(`DRM_IOCTL_MODE_PAGE_FLIP', `0xc01864b0')
+define(`DRM_IOCTL_MODE_RMFB', `0xc00464af')
+define(`DRM_IOCTL_MODE_SETCRTC', `0xc06864a2')
+define(`DRM_IOCTL_MODESET_CTL', `0x40086408')
+define(`DRM_IOCTL_MODE_SETGAMMA', `0xc02064a5')
+define(`DRM_IOCTL_MODE_SETPLANE', `0xc03064b7')
+define(`DRM_IOCTL_MODE_SETPROPERTY', `0xc01064ab')
+define(`DRM_IOCTL_MSM_GEM_CPU_FINI', `0x40046445')
+define(`DRM_IOCTL_MSM_GEM_CPU_PREP', `0x40186444')
+define(`DRM_IOCTL_MSM_GEM_INFO', `0xc0106443')
+define(`DRM_IOCTL_MSM_GEM_NEW', `0xc0106442')
+define(`DRM_IOCTL_MSM_GEM_SUBMIT', `0xc0206446')
+define(`DRM_IOCTL_MSM_GET_PARAM', `0xc0106440')
+define(`DRM_IOCTL_MSM_WAIT_FENCE', `0x40186447')
+define(`DRM_IOCTL_NEW_CTX', `0x40086425')
+define(`DRM_IOCTL_NOUVEAU_GEM_CPU_FINI', `0x40046483')
+define(`DRM_IOCTL_NOUVEAU_GEM_CPU_PREP', `0x40086482')
+define(`DRM_IOCTL_NOUVEAU_GEM_INFO', `0xc0286484')
+define(`DRM_IOCTL_NOUVEAU_GEM_NEW', `0xc0306480')
+define(`DRM_IOCTL_NOUVEAU_GEM_PUSHBUF', `0xc0406481')
+define(`DRM_IOCTL_OMAP_GEM_CPU_FINI', `0x40106445')
+define(`DRM_IOCTL_OMAP_GEM_CPU_PREP', `0x40086444')
+define(`DRM_IOCTL_OMAP_GEM_INFO', `0xc0186446')
+define(`DRM_IOCTL_OMAP_GEM_NEW', `0xc0106443')
+define(`DRM_IOCTL_OMAP_GET_PARAM', `0xc0106440')
+define(`DRM_IOCTL_OMAP_SET_PARAM', `0x40106441')
+define(`DRM_IOCTL_PRIME_FD_TO_HANDLE', `0xc00c642e')
+define(`DRM_IOCTL_PRIME_HANDLE_TO_FD', `0xc00c642d')
+define(`DRM_IOCTL_QXL_ALLOC', `0xc0086440')
+define(`DRM_IOCTL_QXL_ALLOC_SURF', `0xc0186446')
+define(`DRM_IOCTL_QXL_CLIENTCAP', `0x40086445')
+define(`DRM_IOCTL_QXL_EXECBUFFER', `0x40106442')
+define(`DRM_IOCTL_QXL_GETPARAM', `0xc0106444')
+define(`DRM_IOCTL_QXL_MAP', `0xc0106441')
+define(`DRM_IOCTL_QXL_UPDATE_AREA', `0x40186443')
+define(`DRM_IOCTL_R128_BLIT', `0x4018644b')
+define(`DRM_IOCTL_R128_CCE_IDLE', `0x00006444')
+define(`DRM_IOCTL_R128_CCE_RESET', `0x00006443')
+define(`DRM_IOCTL_R128_CCE_START', `0x00006441')
+define(`DRM_IOCTL_R128_CCE_STOP', `0x40086442')
+define(`DRM_IOCTL_R128_CLEAR', `0x40146448')
+define(`DRM_IOCTL_R128_DEPTH', `0x4028644c')
+define(`DRM_IOCTL_R128_FLIP', `0x00006453')
+define(`DRM_IOCTL_R128_FULLSCREEN', `0x40046450')
+define(`DRM_IOCTL_R128_GETPARAM', `0xc0106452')
+define(`DRM_IOCTL_R128_INDICES', `0x4014644a')
+define(`DRM_IOCTL_R128_INDIRECT', `0xc010644f')
+define(`DRM_IOCTL_R128_INIT', `0x40786440')
+define(`DRM_IOCTL_R128_RESET', `0x00006446')
+define(`DRM_IOCTL_R128_STIPPLE', `0x4008644d')
+define(`DRM_IOCTL_R128_SWAP', `0x00006447')
+define(`DRM_IOCTL_R128_VERTEX', `0x40106449')
+define(`DRM_IOCTL_RADEON_ALLOC', `0xc0186453')
+define(`DRM_IOCTL_RADEON_CLEAR', `0x40206448')
+define(`DRM_IOCTL_RADEON_CMDBUF', `0x40206450')
+define(`DRM_IOCTL_RADEON_CP_IDLE', `0x00006444')
+define(`DRM_IOCTL_RADEON_CP_INIT', `0x40786440')
+define(`DRM_IOCTL_RADEON_CP_RESET', `0x00006443')
+define(`DRM_IOCTL_RADEON_CP_RESUME', `0x00006458')
+define(`DRM_IOCTL_RADEON_CP_START', `0x00006441')
+define(`DRM_IOCTL_RADEON_CP_STOP', `0x40086442')
+define(`DRM_IOCTL_RADEON_CS', `0xc0206466')
+define(`DRM_IOCTL_RADEON_FLIP', `0x00006452')
+define(`DRM_IOCTL_RADEON_FREE', `0x40086454')
+define(`DRM_IOCTL_RADEON_FULLSCREEN', `0x40046446')
+define(`DRM_IOCTL_RADEON_GEM_BUSY', `0xc008646a')
+define(`DRM_IOCTL_RADEON_GEM_CREATE', `0xc020645d')
+define(`DRM_IOCTL_RADEON_GEM_GET_TILING', `0xc00c6469')
+define(`DRM_IOCTL_RADEON_GEM_INFO', `0xc018645c')
+define(`DRM_IOCTL_RADEON_GEM_MMAP', `0xc020645e')
+define(`DRM_IOCTL_RADEON_GEM_OP', `0xc010646c')
+define(`DRM_IOCTL_RADEON_GEM_PREAD', `0xc0206461')
+define(`DRM_IOCTL_RADEON_GEM_PWRITE', `0xc0206462')
+define(`DRM_IOCTL_RADEON_GEM_SET_DOMAIN', `0xc00c6463')
+define(`DRM_IOCTL_RADEON_GEM_SET_TILING', `0xc00c6468')
+define(`DRM_IOCTL_RADEON_GEM_USERPTR', `0xc018646d')
+define(`DRM_IOCTL_RADEON_GEM_VA', `0xc018646b')
+define(`DRM_IOCTL_RADEON_GEM_WAIT_IDLE', `0x40086464')
+define(`DRM_IOCTL_RADEON_GETPARAM', `0xc0106451')
+define(`DRM_IOCTL_RADEON_INDICES', `0x4014644a')
+define(`DRM_IOCTL_RADEON_INDIRECT', `0xc010644d')
+define(`DRM_IOCTL_RADEON_INFO', `0xc0106467')
+define(`DRM_IOCTL_RADEON_INIT_HEAP', `0x400c6455')
+define(`DRM_IOCTL_RADEON_IRQ_EMIT', `0xc0086456')
+define(`DRM_IOCTL_RADEON_IRQ_WAIT', `0x40046457')
+define(`DRM_IOCTL_RADEON_RESET', `0x00006445')
+define(`DRM_IOCTL_RADEON_SETPARAM', `0x40106459')
+define(`DRM_IOCTL_RADEON_STIPPLE', `0x4008644c')
+define(`DRM_IOCTL_RADEON_SURF_ALLOC', `0x400c645a')
+define(`DRM_IOCTL_RADEON_SURF_FREE', `0x4004645b')
+define(`DRM_IOCTL_RADEON_SWAP', `0x00006447')
+define(`DRM_IOCTL_RADEON_TEXTURE', `0xc020644e')
+define(`DRM_IOCTL_RADEON_VERTEX', `0x40106449')
+define(`DRM_IOCTL_RADEON_VERTEX2', `0x4028644f')
+define(`DRM_IOCTL_RES_CTX', `0xc0106426')
+define(`DRM_IOCTL_RM_CTX', `0xc0086421')
+define(`DRM_IOCTL_RM_DRAW', `0xc0046428')
+define(`DRM_IOCTL_RM_MAP', `0x4028641b')
+define(`DRM_IOCTL_SAVAGE_BCI_CMDBUF', `0x40386441')
+define(`DRM_IOCTL_SAVAGE_BCI_EVENT_EMIT', `0xc0086442')
+define(`DRM_IOCTL_SAVAGE_BCI_EVENT_WAIT', `0x40086443')
+define(`DRM_IOCTL_SAVAGE_BCI_INIT', `0x40606440')
+define(`DRM_IOCTL_SET_CLIENT_CAP', `0x4010640d')
+define(`DRM_IOCTL_SET_MASTER', `0x0000641e')
+define(`DRM_IOCTL_SET_SAREA_CTX', `0x4010641c')
+define(`DRM_IOCTL_SET_UNIQUE', `0x40106410')
+define(`DRM_IOCTL_SET_VERSION', `0xc0106407')
+define(`DRM_IOCTL_SG_ALLOC', `0xc0106438')
+define(`DRM_IOCTL_SG_FREE', `0x40106439')
+define(`DRM_IOCTL_SIS_AGP_ALLOC', `0xc0206454')
+define(`DRM_IOCTL_SIS_AGP_FREE', `0x40206455')
+define(`DRM_IOCTL_SIS_AGP_INIT', `0xc0106453')
+define(`DRM_IOCTL_SIS_FB_ALLOC', `0xc0206444')
+define(`DRM_IOCTL_SIS_FB_FREE', `0x40206445')
+define(`DRM_IOCTL_SIS_FB_INIT', `0x40106456')
+define(`DRM_IOCTL_SWITCH_CTX', `0x40086424')
+define(`DRM_IOCTL_TEGRA_CLOSE_CHANNEL', `0xc0106446')
+define(`DRM_IOCTL_TEGRA_GEM_CREATE', `0xc0106440')
+define(`DRM_IOCTL_TEGRA_GEM_GET_FLAGS', `0xc008644d')
+define(`DRM_IOCTL_TEGRA_GEM_GET_TILING', `0xc010644b')
+define(`DRM_IOCTL_TEGRA_GEM_MMAP', `0xc0086441')
+define(`DRM_IOCTL_TEGRA_GEM_SET_FLAGS', `0xc008644c')
+define(`DRM_IOCTL_TEGRA_GEM_SET_TILING', `0xc010644a')
+define(`DRM_IOCTL_TEGRA_GET_SYNCPT', `0xc0106447')
+define(`DRM_IOCTL_TEGRA_GET_SYNCPT_BASE', `0xc0106449')
+define(`DRM_IOCTL_TEGRA_OPEN_CHANNEL', `0xc0106445')
+define(`DRM_IOCTL_TEGRA_SUBMIT', `0xc0586448')
+define(`DRM_IOCTL_TEGRA_SYNCPT_INCR', `0xc0086443')
+define(`DRM_IOCTL_TEGRA_SYNCPT_READ', `0xc0086442')
+define(`DRM_IOCTL_TEGRA_SYNCPT_WAIT', `0xc0106444')
+define(`DRM_IOCTL_UNBLOCK', `0xc0046413')
+define(`DRM_IOCTL_UNLOCK', `0x4008642b')
+define(`DRM_IOCTL_UPDATE_DRAW', `0x4018643f')
+define(`DRM_IOCTL_VERSION', `0xc0406400')
+define(`DRM_IOCTL_VIA_AGP_INIT', `0xc0086442')
+define(`DRM_IOCTL_VIA_ALLOCMEM', `0xc0206440')
+define(`DRM_IOCTL_VIA_BLIT_SYNC', `0x4008644f')
+define(`DRM_IOCTL_VIA_CMDBUFFER', `0x40106448')
+define(`DRM_IOCTL_VIA_CMDBUF_SIZE', `0xc00c644b')
+define(`DRM_IOCTL_VIA_DEC_FUTEX', `0x40106445')
+define(`DRM_IOCTL_VIA_DMA_BLIT', `0x4030644e')
+define(`DRM_IOCTL_VIA_DMA_INIT', `0xc0206447')
+define(`DRM_IOCTL_VIA_FB_INIT', `0xc0086443')
+define(`DRM_IOCTL_VIA_FLUSH', `0x00006449')
+define(`DRM_IOCTL_VIA_FREEMEM', `0x40206441')
+define(`DRM_IOCTL_VIA_MAP_INIT', `0xc0286444')
+define(`DRM_IOCTL_VIA_PCICMD', `0x4010644a')
+define(`DRM_IOCTL_VIA_WAIT_IRQ', `0xc018644d')
+define(`DRM_IOCTL_WAIT_VBLANK', `0xc018643a')
+define(`DVD_AUTH', `0x00005392')
+define(`DVD_READ_STRUCT', `0x00005390')
+define(`DVD_WRITE_STRUCT', `0x00005391')
+define(`ECCGETLAYOUT', `0x81484d11')
+define(`ECCGETSTATS', `0x80104d12')
+define(`ENI_MEMDUMP', `0x40106160')
+define(`ENI_SETMULT', `0x40106167')
+define(`EVIOCGEFFECTS', `0x80044584')
+define(`EVIOCGID', `0x80084502')
+define(`EVIOCGKEYCODE', `0x80084504')
+define(`EVIOCGKEYCODE_V2', `0x80284504')
+define(`EVIOCGRAB', `0x40044590')
+define(`EVIOCGREP', `0x80084503')
+define(`EVIOCGVERSION', `0x80044501')
+define(`EVIOCREVOKE', `0x40044591')
+define(`EVIOCRMFF', `0x40044581')
+define(`EVIOCSCLOCKID', `0x400445a0')
+define(`EVIOCSFF', `0x40304580')
+define(`EVIOCSKEYCODE', `0x40084504')
+define(`EVIOCSKEYCODE_V2', `0x40284504')
+define(`EVIOCSREP', `0x40084503')
+define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505')
+define(`F2FS_IOC_COMMIT_ATOMIC_WRITE', `0xf502')
+define(`F2FS_IOC_DEFRAGMENT', `0xf508')
+define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a')
+define(`F2FS_IOC_GARBAGE_COLLECT', `0xf506')
+define(`F2FS_IOC_GARBAGE_COLLECT_RANGE', `0xf50b')
+define(`F2FS_IOC_GET_FEATURES', `0xf50c')
+define(`F2FS_IOC_GET_PIN_FILE', `0xf50e')
+define(`F2FS_IOC_MOVE_RANGE', `0xf509')
+define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f')
+define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504')
+define(`F2FS_IOC_SET_PIN_FILE', `0xf50d')
+define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501')
+define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503')
+define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507')
+define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
+define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
+define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')
+define(`FBIGET_BRIGHTNESS', `0x80044603')
+define(`FBIGET_COLOR', `0x80044605')
+define(`FBIO_ALLOC', `0x00004613')
+define(`FBIOBLANK', `0x00004611')
+define(`FBIO_CURSOR', `0xc0684608')
+define(`FBIO_FREE', `0x00004614')
+define(`FBIOGETCMAP', `0x00004604')
+define(`FBIOGET_CON2FBMAP', `0x0000460f')
+define(`FBIOGET_CONTRAST', `0x80044601')
+define(`FBIO_GETCONTROL2', `0x80084689')
+define(`FBIOGET_DISPINFO', `0x00004618')
+define(`FBIOGET_FSCREENINFO', `0x00004602')
+define(`FBIOGET_GLYPH', `0x00004615')
+define(`FBIOGET_HWCINFO', `0x00004616')
+define(`FBIOGET_VBLANK', `0x80204612')
+define(`FBIOGET_VSCREENINFO', `0x00004600')
+define(`FBIOPAN_DISPLAY', `0x00004606')
+define(`FBIOPUTCMAP', `0x00004605')
+define(`FBIOPUT_CON2FBMAP', `0x00004610')
+define(`FBIOPUT_CONTRAST', `0x40044602')
+define(`FBIOPUT_MODEINFO', `0x00004617')
+define(`FBIOPUT_VSCREENINFO', `0x00004601')
+define(`FBIO_RADEON_GET_MIRROR', `0x80084003')
+define(`FBIO_RADEON_SET_MIRROR', `0x40084004')
+define(`FBIO_WAITEVENT', `0x00004688')
+define(`FBIO_WAITFORVSYNC', `0x40044620')
+define(`FBIPUT_BRIGHTNESS', `0x40044603')
+define(`FBIPUT_COLOR', `0x40044606')
+define(`FBIPUT_HSYNC', `0x40044609')
+define(`FBIPUT_VSYNC', `0x4004460a')
+define(`FDCLRPRM', `0x00000241')
+define(`FDDEFPRM', `0x40200243')
+define(`FDEJECT', `0x0000025a')
+define(`FDFLUSH', `0x0000024b')
+define(`FDFMTBEG', `0x00000247')
+define(`FDFMTEND', `0x00000249')
+define(`FDFMTTRK', `0x400c0248')
+define(`FDGETDRVPRM', `0x80800211')
+define(`FDGETDRVSTAT', `0x80500212')
+define(`FDGETDRVTYP', `0x8010020f')
+define(`FDGETFDCSTAT', `0x80280215')
+define(`FDGETMAXERRS', `0x8014020e')
+define(`FDGETPRM', `0x80200204')
+define(`FDMSGOFF', `0x00000246')
+define(`FDMSGON', `0x00000245')
+define(`FDPOLLDRVSTAT', `0x80500213')
+define(`FDRAWCMD', `0x00000258')
+define(`FDRESET', `0x00000254')
+define(`FDSETDRVPRM', `0x40800290')
+define(`FDSETEMSGTRESH', `0x0000024a')
+define(`FDSETMAXERRS', `0x4014024c')
+define(`FDSETPRM', `0x40200242')
+define(`FDTWADDLE', `0x00000259')
+define(`FDWERRORCLR', `0x00000256')
+define(`FDWERRORGET', `0x80280217')
+define(`FE_DISEQC_RECV_SLAVE_REPLY', `0x800c6f40')
+define(`FE_DISEQC_RESET_OVERLOAD', `0x00006f3e')
+define(`FE_DISEQC_SEND_BURST', `0x00006f41')
+define(`FE_DISEQC_SEND_MASTER_CMD', `0x40076f3f')
+define(`FE_DISHNETWORK_SEND_LEGACY_CMD', `0x00006f50')
+define(`FE_ENABLE_HIGH_LNB_VOLTAGE', `0x00006f44')
+define(`FE_GET_EVENT', `0x80286f4e')
+define(`FE_GET_FRONTEND', `0x80246f4d')
+define(`FE_GET_INFO', `0x80a86f3d')
+define(`FE_GET_PROPERTY', `0x80106f53')
+define(`FE_READ_BER', `0x80046f46')
+define(`FE_READ_SIGNAL_STRENGTH', `0x80026f47')
+define(`FE_READ_SNR', `0x80026f48')
+define(`FE_READ_STATUS', `0x80046f45')
+define(`FE_READ_UNCORRECTED_BLOCKS', `0x80046f49')
+define(`FE_SET_FRONTEND', `0x40246f4c')
+define(`FE_SET_FRONTEND_TUNE_MODE', `0x00006f51')
+define(`FE_SET_PROPERTY', `0x40106f52')
+define(`FE_SET_TONE', `0x00006f42')
+define(`FE_SET_VOLTAGE', `0x00006f43')
+define(`FIBMAP', `0x00000001')
+define(`FIFREEZE', `0xc0045877')
+define(`FIGETBSZ', `0x00000002')
+define(`FIOASYNC', `0x00005452')
+define(`FIOCLEX', ifelse(target_arch, mips, 0x00006601, 0x00005451))
+define(`FIOGETOWN', `0x00008903')
+define(`FIONBIO', `0x00005421')
+define(`FIONCLEX', ifelse(target_arch, mips, 0x00006602, 0x00005450))
+define(`FIONREAD', ifelse(target_arch, mips, 0x0000467f, 0x0000541b))
+define(`FIOQSIZE', `0x00005460')
+define(`FIOSETOWN', `0x00008901')
+define(`FITHAW', `0xc0045878')
+define(`FITRIM', `0xc0185879')
+define(`FS_IOC32_GETFLAGS', `0x80046601')
+define(`FS_IOC32_GETVERSION', `0x80047601')
+define(`FS_IOC32_SETFLAGS', `0x40046602')
+define(`FS_IOC32_SETVERSION', `0x40047602')
+define(`FS_IOC_ADD_ENCRYPTION_KEY', `0xc0506617')
+define(`FS_IOC_ENABLE_VERITY', `0x6685')
+define(`FS_IOC_FIEMAP', `0xc020660b')
+define(`FS_IOC_FSGETXATTR', `0x801c581f')
+define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
+define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
+define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
+define(`FS_IOC_GETFLAGS', `0x80086601')
+define(`FS_IOC_GETVERSION', `0x80087601')
+define(`FS_IOC_MEASURE_VERITY', `0x6686')
+define(`FS_IOC_REMOVE_ENCRYPTION_KEY', `0xc0406618')
+define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613')
+define(`FS_IOC_SETFLAGS', `0x40086602')
+define(`FS_IOC_SETVERSION', `0x40087602')
+define(`FSL_HV_IOCTL_DOORBELL', `0xc008af06')
+define(`FSL_HV_IOCTL_GETPROP', `0xc028af07')
+define(`FSL_HV_IOCTL_MEMCPY', `0xc028af05')
+define(`FSL_HV_IOCTL_PARTITION_GET_STATUS', `0xc00caf02')
+define(`FSL_HV_IOCTL_PARTITION_RESTART', `0xc008af01')
+define(`FSL_HV_IOCTL_PARTITION_START', `0xc010af03')
+define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04')
+define(`FSL_HV_IOCTL_SETPROP', `0xc028af08')
+define(`FUNCTIONFS_CLEAR_HALT', `0x00006703')
+define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782')
+define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781')
+define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702')
+define(`FUNCTIONFS_FIFO_STATUS', `0x00006701')
+define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780')
+define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306')
+define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302')
+define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d')
+define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE_ONCE', `0x4018230f')
+define(`FW_CDEV_IOC_CREATE_ISO_CONTEXT', `0xc0202308')
+define(`FW_CDEV_IOC_DEALLOCATE', `0x40042303')
+define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE', `0x4004230e')
+define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE_ONCE', `0x40182310')
+define(`FW_CDEV_IOC_FLUSH_ISO', `0x40042318')
+define(`FW_CDEV_IOC_GET_CYCLE_TIMER', `0x8010230c')
+define(`FW_CDEV_IOC_GET_CYCLE_TIMER2', `0xc0182314')
+define(`FW_CDEV_IOC_GET_INFO', `0xc0282300')
+define(`FW_CDEV_IOC_GET_SPEED', `0x00002311')
+define(`FW_CDEV_IOC_INITIATE_BUS_RESET', `0x40042305')
+define(`FW_CDEV_IOC_QUEUE_ISO', `0xc0182309')
+define(`FW_CDEV_IOC_RECEIVE_PHY_PACKETS', `0x40082316')
+define(`FW_CDEV_IOC_REMOVE_DESCRIPTOR', `0x40042307')
+define(`FW_CDEV_IOC_SEND_BROADCAST_REQUEST', `0x40282312')
+define(`FW_CDEV_IOC_SEND_PHY_PACKET', `0xc0182315')
+define(`FW_CDEV_IOC_SEND_REQUEST', `0x40282301')
+define(`FW_CDEV_IOC_SEND_RESPONSE', `0x40182304')
+define(`FW_CDEV_IOC_SEND_STREAM_PACKET', `0x40282313')
+define(`FW_CDEV_IOC_SET_ISO_CHANNELS', `0x40102317')
+define(`FW_CDEV_IOC_START_ISO', `0x4010230a')
+define(`FW_CDEV_IOC_STOP_ISO', `0x4004230b')
+define(`GADGETFS_CLEAR_HALT', `0x00006703')
+define(`GADGETFS_FIFO_FLUSH', `0x00006702')
+define(`GADGETFS_FIFO_STATUS', `0x00006701')
+define(`GADGET_GET_PRINTER_STATUS', `0x80016721')
+define(`GADGET_SET_PRINTER_STATUS', `0xc0016722')
+define(`GENWQE_EXECUTE_DDCB', `0xc0e8a532')
+define(`GENWQE_EXECUTE_RAW_DDCB', `0xc0e8a533')
+define(`GENWQE_GET_CARD_STATE', `0x8004a524')
+define(`GENWQE_PIN_MEM', `0xc020a528')
+define(`GENWQE_READ_REG16', `0x8010a522')
+define(`GENWQE_READ_REG32', `0x8010a520')
+define(`GENWQE_READ_REG64', `0x8010a51e')
+define(`GENWQE_SLU_READ', `0xc038a551')
+define(`GENWQE_SLU_UPDATE', `0xc038a550')
+define(`GENWQE_UNPIN_MEM', `0xc020a529')
+define(`GENWQE_WRITE_REG16', `0x4010a523')
+define(`GENWQE_WRITE_REG32', `0x4010a521')
+define(`GENWQE_WRITE_REG64', `0x4010a51f')
+define(`GET_ARRAY_INFO', `0x80480911')
+define(`GET_BITMAP_FILE', `0x90000915')
+define(`GET_DISK_INFO', `0x80140912')
+define(`GIGASET_BRKCHARS', `0x40064702')
+define(`GIGASET_CONFIG', `0xc0044701')
+define(`GIGASET_REDIR', `0xc0044700')
+define(`GIGASET_VERSION', `0xc0104703')
+define(`GIO_CMAP', `0x00004b70')
+define(`GIO_FONT', `0x00004b60')
+define(`GIO_FONTX', `0x00004b6b')
+define(`GIO_SCRNMAP', `0x00004b40')
+define(`GIO_UNIMAP', `0x00004b66')
+define(`GIO_UNISCRNMAP', `0x00004b69')
+define(`GSMIOC_DISABLE_NET', `0x00004703')
+define(`GSMIOC_ENABLE_NET', `0x40344702')
+define(`GSMIOC_GETCONF', `0x804c4700')
+define(`GSMIOC_SETCONF', `0x404c4701')
+define(`HCIBLOCKADDR', `0x400448e6')
+define(`HCIDEVDOWN', `0x400448ca')
+define(`HCIDEVRESET', `0x400448cb')
+define(`HCIDEVRESTAT', `0x400448cc')
+define(`HCIDEVUP', `0x400448c9')
+define(`HCIGETAUTHINFO', `0x800448d7')
+define(`HCIGETCONNINFO', `0x800448d5')
+define(`HCIGETCONNLIST', `0x800448d4')
+define(`HCIGETDEVINFO', `0x800448d3')
+define(`HCIGETDEVLIST', `0x800448d2')
+define(`HCIINQUIRY', `0x800448f0')
+define(`HCISETACLMTU', `0x400448e3')
+define(`HCISETAUTH', `0x400448de')
+define(`HCISETENCRYPT', `0x400448df')
+define(`HCISETLINKMODE', `0x400448e2')
+define(`HCISETLINKPOL', `0x400448e1')
+define(`HCISETPTYPE', `0x400448e0')
+define(`HCISETRAW', `0x400448dc')
+define(`HCISETSCAN', `0x400448dd')
+define(`HCISETSCOMTU', `0x400448e4')
+define(`HCIUNBLOCKADDR', `0x400448e7')
+define(`HDA_IOCTL_GET_WCAP', `0xc0084812')
+define(`HDA_IOCTL_PVERSION', `0x80044810')
+define(`HDA_IOCTL_VERB_WRITE', `0xc0084811')
+define(`HDIO_DRIVE_CMD', `0x0000031f')
+define(`HDIO_DRIVE_RESET', `0x0000031c')
+define(`HDIO_DRIVE_TASK', `0x0000031e')
+define(`HDIO_DRIVE_TASKFILE', `0x0000031d')
+define(`HDIO_GET_32BIT', `0x00000309')
+define(`HDIO_GET_ACOUSTIC', `0x0000030f')
+define(`HDIO_GET_ADDRESS', `0x00000310')
+define(`HDIO_GET_BUSSTATE', `0x0000031a')
+define(`HDIO_GET_DMA', `0x0000030b')
+define(`HDIO_GETGEO', `0x00000301')
+define(`HDIO_GET_IDENTITY', `0x0000030d')
+define(`HDIO_GET_KEEPSETTINGS', `0x00000308')
+define(`HDIO_GET_MULTCOUNT', `0x00000304')
+define(`HDIO_GET_NICE', `0x0000030c')
+define(`HDIO_GET_NOWERR', `0x0000030a')
+define(`HDIO_GET_QDMA', `0x00000305')
+define(`HDIO_GET_UNMASKINTR', `0x00000302')
+define(`HDIO_GET_WCACHE', `0x0000030e')
+define(`HDIO_OBSOLETE_IDENTITY', `0x00000307')
+define(`HDIO_SCAN_HWIF', `0x00000328')
+define(`HDIO_SET_32BIT', `0x00000324')
+define(`HDIO_SET_ACOUSTIC', `0x0000032c')
+define(`HDIO_SET_ADDRESS', `0x0000032f')
+define(`HDIO_SET_BUSSTATE', `0x0000032d')
+define(`HDIO_SET_DMA', `0x00000326')
+define(`HDIO_SET_KEEPSETTINGS', `0x00000323')
+define(`HDIO_SET_MULTCOUNT', `0x00000321')
+define(`HDIO_SET_NICE', `0x00000329')
+define(`HDIO_SET_NOWERR', `0x00000325')
+define(`HDIO_SET_PIO_MODE', `0x00000327')
+define(`HDIO_SET_QDMA', `0x0000032e')
+define(`HDIO_SET_UNMASKINTR', `0x00000322')
+define(`HDIO_SET_WCACHE', `0x0000032b')
+define(`HDIO_SET_XFER', `0x00000306')
+define(`HDIO_TRISTATE_HWIF', `0x0000031b')
+define(`HDIO_UNREGISTER_HWIF', `0x0000032a')
+define(`HE_GET_REG', `0x40106160')
+define(`HIDIOCAPPLICATION', `0x00004802')
+define(`HIDIOCGCOLLECTIONINDEX', `0x40184810')
+define(`HIDIOCGCOLLECTIONINFO', `0xc0104811')
+define(`HIDIOCGDEVINFO', `0x801c4803')
+define(`HIDIOCGFIELDINFO', `0xc038480a')
+define(`HIDIOCGFLAG', `0x8004480e')
+define(`HIDIOCGRAWINFO', `0x80084803')
+define(`HIDIOCGRDESC', `0x90044802')
+define(`HIDIOCGRDESCSIZE', `0x80044801')
+define(`HIDIOCGREPORT', `0x400c4807')
+define(`HIDIOCGREPORTINFO', `0xc00c4809')
+define(`HIDIOCGSTRING', `0x81044804')
+define(`HIDIOCGUCODE', `0xc018480d')
+define(`HIDIOCGUSAGE', `0xc018480b')
+define(`HIDIOCGUSAGES', `0xd01c4813')
+define(`HIDIOCGVERSION', `0x80044801')
+define(`HIDIOCINITREPORT', `0x00004805')
+define(`HIDIOCSFLAG', `0x4004480f')
+define(`HIDIOCSREPORT', `0x400c4808')
+define(`HIDIOCSUSAGE', `0x4018480c')
+define(`HIDIOCSUSAGES', `0x501c4814')
+define(`HOT_ADD_DISK', `0x00000928')
+define(`HOT_GENERATE_ERROR', `0x0000092a')
+define(`HOT_REMOVE_DISK', `0x00000922')
+define(`HPET_DPI', `0x00006805')
+define(`HPET_EPI', `0x00006804')
+define(`HPET_IE_OFF', `0x00006802')
+define(`HPET_IE_ON', `0x00006801')
+define(`HPET_INFO', `0x80186803')
+define(`HPET_IRQFREQ', `0x40086806')
+define(`HSC_GET_RX', `0x400c6b14')
+define(`HSC_GET_TX', `0x40106b16')
+define(`HSC_RESET', `0x00006b10')
+define(`HSC_SEND_BREAK', `0x00006b12')
+define(`HSC_SET_PM', `0x00006b11')
+define(`HSC_SET_RX', `0x400c6b13')
+define(`HSC_SET_TX', `0x40106b15')
+define(`I2OEVTGET', `0x8068690b')
+define(`I2OEVTREG', `0x400c690a')
+define(`I2OGETIOPS', `0x80206900')
+define(`I2OHRTGET', `0xc0186901')
+define(`I2OHTML', `0xc0306909')
+define(`I2OLCTGET', `0xc0186902')
+define(`I2OPARMGET', `0xc0286904')
+define(`I2OPARMSET', `0xc0286903')
+define(`I2OPASSTHRU', `0x8010690c')
+define(`I2OPASSTHRU32', `0x8008690c')
+define(`I2OSWDEL', `0xc0306907')
+define(`I2OSWDL', `0xc0306905')
+define(`I2OSWUL', `0xc0306906')
+define(`I2OVALIDATE', `0x80046908')
+define(`I8K_BIOS_VERSION', `0x80046980')
+define(`I8K_FN_STATUS', `0x80086983')
+define(`I8K_GET_FAN', `0xc0086986')
+define(`I8K_GET_SPEED', `0xc0086985')
+define(`I8K_GET_TEMP', `0x80086984')
+define(`I8K_MACHINE_ID', `0x80046981')
+define(`I8K_POWER_STATUS', `0x80086982')
+define(`I8K_SET_FAN', `0xc0086987')
+define(`IB_USER_MAD_ENABLE_PKEY', `0x00001b03')
+define(`IB_USER_MAD_REGISTER_AGENT', `0xc01c1b01')
+define(`IB_USER_MAD_REGISTER_AGENT2', `0xc0281b04')
+define(`IB_USER_MAD_UNREGISTER_AGENT', `0x40041b02')
+define(`IDT77105_GETSTAT', `0x40106132')
+define(`IDT77105_GETSTATZ', `0x40106133')
+define(`IIOCDBGVAR', `0x0000497f')
+define(`IIOCDRVCTL', `0x00004980')
+define(`IIOCGETCPS', `0x00004915')
+define(`IIOCGETDVR', `0x00004916')
+define(`IIOCGETMAP', `0x00004911')
+define(`IIOCGETPRF', `0x0000490f')
+define(`IIOCGETSET', `0x00004908')
+define(`IIOCNETAIF', `0x00004901')
+define(`IIOCNETALN', `0x00004920')
+define(`IIOCNETANM', `0x00004905')
+define(`IIOCNETASL', `0x00004913')
+define(`IIOCNETDIF', `0x00004902')
+define(`IIOCNETDIL', `0x00004914')
+define(`IIOCNETDLN', `0x00004921')
+define(`IIOCNETDNM', `0x00004906')
+define(`IIOCNETDWRSET', `0x00004918')
+define(`IIOCNETGCF', `0x00004904')
+define(`IIOCNETGNM', `0x00004907')
+define(`IIOCNETGPN', `0x00004922')
+define(`IIOCNETHUP', `0x0000490b')
+define(`IIOCNETLCR', `0x00004917')
+define(`IIOCNETSCF', `0x00004903')
+define(`IIOCSETBRJ', `0x0000490d')
+define(`IIOCSETGST', `0x0000490c')
+define(`IIOCSETMAP', `0x00004912')
+define(`IIOCSETPRF', `0x00004910')
+define(`IIOCSETSET', `0x00004909')
+define(`IIOCSETVER', `0x0000490a')
+define(`IIOCSIGPRF', `0x0000490e')
+define(`IIO_GET_EVENT_FD_IOCTL', `0x80046990')
+define(`IMADDTIMER', `0x80044940')
+define(`IMCLEAR_L2', `0x80044946')
+define(`IMCTRLREQ', `0x80044945')
+define(`IMDELTIMER', `0x80044941')
+define(`IMGETCOUNT', `0x80044943')
+define(`IMGETDEVINFO', `0x80044944')
+define(`IMGETVERSION', `0x80044942')
+define(`IMHOLD_L1', `0x80044948')
+define(`IMSETDEVNAME', `0x80184947')
+define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e')
+define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
+define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
+define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
+define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
+define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
+define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
+define(`IOCTL_EVTCHN_NOTIFY', `0x00044504')
+define(`IOCTL_EVTCHN_RESET', `0x00004505')
+define(`IOCTL_EVTCHN_UNBIND', `0x00044503')
+define(`IOCTL_MEI_CONNECT_CLIENT', `0xc0104801')
+define(`IOCTL_VMCI_CTX_ADD_NOTIFICATION', `0x000007af')
+define(`IOCTL_VMCI_CTX_GET_CPT_STATE', `0x000007b1')
+define(`IOCTL_VMCI_CTX_REMOVE_NOTIFICATION', `0x000007b0')
+define(`IOCTL_VMCI_CTX_SET_CPT_STATE', `0x000007b2')
+define(`IOCTL_VMCI_DATAGRAM_RECEIVE', `0x000007ac')
+define(`IOCTL_VMCI_DATAGRAM_SEND', `0x000007ab')
+define(`IOCTL_VMCI_GET_CONTEXT_ID', `0x000007b3')
+define(`IOCTL_VMCI_INIT_CONTEXT', `0x000007a0')
+define(`IOCTL_VMCI_NOTIFICATIONS_RECEIVE', `0x000007a6')
+define(`IOCTL_VMCI_NOTIFY_RESOURCE', `0x000007a5')
+define(`IOCTL_VMCI_QUEUEPAIR_ALLOC', `0x000007a8')
+define(`IOCTL_VMCI_QUEUEPAIR_DETACH', `0x000007aa')
+define(`IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE', `0x000007a9')
+define(`IOCTL_VMCI_QUEUEPAIR_SETVA', `0x000007a4')
+define(`IOCTL_VMCI_SET_NOTIFY', `0x000007cb')
+define(`IOCTL_VMCI_SOCKETS_GET_AF_VALUE', `0x000007b8')
+define(`IOCTL_VMCI_SOCKETS_GET_LOCAL_CID', `0x000007b9')
+define(`IOCTL_VMCI_SOCKETS_VERSION', `0x000007b4')
+define(`IOCTL_VMCI_VERSION', `0x0000079f')
+define(`IOCTL_VMCI_VERSION2', `0x000007a7')
+define(`IOCTL_VM_SOCKETS_GET_LOCAL_CID', `0x000007b9')
+define(`IOCTL_WDM_MAX_COMMAND', `0x800248a0')
+define(`IOCTL_XENBUS_BACKEND_EVTCHN', `0x00004200')
+define(`IOCTL_XENBUS_BACKEND_SETUP', `0x00004201')
+define(`ION_IOC_ALLOC', `0xc0204900')
+define(`ION_IOC_CUSTOM', `0xc0104906')
+define(`ION_IOC_FREE', `0xc0044901')
+define(`ION_IOC_IMPORT', `0xc0084905')
+define(`ION_IOC_MAP', `0xc0084902')
+define(`ION_IOC_SHARE', `0xc0084904')
+define(`ION_IOC_SYNC', `0xc0084907')
+define(`ION_IOC_TEST_DMA_MAPPING', `0x402049f1')
+define(`ION_IOC_TEST_KERNEL_MAPPING', `0x402049f2')
+define(`ION_IOC_TEST_SET_FD', `0x000049f0')
+define(`IOW_GETINFO', `0x8028c003')
+define(`IOW_READ', `0x4008c002')
+define(`IOW_WRITE', `0x4008c001')
+define(`IPMICTL_GET_MAINTENANCE_MODE_CMD', `0x8004691e')
+define(`IPMICTL_GET_MY_ADDRESS_CMD', `0x80046912')
+define(`IPMICTL_GET_MY_CHANNEL_ADDRESS_CMD', `0x80046919')
+define(`IPMICTL_GET_MY_CHANNEL_LUN_CMD', `0x8004691b')
+define(`IPMICTL_GET_MY_LUN_CMD', `0x80046914')
+define(`IPMICTL_GET_TIMING_PARMS_CMD', `0x80086917')
+define(`IPMICTL_RECEIVE_MSG', `0xc030690c')
+define(`IPMICTL_RECEIVE_MSG_TRUNC', `0xc030690b')
+define(`IPMICTL_REGISTER_FOR_CMD', `0x8002690e')
+define(`IPMICTL_REGISTER_FOR_CMD_CHANS', `0x800c691c')
+define(`IPMICTL_SEND_COMMAND', `0x8028690d')
+define(`IPMICTL_SEND_COMMAND_SETTIME', `0x80306915')
+define(`IPMICTL_SET_GETS_EVENTS_CMD', `0x80046910')
+define(`IPMICTL_SET_MAINTENANCE_MODE_CMD', `0x4004691f')
+define(`IPMICTL_SET_MY_ADDRESS_CMD', `0x80046911')
+define(`IPMICTL_SET_MY_CHANNEL_ADDRESS_CMD', `0x80046918')
+define(`IPMICTL_SET_MY_CHANNEL_LUN_CMD', `0x8004691a')
+define(`IPMICTL_SET_MY_LUN_CMD', `0x80046913')
+define(`IPMICTL_SET_TIMING_PARMS_CMD', `0x80086916')
+define(`IPMICTL_UNREGISTER_FOR_CMD', `0x8002690f')
+define(`IPMICTL_UNREGISTER_FOR_CMD_CHANS', `0x800c691d')
+define(`IVTVFB_IOC_DMA_FRAME', `0x401856c0')
+define(`IVTV_IOC_DMA_FRAME', `0x404056c0')
+define(`IVTV_IOC_PASSTHROUGH_MODE', `0x400456c1')
+define(`IXJCTL_AEC_GET_LEVEL', `0x000071cd')
+define(`IXJCTL_AEC_START', `0x400471cb')
+define(`IXJCTL_AEC_STOP', `0x000071cc')
+define(`IXJCTL_CARDTYPE', `0x800471c1')
+define(`IXJCTL_CID', `0x800871d4')
+define(`IXJCTL_CIDCW', `0x400871d9')
+define(`IXJCTL_DAA_AGAIN', `0x400471d2')
+define(`IXJCTL_DAA_COEFF_SET', `0x400471d0')
+define(`IXJCTL_DRYBUFFER_CLEAR', `0x000071e7')
+define(`IXJCTL_DRYBUFFER_READ', `0x800871e6')
+define(`IXJCTL_DSP_IDLE', `0x000071c5')
+define(`IXJCTL_DSP_RESET', `0x000071c0')
+define(`IXJCTL_DSP_TYPE', `0x800471c3')
+define(`IXJCTL_DSP_VERSION', `0x800471c4')
+define(`IXJCTL_DTMF_PRESCALE', `0x400471e8')
+define(`IXJCTL_FILTER_CADENCE', `0x400871d6')
+define(`IXJCTL_FRAMES_READ', `0x800871e2')
+define(`IXJCTL_FRAMES_WRITTEN', `0x800871e3')
+define(`IXJCTL_GET_FILTER_HIST', `0x400471c8')
+define(`IXJCTL_HZ', `0x400471e0')
+define(`IXJCTL_INIT_TONE', `0x400871c9')
+define(`IXJCTL_INTERCOM_START', `0x400471fd')
+define(`IXJCTL_INTERCOM_STOP', `0x400471fe')
+define(`IXJCTL_MIXER', `0x400471cf')
+define(`IXJCTL_PLAY_CID', `0x000071d7')
+define(`IXJCTL_PORT', `0x400471d1')
+define(`IXJCTL_POTS_PSTN', `0x400471d5')
+define(`IXJCTL_PSTN_LINETEST', `0x000071d3')
+define(`IXJCTL_RATE', `0x400471e1')
+define(`IXJCTL_READ_WAIT', `0x800871e4')
+define(`IXJCTL_SC_RXG', `0x400471ea')
+define(`IXJCTL_SC_TXG', `0x400471eb')
+define(`IXJCTL_SERIAL', `0x800471c2')
+define(`IXJCTL_SET_FILTER', `0x400871c7')
+define(`IXJCTL_SET_FILTER_RAW', `0x400871dd')
+define(`IXJCTL_SET_LED', `0x400471ce')
+define(`IXJCTL_SIGCTL', `0x400871e9')
+define(`IXJCTL_TESTRAM', `0x000071c6')
+define(`IXJCTL_TONE_CADENCE', `0x400871ca')
+define(`IXJCTL_VERSION', `0x800871da')
+define(`IXJCTL_VMWI', `0x800471d8')
+define(`IXJCTL_WRITE_WAIT', `0x800871e5')
+define(`JSIOCGAXES', `0x80016a11')
+define(`JSIOCGAXMAP', `0x80406a32')
+define(`JSIOCGBTNMAP', `0x84006a34')
+define(`JSIOCGBUTTONS', `0x80016a12')
+define(`JSIOCGCORR', `0x80246a22')
+define(`JSIOCGVERSION', `0x80046a01')
+define(`JSIOCSAXMAP', `0x40406a31')
+define(`JSIOCSBTNMAP', `0x44006a33')
+define(`JSIOCSCORR', `0x40246a21')
+define(`KCOV_DISABLE', `0x00006365')
+define(`KCOV_ENABLE', `0x00006364')
+define(`KCOV_INIT_TRACE', `0x80086301')
+define(`KDADDIO', `0x00004b34')
+define(`KDDELIO', `0x00004b35')
+define(`KDDISABIO', `0x00004b37')
+define(`KDENABIO', `0x00004b36')
+define(`KDFONTOP', `0x00004b72')
+define(`KDGETKEYCODE', `0x00004b4c')
+define(`KDGETLED', `0x00004b31')
+define(`KDGETMODE', `0x00004b3b')
+define(`KDGKBDIACR', `0x00004b4a')
+define(`KDGKBDIACRUC', `0x00004bfa')
+define(`KDGKBENT', `0x00004b46')
+define(`KDGKBLED', `0x00004b64')
+define(`KDGKBMETA', `0x00004b62')
+define(`KDGKBMODE', `0x00004b44')
+define(`KDGKBSENT', `0x00004b48')
+define(`KDGKBTYPE', `0x00004b33')
+define(`KDKBDREP', `0x00004b52')
+define(`KDMAPDISP', `0x00004b3c')
+define(`KDMKTONE', `0x00004b30')
+define(`KDSETKEYCODE', `0x00004b4d')
+define(`KDSETLED', `0x00004b32')
+define(`KDSETMODE', `0x00004b3a')
+define(`KDSIGACCEPT', `0x00004b4e')
+define(`KDSKBDIACR', `0x00004b4b')
+define(`KDSKBDIACRUC', `0x00004bfb')
+define(`KDSKBENT', `0x00004b47')
+define(`KDSKBLED', `0x00004b65')
+define(`KDSKBMETA', `0x00004b63')
+define(`KDSKBMODE', `0x00004b45')
+define(`KDSKBSENT', `0x00004b49')
+define(`KDUNMAPDISP', `0x00004b3d')
+define(`KIOCSOUND', `0x00004b2f')
+define(`KVM_ALLOCATE_RMA', `0x8008aea9')
+define(`KVM_ARM_PREFERRED_TARGET', `0x8020aeaf')
+define(`KVM_ARM_SET_DEVICE_ADDR', `0x4010aeab')
+define(`KVM_ARM_VCPU_INIT', `0x4020aeae')
+define(`KVM_ASSIGN_DEV_IRQ', `0x4040ae70')
+define(`KVM_ASSIGN_PCI_DEVICE', `0x8040ae69')
+define(`KVM_ASSIGN_SET_INTX_MASK', `0x4040aea4')
+define(`KVM_ASSIGN_SET_MSIX_ENTRY', `0x4010ae74')
+define(`KVM_ASSIGN_SET_MSIX_NR', `0x4008ae73')
+define(`KVM_CHECK_EXTENSION', `0x0000ae03')
+define(`KVM_CREATE_DEVICE', `0xc00caee0')
+define(`KVM_CREATE_IRQCHIP', `0x0000ae60')
+define(`KVM_CREATE_PIT', `0x0000ae64')
+define(`KVM_CREATE_PIT2', `0x4040ae77')
+define(`KVM_CREATE_SPAPR_TCE', `0x400caea8')
+define(`KVM_CREATE_VCPU', `0x0000ae41')
+define(`KVM_CREATE_VM', `0x0000ae01')
+define(`KVM_DEASSIGN_DEV_IRQ', `0x4040ae75')
+define(`KVM_DEASSIGN_PCI_DEVICE', `0x4040ae72')
+define(`KVM_DIRTY_TLB', `0x4010aeaa')
+define(`KVM_ENABLE_CAP', `0x4068aea3')
+define(`KVM_GET_API_VERSION', `0x0000ae00')
+define(`KVM_GET_CLOCK', `0x8030ae7c')
+define(`KVM_GET_CPUID2', `0xc008ae91')
+define(`KVM_GET_DEBUGREGS', `0x8080aea1')
+define(`KVM_GET_DEVICE_ATTR', `0x4018aee2')
+define(`KVM_GET_DIRTY_LOG', `0x4010ae42')
+define(`KVM_GET_EMULATED_CPUID', `0xc008ae09')
+define(`KVM_GET_FPU', `0x81a0ae8c')
+define(`KVM_GET_IRQCHIP', `0xc208ae62')
+define(`KVM_GET_LAPIC', `0x8400ae8e')
+define(`KVM_GET_MP_STATE', `0x8004ae98')
+define(`KVM_GET_MSR_INDEX_LIST', `0xc004ae02')
+define(`KVM_GET_MSRS', `0xc008ae88')
+define(`KVM_GET_NR_MMU_PAGES', `0x0000ae45')
+define(`KVM_GET_ONE_REG', `0x4010aeab')
+define(`KVM_GET_PIT', `0xc048ae65')
+define(`KVM_GET_PIT2', `0x8070ae9f')
+define(`KVM_GET_REG_LIST', `0xc008aeb0')
+define(`KVM_GET_REGS', `0x8090ae81')
+define(`KVM_GET_SREGS', `0x8138ae83')
+define(`KVM_GET_SUPPORTED_CPUID', `0xc008ae05')
+define(`KVM_GET_TSC_KHZ', `0x0000aea3')
+define(`KVM_GET_VCPU_EVENTS', `0x8040ae9f')
+define(`KVM_GET_VCPU_MMAP_SIZE', `0x0000ae04')
+define(`KVM_GET_XCRS', `0x8188aea6')
+define(`KVM_GET_XSAVE', `0x9000aea4')
+define(`KVM_HAS_DEVICE_ATTR', `0x4018aee3')
+define(`KVM_INTERRUPT', `0x4004ae86')
+define(`KVM_IOEVENTFD', `0x4040ae79')
+define(`KVM_IRQFD', `0x4020ae76')
+define(`KVM_IRQ_LINE', `0x4008ae61')
+define(`KVM_IRQ_LINE_STATUS', `0xc008ae67')
+define(`KVM_KVMCLOCK_CTRL', `0x0000aead')
+define(`KVM_NMI', `0x0000ae9a')
+define(`KVM_PPC_ALLOCATE_HTAB', `0xc004aea7')
+define(`KVM_PPC_GET_HTAB_FD', `0x4020aeaa')
+define(`KVM_PPC_GET_PVINFO', `0x4080aea1')
+define(`KVM_PPC_GET_SMMU_INFO', `0x8250aea6')
+define(`KVM_PPC_RTAS_DEFINE_TOKEN', `0x4080aeac')
+define(`KVM_REGISTER_COALESCED_MMIO', `0x4010ae67')
+define(`KVM_REINJECT_CONTROL', `0x0000ae71')
+define(`KVM_RUN', `0x0000ae80')
+define(`KVM_S390_ENABLE_SIE', `0x0000ae06')
+define(`KVM_S390_INITIAL_RESET', `0x0000ae97')
+define(`KVM_S390_INTERRUPT', `0x4010ae94')
+define(`KVM_S390_SET_INITIAL_PSW', `0x4010ae96')
+define(`KVM_S390_STORE_STATUS', `0x4008ae95')
+define(`KVM_S390_UCAS_MAP', `0x4018ae50')
+define(`KVM_S390_UCAS_UNMAP', `0x4018ae51')
+define(`KVM_S390_VCPU_FAULT', `0x4008ae52')
+define(`KVM_SET_BOOT_CPU_ID', `0x0000ae78')
+define(`KVM_SET_CLOCK', `0x4030ae7b')
+define(`KVM_SET_CPUID', `0x4008ae8a')
+define(`KVM_SET_CPUID2', `0x4008ae90')
+define(`KVM_SET_DEBUGREGS', `0x4080aea2')
+define(`KVM_SET_DEVICE_ATTR', `0x4018aee1')
+define(`KVM_SET_FPU', `0x41a0ae8d')
+define(`KVM_SET_GSI_ROUTING', `0x4008ae6a')
+define(`KVM_SET_GUEST_DEBUG', `0x4048ae9b')
+define(`KVM_SET_IDENTITY_MAP_ADDR', `0x4008ae48')
+define(`KVM_SET_IRQCHIP', `0x8208ae63')
+define(`KVM_SET_LAPIC', `0x4400ae8f')
+define(`KVM_SET_MEMORY_ALIAS', `0x4020ae43')
+define(`KVM_SET_MEMORY_REGION', `0x4018ae40')
+define(`KVM_SET_MP_STATE', `0x4004ae99')
+define(`KVM_SET_MSRS', `0x4008ae89')
+define(`KVM_SET_NR_MMU_PAGES', `0x0000ae44')
+define(`KVM_SET_ONE_REG', `0x4010aeac')
+define(`KVM_SET_PIT', `0x8048ae66')
+define(`KVM_SET_PIT2', `0x4070aea0')
+define(`KVM_SET_REGS', `0x4090ae82')
+define(`KVM_SET_SIGNAL_MASK', `0x4004ae8b')
+define(`KVM_SET_SREGS', `0x4138ae84')
+define(`KVM_SET_TSC_KHZ', `0x0000aea2')
+define(`KVM_SET_TSS_ADDR', `0x0000ae47')
+define(`KVM_SET_USER_MEMORY_REGION', `0x4020ae46')
+define(`KVM_SET_VAPIC_ADDR', `0x4008ae93')
+define(`KVM_SET_VCPU_EVENTS', `0x4040aea0')
+define(`KVM_SET_XCRS', `0x4188aea7')
+define(`KVM_SET_XSAVE', `0x5000aea5')
+define(`KVM_SIGNAL_MSI', `0x4020aea5')
+define(`KVM_TPR_ACCESS_REPORTING', `0xc028ae92')
+define(`KVM_TRANSLATE', `0xc018ae85')
+define(`KVM_UNREGISTER_COALESCED_MMIO', `0x4010ae68')
+define(`KVM_X86_GET_MCE_CAP_SUPPORTED', `0x8008ae9d')
+define(`KVM_X86_SET_MCE', `0x4040ae9e')
+define(`KVM_X86_SETUP_MCE', `0x4008ae9c')
+define(`KVM_XEN_HVM_CONFIG', `0x4038ae7a')
+define(`KYRO_IOCTL_OVERLAY_CREATE', `0x00006b00')
+define(`KYRO_IOCTL_OVERLAY_OFFSET', `0x00006b04')
+define(`KYRO_IOCTL_OVERLAY_VIEWPORT_SET', `0x00006b01')
+define(`KYRO_IOCTL_SET_VIDEO_MODE', `0x00006b02')
+define(`KYRO_IOCTL_STRIDE', `0x00006b05')
+define(`KYRO_IOCTL_UVSTRIDE', `0x00006b03')
+define(`LIRC_GET_FEATURES', `0x80046900')
+define(`LIRC_GET_LENGTH', `0x8004690f')
+define(`LIRC_GET_MAX_FILTER_PULSE', `0x8004690b')
+define(`LIRC_GET_MAX_FILTER_SPACE', `0x8004690d')
+define(`LIRC_GET_MAX_TIMEOUT', `0x80046909')
+define(`LIRC_GET_MIN_FILTER_PULSE', `0x8004690a')
+define(`LIRC_GET_MIN_FILTER_SPACE', `0x8004690c')
+define(`LIRC_GET_MIN_TIMEOUT', `0x80046908')
+define(`LIRC_GET_REC_CARRIER', `0x80046904')
+define(`LIRC_GET_REC_DUTY_CYCLE', `0x80046906')
+define(`LIRC_GET_REC_MODE', `0x80046902')
+define(`LIRC_GET_REC_RESOLUTION', `0x80046907')
+define(`LIRC_GET_SEND_CARRIER', `0x80046903')
+define(`LIRC_GET_SEND_DUTY_CYCLE', `0x80046905')
+define(`LIRC_GET_SEND_MODE', `0x80046901')
+define(`LIRC_NOTIFY_DECODE', `0x00006920')
+define(`LIRC_SET_MEASURE_CARRIER_MODE', `0x4004691d')
+define(`LIRC_SET_REC_CARRIER', `0x40046914')
+define(`LIRC_SET_REC_CARRIER_RANGE', `0x4004691f')
+define(`LIRC_SET_REC_DUTY_CYCLE', `0x40046916')
+define(`LIRC_SET_REC_DUTY_CYCLE_RANGE', `0x4004691e')
+define(`LIRC_SET_REC_FILTER', `0x4004691c')
+define(`LIRC_SET_REC_FILTER_PULSE', `0x4004691a')
+define(`LIRC_SET_REC_FILTER_SPACE', `0x4004691b')
+define(`LIRC_SET_REC_MODE', `0x40046912')
+define(`LIRC_SET_REC_TIMEOUT', `0x40046918')
+define(`LIRC_SET_REC_TIMEOUT_REPORTS', `0x40046919')
+define(`LIRC_SET_SEND_CARRIER', `0x40046913')
+define(`LIRC_SET_SEND_DUTY_CYCLE', `0x40046915')
+define(`LIRC_SET_SEND_MODE', `0x40046911')
+define(`LIRC_SET_TRANSMITTER_MASK', `0x40046917')
+define(`LIRC_SETUP_END', `0x00006922')
+define(`LIRC_SETUP_START', `0x00006921')
+define(`LIRC_SET_WIDEBAND_RECEIVER', `0x40046923')
+define(`LOGGER_FLUSH_LOG', `0x0000ae04')
+define(`LOGGER_GET_LOG_BUF_SIZE', `0x0000ae01')
+define(`LOGGER_GET_LOG_LEN', `0x0000ae02')
+define(`LOGGER_GET_NEXT_ENTRY_LEN', `0x0000ae03')
+define(`LOGGER_GET_VERSION', `0x0000ae05')
+define(`LOGGER_SET_VERSION', `0x0000ae06')
+define(`LOOP_CHANGE_FD', `0x00004c06')
+define(`LOOP_CLR_FD', `0x00004c01')
+define(`LOOP_CTL_ADD', `0x00004c80')
+define(`LOOP_CTL_GET_FREE', `0x00004c82')
+define(`LOOP_CTL_REMOVE', `0x00004c81')
+define(`LOOP_GET_STATUS', `0x00004c03')
+define(`LOOP_GET_STATUS64', `0x00004c05')
+define(`LOOP_SET_BLOCK_SIZE', `0x00004c09')
+define(`LOOP_SET_CAPACITY', `0x00004c07')
+define(`LOOP_SET_DIRECT_IO', `0x00004c08')
+define(`LOOP_SET_FD', `0x00004c00')
+define(`LOOP_SET_STATUS', `0x00004c02')
+define(`LOOP_SET_STATUS64', `0x00004c04')
+define(`MATROXFB_GET_ALL_OUTPUTS', `0x80086efb')
+define(`MATROXFB_GET_AVAILABLE_OUTPUTS', `0x80086ef9')
+define(`MATROXFB_GET_OUTPUT_CONNECTION', `0x80086ef8')
+define(`MATROXFB_GET_OUTPUT_MODE', `0xc0086efa')
+define(`MATROXFB_SET_OUTPUT_CONNECTION', `0x40086ef8')
+define(`MATROXFB_SET_OUTPUT_MODE', `0x40086efa')
+define(`MBXFB_IOCG_ALPHA', `0x8018f401')
+define(`MBXFB_IOCS_ALPHA', `0x4018f402')
+define(`MBXFB_IOCS_PLANEORDER', `0x8002f403')
+define(`MBXFB_IOCS_REG', `0x400cf404')
+define(`MBXFB_IOCX_OVERLAY', `0xc030f400')
+define(`MBXFB_IOCX_REG', `0xc00cf405')
+define(`MCE_GETCLEAR_FLAGS', `0x80044d03')
+define(`MCE_GET_LOG_LEN', `0x80044d02')
+define(`MCE_GET_RECORD_LEN', `0x80044d01')
+define(`MEDIA_IOC_DEVICE_INFO', `0xc1007c00')
+define(`MEDIA_IOC_ENUM_ENTITIES', `0xc1007c01')
+define(`MEDIA_IOC_ENUM_LINKS', `0xc0287c02')
+define(`MEDIA_IOC_SETUP_LINK', `0xc0347c03')
+define(`MEMERASE', `0x40084d02')
+define(`MEMERASE64', `0x40104d14')
+define(`MEMGETBADBLOCK', `0x40084d0b')
+define(`MEMGETINFO', `0x80204d01')
+define(`MEMGETOOBSEL', `0x80c84d0a')
+define(`MEMGETREGIONCOUNT', `0x80044d07')
+define(`MEMGETREGIONINFO', `0xc0104d08')
+define(`MEMISLOCKED', `0x80084d17')
+define(`MEMLOCK', `0x40084d05')
+define(`MEMREADOOB', `0xc0104d04')
+define(`MEMREADOOB64', `0xc0184d16')
+define(`MEMSETBADBLOCK', `0x40084d0c')
+define(`MEMUNLOCK', `0x40084d06')
+define(`MEMWRITE', `0xc0304d18')
+define(`MEMWRITEOOB', `0xc0104d03')
+define(`MEMWRITEOOB64', `0xc0184d15')
+define(`MEYEIOC_G_PARAMS', `0x800676c0')
+define(`MEYEIOC_QBUF_CAPT', `0x400476c2')
+define(`MEYEIOC_S_PARAMS', `0x400676c1')
+define(`MEYEIOC_STILLCAPT', `0x000076c4')
+define(`MEYEIOC_STILLJCAPT', `0x800476c5')
+define(`MEYEIOC_SYNC', `0xc00476c3')
+define(`MFB_GET_ALPHA', `0x80014d00')
+define(`MFB_GET_AOID', `0x80084d04')
+define(`MFB_GET_GAMMA', `0x80014d01')
+define(`MFB_GET_PIXFMT', `0x80044d08')
+define(`MFB_SET_ALPHA', `0x40014d00')
+define(`MFB_SET_AOID', `0x40084d04')
+define(`MFB_SET_BRIGHTNESS', `0x40014d03')
+define(`MFB_SET_CHROMA_KEY', `0x400c4d01')
+define(`MFB_SET_GAMMA', `0x40014d01')
+define(`MFB_SET_PIXFMT', `0x40044d08')
+define(`MGSL_IOCCLRMODCOUNT', `0x00006d0f')
+define(`MGSL_IOCGGPIO', `0x80106d11')
+define(`MGSL_IOCGIF', `0x00006d0b')
+define(`MGSL_IOCGPARAMS', `0x80306d01')
+define(`MGSL_IOCGSTATS', `0x00006d07')
+define(`MGSL_IOCGTXIDLE', `0x00006d03')
+define(`MGSL_IOCGXCTRL', `0x00006d16')
+define(`MGSL_IOCGXSYNC', `0x00006d14')
+define(`MGSL_IOCLOOPTXDONE', `0x00006d09')
+define(`MGSL_IOCRXENABLE', `0x00006d05')
+define(`MGSL_IOCSGPIO', `0x40106d10')
+define(`MGSL_IOCSIF', `0x00006d0a')
+define(`MGSL_IOCSPARAMS', `0x40306d00')
+define(`MGSL_IOCSTXIDLE', `0x00006d02')
+define(`MGSL_IOCSXCTRL', `0x00006d15')
+define(`MGSL_IOCSXSYNC', `0x00006d13')
+define(`MGSL_IOCTXABORT', `0x00006d06')
+define(`MGSL_IOCTXENABLE', `0x00006d04')
+define(`MGSL_IOCWAITEVENT', `0xc0046d08')
+define(`MGSL_IOCWAITGPIO', `0xc0106d12')
+define(`MIC_VIRTIO_ADD_DEVICE', `0xc0087301')
+define(`MIC_VIRTIO_CONFIG_CHANGE', `0xc0087305')
+define(`MIC_VIRTIO_COPY_DESC', `0xc0087302')
+define(`MMC_IOC_CMD', `0xc048b300')
+define(`MMTIMER_GETBITS', `0x00006d04')
+define(`MMTIMER_GETCOUNTER', `0x80086d09')
+define(`MMTIMER_GETFREQ', `0x80086d02')
+define(`MMTIMER_GETOFFSET', `0x00006d00')
+define(`MMTIMER_GETRES', `0x80086d01')
+define(`MMTIMER_MMAPAVAIL', `0x00006d06')
+define(`MSMFB_BLIT', `0x40046d02')
+define(`MSMFB_GRP_DISP', `0x40046d01')
+define(`MTDFILEMODE', `0x00004d13')
+define(`MTIOCGET', `0x80306d02')
+define(`MTIOCPOS', `0x80086d03')
+define(`MTIOCTOP', `0x40086d01')
+define(`MTRRIOC_ADD_ENTRY', `0x40104d00')
+define(`MTRRIOC_ADD_PAGE_ENTRY', `0x40104d05')
+define(`MTRRIOC_DEL_ENTRY', `0x40104d02')
+define(`MTRRIOC_DEL_PAGE_ENTRY', `0x40104d07')
+define(`MTRRIOC_GET_ENTRY', `0xc0184d03')
+define(`MTRRIOC_GET_PAGE_ENTRY', `0xc0184d08')
+define(`MTRRIOC_KILL_ENTRY', `0x40104d04')
+define(`MTRRIOC_KILL_PAGE_ENTRY', `0x40104d09')
+define(`MTRRIOC_SET_ENTRY', `0x40104d01')
+define(`MTRRIOC_SET_PAGE_ENTRY', `0x40104d06')
+define(`NBD_CLEAR_QUE', `0x0000ab05')
+define(`NBD_CLEAR_SOCK', `0x0000ab04')
+define(`NBD_DISCONNECT', `0x0000ab08')
+define(`NBD_DO_IT', `0x0000ab03')
+define(`NBD_PRINT_DEBUG', `0x0000ab06')
+define(`NBD_SET_BLKSIZE', `0x0000ab01')
+define(`NBD_SET_FLAGS', `0x0000ab0a')
+define(`NBD_SET_SIZE', `0x0000ab02')
+define(`NBD_SET_SIZE_BLOCKS', `0x0000ab07')
+define(`NBD_SET_SOCK', `0x0000ab00')
+define(`NBD_SET_TIMEOUT', `0x0000ab09')
+define(`NCP_IOC_CONN_LOGGED_IN', `0x00006e03')
+define(`NCP_IOC_GETCHARSETS', `0xc02a6e0b')
+define(`NCP_IOC_GETDENTRYTTL', `0x40046e0c')
+define(`NCP_IOC_GET_FS_INFO', `0xc0286e04')
+define(`NCP_IOC_GET_FS_INFO_V2', `0xc0306e04')
+define(`NCP_IOC_GETMOUNTUID', `0x40026e02')
+define(`NCP_IOC_GETMOUNTUID2', `0x40086e02')
+define(`NCP_IOC_GETOBJECTNAME', `0xc0186e09')
+define(`NCP_IOC_GETPRIVATEDATA', `0xc0106e0a')
+define(`NCP_IOC_GETROOT', `0x400c6e08')
+define(`NCP_IOC_LOCKUNLOCK', `0x80146e07')
+define(`NCP_IOC_NCPREQUEST', `0x80106e01')
+define(`NCP_IOC_SETCHARSETS', `0x802a6e0b')
+define(`NCP_IOC_SETDENTRYTTL', `0x80046e0c')
+define(`NCP_IOC_SETOBJECTNAME', `0x80186e09')
+define(`NCP_IOC_SETPRIVATEDATA', `0x80106e0a')
+define(`NCP_IOC_SETROOT', `0x800c6e08')
+define(`NCP_IOC_SET_SIGN_WANTED', `0x40046e06')
+define(`NCP_IOC_SIGN_INIT', `0x80186e05')
+define(`NCP_IOC_SIGN_WANTED', `0x80046e06')
+define(`NET_ADD_IF', `0xc0066f34')
+define(`NET_GET_IF', `0xc0066f36')
+define(`NET_REMOVE_IF', `0x00006f35')
+define(`NILFS_IOCTL_CHANGE_CPMODE', `0x40106e80')
+define(`NILFS_IOCTL_CLEAN_SEGMENTS', `0x40786e88')
+define(`NILFS_IOCTL_DELETE_CHECKPOINT', `0x40086e81')
+define(`NILFS_IOCTL_GET_BDESCS', `0xc0186e87')
+define(`NILFS_IOCTL_GET_CPINFO', `0x80186e82')
+define(`NILFS_IOCTL_GET_CPSTAT', `0x80186e83')
+define(`NILFS_IOCTL_GET_SUINFO', `0x80186e84')
+define(`NILFS_IOCTL_GET_SUSTAT', `0x80306e85')
+define(`NILFS_IOCTL_GET_VINFO', `0xc0186e86')
+define(`NILFS_IOCTL_RESIZE', `0x40086e8b')
+define(`NILFS_IOCTL_SET_ALLOC_RANGE', `0x40106e8c')
+define(`NILFS_IOCTL_SET_SUINFO', `0x40186e8d')
+define(`NILFS_IOCTL_SYNC', `0x80086e8a')
+define(`NS_ADJBUFLEV', `0x00006163')
+define(`NS_GETPSTAT', `0xc0106161')
+define(`NS_SETBUFLEV', `0x40106162')
+define(`NVME_IOCTL_ADMIN_CMD', `0xc0484e41')
+define(`NVME_IOCTL_ID', `0x00004e40')
+define(`NVME_IOCTL_IO_CMD', `0xc0484e43')
+define(`NVME_IOCTL_SUBMIT_IO', `0x40304e42')
+define(`NVRAM_INIT', `0x00007040')
+define(`NVRAM_SETCKS', `0x00007041')
+define(`OLD_PHONE_RING_START', `0x00007187')
+define(`OMAPFB_CTRL_TEST', `0x40044f2e')
+define(`OMAPFB_GET_CAPS', `0x800c4f2a')
+define(`OMAPFB_GET_COLOR_KEY', `0x40104f33')
+define(`OMAPFB_GET_DISPLAY_INFO', `0x80204f3f')
+define(`OMAPFB_GET_OVERLAY_COLORMODE', `0x803c4f3b')
+define(`OMAPFB_GET_UPDATE_MODE', `0x40044f2b')
+define(`OMAPFB_GET_VRAM_INFO', `0x80204f3d')
+define(`OMAPFB_LCD_TEST', `0x40044f2d')
+define(`OMAPFB_MEMORY_READ', `0x80184f3a')
+define(`OMAPFB_MIRROR', `0x40044f1f')
+define(`OMAPFB_QUERY_MEM', `0x40084f38')
+define(`OMAPFB_QUERY_PLANE', `0x40444f35')
+define(`OMAPFB_SET_COLOR_KEY', `0x40104f32')
+define(`OMAPFB_SET_TEARSYNC', `0x40084f3e')
+define(`OMAPFB_SET_UPDATE_MODE', `0x40044f28')
+define(`OMAPFB_SETUP_MEM', `0x40084f37')
+define(`OMAPFB_SETUP_PLANE', `0x40444f34')
+define(`OMAPFB_SYNC_GFX', `0x00004f25')
+define(`OMAPFB_UPDATE_WINDOW', `0x40444f36')
+define(`OMAPFB_UPDATE_WINDOW_OLD', `0x40144f2f')
+define(`OMAPFB_VSYNC', `0x00004f26')
+define(`OMAPFB_WAITFORGO', `0x00004f3c')
+define(`OMAPFB_WAITFORVSYNC', `0x00004f39')
+define(`OSD_GET_CAPABILITY', `0x80106fa1')
+define(`OSD_SEND_CMD', `0x40206fa0')
+define(`OSIOCGNETADDR', `0x800489e1')
+define(`OSIOCSNETADDR', `0x400489e0')
+define(`OSS_GETVERSION', `0x80044d76')
+define(`OTPGETREGIONCOUNT', `0x40044d0e')
+define(`OTPGETREGIONINFO', `0x400c4d0f')
+define(`OTPLOCK', `0x800c4d10')
+define(`OTPSELECT', `0x80044d0d')
+define(`PACKET_CTRL_CMD', `0xc0185801')
+define(`PERF_EVENT_IOC_DISABLE', `0x00002401')
+define(`PERF_EVENT_IOC_ENABLE', `0x00002400')
+define(`PERF_EVENT_IOC_ID', `0x80082407')
+define(`PERF_EVENT_IOC_PERIOD', `0x40082404')
+define(`PERF_EVENT_IOC_REFRESH', `0x00002402')
+define(`PERF_EVENT_IOC_RESET', `0x00002403')
+define(`PERF_EVENT_IOC_SET_FILTER', `0x40082406')
+define(`PERF_EVENT_IOC_SET_OUTPUT', `0x00002405')
+define(`PHN_GET_REG', `0xc0087000')
+define(`PHN_GETREG', `0xc0087005')
+define(`PHN_GET_REGS', `0xc0087002')
+define(`PHN_GETREGS', `0xc0287007')
+define(`PHN_NOT_OH', `0x00007004')
+define(`PHN_SET_REG', `0x40087001')
+define(`PHN_SETREG', `0x40087006')
+define(`PHN_SET_REGS', `0x40087003')
+define(`PHN_SETREGS', `0x40287008')
+define(`PHONE_BUSY', `0x000071a1')
+define(`PHONE_CAPABILITIES', `0x00007180')
+define(`PHONE_CAPABILITIES_CHECK', `0x40087182')
+define(`PHONE_CAPABILITIES_LIST', `0x80087181')
+define(`PHONE_CPT_STOP', `0x000071a4')
+define(`PHONE_DIALTONE', `0x000071a3')
+define(`PHONE_DTMF_OOB', `0x40047199')
+define(`PHONE_DTMF_READY', `0x80047196')
+define(`PHONE_EXCEPTION', `0x8004719a')
+define(`PHONE_FRAME', `0x4004718d')
+define(`PHONE_GET_DTMF', `0x80047197')
+define(`PHONE_GET_DTMF_ASCII', `0x80047198')
+define(`PHONE_GET_TONE_OFF_TIME', `0x0000719f')
+define(`PHONE_GET_TONE_ON_TIME', `0x0000719e')
+define(`PHONE_GET_TONE_STATE', `0x000071a0')
+define(`PHONE_HOOKSTATE', `0x00007184')
+define(`PHONE_MAXRINGS', `0x40017185')
+define(`PHONE_PLAY_CODEC', `0x40047190')
+define(`PHONE_PLAY_DEPTH', `0x40047193')
+define(`PHONE_PLAY_LEVEL', `0x00007195')
+define(`PHONE_PLAY_START', `0x00007191')
+define(`PHONE_PLAY_STOP', `0x00007192')
+define(`PHONE_PLAY_TONE', `0x4001719b')
+define(`PHONE_PLAY_VOLUME', `0x40047194')
+define(`PHONE_PLAY_VOLUME_LINEAR', `0x400471dc')
+define(`PHONE_PSTN_GET_STATE', `0x000071a5')
+define(`PHONE_PSTN_LINETEST', `0x000071a8')
+define(`PHONE_PSTN_SET_STATE', `0x400471a4')
+define(`PHONE_QUERY_CODEC', `0xc00871a7')
+define(`PHONE_REC_CODEC', `0x40047189')
+define(`PHONE_REC_DEPTH', `0x4004718c')
+define(`PHONE_REC_LEVEL', `0x0000718f')
+define(`PHONE_REC_START', `0x0000718a')
+define(`PHONE_REC_STOP', `0x0000718b')
+define(`PHONE_REC_VOLUME', `0x4004718e')
+define(`PHONE_REC_VOLUME_LINEAR', `0x400471db')
+define(`PHONE_RING', `0x00007183')
+define(`PHONE_RINGBACK', `0x000071a2')
+define(`PHONE_RING_CADENCE', `0x40027186')
+define(`PHONE_RING_START', `0x40087187')
+define(`PHONE_RING_STOP', `0x00007188')
+define(`PHONE_SET_TONE_OFF_TIME', `0x4004719d')
+define(`PHONE_SET_TONE_ON_TIME', `0x4004719c')
+define(`PHONE_VAD', `0x400471a9')
+define(`PHONE_WINK', `0x400471aa')
+define(`PHONE_WINK_DURATION', `0x400471a6')
+define(`PIO_CMAP', `0x00004b71')
+define(`PIO_FONT', `0x00004b61')
+define(`PIO_FONTRESET', `0x00004b6d')
+define(`PIO_FONTX', `0x00004b6c')
+define(`PIO_SCRNMAP', `0x00004b41')
+define(`PIO_UNIMAP', `0x00004b67')
+define(`PIO_UNIMAPCLR', `0x00004b68')
+define(`PIO_UNISCRNMAP', `0x00004b6a')
+define(`PMU_IOC_CAN_SLEEP', `0x80084205')
+define(`PMU_IOC_GET_BACKLIGHT', `0x80084201')
+define(`PMU_IOC_GET_MODEL', `0x80084203')
+define(`PMU_IOC_GRAB_BACKLIGHT', `0x80084206')
+define(`PMU_IOC_HAS_ADB', `0x80084204')
+define(`PMU_IOC_SET_BACKLIGHT', `0x40084202')
+define(`PMU_IOC_SLEEP', `0x00004200')
+define(`PPCLAIM', `0x0000708b')
+define(`PPCLRIRQ', `0x80047093')
+define(`PPDATADIR', `0x40047090')
+define(`PPEXCL', `0x0000708f')
+define(`PPFCONTROL', `0x4002708e')
+define(`PPGETFLAGS', `0x8004709a')
+define(`PPGETMODE', `0x80047098')
+define(`PPGETMODES', `0x80047097')
+define(`PPGETPHASE', `0x80047099')
+define(`PPGETTIME', `0x80107095')
+define(`PPNEGOT', `0x40047091')
+define(`PPPIOCATTACH', `0x743d')
+define(`PPPIOCATTCHAN', `0x7438')
+define(`PPPIOCBUNDLE', `0x7481')
+define(`PPPIOCCONNECT', `0x743a')
+define(`PPPIOCDETACH', `0x743c')
+define(`PPPIOCDISCONN', `0x7439')
+define(`PPPIOCGASYNCMAP', `0x7458')
+define(`PPPIOCGCALLINFO', `0x7480')
+define(`PPPIOCGCHAN', `0x7437')
+define(`PPPIOCGCOMPRESSORS', `0x7486')
+define(`PPPIOCGDEBUG', `0x7441')
+define(`PPPIOCGFLAGS', `0x745a')
+define(`PPPIOCGIDLE', `0x743f')
+define(`PPPIOCGIFNAME', `0x7488')
+define(`PPPIOCGL2TPSTATS', `0x7436')
+define(`PPPIOCGMPFLAGS', `0x7482')
+define(`PPPIOCGMRU', `0x7453')
+define(`PPPIOCGNPMODE', `0x744c')
+define(`PPPIOCGRASYNCMAP', `0x7455')
+define(`PPPIOCGUNIT', `0x7456')
+define(`PPPIOCGXASYNCMAP', `0x7450')
+define(`PPPIOCNEWUNIT', `0x743e')
+define(`PPPIOCSACTIVE', `0x7446')
+define(`PPPIOCSASYNCMAP', `0x7457')
+define(`PPPIOCSCOMPRESS', `0x744d')
+define(`PPPIOCSCOMPRESSOR', `0x7487')
+define(`PPPIOCSDEBUG', `0x7440')
+define(`PPPIOCSFLAGS', `0x7459')
+define(`PPPIOCSMAXCID', `0x7451')
+define(`PPPIOCSMPFLAGS', `0x7483')
+define(`PPPIOCSMPMRU', `0x7485')
+define(`PPPIOCSMPMTU', `0x7484')
+define(`PPPIOCSMRRU', `0x743b')
+define(`PPPIOCSMRU', `0x7452')
+define(`PPPIOCSNPMODE', `0x744b')
+define(`PPPIOCSPASS', `0x7447')
+define(`PPPIOCSRASYNCMAP', `0x7454')
+define(`PPPIOCSXASYNCMAP', `0x744f')
+define(`PPPIOCXFERUNIT', `0x744e')
+define(`PPPOEIOCDFWD', `0x0000b101')
+define(`PPPOEIOCSFWD', `0x4008b100')
+define(`PPRCONTROL', `0x80017083')
+define(`PPRDATA', `0x80017085')
+define(`PPRELEASE', `0x0000708c')
+define(`PPRSTATUS', `0x80017081')
+define(`PPSETFLAGS', `0x4004709b')
+define(`PPSETMODE', `0x40047080')
+define(`PPSETPHASE', `0x40047094')
+define(`PPSETTIME', `0x40107096')
+define(`PPS_FETCH', `0xc00870a4')
+define(`PPS_GETCAP', `0x800870a3')
+define(`PPS_GETPARAMS', `0x800870a1')
+define(`PPS_KC_BIND', `0x400870a5')
+define(`PPS_SETPARAMS', `0x400870a2')
+define(`PPWCONTROL', `0x40017084')
+define(`PPWCTLONIRQ', `0x40017092')
+define(`PPWDATA', `0x40017086')
+define(`PPYIELD', `0x0000708d')
+define(`PROTECT_ARRAY', `0x00000927')
+define(`PTP_CLOCK_GETCAPS', `0x80503d01')
+define(`PTP_ENABLE_PPS', `0x40043d04')
+define(`PTP_EXTTS_REQUEST', `0x40103d02')
+define(`PTP_PEROUT_REQUEST', `0x40383d03')
+define(`PTP_PIN_GETFUNC', `0xc0603d06')
+define(`PTP_PIN_SETFUNC', `0x40603d07')
+define(`PTP_SYS_OFFSET', `0x43403d05')
+define(`RAID_AUTORUN', `0x00000914')
+define(`RAID_VERSION', `0x800c0910')
+define(`RAW_GETBIND', `0x0000ac01')
+define(`RAW_SETBIND', `0x0000ac00')
+define(`REISERFS_IOC_UNPACK', `0x4008cd01')
+define(`RESTART_ARRAY_RW', `0x00000934')
+define(`RFCOMMCREATEDEV', `0x400452c8')
+define(`RFCOMMGETDEVINFO', `0x800452d3')
+define(`RFCOMMGETDEVLIST', `0x800452d2')
+define(`RFCOMMRELEASEDEV', `0x400452c9')
+define(`RFCOMMSTEALDLC', `0x400452dc')
+define(`RFKILL_IOCTL_NOINPUT', `0x00005201')
+define(`RNDADDENTROPY', `0x40085203')
+define(`RNDADDTOENTCNT', `0x40045201')
+define(`RNDCLEARPOOL', `0x00005206')
+define(`RNDGETENTCNT', `0x80045200')
+define(`RNDGETPOOL', `0x80085202')
+define(`RNDZAPENTCNT', `0x00005204')
+define(`ROCCATIOCGREPSIZE', `0x800448f1')
+define(`RTC_AIE_OFF', `0x00007002')
+define(`RTC_AIE_ON', `0x00007001')
+define(`RTC_ALM_READ', `0x80247008')
+define(`RTC_ALM_SET', `0x40247007')
+define(`RTC_EPOCH_READ', `0x8008700d')
+define(`RTC_EPOCH_SET', `0x4008700e')
+define(`RTC_IRQP_READ', `0x8008700b')
+define(`RTC_IRQP_SET', `0x4008700c')
+define(`RTC_PIE_OFF', `0x00007006')
+define(`RTC_PIE_ON', `0x00007005')
+define(`RTC_PLL_GET', `0x80207011')
+define(`RTC_PLL_SET', `0x40207012')
+define(`RTC_RD_TIME', `0x80247009')
+define(`RTC_SET_TIME', `0x4024700a')
+define(`RTC_UIE_OFF', `0x00007004')
+define(`RTC_UIE_ON', `0x00007003')
+define(`RTC_VL_CLR', `0x00007014')
+define(`RTC_VL_READ', `0x80047013')
+define(`RTC_WIE_OFF', `0x00007010')
+define(`RTC_WIE_ON', `0x0000700f')
+define(`RTC_WKALM_RD', `0x80287010')
+define(`RTC_WKALM_SET', `0x4028700f')
+define(`RUN_ARRAY', `0x400c0930')
+define(`S5P_FIMC_TX_END_NOTIFY', `0x00006500')
+define(`SAA6588_CMD_CLOSE', `0x40045202')
+define(`SAA6588_CMD_POLL', `0x80045204')
+define(`SAA6588_CMD_READ', `0x80045203')
+define(`SCSI_IOCTL_DOORLOCK', `0x00005380')
+define(`SCSI_IOCTL_DOORUNLOCK', `0x00005381')
+define(`SCSI_IOCTL_GET_BUS_NUMBER', `0x00005386')
+define(`SCSI_IOCTL_GET_IDLUN', `0x00005382')
+define(`SCSI_IOCTL_GET_PCI', `0x00005387')
+define(`SCSI_IOCTL_PROBE_HOST', `0x00005385')
+define(`SET_ARRAY_INFO', `0x40480923')
+define(`SET_BITMAP_FILE', `0x4004092b')
+define(`SET_DISK_FAULTY', `0x00000929')
+define(`SET_DISK_INFO', `0x00000924')
+define(`SG_EMULATED_HOST', `0x00002203')
+define(`SG_GET_ACCESS_COUNT', `0x00002289')
+define(`SG_GET_COMMAND_Q', `0x00002270')
+define(`SG_GET_KEEP_ORPHAN', `0x00002288')
+define(`SG_GET_LOW_DMA', `0x0000227a')
+define(`SG_GET_NUM_WAITING', `0x0000227d')
+define(`SG_GET_PACK_ID', `0x0000227c')
+define(`SG_GET_REQUEST_TABLE', `0x00002286')
+define(`SG_GET_RESERVED_SIZE', `0x00002272')
+define(`SG_GET_SCSI_ID', `0x00002276')
+define(`SG_GET_SG_TABLESIZE', `0x0000227f')
+define(`SG_GET_TIMEOUT', `0x00002202')
+define(`SG_GET_TRANSFORM', `0x00002205')
+define(`SG_GET_VERSION_NUM', `0x00002282')
+define(`SG_IO', `0x00002285')
+define(`SG_NEXT_CMD_LEN', `0x00002283')
+define(`SG_SCSI_RESET', `0x00002284')
+define(`SG_SET_COMMAND_Q', `0x00002271')
+define(`SG_SET_DEBUG', `0x0000227e')
+define(`SG_SET_FORCE_LOW_DMA', `0x00002279')
+define(`SG_SET_FORCE_PACK_ID', `0x0000227b')
+define(`SG_SET_KEEP_ORPHAN', `0x00002287')
+define(`SG_SET_RESERVED_SIZE', `0x00002275')
+define(`SG_SET_TIMEOUT', `0x00002201')
+define(`SG_SET_TRANSFORM', `0x00002204')
+define(`SI4713_IOC_MEASURE_RNL', `0xc01c56c0')
+define(`SIOCADDDLCI', `0x00008980')
+define(`SIOCADDMULTI', `0x00008931')
+define(`SIOCADDRT', `0x0000890b')
+define(`SIOCATMARK', `0x00008905')
+define(`SIOCBONDCHANGEACTIVE', `0x00008995')
+define(`SIOCBONDENSLAVE', `0x00008990')
+define(`SIOCBONDINFOQUERY', `0x00008994')
+define(`SIOCBONDRELEASE', `0x00008991')
+define(`SIOCBONDSETHWADDR', `0x00008992')
+define(`SIOCBONDSLAVEINFOQUERY', `0x00008993')
+define(`SIOCBRADDBR', `0x000089a0')
+define(`SIOCBRADDIF', `0x000089a2')
+define(`SIOCBRDELBR', `0x000089a1')
+define(`SIOCBRDELIF', `0x000089a3')
+define(`SIOCDARP', `0x00008953')
+define(`SIOCDELDLCI', `0x00008981')
+define(`SIOCDELMULTI', `0x00008932')
+define(`SIOCDELRT', `0x0000890c')
+define(`SIOCDEVPRIVATE', `0x000089f0')
+define(`SIOCDEVPRIVATE_1', `0x000089f1')
+define(`SIOCDEVPRIVATE_2', `0x000089f2')
+define(`SIOCDEVPRIVATE_3', `0x000089f3')
+define(`SIOCDEVPRIVATE_4', `0x000089f4')
+define(`SIOCDEVPRIVATE_5', `0x000089f5')
+define(`SIOCDEVPRIVATE_6', `0x000089f6')
+define(`SIOCDEVPRIVATE_7', `0x000089f7')
+define(`SIOCDEVPRIVATE_8', `0x000089f8')
+define(`SIOCDEVPRIVATE_9', `0x000089f9')
+define(`SIOCDEVPRIVATE_A', `0x000089fa')
+define(`SIOCDEVPRIVATE_B', `0x000089fb')
+define(`SIOCDEVPRIVATE_C', `0x000089fc')
+define(`SIOCDEVPRIVATE_D', `0x000089fd')
+define(`SIOCDEVPRIVATE_E', `0x000089fe')
+define(`SIOCDEVPRIVLAST', `0x000089ff')
+define(`SIOCDIFADDR', `0x00008936')
+define(`SIOCDRARP', `0x00008960')
+define(`SIOCETHTOOL', `0x00008946')
+define(`SIOCGARP', `0x00008954')
+define(`SIOCGHWTSTAMP', `0x000089b1')
+define(`SIOCGIFADDR', `0x00008915')
+define(`SIOCGIFBR', `0x00008940')
+define(`SIOCGIFBRDADDR', `0x00008919')
+define(`SIOCGIFCONF', `0x00008912')
+define(`SIOCGIFCOUNT', `0x00008938')
+define(`SIOCGIFDSTADDR', `0x00008917')
+define(`SIOCGIFENCAP', `0x00008925')
+define(`SIOCGIFFLAGS', `0x00008913')
+define(`SIOCGIFHWADDR', `0x00008927')
+define(`SIOCGIFINDEX', `0x00008933')
+define(`SIOCGIFMAP', `0x00008970')
+define(`SIOCGIFMEM', `0x0000891f')
+define(`SIOCGIFMETRIC', `0x0000891d')
+define(`SIOCGIFMTU', `0x00008921')
+define(`SIOCGIFNAME', `0x00008910')
+define(`SIOCGIFNETMASK', `0x0000891b')
+define(`SIOCGIFPFLAGS', `0x00008935')
+define(`SIOCGIFSLAVE', `0x00008929')
+define(`SIOCGIFTXQLEN', `0x00008942')
+define(`SIOCGIFVLAN', `0x00008982')
+define(`SIOCGIWAP', `0x00008b15')
+define(`SIOCGIWAPLIST', `0x00008b17')
+define(`SIOCGIWAUTH', `0x00008b33')
+define(`SIOCGIWENCODE', `0x00008b2b')
+define(`SIOCGIWENCODEEXT', `0x00008b35')
+define(`SIOCGIWESSID', `0x00008b1b')
+define(`SIOCGIWFRAG', `0x00008b25')
+define(`SIOCGIWFREQ', `0x00008b05')
+define(`SIOCGIWGENIE', `0x00008b31')
+define(`SIOCGIWMODE', `0x00008b07')
+define(`SIOCGIWNAME', `0x00008b01')
+define(`SIOCGIWNICKN', `0x00008b1d')
+define(`SIOCGIWNWID', `0x00008b03')
+define(`SIOCGIWPOWER', `0x00008b2d')
+define(`SIOCGIWPRIV', `0x00008b0d')
+define(`SIOCGIWRANGE', `0x00008b0b')
+define(`SIOCGIWRATE', `0x00008b21')
+define(`SIOCGIWRETRY', `0x00008b29')
+define(`SIOCGIWRTS', `0x00008b23')
+define(`SIOCGIWSCAN', `0x00008b19')
+define(`SIOCGIWSENS', `0x00008b09')
+define(`SIOCGIWSPY', `0x00008b11')
+define(`SIOCGIWSTATS', `0x00008b0f')
+define(`SIOCGIWTHRSPY', `0x00008b13')
+define(`SIOCGIWTXPOW', `0x00008b27')
+define(`SIOCGMIIPHY', `0x00008947')
+define(`SIOCGMIIREG', `0x00008948')
+define(`SIOCGNETADDR', `0x800489e1')
+define(`SIOCGPGRP', `0x00008904')
+define(`SIOCGRARP', `0x00008961')
+define(`SIOCGSTAMP', `0x00008906')
+define(`SIOCGSTAMPNS', `0x00008907')
+define(`SIOCIWFIRST', `0x00008b00')
+define(`SIOCIWFIRSTPRIV_01', `0x00008be1')
+define(`SIOCIWFIRSTPRIV_02', `0x00008be2')
+define(`SIOCIWFIRSTPRIV_03', `0x00008be3')
+define(`SIOCIWFIRSTPRIV_04', `0x00008be4')
+define(`SIOCIWFIRSTPRIV_05', `0x00008be5')
+define(`SIOCIWFIRSTPRIV_06', `0x00008be6')
+define(`SIOCIWFIRSTPRIV_07', `0x00008be7')
+define(`SIOCIWFIRSTPRIV_08', `0x00008be8')
+define(`SIOCIWFIRSTPRIV_09', `0x00008be9')
+define(`SIOCIWFIRSTPRIV_0A', `0x00008bea')
+define(`SIOCIWFIRSTPRIV_0B', `0x00008beb')
+define(`SIOCIWFIRSTPRIV_0C', `0x00008bec')
+define(`SIOCIWFIRSTPRIV_0D', `0x00008bed')
+define(`SIOCIWFIRSTPRIV_0E', `0x00008bee')
+define(`SIOCIWFIRSTPRIV_0F', `0x00008bef')
+define(`SIOCIWFIRSTPRIV', `0x00008be0')
+define(`SIOCIWFIRSTPRIV_10', `0x00008bf0')
+define(`SIOCIWFIRSTPRIV_11', `0x00008bf1')
+define(`SIOCIWFIRSTPRIV_12', `0x00008bf2')
+define(`SIOCIWFIRSTPRIV_13', `0x00008bf3')
+define(`SIOCIWFIRSTPRIV_14', `0x00008bf4')
+define(`SIOCIWFIRSTPRIV_15', `0x00008bf5')
+define(`SIOCIWFIRSTPRIV_16', `0x00008bf6')
+define(`SIOCIWFIRSTPRIV_17', `0x00008bf7')
+define(`SIOCIWFIRSTPRIV_18', `0x00008bf8')
+define(`SIOCIWFIRSTPRIV_19', `0x00008bf9')
+define(`SIOCIWFIRSTPRIV_1A', `0x00008bfa')
+define(`SIOCIWFIRSTPRIV_1B', `0x00008bfb')
+define(`SIOCIWFIRSTPRIV_1C', `0x00008bfc')
+define(`SIOCIWFIRSTPRIV_1D', `0x00008bfd')
+define(`SIOCIWFIRSTPRIV_1E', `0x00008bfe')
+define(`SIOCIWLASTPRIV', `0x00008bff')
+define(`SIOCKILLADDR', `0x00008939')
+define(`SIOCMKCLIP', `0x000061e0')
+define(`SIOCOUTQNSD', `0x0000894b')
+define(`SIOCPROTOPRIVATE', `0x000089e0')
+define(`SIOCPROTOPRIVATE_1', `0x000089e1')
+define(`SIOCPROTOPRIVATE_2', `0x000089e2')
+define(`SIOCPROTOPRIVATE_3', `0x000089e3')
+define(`SIOCPROTOPRIVATE_4', `0x000089e4')
+define(`SIOCPROTOPRIVATE_5', `0x000089e5')
+define(`SIOCPROTOPRIVATE_6', `0x000089e6')
+define(`SIOCPROTOPRIVATE_7', `0x000089e7')
+define(`SIOCPROTOPRIVATE_8', `0x000089e8')
+define(`SIOCPROTOPRIVATE_9', `0x000089e9')
+define(`SIOCPROTOPRIVATE_A', `0x000089ea')
+define(`SIOCPROTOPRIVATE_B', `0x000089eb')
+define(`SIOCPROTOPRIVATE_C', `0x000089ec')
+define(`SIOCPROTOPRIVATE_D', `0x000089ed')
+define(`SIOCPROTOPRIVATE_E', `0x000089ee')
+define(`SIOCPROTOPRIVLAST', `0x000089ef')
+define(`SIOCRTMSG', `0x0000890d')
+define(`SIOCSARP', `0x00008955')
+define(`SIOCSHWTSTAMP', `0x000089b0')
+define(`SIOCSIFADDR', `0x00008916')
+define(`SIOCSIFATMTCP', `0x00006180')
+define(`SIOCSIFBR', `0x00008941')
+define(`SIOCSIFBRDADDR', `0x0000891a')
+define(`SIOCSIFDSTADDR', `0x00008918')
+define(`SIOCSIFENCAP', `0x00008926')
+define(`SIOCSIFFLAGS', `0x00008914')
+define(`SIOCSIFHWADDR', `0x00008924')
+define(`SIOCSIFHWBROADCAST', `0x00008937')
+define(`SIOCSIFLINK', `0x00008911')
+define(`SIOCSIFMAP', `0x00008971')
+define(`SIOCSIFMEM', `0x00008920')
+define(`SIOCSIFMETRIC', `0x0000891e')
+define(`SIOCSIFMTU', `0x00008922')
+define(`SIOCSIFNAME', `0x00008923')
+define(`SIOCSIFNETMASK', `0x0000891c')
+define(`SIOCSIFPFLAGS', `0x00008934')
+define(`SIOCSIFSLAVE', `0x00008930')
+define(`SIOCSIFTXQLEN', `0x00008943')
+define(`SIOCSIFVLAN', `0x00008983')
+define(`SIOCSIWAP', `0x00008b14')
+define(`SIOCSIWAUTH', `0x00008b32')
+define(`SIOCSIWCOMMIT', `0x00008b00')
+define(`SIOCSIWENCODE', `0x00008b2a')
+define(`SIOCSIWENCODEEXT', `0x00008b34')
+define(`SIOCSIWESSID', `0x00008b1a')
+define(`SIOCSIWFRAG', `0x00008b24')
+define(`SIOCSIWFREQ', `0x00008b04')
+define(`SIOCSIWGENIE', `0x00008b30')
+define(`SIOCSIWMLME', `0x00008b16')
+define(`SIOCSIWMODE', `0x00008b06')
+define(`SIOCSIWNICKN', `0x00008b1c')
+define(`SIOCSIWNWID', `0x00008b02')
+define(`SIOCSIWPMKSA', `0x00008b36')
+define(`SIOCSIWPOWER', `0x00008b2c')
+define(`SIOCSIWPRIV', `0x00008b0c')
+define(`SIOCSIWRANGE', `0x00008b0a')
+define(`SIOCSIWRATE', `0x00008b20')
+define(`SIOCSIWRETRY', `0x00008b28')
+define(`SIOCSIWRTS', `0x00008b22')
+define(`SIOCSIWSCAN', `0x00008b18')
+define(`SIOCSIWSENS', `0x00008b08')
+define(`SIOCSIWSPY', `0x00008b10')
+define(`SIOCSIWSTATS', `0x00008b0e')
+define(`SIOCSIWTHRSPY', `0x00008b12')
+define(`SIOCSIWTXPOW', `0x00008b26')
+define(`SIOCSMIIREG', `0x00008949')
+define(`SIOCSNETADDR', `0x400489e0')
+define(`SIOCSPGRP', `0x00008902')
+define(`SIOCSRARP', `0x00008962')
+define(`SIOCWANDEV', `0x0000894a')
+define(`SISFB_COMMAND', `0xc054f305')
+define(`SISFB_GET_AUTOMAXIMIZE', `0x8004f303')
+define(`SISFB_GET_AUTOMAXIMIZE_OLD', `0x80046efa')
+define(`SISFB_GET_INFO', `0x811cf301')
+define(`SISFB_GET_INFO_OLD', `0x80046ef8')
+define(`SISFB_GET_INFO_SIZE', `0x8004f300')
+define(`SISFB_GET_TVPOSOFFSET', `0x8004f304')
+define(`SISFB_GET_VBRSTATUS', `0x8004f302')
+define(`SISFB_GET_VBRSTATUS_OLD', `0x80046ef9')
+define(`SISFB_SET_AUTOMAXIMIZE', `0x4004f303')
+define(`SISFB_SET_AUTOMAXIMIZE_OLD', `0x40046efa')
+define(`SISFB_SET_LOCK', `0x4004f306')
+define(`SISFB_SET_TVPOSOFFSET', `0x4004f304')
+define(`SNAPSHOT_ALLOC_SWAP_PAGE', `0x80083314')
+define(`SNAPSHOT_ATOMIC_RESTORE', `0x00003304')
+define(`SNAPSHOT_AVAIL_SWAP_SIZE', `0x80083313')
+define(`SNAPSHOT_CREATE_IMAGE', `0x40043311')
+define(`SNAPSHOT_FREE', `0x00003305')
+define(`SNAPSHOT_FREE_SWAP_PAGES', `0x00003309')
+define(`SNAPSHOT_FREEZE', `0x00003301')
+define(`SNAPSHOT_GET_IMAGE_SIZE', `0x8008330e')
+define(`SNAPSHOT_PLATFORM_SUPPORT', `0x0000330f')
+define(`SNAPSHOT_POWER_OFF', `0x00003310')
+define(`SNAPSHOT_PREF_IMAGE_SIZE', `0x00003312')
+define(`SNAPSHOT_S2RAM', `0x0000330b')
+define(`SNAPSHOT_SET_SWAP_AREA', `0x400c330d')
+define(`SNAPSHOT_UNFREEZE', `0x00003302')
+define(`SNDCTL_COPR_HALT', `0xc0144307')
+define(`SNDCTL_COPR_LOAD', `0xcfb04301')
+define(`SNDCTL_COPR_RCODE', `0xc0144303')
+define(`SNDCTL_COPR_RCVMSG', `0x8fa44309')
+define(`SNDCTL_COPR_RDATA', `0xc0144302')
+define(`SNDCTL_COPR_RESET', `0x00004300')
+define(`SNDCTL_COPR_RUN', `0xc0144306')
+define(`SNDCTL_COPR_SENDMSG', `0xcfa44308')
+define(`SNDCTL_COPR_WCODE', `0x40144305')
+define(`SNDCTL_COPR_WDATA', `0x40144304')
+define(`SNDCTL_DSP_BIND_CHANNEL', `0xc0045041')
+define(`SNDCTL_DSP_CHANNELS', `0xc0045006')
+define(`SNDCTL_DSP_GETBLKSIZE', `0xc0045004')
+define(`SNDCTL_DSP_GETCAPS', `0x8004500f')
+define(`SNDCTL_DSP_GETCHANNELMASK', `0xc0045040')
+define(`SNDCTL_DSP_GETFMTS', `0x8004500b')
+define(`SNDCTL_DSP_GETIPTR', `0x800c5011')
+define(`SNDCTL_DSP_GETISPACE', `0x8010500d')
+define(`SNDCTL_DSP_GETODELAY', `0x80045017')
+define(`SNDCTL_DSP_GETOPTR', `0x800c5012')
+define(`SNDCTL_DSP_GETOSPACE', `0x8010500c')
+define(`SNDCTL_DSP_GETSPDIF', `0x80045043')
+define(`SNDCTL_DSP_GETTRIGGER', `0x80045010')
+define(`SNDCTL_DSP_MAPINBUF', `0x80105013')
+define(`SNDCTL_DSP_MAPOUTBUF', `0x80105014')
+define(`SNDCTL_DSP_NONBLOCK', `0x0000500e')
+define(`SNDCTL_DSP_POST', `0x00005008')
+define(`SNDCTL_DSP_PROFILE', `0x40045017')
+define(`SNDCTL_DSP_RESET', `0x00005000')
+define(`SNDCTL_DSP_SETDUPLEX', `0x00005016')
+define(`SNDCTL_DSP_SETFMT', `0xc0045005')
+define(`SNDCTL_DSP_SETFRAGMENT', `0xc004500a')
+define(`SNDCTL_DSP_SETSPDIF', `0x40045042')
+define(`SNDCTL_DSP_SETSYNCRO', `0x00005015')
+define(`SNDCTL_DSP_SETTRIGGER', `0x40045010')
+define(`SNDCTL_DSP_SPEED', `0xc0045002')
+define(`SNDCTL_DSP_STEREO', `0xc0045003')
+define(`SNDCTL_DSP_SUBDIVIDE', `0xc0045009')
+define(`SNDCTL_DSP_SYNC', `0x00005001')
+define(`SNDCTL_FM_4OP_ENABLE', `0x4004510f')
+define(`SNDCTL_FM_LOAD_INSTR', `0x40285107')
+define(`SNDCTL_MIDI_INFO', `0xc074510c')
+define(`SNDCTL_MIDI_MPUCMD', `0xc0216d02')
+define(`SNDCTL_MIDI_MPUMODE', `0xc0046d01')
+define(`SNDCTL_MIDI_PRETIME', `0xc0046d00')
+define(`SNDCTL_SEQ_CTRLRATE', `0xc0045103')
+define(`SNDCTL_SEQ_GETINCOUNT', `0x80045105')
+define(`SNDCTL_SEQ_GETOUTCOUNT', `0x80045104')
+define(`SNDCTL_SEQ_GETTIME', `0x80045113')
+define(`SNDCTL_SEQ_NRMIDIS', `0x8004510b')
+define(`SNDCTL_SEQ_NRSYNTHS', `0x8004510a')
+define(`SNDCTL_SEQ_OUTOFBAND', `0x40085112')
+define(`SNDCTL_SEQ_PANIC', `0x00005111')
+define(`SNDCTL_SEQ_PERCMODE', `0x40045106')
+define(`SNDCTL_SEQ_RESET', `0x00005100')
+define(`SNDCTL_SEQ_RESETSAMPLES', `0x40045109')
+define(`SNDCTL_SEQ_SYNC', `0x00005101')
+define(`SNDCTL_SEQ_TESTMIDI', `0x40045108')
+define(`SNDCTL_SEQ_THRESHOLD', `0x4004510d')
+define(`SNDCTL_SYNTH_CONTROL', `0xcfa45115')
+define(`SNDCTL_SYNTH_ID', `0xc08c5114')
+define(`SNDCTL_SYNTH_INFO', `0xc08c5102')
+define(`SNDCTL_SYNTH_MEMAVL', `0xc004510e')
+define(`SNDCTL_SYNTH_REMOVESAMPLE', `0xc00c5116')
+define(`SNDCTL_TMR_CONTINUE', `0x00005404')
+define(`SNDCTL_TMR_METRONOME', `0x40045407')
+define(`SNDCTL_TMR_SELECT', `0x40045408')
+define(`SNDCTL_TMR_SOURCE', `0xc0045406')
+define(`SNDCTL_TMR_START', `0x00005402')
+define(`SNDCTL_TMR_STOP', `0x00005403')
+define(`SNDCTL_TMR_TEMPO', `0xc0045405')
+define(`SNDCTL_TMR_TIMEBASE', `0xc0045401')
+define(`SNDRV_COMPRESS_AVAIL', `0x801c4321')
+define(`SNDRV_COMPRESS_DRAIN', `0x00004334')
+define(`SNDRV_COMPRESS_GET_CAPS', `0xc0c44310')
+define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
+define(`SNDRV_COMPRESS_GET_METADATA', `0xc0244315')
+define(`SNDRV_COMPRESS_GET_PARAMS', `0x80784313')
+define(`SNDRV_COMPRESS_IOCTL_VERSION', `0x80044300')
+define(`SNDRV_COMPRESS_NEXT_TRACK', `0x00004335')
+define(`SNDRV_COMPRESS_PARTIAL_DRAIN', `0x00004336')
+define(`SNDRV_COMPRESS_PAUSE', `0x00004330')
+define(`SNDRV_COMPRESS_RESUME', `0x00004331')
+define(`SNDRV_COMPRESS_SET_METADATA', `0x40244314')
+define(`SNDRV_COMPRESS_SET_PARAMS', `0x40844312')
+define(`SNDRV_COMPRESS_START', `0x00004332')
+define(`SNDRV_COMPRESS_STOP', `0x00004333')
+define(`SNDRV_COMPRESS_TSTAMP', `0x80144320')
+define(`SNDRV_CTL_IOCTL_CARD_INFO', `0x81785501')
+define(`SNDRV_CTL_IOCTL_ELEM_ADD', `0xc1105517')
+define(`SNDRV_CTL_IOCTL_ELEM_INFO', `0xc1105511')
+define(`SNDRV_CTL_IOCTL_ELEM_LIST', `0xc0505510')
+define(`SNDRV_CTL_IOCTL_ELEM_LOCK', `0x40405514')
+define(`SNDRV_CTL_IOCTL_ELEM_READ', `0xc4c85512')
+define(`SNDRV_CTL_IOCTL_ELEM_REMOVE', `0xc0405519')
+define(`SNDRV_CTL_IOCTL_ELEM_REPLACE', `0xc1105518')
+define(`SNDRV_CTL_IOCTL_ELEM_UNLOCK', `0x40405515')
+define(`SNDRV_CTL_IOCTL_ELEM_WRITE', `0xc4c85513')
+define(`SNDRV_CTL_IOCTL_HWDEP_INFO', `0x80dc5521')
+define(`SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE', `0xc0045520')
+define(`SNDRV_CTL_IOCTL_PCM_INFO', `0xc1205531')
+define(`SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE', `0x80045530')
+define(`SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE', `0x40045532')
+define(`SNDRV_CTL_IOCTL_POWER', `0xc00455d0')
+define(`SNDRV_CTL_IOCTL_POWER_STATE', `0x800455d1')
+define(`SNDRV_CTL_IOCTL_PVERSION', `0x80045500')
+define(`SNDRV_CTL_IOCTL_RAWMIDI_INFO', `0xc10c5541')
+define(`SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE', `0xc0045540')
+define(`SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE', `0x40045542')
+define(`SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS', `0xc0045516')
+define(`SNDRV_CTL_IOCTL_TLV_COMMAND', `0xc008551c')
+define(`SNDRV_CTL_IOCTL_TLV_READ', `0xc008551a')
+define(`SNDRV_CTL_IOCTL_TLV_WRITE', `0xc008551b')
+define(`SNDRV_DM_FM_IOCTL_CLEAR_PATCHES', `0x00004840')
+define(`SNDRV_DM_FM_IOCTL_INFO', `0x80024820')
+define(`SNDRV_DM_FM_IOCTL_PLAY_NOTE', `0x400c4822')
+define(`SNDRV_DM_FM_IOCTL_RESET', `0x00004821')
+define(`SNDRV_DM_FM_IOCTL_SET_CONNECTION', `0x40044826')
+define(`SNDRV_DM_FM_IOCTL_SET_MODE', `0x40044825')
+define(`SNDRV_DM_FM_IOCTL_SET_PARAMS', `0x40094824')
+define(`SNDRV_DM_FM_IOCTL_SET_VOICE', `0x40124823')
+define(`SNDRV_EMU10K1_IOCTL_CODE_PEEK', `0xc1b04812')
+define(`SNDRV_EMU10K1_IOCTL_CODE_POKE', `0x41b04811')
+define(`SNDRV_EMU10K1_IOCTL_CONTINUE', `0x00004881')
+define(`SNDRV_EMU10K1_IOCTL_DBG_READ', `0x80044884')
+define(`SNDRV_EMU10K1_IOCTL_INFO', `0x880c4810')
+define(`SNDRV_EMU10K1_IOCTL_PCM_PEEK', `0xc0484831')
+define(`SNDRV_EMU10K1_IOCTL_PCM_POKE', `0x40484830')
+define(`SNDRV_EMU10K1_IOCTL_PVERSION', `0x80044840')
+define(`SNDRV_EMU10K1_IOCTL_SINGLE_STEP', `0x40044883')
+define(`SNDRV_EMU10K1_IOCTL_STOP', `0x00004880')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_PEEK', `0xc0104822')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_POKE', `0x40104821')
+define(`SNDRV_EMU10K1_IOCTL_TRAM_SETUP', `0x40044820')
+define(`SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER', `0x00004882')
+define(`SNDRV_EMUX_IOCTL_LOAD_PATCH', `0xc0104881')
+define(`SNDRV_EMUX_IOCTL_MEM_AVAIL', `0x40044884')
+define(`SNDRV_EMUX_IOCTL_MISC_MODE', `0xc0104884')
+define(`SNDRV_EMUX_IOCTL_REMOVE_LAST_SAMPLES', `0x00004883')
+define(`SNDRV_EMUX_IOCTL_RESET_SAMPLES', `0x00004882')
+define(`SNDRV_EMUX_IOCTL_VERSION', `0x80044880')
+define(`SNDRV_FIREWIRE_IOCTL_GET_INFO', `0x802048f8')
+define(`SNDRV_FIREWIRE_IOCTL_LOCK', `0x000048f9')
+define(`SNDRV_FIREWIRE_IOCTL_UNLOCK', `0x000048fa')
+define(`SNDRV_HDSP_IOCTL_GET_9632_AEB', `0x80084845')
+define(`SNDRV_HDSP_IOCTL_GET_CONFIG_INFO', `0x80244841')
+define(`SNDRV_HDSP_IOCTL_GET_MIXER', `0x90004844')
+define(`SNDRV_HDSP_IOCTL_GET_PEAK_RMS', `0x83b04840')
+define(`SNDRV_HDSP_IOCTL_GET_VERSION', `0x80084843')
+define(`SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE', `0x40084842')
+define(`SNDRV_HDSPM_IOCTL_GET_CONFIG', `0x80184841')
+define(`SNDRV_HDSPM_IOCTL_GET_LTC', `0x80104846')
+define(`SNDRV_HDSPM_IOCTL_GET_MIXER', `0x80084844')
+define(`SNDRV_HDSPM_IOCTL_GET_PEAK_RMS', `0x89084842')
+define(`SNDRV_HDSPM_IOCTL_GET_STATUS', `0x80204847')
+define(`SNDRV_HDSPM_IOCTL_GET_VERSION', `0x80244848')
+define(`SNDRV_HWDEP_IOCTL_DSP_LOAD', `0x40604803')
+define(`SNDRV_HWDEP_IOCTL_DSP_STATUS', `0x80404802')
+define(`SNDRV_HWDEP_IOCTL_INFO', `0x80dc4801')
+define(`SNDRV_HWDEP_IOCTL_PVERSION', `0x80044800')
+define(`SNDRV_PCM_IOCTL_CHANNEL_INFO', `0x80184132')
+define(`SNDRV_PCM_IOCTL_DELAY', `0x80084121')
+define(`SNDRV_PCM_IOCTL_DRAIN', `0x00004144')
+define(`SNDRV_PCM_IOCTL_DROP', `0x00004143')
+define(`SNDRV_PCM_IOCTL_FORWARD', `0x40084149')
+define(`SNDRV_PCM_IOCTL_HW_FREE', `0x00004112')
+define(`SNDRV_PCM_IOCTL_HW_PARAMS', `0xc2604111')
+define(`SNDRV_PCM_IOCTL_HW_REFINE', `0xc2604110')
+define(`SNDRV_PCM_IOCTL_HWSYNC', `0x00004122')
+define(`SNDRV_PCM_IOCTL_INFO', `0x81204101')
+define(`SNDRV_PCM_IOCTL_LINK', `0x40044160')
+define(`SNDRV_PCM_IOCTL_PAUSE', `0x40044145')
+define(`SNDRV_PCM_IOCTL_PREPARE', `0x00004140')
+define(`SNDRV_PCM_IOCTL_PVERSION', `0x80044100')
+define(`SNDRV_PCM_IOCTL_READI_FRAMES', `0x80184151')
+define(`SNDRV_PCM_IOCTL_READN_FRAMES', `0x80184153')
+define(`SNDRV_PCM_IOCTL_RESET', `0x00004141')
+define(`SNDRV_PCM_IOCTL_RESUME', `0x00004147')
+define(`SNDRV_PCM_IOCTL_REWIND', `0x40084146')
+define(`SNDRV_PCM_IOCTL_START', `0x00004142')
+define(`SNDRV_PCM_IOCTL_STATUS', `0x80984120')
+define(`SNDRV_PCM_IOCTL_SW_PARAMS', `0xc0884113')
+define(`SNDRV_PCM_IOCTL_SYNC_PTR', `0xc0884123')
+define(`SNDRV_PCM_IOCTL_TSTAMP', `0x40044102')
+define(`SNDRV_PCM_IOCTL_TTSTAMP', `0x40044103')
+define(`SNDRV_PCM_IOCTL_UNLINK', `0x00004161')
+define(`SNDRV_PCM_IOCTL_WRITEI_FRAMES', `0x40184150')
+define(`SNDRV_PCM_IOCTL_WRITEN_FRAMES', `0x40184152')
+define(`SNDRV_PCM_IOCTL_XRUN', `0x00004148')
+define(`SNDRV_RAWMIDI_IOCTL_DRAIN', `0x40045731')
+define(`SNDRV_RAWMIDI_IOCTL_DROP', `0x40045730')
+define(`SNDRV_RAWMIDI_IOCTL_INFO', `0x810c5701')
+define(`SNDRV_RAWMIDI_IOCTL_PARAMS', `0xc0305710')
+define(`SNDRV_RAWMIDI_IOCTL_PVERSION', `0x80045700')
+define(`SNDRV_RAWMIDI_IOCTL_STATUS', `0xc0385720')
+define(`SNDRV_SB_CSP_IOCTL_INFO', `0x80284810')
+define(`SNDRV_SB_CSP_IOCTL_LOAD_CODE', `0x70124811')
+define(`SNDRV_SB_CSP_IOCTL_PAUSE', `0x00004815')
+define(`SNDRV_SB_CSP_IOCTL_RESTART', `0x00004816')
+define(`SNDRV_SB_CSP_IOCTL_START', `0x40084813')
+define(`SNDRV_SB_CSP_IOCTL_STOP', `0x00004814')
+define(`SNDRV_SB_CSP_IOCTL_UNLOAD_CODE', `0x00004812')
+define(`SNDRV_SEQ_IOCTL_CLIENT_ID', `0x80045301')
+define(`SNDRV_SEQ_IOCTL_CREATE_PORT', `0xc0a85320')
+define(`SNDRV_SEQ_IOCTL_CREATE_QUEUE', `0xc08c5332')
+define(`SNDRV_SEQ_IOCTL_DELETE_PORT', `0x40a85321')
+define(`SNDRV_SEQ_IOCTL_DELETE_QUEUE', `0x408c5333')
+define(`SNDRV_SEQ_IOCTL_GET_CLIENT_INFO', `0xc0bc5310')
+define(`SNDRV_SEQ_IOCTL_GET_CLIENT_POOL', `0xc058534b')
+define(`SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE', `0xc08c5336')
+define(`SNDRV_SEQ_IOCTL_GET_PORT_INFO', `0xc0a85322')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT', `0xc04c5349')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_INFO', `0xc08c5334')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER', `0xc0005343')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS', `0xc05c5340')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO', `0xc02c5341')
+define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER', `0xc0605345')
+define(`SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION', `0xc0505350')
+define(`SNDRV_SEQ_IOCTL_PVERSION', `0x80045300')
+define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT', `0xc0bc5351')
+define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT', `0xc0a85352')
+define(`SNDRV_SEQ_IOCTL_QUERY_SUBS', `0xc058534f')
+define(`SNDRV_SEQ_IOCTL_REMOVE_EVENTS', `0x4040534e')
+define(`SNDRV_SEQ_IOCTL_RUNNING_MODE', `0xc0105303')
+define(`SNDRV_SEQ_IOCTL_SET_CLIENT_INFO', `0x40bc5311')
+define(`SNDRV_SEQ_IOCTL_SET_CLIENT_POOL', `0x4058534c')
+define(`SNDRV_SEQ_IOCTL_SET_PORT_INFO', `0x40a85323')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT', `0x404c534a')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_INFO', `0xc08c5335')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER', `0x40005344')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO', `0x402c5342')
+define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER', `0x40605346')
+define(`SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT', `0x40505330')
+define(`SNDRV_SEQ_IOCTL_SYSTEM_INFO', `0xc0305302')
+define(`SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT', `0x40505331')
+define(`SNDRV_TIMER_IOCTL_CONTINUE', `0x000054a2')
+define(`SNDRV_TIMER_IOCTL_GINFO', `0xc0f85403')
+define(`SNDRV_TIMER_IOCTL_GPARAMS', `0x40485404')
+define(`SNDRV_TIMER_IOCTL_GSTATUS', `0xc0505405')
+define(`SNDRV_TIMER_IOCTL_INFO', `0x80e85411')
+define(`SNDRV_TIMER_IOCTL_NEXT_DEVICE', `0xc0145401')
+define(`SNDRV_TIMER_IOCTL_PARAMS', `0x40505412')
+define(`SNDRV_TIMER_IOCTL_PAUSE', `0x000054a3')
+define(`SNDRV_TIMER_IOCTL_PVERSION', `0x80045400')
+define(`SNDRV_TIMER_IOCTL_SELECT', `0x40345410')
+define(`SNDRV_TIMER_IOCTL_START', `0x000054a0')
+define(`SNDRV_TIMER_IOCTL_STATUS', `0x80605414')
+define(`SNDRV_TIMER_IOCTL_STOP', `0x000054a1')
+define(`SNDRV_TIMER_IOCTL_TREAD', `0x40045402')
+define(`SONET_CLRDIAG', `0xc0046113')
+define(`SONET_GETDIAG', `0x80046114')
+define(`SONET_GETFRAMING', `0x80046116')
+define(`SONET_GETFRSENSE', `0x80066117')
+define(`SONET_GETSTAT', `0x80246110')
+define(`SONET_GETSTATZ', `0x80246111')
+define(`SONET_SETDIAG', `0xc0046112')
+define(`SONET_SETFRAMING', `0x40046115')
+define(`SONYPI_IOCGBAT1CAP', `0x80027602')
+define(`SONYPI_IOCGBAT1REM', `0x80027603')
+define(`SONYPI_IOCGBAT2CAP', `0x80027604')
+define(`SONYPI_IOCGBAT2REM', `0x80027605')
+define(`SONYPI_IOCGBATFLAGS', `0x80017607')
+define(`SONYPI_IOCGBLUE', `0x80017608')
+define(`SONYPI_IOCGBRT', `0x80017600')
+define(`SONYPI_IOCGFAN', `0x8001760a')
+define(`SONYPI_IOCGTEMP', `0x8001760c')
+define(`SONYPI_IOCSBLUE', `0x40017609')
+define(`SONYPI_IOCSBRT', `0x40017600')
+define(`SONYPI_IOCSFAN', `0x4001760b')
+define(`SOUND_MIXER_3DSE', `0xc0044d68')
+define(`SOUND_MIXER_ACCESS', `0xc0804d66')
+define(`SOUND_MIXER_AGC', `0xc0044d67')
+define(`SOUND_MIXER_GETLEVELS', `0xc0a44d74')
+define(`SOUND_MIXER_INFO', `0x805c4d65')
+define(`SOUND_MIXER_PRIVATE1', `0xc0044d6f')
+define(`SOUND_MIXER_PRIVATE2', `0xc0044d70')
+define(`SOUND_MIXER_PRIVATE3', `0xc0044d71')
+define(`SOUND_MIXER_PRIVATE4', `0xc0044d72')
+define(`SOUND_MIXER_PRIVATE5', `0xc0044d73')
+define(`SOUND_MIXER_SETLEVELS', `0xc0a44d75')
+define(`SOUND_OLD_MIXER_INFO', `0x80304d65')
+define(`SOUND_PCM_READ_BITS', `0x80045005')
+define(`SOUND_PCM_READ_CHANNELS', `0x80045006')
+define(`SOUND_PCM_READ_FILTER', `0x80045007')
+define(`SOUND_PCM_READ_RATE', `0x80045002')
+define(`SOUND_PCM_WRITE_FILTER', `0xc0045007')
+define(`SPI_IOC_RD_BITS_PER_WORD', `0x80016b03')
+define(`SPI_IOC_RD_LSB_FIRST', `0x80016b02')
+define(`SPI_IOC_RD_MAX_SPEED_HZ', `0x80046b04')
+define(`SPI_IOC_RD_MODE', `0x80016b01')
+define(`SPI_IOC_RD_MODE32', `0x80046b05')
+define(`SPI_IOC_WR_BITS_PER_WORD', `0x40016b03')
+define(`SPI_IOC_WR_LSB_FIRST', `0x40016b02')
+define(`SPI_IOC_WR_MAX_SPEED_HZ', `0x40046b04')
+define(`SPI_IOC_WR_MODE', `0x40016b01')
+define(`SPI_IOC_WR_MODE32', `0x40046b05')
+define(`SPIOCSTYPE', `0x40087101')
+define(`SSTFB_GET_VGAPASS', `0x800446dd')
+define(`SSTFB_SET_VGAPASS', `0x400446dd')
+define(`STOP_ARRAY', `0x00000932')
+define(`STOP_ARRAY_RO', `0x00000933')
+define(`SW_SYNC_IOC_CREATE_FENCE', `0xc0285700')
+define(`SW_SYNC_IOC_INC', `0x40045701')
+define(`SYNC_IOC_FENCE_INFO', `0xc0283e02')
+define(`SYNC_IOC_MERGE', `0xc0283e01')
+define(`SYNC_IOC_WAIT', `0x40043e00')
+define(`TCFLSH', `0x0000540b')
+define(`TCGETA', `0x00005405')
+define(`TCGETS2', `0x802c542a')
+define(`TCGETS', ifelse(target_arch, mips, 0x0000540d, 0x00005401))
+define(`TCGETX', `0x00005432')
+define(`TCSBRK', `0x00005409')
+define(`TCSBRKP', `0x00005425')
+define(`TCSETA', `0x00005406')
+define(`TCSETAF', `0x00005408')
+define(`TCSETAW', `0x00005407')
+define(`TCSETS', `0x00005402')
+define(`TCSETS2', `0x402c542b')
+define(`TCSETSF', `0x00005404')
+define(`TCSETSF2', `0x402c542d')
+define(`TCSETSW', `0x00005403')
+define(`TCSETSW2', `0x402c542c')
+define(`TCSETX', `0x00005433')
+define(`TCSETXF', `0x00005434')
+define(`TCSETXW', `0x00005435')
+define(`TCXONC', `0x0000540a')
+define(`TFD_IOC_SET_TICKS', `0x40085400')
+define(`TIOCCBRK', `0x00005428')
+define(`TIOCCONS', `0x0000541d')
+define(`TIOCEXCL', `0x0000540c')
+define(`TIOCGDEV', `0x80045432')
+define(`TIOCGETD', `0x00005424')
+define(`TIOCGEXCL', `0x80045440')
+define(`TIOCGICOUNT', `0x0000545d')
+define(`TIOCGLCKTRMIOS', `0x00005456')
+define(`TIOCGPGRP', `0x0000540f')
+define(`TIOCGPKT', `0x80045438')
+define(`TIOCGPTLCK', `0x80045439')
+define(`TIOCGPTN', `0x80045430')
+define(`TIOCGRS485', `0x0000542e')
+define(`TIOCGSERIAL', `0x0000541e')
+define(`TIOCGSID', `0x00005429')
+define(`TIOCGSOFTCAR', `0x00005419')
+define(`TIOCGWINSZ', ifelse(target_arch, mips, 0x80087468, 0x00005413))
+define(`TIOCLINUX', `0x0000541c')
+define(`TIOCMBIC', `0x00005417')
+define(`TIOCMBIS', `0x00005416')
+define(`TIOCMGET', `0x00005415')
+define(`TIOCMIWAIT', `0x0000545c')
+define(`TIOCMSET', `0x00005418')
+define(`TIOCNOTTY', `0x00005422')
+define(`TIOCNXCL', `0x0000540d')
+define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411))
+define(`TIOCPKT', `0x00005420')
+define(`TIOCSBRK', `0x00005427')
+define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e))
+define(`TIOCSERCONFIG', `0x00005453')
+define(`TIOCSERGETLSR', `0x00005459')
+define(`TIOCSERGETMULTI', `0x0000545a')
+define(`TIOCSERGSTRUCT', `0x00005458')
+define(`TIOCSERGWILD', `0x00005454')
+define(`TIOCSERSETMULTI', `0x0000545b')
+define(`TIOCSERSWILD', `0x00005455')
+define(`TIOCSETD', `0x00005423')
+define(`TIOCSIG', `0x40045436')
+define(`TIOCSLCKTRMIOS', `0x00005457')
+define(`TIOCSPGRP', `0x00005410')
+define(`TIOCSPTLCK', `0x40045431')
+define(`TIOCSRS485', `0x0000542f')
+define(`TIOCSSERIAL', `0x0000541f')
+define(`TIOCSSOFTCAR', `0x0000541a')
+define(`TIOCSTI', `0x00005412')
+define(`TIOCSWINSZ', ifelse(target_arch, mips, 0x40087467, 0x00005414))
+define(`TIOCVHANGUP', `0x00005437')
+define(`TOSH_SMM', `0xc0047490')
+define(`TUNATTACHFILTER', `0x401054d5')
+define(`TUNDETACHFILTER', `0x401054d6')
+define(`TUNER_SET_CONFIG', `0x4010645c')
+define(`TUNGETFEATURES', `0x800454cf')
+define(`TUNGETFILTER', `0x801054db')
+define(`TUNGETIFF', `0x800454d2')
+define(`TUNGETSNDBUF', `0x800454d3')
+define(`TUNGETVNETHDRSZ', `0x800454d7')
+define(`TUNGETVNETLE', `0x800454dd')
+define(`TUNSETDEBUG', `0x400454c9')
+define(`TUNSETGROUP', `0x400454ce')
+define(`TUNSETIFF', `0x400454ca')
+define(`TUNSETIFINDEX', `0x400454da')
+define(`TUNSETLINK', `0x400454cd')
+define(`TUNSETNOCSUM', `0x400454c8')
+define(`TUNSETOFFLOAD', `0x400454d0')
+define(`TUNSETOWNER', `0x400454cc')
+define(`TUNSETPERSIST', `0x400454cb')
+define(`TUNSETQUEUE', `0x400454d9')
+define(`TUNSETSNDBUF', `0x400454d4')
+define(`TUNSETTXFILTER', `0x400454d1')
+define(`TUNSETVNETHDRSZ', `0x400454d8')
+define(`TUNSETVNETLE', `0x400454dc')
+define(`UBI_IOCATT', `0x40186f40')
+define(`UBI_IOCDET', `0x40046f41')
+define(`UBI_IOCEBCH', `0x40044f02')
+define(`UBI_IOCEBER', `0x40044f01')
+define(`UBI_IOCEBISMAP', `0x80044f05')
+define(`UBI_IOCEBMAP', `0x40084f03')
+define(`UBI_IOCEBUNMAP', `0x40044f04')
+define(`UBI_IOCMKVOL', `0x40986f00')
+define(`UBI_IOCRMVOL', `0x40046f01')
+define(`UBI_IOCRNVOL', `0x51106f03')
+define(`UBI_IOCRSVOL', `0x400c6f02')
+define(`UBI_IOCSETVOLPROP', `0x40104f06')
+define(`UBI_IOCVOLCRBLK', `0x40804f07')
+define(`UBI_IOCVOLRMBLK', `0x00004f08')
+define(`UBI_IOCVOLUP', `0x40084f00')
+define(`UDF_GETEABLOCK', `0x80086c41')
+define(`UDF_GETEASIZE', `0x80046c40')
+define(`UDF_GETVOLIDENT', `0x80086c42')
+define(`UDF_RELOCATE_BLOCKS', `0xc0086c43')
+define(`UI_BEGIN_FF_ERASE', `0xc00c55ca')
+define(`UI_BEGIN_FF_UPLOAD', `0xc06855c8')
+define(`UI_DEV_CREATE', `0x00005501')
+define(`UI_DEV_DESTROY', `0x00005502')
+define(`UI_END_FF_ERASE', `0x400c55cb')
+define(`UI_END_FF_UPLOAD', `0x406855c9')
+define(`UI_GET_VERSION', `0x8004552d')
+define(`UI_SET_ABSBIT', `0x40045567')
+define(`UI_SET_EVBIT', `0x40045564')
+define(`UI_SET_FFBIT', `0x4004556b')
+define(`UI_SET_KEYBIT', `0x40045565')
+define(`UI_SET_LEDBIT', `0x40045569')
+define(`UI_SET_MSCBIT', `0x40045568')
+define(`UI_SET_PHYS', `0x4008556c')
+define(`UI_SET_PROPBIT', `0x4004556e')
+define(`UI_SET_RELBIT', `0x40045566')
+define(`UI_SET_SNDBIT', `0x4004556a')
+define(`UI_SET_SWBIT', `0x4004556d')
+define(`UNPROTECT_ARRAY', `0x00000926')
+define(`USBDEVFS_ALLOC_STREAMS', `0x8008551c')
+define(`USBDEVFS_BULK', `0xc0185502')
+define(`USBDEVFS_BULK32', `0xc0105502')
+define(`USBDEVFS_CLAIMINTERFACE', `0x8004550f')
+define(`USBDEVFS_CLAIM_PORT', `0x80045518')
+define(`USBDEVFS_CLEAR_HALT', `0x80045515')
+define(`USBDEVFS_CONNECT', `0x00005517')
+define(`USBDEVFS_CONNECTINFO', `0x40085511')
+define(`USBDEVFS_CONTROL', `0xc0185500')
+define(`USBDEVFS_CONTROL32', `0xc0105500')
+define(`USBDEVFS_DISCARDURB', `0x0000550b')
+define(`USBDEVFS_DISCONNECT', `0x00005516')
+define(`USBDEVFS_DISCONNECT_CLAIM', `0x8108551b')
+define(`USBDEVFS_DISCSIGNAL', `0x8010550e')
+define(`USBDEVFS_DISCSIGNAL32', `0x8008550e')
+define(`USBDEVFS_FREE_STREAMS', `0x8008551d')
+define(`USBDEVFS_GET_CAPABILITIES', `0x8004551a')
+define(`USBDEVFS_GETDRIVER', `0x41045508')
+define(`USBDEVFS_HUB_PORTINFO', `0x80805513')
+define(`USBDEVFS_IOCTL', `0xc0105512')
+define(`USBDEVFS_IOCTL32', `0xc00c5512')
+define(`USBDEVFS_REAPURB', `0x4008550c')
+define(`USBDEVFS_REAPURB32', `0x4004550c')
+define(`USBDEVFS_REAPURBNDELAY', `0x4008550d')
+define(`USBDEVFS_REAPURBNDELAY32', `0x4004550d')
+define(`USBDEVFS_RELEASEINTERFACE', `0x80045510')
+define(`USBDEVFS_RELEASE_PORT', `0x80045519')
+define(`USBDEVFS_RESET', `0x00005514')
+define(`USBDEVFS_RESETEP', `0x80045503')
+define(`USBDEVFS_SETCONFIGURATION', `0x80045505')
+define(`USBDEVFS_SETINTERFACE', `0x80085504')
+define(`USBDEVFS_SUBMITURB', `0x8038550a')
+define(`USBDEVFS_SUBMITURB32', `0x802a550a')
+define(`USBTMC_IOCTL_ABORT_BULK_IN', `0x00005b04')
+define(`USBTMC_IOCTL_ABORT_BULK_OUT', `0x00005b03')
+define(`USBTMC_IOCTL_CLEAR', `0x00005b02')
+define(`USBTMC_IOCTL_CLEAR_IN_HALT', `0x00005b07')
+define(`USBTMC_IOCTL_CLEAR_OUT_HALT', `0x00005b06')
+define(`USBTMC_IOCTL_INDICATOR_PULSE', `0x00005b01')
+define(`UVCIOC_CTRL_MAP', `0xc0607520')
+define(`UVCIOC_CTRL_QUERY', `0xc0107521')
+define(`V4L2_SUBDEV_IR_RX_NOTIFY', `0x40047600')
+define(`V4L2_SUBDEV_IR_TX_NOTIFY', `0x40047601')
+define(`VFAT_IOCTL_READDIR_BOTH', `0x82307201')
+define(`VFAT_IOCTL_READDIR_SHORT', `0x82307202')
+define(`VFIO_CHECK_EXTENSION', `0x00003b65')
+define(`VFIO_DEVICE_GET_INFO', `0x00003b6b')
+define(`VFIO_DEVICE_GET_IRQ_INFO', `0x00003b6d')
+define(`VFIO_DEVICE_GET_PCI_HOT_RESET_INFO', `0x00003b70')
+define(`VFIO_DEVICE_GET_REGION_INFO', `0x00003b6c')
+define(`VFIO_DEVICE_PCI_HOT_RESET', `0x00003b71')
+define(`VFIO_DEVICE_RESET', `0x00003b6f')
+define(`VFIO_DEVICE_SET_IRQS', `0x00003b6e')
+define(`VFIO_EEH_PE_OP', `0x00003b79')
+define(`VFIO_GET_API_VERSION', `0x00003b64')
+define(`VFIO_GROUP_GET_DEVICE_FD', `0x00003b6a')
+define(`VFIO_GROUP_GET_STATUS', `0x00003b67')
+define(`VFIO_GROUP_SET_CONTAINER', `0x00003b68')
+define(`VFIO_GROUP_UNSET_CONTAINER', `0x00003b69')
+define(`VFIO_IOMMU_DISABLE', `0x00003b74')
+define(`VFIO_IOMMU_ENABLE', `0x00003b73')
+define(`VFIO_IOMMU_GET_INFO', `0x00003b70')
+define(`VFIO_IOMMU_MAP_DMA', `0x00003b71')
+define(`VFIO_IOMMU_SPAPR_TCE_GET_INFO', `0x00003b70')
+define(`VFIO_IOMMU_UNMAP_DMA', `0x00003b72')
+define(`VFIO_SET_IOMMU', `0x00003b66')
+define(`VHOST_GET_FEATURES', `0x8008af00')
+define(`VHOST_GET_VRING_BASE', `0xc008af12')
+define(`VHOST_NET_SET_BACKEND', `0x4008af30')
+define(`VHOST_RESET_OWNER', `0x0000af02')
+define(`VHOST_SCSI_CLEAR_ENDPOINT', `0x40e8af41')
+define(`VHOST_SCSI_GET_ABI_VERSION', `0x4004af42')
+define(`VHOST_SCSI_GET_EVENTS_MISSED', `0x4004af44')
+define(`VHOST_SCSI_SET_ENDPOINT', `0x40e8af40')
+define(`VHOST_SCSI_SET_EVENTS_MISSED', `0x4004af43')
+define(`VHOST_SET_FEATURES', `0x4008af00')
+define(`VHOST_SET_LOG_BASE', `0x4008af04')
+define(`VHOST_SET_LOG_FD', `0x4004af07')
+define(`VHOST_SET_MEM_TABLE', `0x4008af03')
+define(`VHOST_SET_OWNER', `0x0000af01')
+define(`VHOST_SET_VRING_ADDR', `0x4028af11')
+define(`VHOST_SET_VRING_BASE', `0x4008af12')
+define(`VHOST_SET_VRING_CALL', `0x4008af21')
+define(`VHOST_SET_VRING_ERR', `0x4008af22')
+define(`VHOST_SET_VRING_KICK', `0x4008af20')
+define(`VHOST_SET_VRING_NUM', `0x4008af10')
+define(`VIDEO_CLEAR_BUFFER', `0x00006f22')
+define(`VIDEO_COMMAND', `0xc0486f3b')
+define(`VIDEO_CONTINUE', `0x00006f18')
+define(`VIDEO_FAST_FORWARD', `0x00006f1f')
+define(`VIDEO_FREEZE', `0x00006f17')
+define(`VIDEO_GET_CAPABILITIES', `0x80046f21')
+define(`VIDEO_GET_EVENT', `0x80206f1c')
+define(`VIDEO_GET_FRAME_COUNT', `0x80086f3a')
+define(`VIDEO_GET_FRAME_RATE', `0x80046f38')
+define(`VIDEO_GET_NAVI', `0x84046f34')
+define(`VIDEO_GET_PTS', `0x80086f39')
+define(`VIDEO_GET_SIZE', `0x800c6f37')
+define(`VIDEO_GET_STATUS', `0x80146f1b')
+define(`VIDEO_PLAY', `0x00006f16')
+define(`VIDEO_SELECT_SOURCE', `0x00006f19')
+define(`VIDEO_SET_ATTRIBUTES', `0x00006f35')
+define(`VIDEO_SET_BLANK', `0x00006f1a')
+define(`VIDEO_SET_DISPLAY_FORMAT', `0x00006f1d')
+define(`VIDEO_SET_FORMAT', `0x00006f25')
+define(`VIDEO_SET_HIGHLIGHT', `0x40106f27')
+define(`VIDEO_SET_ID', `0x00006f23')
+define(`VIDEO_SET_SPU', `0x40086f32')
+define(`VIDEO_SET_SPU_PALETTE', `0x40106f33')
+define(`VIDEO_SET_STREAMTYPE', `0x00006f24')
+define(`VIDEO_SET_SYSTEM', `0x00006f26')
+define(`VIDEO_SLOWMOTION', `0x00006f20')
+define(`VIDEO_STILLPICTURE', `0x40106f1e')
+define(`VIDEO_STOP', `0x00006f15')
+define(`VIDEO_TRY_COMMAND', `0xc0486f3c')
+define(`VIDIOC_CREATE_BUFS', `0xc100565c')
+define(`VIDIOC_CROPCAP', `0xc02c563a')
+define(`VIDIOC_DBG_G_CHIP_INFO', `0xc0c85666')
+define(`VIDIOC_DBG_G_REGISTER', `0xc0385650')
+define(`VIDIOC_DBG_S_REGISTER', `0x4038564f')
+define(`VIDIOC_DECODER_CMD', `0xc0485660')
+define(`VIDIOC_DQBUF', `0xc0585611')
+define(`VIDIOC_DQEVENT', `0x80885659')
+define(`VIDIOC_DV_TIMINGS_CAP', `0xc0905664')
+define(`VIDIOC_ENCODER_CMD', `0xc028564d')
+define(`VIDIOC_ENUMAUDIO', `0xc0345641')
+define(`VIDIOC_ENUMAUDOUT', `0xc0345642')
+define(`VIDIOC_ENUM_DV_TIMINGS', `0xc0945662')
+define(`VIDIOC_ENUM_FMT', `0xc0405602')
+define(`VIDIOC_ENUM_FRAMEINTERVALS', `0xc034564b')
+define(`VIDIOC_ENUM_FRAMESIZES', `0xc02c564a')
+define(`VIDIOC_ENUM_FREQ_BANDS', `0xc0405665')
+define(`VIDIOC_ENUMINPUT', `0xc050561a')
+define(`VIDIOC_ENUMOUTPUT', `0xc0485630')
+define(`VIDIOC_ENUMSTD', `0xc0485619')
+define(`VIDIOC_EXPBUF', `0xc0405610')
+define(`VIDIOC_G_AUDIO', `0x80345621')
+define(`VIDIOC_G_AUDOUT', `0x80345631')
+define(`VIDIOC_G_CROP', `0xc014563b')
+define(`VIDIOC_G_CTRL', `0xc008561b')
+define(`VIDIOC_G_DV_TIMINGS', `0xc0845658')
+define(`VIDIOC_G_EDID', `0xc0285628')
+define(`VIDIOC_G_ENC_INDEX', `0x8818564c')
+define(`VIDIOC_G_EXT_CTRLS', `0xc0205647')
+define(`VIDIOC_G_FBUF', `0x8030560a')
+define(`VIDIOC_G_FMT', `0xc0d05604')
+define(`VIDIOC_G_FREQUENCY', `0xc02c5638')
+define(`VIDIOC_G_INPUT', `0x80045626')
+define(`VIDIOC_G_JPEGCOMP', `0x808c563d')
+define(`VIDIOC_G_MODULATOR', `0xc0445636')
+define(`VIDIOC_G_OUTPUT', `0x8004562e')
+define(`VIDIOC_G_PARM', `0xc0cc5615')
+define(`VIDIOC_G_PRIORITY', `0x80045643')
+define(`VIDIOC_G_SELECTION', `0xc040565e')
+define(`VIDIOC_G_SLICED_VBI_CAP', `0xc0745645')
+define(`VIDIOC_G_STD', `0x80085617')
+define(`VIDIOC_G_TUNER', `0xc054561d')
+define(`VIDIOC_INT_RESET', `0x40046466')
+define(`VIDIOC_LOG_STATUS', `0x00005646')
+define(`VIDIOC_OMAP3ISP_AEWB_CFG', `0xc02056c3')
+define(`VIDIOC_OMAP3ISP_AF_CFG', `0xc04c56c5')
+define(`VIDIOC_OMAP3ISP_CCDC_CFG', `0xc03856c1')
+define(`VIDIOC_OMAP3ISP_HIST_CFG', `0xc03056c4')
+define(`VIDIOC_OMAP3ISP_PRV_CFG', `0xc07056c2')
+define(`VIDIOC_OMAP3ISP_STAT_EN', `0xc00856c7')
+define(`VIDIOC_OMAP3ISP_STAT_REQ', `0xc02856c6')
+define(`VIDIOC_OVERLAY', `0x4004560e')
+define(`VIDIOC_PREPARE_BUF', `0xc058565d')
+define(`VIDIOC_QBUF', `0xc058560f')
+define(`VIDIOC_QUERYBUF', `0xc0585609')
+define(`VIDIOC_QUERYCAP', `0x80685600')
+define(`VIDIOC_QUERYCTRL', `0xc0445624')
+define(`VIDIOC_QUERY_DV_TIMINGS', `0x80845663')
+define(`VIDIOC_QUERY_EXT_CTRL', `0xc0e85667')
+define(`VIDIOC_QUERYMENU', `0xc02c5625')
+define(`VIDIOC_QUERYSTD', `0x8008563f')
+define(`VIDIOC_REQBUFS', `0xc0145608')
+define(`VIDIOC_RESERVED', `0x00005601')
+define(`VIDIOC_S_AUDIO', `0x40345622')
+define(`VIDIOC_S_AUDOUT', `0x40345632')
+define(`VIDIOC_S_CROP', `0x4014563c')
+define(`VIDIOC_S_CTRL', `0xc008561c')
+define(`VIDIOC_S_DV_TIMINGS', `0xc0845657')
+define(`VIDIOC_S_EDID', `0xc0285629')
+define(`VIDIOC_S_EXT_CTRLS', `0xc0205648')
+define(`VIDIOC_S_FBUF', `0x4030560b')
+define(`VIDIOC_S_FMT', `0xc0d05605')
+define(`VIDIOC_S_FREQUENCY', `0x402c5639')
+define(`VIDIOC_S_HW_FREQ_SEEK', `0x40305652')
+define(`VIDIOC_S_INPUT', `0xc0045627')
+define(`VIDIOC_S_JPEGCOMP', `0x408c563e')
+define(`VIDIOC_S_MODULATOR', `0x40445637')
+define(`VIDIOC_S_OUTPUT', `0xc004562f')
+define(`VIDIOC_S_PARM', `0xc0cc5616')
+define(`VIDIOC_S_PRIORITY', `0x40045644')
+define(`VIDIOC_S_SELECTION', `0xc040565f')
+define(`VIDIOC_S_STD', `0x40085618')
+define(`VIDIOC_STREAMOFF', `0x40045613')
+define(`VIDIOC_STREAMON', `0x40045612')
+define(`VIDIOC_S_TUNER', `0x4054561e')
+define(`VIDIOC_SUBDEV_DV_TIMINGS_CAP', `0xc0905664')
+define(`VIDIOC_SUBDEV_ENUM_DV_TIMINGS', `0xc0945662')
+define(`VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL', `0xc040564b')
+define(`VIDIOC_SUBDEV_ENUM_FRAME_SIZE', `0xc040564a')
+define(`VIDIOC_SUBDEV_ENUM_MBUS_CODE', `0xc0305602')
+define(`VIDIOC_SUBDEV_G_CROP', `0xc038563b')
+define(`VIDIOC_SUBDEV_G_DV_TIMINGS', `0xc0845658')
+define(`VIDIOC_SUBDEV_G_EDID', `0xc0285628')
+define(`VIDIOC_SUBDEV_G_FMT', `0xc0585604')
+define(`VIDIOC_SUBDEV_G_FRAME_INTERVAL', `0xc0305615')
+define(`VIDIOC_SUBDEV_G_SELECTION', `0xc040563d')
+define(`VIDIOC_SUBDEV_QUERY_DV_TIMINGS', `0x80845663')
+define(`VIDIOC_SUBDEV_S_CROP', `0xc038563c')
+define(`VIDIOC_SUBDEV_S_DV_TIMINGS', `0xc0845657')
+define(`VIDIOC_SUBDEV_S_EDID', `0xc0285629')
+define(`VIDIOC_SUBDEV_S_FMT', `0xc0585605')
+define(`VIDIOC_SUBDEV_S_FRAME_INTERVAL', `0xc0305616')
+define(`VIDIOC_SUBDEV_S_SELECTION', `0xc040563e')
+define(`VIDIOC_SUBSCRIBE_EVENT', `0x4020565a')
+define(`VIDIOC_TRY_DECODER_CMD', `0xc0485661')
+define(`VIDIOC_TRY_ENCODER_CMD', `0xc028564e')
+define(`VIDIOC_TRY_EXT_CTRLS', `0xc0205649')
+define(`VIDIOC_TRY_FMT', `0xc0d05640')
+define(`VIDIOC_UNSUBSCRIBE_EVENT', `0x4020565b')
+define(`VIDIOC_VSP1_LUT_CONFIG', `0xc40056c1')
+define(`VPFE_CMD_S_CCDC_RAW_PARAMS', `0x400856c1')
+define(`VT_ACTIVATE', `0x00005606')
+define(`VT_DISALLOCATE', `0x00005608')
+define(`VT_GETHIFONTMASK', `0x0000560d')
+define(`VT_GETMODE', `0x00005601')
+define(`VT_GETSTATE', `0x00005603')
+define(`VT_LOCKSWITCH', `0x0000560b')
+define(`VT_OPENQRY', `0x00005600')
+define(`VT_RELDISP', `0x00005605')
+define(`VT_RESIZE', `0x00005609')
+define(`VT_RESIZEX', `0x0000560a')
+define(`VT_SENDSIG', `0x00005604')
+define(`VT_SETACTIVATE', `0x0000560f')
+define(`VT_SETMODE', `0x00005602')
+define(`VT_UNLOCKSWITCH', `0x0000560c')
+define(`VT_WAITACTIVE', `0x00005607')
+define(`VT_WAITEVENT', `0x0000560e')
+define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902')
+define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
+define(`WDIOC_GETBOOTSTATUS', `0x80045702')
+define(`WDIOC_GETPRETIMEOUT', `0x80045709')
+define(`WDIOC_GETSTATUS', `0x80045701')
+define(`WDIOC_GETSUPPORT', `0x80285700')
+define(`WDIOC_GETTEMP', `0x80045703')
+define(`WDIOC_GETTIMELEFT', `0x8004570a')
+define(`WDIOC_GETTIMEOUT', `0x80045707')
+define(`WDIOC_KEEPALIVE', `0x80045705')
+define(`WDIOC_SETOPTIONS', `0x80045704')
+define(`WDIOC_SETPRETIMEOUT', `0xc0045708')
+define(`WDIOC_SETTIMEOUT', `0xc0045706')
+define(`WRITE_RAID_INFO', `0x00000925')
+define(`X86_IOC_RDMSR_REGS', `0xc02063a0')
+define(`X86_IOC_WRMSR_REGS', `0xc02063a1')
+define(`ZATM_GETPOOL', `0x40106161')
+define(`ZATM_GETPOOLZ', `0x40106162')
+define(`ZATM_SETPOOL', `0x40106163')
diff --git a/prebuilts/api/30.0/public/ioctl_macros b/prebuilts/api/30.0/public/ioctl_macros
new file mode 100644
index 0000000..5cbfae5
--- /dev/null
+++ b/prebuilts/api/30.0/public/ioctl_macros
@@ -0,0 +1,68 @@
+# socket ioctls allowed to unprivileged apps
+define(`unpriv_sock_ioctls', `
+{
+# Socket ioctls for gathering information about the interface
+SIOCGSTAMP SIOCGSTAMPNS
+SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFDSTADDR SIOCGIFBRDADDR
+SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN
+# Wireless extension ioctls. Primarily get functions.
+SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV
+SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS
+SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER
+}')
+
+# socket ioctls never allowed to unprivileged apps
+define(`priv_sock_ioctls', `
+{
+# qualcomm rmnet ioctls
+WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
+# socket ioctls
+SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR
+SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
+SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP
+SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI
+SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCKILLADDR SIOCGIFBR SIOCSIFBR
+SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV
+SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP
+SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE
+SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY
+SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP
+# device and protocol specific ioctls
+SIOCDEVPRIVATE-SIOCDEVPRIVLAST
+SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST
+# Wireless extension ioctls
+SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE
+SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST
+SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN
+SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE
+SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH
+SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA
+# Dev private ioctl i.e. hardware specific ioctls
+SIOCIWFIRSTPRIV-SIOCIWLASTPRIV
+}')
+
+# commonly used ioctls on unix sockets
+define(`unpriv_unix_sock_ioctls', `{
+ TIOCOUTQ FIOCLEX FIONCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD
+}')
+
+# commonly used TTY ioctls
+# merge with unpriv_unix_sock_ioctls?
+define(`unpriv_tty_ioctls', `{
+ TIOCOUTQ FIOCLEX FIONCLEX TCGETS TCSETS TIOCGWINSZ TIOCSWINSZ TIOCSCTTY
+ TCSETSW TCFLSH TIOCSPGRP TIOCGPGRP
+}')
+
+# point to point ioctls
+define(`ppp_ioctls', `{
+PPPIOCGL2TPSTATS PPPIOCGCHAN PPPIOCATTCHAN PPPIOCDISCONN
+PPPIOCCONNECT PPPIOCSMRRU PPPIOCDETACH PPPIOCATTACH
+PPPIOCNEWUNIT PPPIOCGIDLE PPPIOCSDEBUG PPPIOCGDEBUG
+PPPIOCSACTIVE PPPIOCSPASS PPPIOCSNPMODE PPPIOCGNPMODE
+PPPIOCSCOMPRESS PPPIOCXFERUNIT PPPIOCSXASYNCMAP
+PPPIOCGXASYNCMAP PPPIOCSMAXCID PPPIOCSMRU PPPIOCGMRU
+PPPIOCSRASYNCMAP PPPIOCGRASYNCMAP PPPIOCGUNIT PPPIOCSASYNCMAP
+PPPIOCGASYNCMAP PPPIOCSFLAGS PPPIOCGFLAGS PPPIOCGCALLINFO
+PPPIOCBUNDLE PPPIOCGMPFLAGS PPPIOCSMPFLAGS PPPIOCSMPMTU
+PPPIOCSMPMRU PPPIOCGCOMPRESSORS PPPIOCSCOMPRESSOR PPPIOCGIFNAME
+}')
diff --git a/prebuilts/api/30.0/public/iorap_inode2filename.te b/prebuilts/api/30.0/public/iorap_inode2filename.te
new file mode 100644
index 0000000..4041ddd
--- /dev/null
+++ b/prebuilts/api/30.0/public/iorap_inode2filename.te
@@ -0,0 +1,77 @@
+# iorap.inode2filename -> look up file paths from an inode
+type iorap_inode2filename, domain;
+type iorap_inode2filename_exec, exec_type, file_type, system_file_type;
+type iorap_inode2filename_tmpfs, file_type;
+
+r_dir_file(iorap_inode2filename, rootfs)
+
+# Allow usage of pipes (child stdout -> parent pipe).
+allow iorap_inode2filename iorapd:fd use;
+allow iorap_inode2filename iorapd:fifo_file { read write getattr };
+
+# Allow reading most files under / ignoring usual access controls.
+allow iorap_inode2filename self:capability dac_read_search;
+
+typeattribute iorap_inode2filename mlstrustedsubject;
+
+# Grant access to open most of the files under /
+allow iorap_inode2filename apex_data_file:dir { getattr open read search };
+allow iorap_inode2filename apex_data_file:file { getattr };
+allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search };
+allow iorap_inode2filename apex_mnt_dir:file { getattr };
+allow iorap_inode2filename apk_data_file:dir { getattr open read search };
+allow iorap_inode2filename apk_data_file:file { getattr };
+allow iorap_inode2filename app_data_file:dir { getattr open read search };
+allow iorap_inode2filename app_data_file:file { getattr };
+allow iorap_inode2filename backup_data_file:dir { getattr open read search };
+allow iorap_inode2filename backup_data_file:file { getattr };
+allow iorap_inode2filename bluetooth_data_file:dir { getattr open read search };
+allow iorap_inode2filename bluetooth_data_file:file { getattr };
+allow iorap_inode2filename bootchart_data_file:dir { getattr open read search };
+allow iorap_inode2filename bootchart_data_file:file { getattr };
+allow iorap_inode2filename metadata_file:dir { getattr open read search search };
+allow iorap_inode2filename metadata_file:file { getattr };
+allow iorap_inode2filename packages_list_file:dir { getattr open read search };
+allow iorap_inode2filename packages_list_file:file { getattr };
+allow iorap_inode2filename privapp_data_file:dir { getattr open read search };
+allow iorap_inode2filename privapp_data_file:file { getattr };
+allow iorap_inode2filename property_data_file:dir { getattr open read search };
+allow iorap_inode2filename property_data_file:file { getattr };
+allow iorap_inode2filename radio_data_file:dir { getattr open read search };
+allow iorap_inode2filename radio_data_file:file { getattr };
+allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search };
+allow iorap_inode2filename resourcecache_data_file:file { getattr };
+allow iorap_inode2filename recovery_data_file:dir { getattr open read search };
+allow iorap_inode2filename ringtone_file:dir { getattr open read search };
+allow iorap_inode2filename ringtone_file:file { getattr };
+allow iorap_inode2filename same_process_hal_file:dir { getattr open read search };
+allow iorap_inode2filename same_process_hal_file:file { getattr };
+allow iorap_inode2filename sepolicy_file:file { getattr };
+allow iorap_inode2filename staging_data_file:dir { getattr open read search };
+allow iorap_inode2filename staging_data_file:file { getattr };
+allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search };
+allow iorap_inode2filename system_bootstrap_lib_file:file { getattr };
+allow iorap_inode2filename system_app_data_file:dir { getattr open read search };
+allow iorap_inode2filename system_app_data_file:file { getattr };
+allow iorap_inode2filename system_data_file:dir { getattr open read search };
+allow iorap_inode2filename system_data_file:file { getattr };
+allow iorap_inode2filename system_data_file:lnk_file { getattr open read };
+allow iorap_inode2filename system_data_root_file:dir { getattr open read search };
+allow iorap_inode2filename textclassifier_data_file:dir { getattr open read search };
+allow iorap_inode2filename textclassifier_data_file:file { getattr };
+allow iorap_inode2filename toolbox_exec:file getattr;
+allow iorap_inode2filename user_profile_data_file:dir { getattr open read search };
+allow iorap_inode2filename user_profile_data_file:file { getattr };
+allow iorap_inode2filename unencrypted_data_file:dir { getattr open read search };
+allow iorap_inode2filename unlabeled:file { getattr };
+allow iorap_inode2filename vendor_file:dir { getattr open read search };
+allow iorap_inode2filename vendor_file:file { getattr };
+allow iorap_inode2filename vendor_overlay_file:file { getattr };
+allow iorap_inode2filename zygote_exec:file { getattr };
+
+###
+### neverallow rules
+###
+
+neverallow { domain -init -iorapd } iorap_inode2filename:process { transition dyntransition };
+neverallow iorap_inode2filename domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/iorap_prefetcherd.te b/prebuilts/api/30.0/public/iorap_prefetcherd.te
new file mode 100644
index 0000000..ad9db14
--- /dev/null
+++ b/prebuilts/api/30.0/public/iorap_prefetcherd.te
@@ -0,0 +1,54 @@
+# volume manager
+type iorap_prefetcherd, domain;
+type iorap_prefetcherd_exec, exec_type, file_type, system_file_type;
+type iorap_prefetcherd_tmpfs, file_type;
+
+r_dir_file(iorap_prefetcherd, rootfs)
+
+# Allow read/write /proc/sys/vm/drop/caches
+allow iorap_prefetcherd proc_drop_caches:file rw_file_perms;
+
+# iorap_prefetcherd temporarily changes its priority when running benchmarks
+allow iorap_prefetcherd self:global_capability_class_set sys_nice;
+
+# Allow usage of pipes (--input-fd=# and --output-fd=# command line parameters).
+allow iorap_prefetcherd iorapd:fd use;
+allow iorap_prefetcherd iorapd:fifo_file { read write };
+
+# Allow reading most files under / ignoring usual access controls.
+allow iorap_prefetcherd self:capability dac_read_search;
+
+typeattribute iorap_prefetcherd mlstrustedsubject;
+
+# Grant logcat access
+allow iorap_prefetcherd logcat_exec:file { open read };
+
+# Grant access to open most of the files under /
+allow iorap_prefetcherd apk_data_file:dir { open read search };
+allow iorap_prefetcherd apk_data_file:file { open read };
+allow iorap_prefetcherd app_data_file:dir { open read search };
+allow iorap_prefetcherd app_data_file:file { open read };
+allow iorap_prefetcherd dalvikcache_data_file:dir { open read search };
+allow iorap_prefetcherd dalvikcache_data_file:file{ open read };
+allow iorap_prefetcherd packages_list_file:dir { open read search };
+allow iorap_prefetcherd packages_list_file:file { open read };
+allow iorap_prefetcherd privapp_data_file:dir { open read search };
+allow iorap_prefetcherd privapp_data_file:file { open read };
+allow iorap_prefetcherd same_process_hal_file:dir{ open read search };
+allow iorap_prefetcherd same_process_hal_file:file { open read };
+allow iorap_prefetcherd system_data_file:dir { open read search };
+allow iorap_prefetcherd system_data_file:file { open read };
+allow iorap_prefetcherd system_data_file:lnk_file { open read };
+allow iorap_prefetcherd user_profile_data_file:dir { open read search };
+allow iorap_prefetcherd user_profile_data_file:file { open read };
+allow iorap_prefetcherd vendor_overlay_file:dir { open read search };
+allow iorap_prefetcherd vendor_overlay_file:file { open read };
+# Note: Do not add any /vendor labels because they can be customized
+# by the vendor and we won't know about them beforehand.
+
+###
+### neverallow rules
+###
+
+neverallow { domain -init -iorapd } iorap_prefetcherd:process { transition dyntransition };
+neverallow iorap_prefetcherd domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te
new file mode 100644
index 0000000..b970699
--- /dev/null
+++ b/prebuilts/api/30.0/public/iorapd.te
@@ -0,0 +1,97 @@
+# volume manager
+type iorapd, domain;
+type iorapd_exec, exec_type, file_type, system_file_type;
+type iorapd_tmpfs, file_type;
+
+r_dir_file(iorapd, rootfs)
+
+# Allow read/write /proc/sys/vm/drop/caches
+allow iorapd proc_drop_caches:file rw_file_perms;
+
+# Give iorapd a place where only iorapd can store files; everyone else is off limits
+allow iorapd iorapd_data_file:dir create_dir_perms;
+allow iorapd iorapd_data_file:file create_file_perms;
+
+# Allow iorapd to publish a binder service and make binder calls.
+binder_use(iorapd)
+add_service(iorapd, iorapd_service)
+
+# Allow iorapd to call into the system server so it can check permissions.
+binder_call(iorapd, system_server)
+allow iorapd permission_service:service_manager find;
+# IUserManager
+allow iorapd user_service:service_manager find;
+# IPackageManagerNative
+allow iorapd package_native_service:service_manager find;
+# Allow dumpstate (bugreport) to call into iorapd.
+allow iorapd dumpstate:fd use;
+allow iorapd dumpstate:fifo_file write;
+
+# talk to batteryservice
+binder_call(iorapd, healthd)
+
+# TODO: does each of the service_manager allow finds above need the binder_call?
+
+# iorapd temporarily changes its priority when running benchmarks
+allow iorapd self:global_capability_class_set sys_nice;
+
+# Allow to access Perfetto traced's privileged consumer socket to start/stop
+# tracing sessions and read trace data.
+unix_socket_connect(iorapd, traced_consumer, traced)
+
+# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
+allow iorapd system_file:file rx_file_perms;
+
+# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd.
+allow iorapd iorap_inode2filename:process signull;
+allow iorapd iorap_prefetcherd:process signull;
+
+# Allowing system_server to check for the existence and size of files under iorapd
+# dir without collecting any sensitive app data.
+# This is used to predict if iorapd is doing prefetching or not.
+allow system_server iorapd_data_file:dir { getattr open read search };
+allow system_server iorapd_data_file:file getattr;
+
+###
+### neverallow rules
+###
+
+neverallow {
+ domain
+ -iorapd
+} iorapd_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
+
+neverallow {
+ domain
+ -init
+ -iorapd
+ -system_server
+} iorapd_data_file:dir *;
+
+neverallow {
+ domain
+ -kernel
+ -iorapd
+} iorapd_data_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow {
+ domain
+ -init
+ -kernel
+ -vendor_init
+ -iorapd
+ -system_server
+} { iorapd_data_file }:notdevfile_class_set *;
+
+# Only system_server and shell (for dumpsys) can interact with iorapd over binder
+neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find;
+neverallow iorapd {
+ domain
+ -healthd
+ -servicemanager
+ -system_server
+ userdebug_or_eng(`-su')
+}:binder call;
+
+neverallow { domain -init } iorapd:process { transition dyntransition };
+neverallow iorapd domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/isolated_app.te b/prebuilts/api/30.0/public/isolated_app.te
new file mode 100644
index 0000000..a907dac
--- /dev/null
+++ b/prebuilts/api/30.0/public/isolated_app.te
@@ -0,0 +1,9 @@
+###
+### Services with isolatedProcess=true in their manifest.
+###
+### This file defines the rules for isolated apps. An "isolated
+### app" is an APP with UID between AID_ISOLATED_START (99000)
+### and AID_ISOLATED_END (99999).
+###
+
+type isolated_app, domain;
diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te
new file mode 100644
index 0000000..35018e9
--- /dev/null
+++ b/prebuilts/api/30.0/public/kernel.te
@@ -0,0 +1,136 @@
+# Life begins with the kernel.
+type kernel, domain, mlstrustedsubject;
+
+allow kernel self:global_capability_class_set sys_nice;
+
+# Root fs.
+r_dir_file(kernel, rootfs)
+allow kernel proc_cmdline:file r_file_perms;
+
+# Get SELinux enforcing status.
+allow kernel selinuxfs:dir r_dir_perms;
+allow kernel selinuxfs:file r_file_perms;
+
+# Get file contexts during first stage
+allow kernel file_contexts_file:file r_file_perms;
+
+# Allow init relabel itself.
+allow kernel rootfs:file relabelfrom;
+allow kernel init_exec:file relabelto;
+# TODO: investigate why we need this.
+allow kernel init:process share;
+
+# cgroup filesystem initialization prior to setting the cgroup root directory label.
+allow kernel unlabeled:dir search;
+
+# Mount usbfs.
+allow kernel usbfs:filesystem mount;
+allow kernel usbfs:dir search;
+
+# Initial setenforce by init prior to switching to init domain.
+# We use dontaudit instead of allow to prevent a kernel spawned userspace
+# process from turning off SELinux once enabled.
+dontaudit kernel self:security setenforce;
+
+# Write to /proc/1/oom_adj prior to switching to init domain.
+allow kernel self:global_capability_class_set sys_resource;
+
+# Init reboot before switching selinux domains under certain error
+# conditions. Allow it.
+# As part of rebooting, init writes "u" to /proc/sysrq-trigger to
+# remount filesystems read-only. /data is not mounted at this point,
+# so we could ignore this. For now, we allow it.
+allow kernel self:global_capability_class_set sys_boot;
+allow kernel proc_sysrq:file w_file_perms;
+
+# Allow writing to /dev/kmsg which was created prior to loading policy.
+allow kernel tmpfs:chr_file write;
+
+# Set checkreqprot by init.rc prior to switching to init domain.
+allow kernel selinuxfs:file write;
+allow kernel self:security setcheckreqprot;
+
+# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
+allow kernel sdcard_type:file { read write };
+
+# f_mtp driver accesses files from kernel context.
+allow kernel mediaprovider:fd use;
+
+# Allow the kernel to read OBB files from app directories. (b/17428116)
+# Kernel thread "loop0" reads a vold supplied file descriptor.
+# Fixes CTS tests:
+# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountObbNormal
+# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountTwoObbs
+allow kernel vold:fd use;
+allow kernel { app_data_file privapp_data_file }:file read;
+allow kernel asec_image_file:file read;
+
+# Allow mounting loop device in update_engine_unittests. (b/28319454)
+# and for LTP kernel tests (b/73220071)
+userdebug_or_eng(`
+ allow kernel update_engine_data_file:file { read write };
+ allow kernel nativetest_data_file:file { read write };
+')
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow kernel media_rw_data_file:dir create_dir_perms;
+allow kernel media_rw_data_file:file create_file_perms;
+
+# Access to /data/misc/vold/virtual_disk.
+allow kernel vold_data_file:file { read write };
+
+# Allow the kernel to read APEX file descriptors and (staged) data files;
+# Needed because APEX uses the loopback driver, which issues requests from
+# a kernel thread in earlier kernel version.
+allow kernel apexd:fd use;
+allow kernel {
+ apex_data_file
+ staging_data_file
+ vendor_apex_file
+}:file read;
+
+# Allow the first-stage init (which is running in the kernel domain) to execute the
+# dynamic linker when it re-executes /init to switch into the second stage.
+# Until Linux 4.8, the program interpreter (dynamic linker in this case) is executed
+# before the domain is switched to the target domain. So, we need to allow the kernel
+# domain (the source domain) to execute the dynamic linker (system_file type).
+# TODO(b/110147943) remove these allow rules when we no longer need to support Linux
+# kernel older than 4.8.
+allow kernel system_file:file execute;
+# The label for the dynamic linker is rootfs in the recovery partition. This is because
+# the recovery partition which is rootfs does not support xattr and thus labeling can't be
+# done at build-time. All files are by default labeled as rootfs upon booting.
+recovery_only(`
+ allow kernel rootfs:file execute;
+')
+
+# required by VTS lidbm unit test
+allow kernel appdomain_tmpfs:file { read write };
+
+###
+### neverallow rules
+###
+
+# The initial task starts in the kernel domain (assigned via
+# initial_sid_contexts), but nothing ever transitions to it.
+neverallow * kernel:process { transition dyntransition };
+
+# The kernel domain is never entered via an exec, nor should it
+# ever execute a program outside the rootfs without changing to another domain.
+# If you encounter an execute_no_trans denial on the kernel domain, then
+# possible causes include:
+# - The program is a kernel usermodehelper. In this case, define a domain
+# for the program and domain_auto_trans() to it.
+# - You are running an exploit which switched to the init task credentials
+# and is then trying to exec a shell or other program. You lose!
+neverallow kernel *:file { entrypoint execute_no_trans };
+
+# the kernel should not be accessing files owned by other users.
+# Instead of adding dac_{read_search,override}, fix the unix permissions
+# on files being accessed.
+neverallow kernel self:global_capability_class_set { dac_override dac_read_search };
+
+# Nobody should be ptracing kernel threads
+neverallow * kernel:process ptrace;
diff --git a/prebuilts/api/30.0/public/keystore.te b/prebuilts/api/30.0/public/keystore.te
new file mode 100644
index 0000000..27c4624
--- /dev/null
+++ b/prebuilts/api/30.0/public/keystore.te
@@ -0,0 +1,36 @@
+type keystore, domain;
+type keystore_exec, system_file_type, exec_type, file_type;
+
+# keystore daemon
+typeattribute keystore mlstrustedsubject;
+binder_use(keystore)
+binder_service(keystore)
+binder_call(keystore, system_server)
+binder_call(keystore, wificond)
+
+allow keystore keystore_data_file:dir create_dir_perms;
+allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
+allow keystore keystore_exec:file { getattr };
+
+add_service(keystore, keystore_service)
+allow keystore sec_key_att_app_id_provider_service:service_manager find;
+allow keystore dropbox_service:service_manager find;
+
+# Check SELinux permissions.
+selinux_check_access(keystore)
+
+r_dir_file(keystore, cgroup)
+
+###
+### Neverallow rules
+###
+### Protect ourself from others
+###
+
+neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
+neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow { domain -keystore -init } keystore_data_file:dir *;
+neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
+
+neverallow * keystore:process ptrace;
diff --git a/prebuilts/api/30.0/public/llkd.te b/prebuilts/api/30.0/public/llkd.te
new file mode 100644
index 0000000..1faa429
--- /dev/null
+++ b/prebuilts/api/30.0/public/llkd.te
@@ -0,0 +1,3 @@
+# llkd Live LocK Daemon
+type llkd, domain, mlstrustedsubject;
+type llkd_exec, system_file_type, exec_type, file_type;
diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te
new file mode 100644
index 0000000..67e93e1
--- /dev/null
+++ b/prebuilts/api/30.0/public/lmkd.te
@@ -0,0 +1,73 @@
+# lmkd low memory killer daemon
+type lmkd, domain, mlstrustedsubject;
+type lmkd_exec, system_file_type, exec_type, file_type;
+
+allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill };
+
+# lmkd locks itself in memory, to prevent it from being
+# swapped out and unable to kill other memory hogs.
+# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35
+# b/16236289
+allow lmkd self:global_capability_class_set ipc_lock;
+
+## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns
+## TODO: maybe scope this down?
+r_dir_file(lmkd, domain)
+allow lmkd domain:file write;
+
+## Writes to /sys/module/lowmemorykiller/parameters/minfree
+r_dir_file(lmkd, sysfs_lowmemorykiller)
+allow lmkd sysfs_lowmemorykiller:file w_file_perms;
+
+# setsched and send kill signals to any registered process
+allow lmkd domain:process { setsched sigkill };
+# TODO: delete this line b/131761776
+allow lmkd kernel:process { setsched };
+
+# Clean up old cgroups
+allow lmkd cgroup:dir { remove_name rmdir };
+
+# Allow to read memcg stats
+allow lmkd cgroup:file r_file_perms;
+
+# Set self to SCHED_FIFO
+allow lmkd self:global_capability_class_set sys_nice;
+
+allow lmkd proc_zoneinfo:file r_file_perms;
+allow lmkd proc_vmstat:file r_file_perms;
+
+# Set sys.lmk.* properties.
+set_prop(lmkd, system_lmk_prop)
+
+# live lock watchdog process allowed to look through /proc/
+allow lmkd domain:dir { search open read };
+allow lmkd domain:file { open read };
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow lmkd proc_sysrq:file rw_file_perms;
+
+# Read /proc/lowmemorykiller
+allow lmkd proc_lowmemorykiller:file r_file_perms;
+
+# Read /proc/meminfo
+allow lmkd proc_meminfo:file r_file_perms;
+
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
+# Allow lmkd to write to statsd.
+unix_socket_send(lmkd, statsdw, statsd)
+
+### neverallow rules
+
+# never honor LD_PRELOAD
+neverallow * lmkd:process noatsecure;
+neverallow lmkd self:global_capability_class_set sys_ptrace;
diff --git a/prebuilts/api/30.0/public/logd.te b/prebuilts/api/30.0/public/logd.te
new file mode 100644
index 0000000..57e29d9
--- /dev/null
+++ b/prebuilts/api/30.0/public/logd.te
@@ -0,0 +1,73 @@
+# android user-space log manager
+type logd, domain, mlstrustedsubject;
+type logd_exec, system_file_type, exec_type, file_type;
+
+# Read access to pseudo filesystems.
+r_dir_file(logd, cgroup)
+r_dir_file(logd, proc_kmsg)
+r_dir_file(logd, proc_meminfo)
+
+allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
+allow logd self:global_capability2_class_set syslog;
+allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
+allow logd kernel:system syslog_read;
+allow logd kmsg_device:chr_file { getattr w_file_perms };
+allow logd system_data_file:{ file lnk_file } r_file_perms;
+allow logd packages_list_file:file r_file_perms;
+allow logd pstorefs:dir search;
+allow logd pstorefs:file r_file_perms;
+userdebug_or_eng(`
+ # Access to /data/misc/logd/event-log-tags
+ allow logd misc_logd_file:dir r_dir_perms;
+ allow logd misc_logd_file:file rw_file_perms;
+')
+allow logd runtime_event_log_tags_file:file rw_file_perms;
+
+# Access device logging gating property
+get_prop(logd, device_logging_prop)
+
+r_dir_file(logd, domain)
+
+allow logd kernel:system syslog_mod;
+
+control_logd(logd)
+read_runtime_log_tags(logd)
+
+allow runtime_event_log_tags_file tmpfs:filesystem associate;
+# Typically harmlessly blindly trying to access via liblog
+# event tag mapping while in the untrusted_app domain.
+# Access for that domain is controlled and gated via the
+# event log tag service (albeit at a performance penalty,
+# expected to be locally cached).
+dontaudit domain runtime_event_log_tags_file:file { map open read };
+
+###
+### Neverallow rules
+###
+### logd should NEVER do any of this
+
+# Block device access.
+neverallow logd dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow logd domain:process ptrace;
+
+# ... and nobody may ptrace me (except on userdebug or eng builds)
+neverallow { domain userdebug_or_eng(`-crash_dump -llkd') } logd:process ptrace;
+
+# Write to /system.
+neverallow logd system_file:dir_file_class_set write;
+
+# Write to files in /data/data or system files on /data
+neverallow logd { app_data_file privapp_data_file system_data_file packages_list_file }:dir_file_class_set write;
+
+# Only init is allowed to enter the logd domain via exec()
+neverallow { domain -init } logd:process transition;
+neverallow * logd:process dyntransition;
+
+# protect the event-log-tags file
+neverallow {
+ domain
+ -init
+ -logd
+} runtime_event_log_tags_file:file no_w_file_perms;
diff --git a/prebuilts/api/30.0/public/logpersist.te b/prebuilts/api/30.0/public/logpersist.te
new file mode 100644
index 0000000..c8e6af4
--- /dev/null
+++ b/prebuilts/api/30.0/public/logpersist.te
@@ -0,0 +1,30 @@
+# android debug logging, logpersist domains
+type logpersist, domain;
+
+# logcatd is a shell script that execs logcat with various parameters.
+allow logpersist shell_exec:file rx_file_perms;
+allow logpersist logcat_exec:file rx_file_perms;
+
+###
+### Neverallow rules
+###
+### logpersist should NEVER do any of this
+
+# Block device access.
+neverallow logpersist dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow logpersist domain:process ptrace;
+
+# Write to files in /data/data or system files on /data except misc_logd_file
+neverallow logpersist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write;
+
+# Only init should be allowed to enter the logpersist domain via exec()
+# Following is a list of debug domains we know that transition to logpersist
+# neverallow_with_undefined_domains {
+# domain
+# -init # goldfish, logcatd, raft
+# -mmi # bat, mtp8996, msmcobalt
+# -system_app # Smith.apk
+# } logpersist:process transition;
+neverallow * logpersist:process dyntransition;
diff --git a/prebuilts/api/30.0/public/mdnsd.te b/prebuilts/api/30.0/public/mdnsd.te
new file mode 100644
index 0000000..ef7b065
--- /dev/null
+++ b/prebuilts/api/30.0/public/mdnsd.te
@@ -0,0 +1,2 @@
+# mdns daemon
+type mdnsd, domain;
diff --git a/prebuilts/api/30.0/public/mediadrmserver.te b/prebuilts/api/30.0/public/mediadrmserver.te
new file mode 100644
index 0000000..a52295e
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediadrmserver.te
@@ -0,0 +1,33 @@
+# mediadrmserver - mediadrm daemon
+type mediadrmserver, domain;
+type mediadrmserver_exec, system_file_type, exec_type, file_type;
+
+typeattribute mediadrmserver mlstrustedsubject;
+
+net_domain(mediadrmserver)
+binder_use(mediadrmserver)
+binder_call(mediadrmserver, binderservicedomain)
+binder_call(mediadrmserver, appdomain)
+binder_service(mediadrmserver)
+hal_client_domain(mediadrmserver, hal_drm)
+
+add_service(mediadrmserver, mediadrmserver_service)
+allow mediadrmserver mediaserver_service:service_manager find;
+allow mediadrmserver mediametrics_service:service_manager find;
+allow mediadrmserver processinfo_service:service_manager find;
+allow mediadrmserver surfaceflinger_service:service_manager find;
+allow mediadrmserver system_file:dir r_dir_perms;
+
+# TODO(b/80317992): remove
+binder_call(mediadrmserver, hal_omx_server)
+
+###
+### neverallow rules
+###
+
+# mediadrmserver should never execute any executable without a
+# domain transition
+neverallow mediadrmserver { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/prebuilts/api/30.0/public/mediaextractor.te b/prebuilts/api/30.0/public/mediaextractor.te
new file mode 100644
index 0000000..859ec9c
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediaextractor.te
@@ -0,0 +1,73 @@
+# mediaextractor - multimedia daemon
+type mediaextractor, domain;
+type mediaextractor_exec, system_file_type, exec_type, file_type;
+type mediaextractor_tmpfs, file_type;
+
+typeattribute mediaextractor mlstrustedsubject;
+
+binder_use(mediaextractor)
+binder_call(mediaextractor, binderservicedomain)
+binder_call(mediaextractor, appdomain)
+binder_service(mediaextractor)
+
+add_service(mediaextractor, mediaextractor_service)
+allow mediaextractor mediametrics_service:service_manager find;
+allow mediaextractor hidl_token_hwservice:hwservice_manager find;
+
+allow mediaextractor system_server:fd use;
+
+hal_client_domain(mediaextractor, hal_cas)
+hal_client_domain(mediaextractor, hal_allocator)
+
+r_dir_file(mediaextractor, cgroup)
+allow mediaextractor proc_meminfo:file r_file_perms;
+
+crash_dump_fallback(mediaextractor)
+
+# allow mediaextractor read permissions for file sources
+allow mediaextractor sdcard_type:file { getattr read };
+allow mediaextractor media_rw_data_file:file { getattr read };
+allow mediaextractor { app_data_file privapp_data_file }:file { getattr read };
+
+# Read resources from open apk files passed over Binder
+allow mediaextractor apk_data_file:file { read getattr };
+allow mediaextractor asec_apk_file:file { read getattr };
+allow mediaextractor ringtone_file:file { read getattr };
+
+# overlay package access
+allow mediaextractor vendor_overlay_file:file { read map };
+
+# scan extractor library directory to dynamically load extractors
+allow mediaextractor system_file:dir { read open };
+
+get_prop(mediaextractor, device_config_media_native_prop)
+
+###
+### neverallow rules
+###
+
+# mediaextractor should never execute any executable without a
+# domain transition
+neverallow mediaextractor { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# mediaextractor should not be opening /data files directly. Any files
+# it touches (with a few exceptions) need to be passed to it via a file
+# descriptor opened outside the process.
+neverallow mediaextractor {
+ data_file_type
+ -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
+ userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins
+ with_native_coverage(`-method_trace_data_file')
+}:file open;
diff --git a/prebuilts/api/30.0/public/mediametrics.te b/prebuilts/api/30.0/public/mediametrics.te
new file mode 100644
index 0000000..0e56b07
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediametrics.te
@@ -0,0 +1,44 @@
+# mediametrics - daemon for collecting media.metrics data
+type mediametrics, domain;
+type mediametrics_exec, system_file_type, exec_type, file_type;
+
+
+binder_use(mediametrics)
+binder_call(mediametrics, binderservicedomain)
+binder_service(mediametrics)
+
+add_service(mediametrics, mediametrics_service)
+
+allow mediametrics system_server:fd use;
+
+r_dir_file(mediametrics, cgroup)
+allow mediametrics proc_meminfo:file r_file_perms;
+
+# allows interactions with dumpsys to GMScore
+allow mediametrics { app_data_file privapp_data_file }:file write;
+
+# allow access to package manager for uid->apk mapping
+allow mediametrics package_native_service:service_manager find;
+
+# Allow metrics service to send information to statsd socket.
+unix_socket_send(mediametrics, statsdw, statsd)
+
+###
+### neverallow rules
+###
+
+# mediametrics should never execute any executable without a
+# domain transition
+neverallow mediametrics { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediametrics domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/mediaprovider.te b/prebuilts/api/30.0/public/mediaprovider.te
new file mode 100644
index 0000000..24170a5
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediaprovider.te
@@ -0,0 +1,6 @@
+###
+### A domain for android.process.media, which contains both
+### MediaProvider and DownloadProvider and associated services.
+###
+
+type mediaprovider, domain;
diff --git a/prebuilts/api/30.0/public/mediaserver.te b/prebuilts/api/30.0/public/mediaserver.te
new file mode 100644
index 0000000..52d3581
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediaserver.te
@@ -0,0 +1,147 @@
+# mediaserver - multimedia daemon
+type mediaserver, domain;
+type mediaserver_exec, system_file_type, exec_type, file_type;
+type mediaserver_tmpfs, file_type;
+
+typeattribute mediaserver mlstrustedsubject;
+
+net_domain(mediaserver)
+
+r_dir_file(mediaserver, sdcard_type)
+r_dir_file(mediaserver, cgroup)
+
+# stat /proc/self
+allow mediaserver proc:lnk_file getattr;
+
+# open /vendor/lib/mediadrm
+allow mediaserver system_file:dir r_dir_perms;
+
+userdebug_or_eng(`
+ # ptrace to processes in the same domain for memory leak detection
+ allow mediaserver self:process ptrace;
+')
+
+binder_use(mediaserver)
+binder_call(mediaserver, binderservicedomain)
+binder_call(mediaserver, appdomain)
+binder_service(mediaserver)
+
+allow mediaserver media_data_file:dir create_dir_perms;
+allow mediaserver media_data_file:file create_file_perms;
+allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write };
+allow mediaserver sdcard_type:file write;
+allow mediaserver gpu_device:chr_file rw_file_perms;
+allow mediaserver video_device:dir r_dir_perms;
+allow mediaserver video_device:chr_file rw_file_perms;
+
+set_prop(mediaserver, audio_prop)
+
+# Read resources from open apk files passed over Binder.
+allow mediaserver apk_data_file:file { read getattr };
+allow mediaserver asec_apk_file:file { read getattr };
+allow mediaserver ringtone_file:file { read getattr };
+
+# Read /data/data/com.android.providers.telephony files passed over Binder.
+allow mediaserver radio_data_file:file { read getattr };
+
+# Use pipes passed over Binder from app domains.
+allow mediaserver appdomain:fifo_file { getattr read write };
+
+allow mediaserver rpmsg_device:chr_file rw_file_perms;
+
+# Inter System processes communicate over named pipe (FIFO)
+allow mediaserver system_server:fifo_file r_file_perms;
+
+r_dir_file(mediaserver, media_rw_data_file)
+
+# Grant access to read files on appfuse.
+allow mediaserver app_fuse_file:file { read getattr };
+
+# Needed on some devices for playing DRM protected content,
+# but seems expected and appropriate for all devices.
+unix_socket_connect(mediaserver, drmserver, drmserver)
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(mediaserver, bluetooth, bluetooth)
+
+add_service(mediaserver, mediaserver_service)
+allow mediaserver activity_service:service_manager find;
+allow mediaserver appops_service:service_manager find;
+allow mediaserver audio_service:service_manager find;
+allow mediaserver audioserver_service:service_manager find;
+allow mediaserver cameraserver_service:service_manager find;
+allow mediaserver batterystats_service:service_manager find;
+allow mediaserver drmserver_service:service_manager find;
+allow mediaserver mediaextractor_service:service_manager find;
+allow mediaserver mediametrics_service:service_manager find;
+allow mediaserver media_session_service:service_manager find;
+allow mediaserver permission_service:service_manager find;
+allow mediaserver power_service:service_manager find;
+allow mediaserver processinfo_service:service_manager find;
+allow mediaserver scheduling_policy_service:service_manager find;
+allow mediaserver surfaceflinger_service:service_manager find;
+
+# for ModDrm/MediaPlayer
+allow mediaserver mediadrmserver_service:service_manager find;
+
+# For hybrid interfaces
+allow mediaserver hidl_token_hwservice:hwservice_manager find;
+
+# /oem access
+allow mediaserver oemfs:dir search;
+allow mediaserver oemfs:file r_file_perms;
+
+# /vendor apk access
+allow mediaserver vendor_app_file:file { read map getattr };
+
+use_drmservice(mediaserver)
+allow mediaserver drmserver:drmservice {
+ consumeRights
+ setPlaybackStatus
+ openDecryptSession
+ closeDecryptSession
+ initializeDecryptUnit
+ decrypt
+ finalizeDecryptUnit
+ pread
+};
+
+# only allow unprivileged socket ioctl commands
+allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket }
+ ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow mediaserver media_rw_data_file:dir create_dir_perms;
+allow mediaserver media_rw_data_file:file create_file_perms;
+
+# Access to media in /data/preloads
+allow mediaserver preloads_media_file:file { getattr read ioctl };
+
+allow mediaserver ion_device:chr_file r_file_perms;
+allow mediaserver hal_graphics_allocator:fd use;
+allow mediaserver hal_graphics_composer:fd use;
+allow mediaserver hal_camera:fd use;
+
+allow mediaserver system_server:fd use;
+
+# b/120491318 allow mediaserver to access void:fd
+allow mediaserver vold:fd use;
+
+# overlay package access
+allow mediaserver vendor_overlay_file:file { read getattr map };
+
+hal_client_domain(mediaserver, hal_allocator)
+
+###
+### neverallow rules
+###
+
+# mediaserver should never execute any executable without a
+# domain transition
+neverallow mediaserver { file_type fs_type }:file execute_no_trans;
+
+# do not allow privileged socket ioctl commands
+neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
diff --git a/prebuilts/api/30.0/public/mediaswcodec.te b/prebuilts/api/30.0/public/mediaswcodec.te
new file mode 100644
index 0000000..2acdeea
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediaswcodec.te
@@ -0,0 +1,27 @@
+type mediaswcodec, domain;
+type mediaswcodec_exec, system_file_type, exec_type, file_type;
+
+hal_server_domain(mediaswcodec, hal_codec2)
+
+# mediaswcodec may use an input surface from a different Codec2 service or an
+# OMX service
+hal_client_domain(mediaswcodec, hal_codec2)
+hal_client_domain(mediaswcodec, hal_omx)
+
+hal_client_domain(mediaswcodec, hal_allocator)
+hal_client_domain(mediaswcodec, hal_graphics_allocator)
+
+get_prop(mediaswcodec, device_config_media_native_prop)
+
+crash_dump_fallback(mediaswcodec)
+
+# mediaswcodec_server should never execute any executable without a
+# domain transition
+neverallow mediaswcodec { file_type fs_type }:file execute_no_trans;
+
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediaswcodec domain:{ tcp_socket udp_socket rawip_socket } *;
+
diff --git a/prebuilts/api/30.0/public/mediatranscoding.te b/prebuilts/api/30.0/public/mediatranscoding.te
new file mode 100644
index 0000000..386535b
--- /dev/null
+++ b/prebuilts/api/30.0/public/mediatranscoding.te
@@ -0,0 +1,26 @@
+# mediatranscoding - daemon for transcoding video and image.
+type mediatranscoding, domain;
+type mediatranscoding_exec, system_file_type, exec_type, file_type;
+
+binder_use(mediatranscoding)
+binder_service(mediatranscoding)
+
+add_service(mediatranscoding, mediatranscoding_service)
+
+allow mediatranscoding system_server:fd use;
+
+# mediatranscoding should never execute any executable without a
+# domain transition
+neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te
new file mode 100644
index 0000000..2c7d64b
--- /dev/null
+++ b/prebuilts/api/30.0/public/modprobe.te
@@ -0,0 +1,10 @@
+type modprobe, domain;
+
+allow modprobe proc_modules:file r_file_perms;
+allow modprobe proc_cmdline:file r_file_perms;
+allow modprobe self:global_capability_class_set sys_module;
+allow modprobe kernel:key search;
+recovery_only(`
+ allow modprobe rootfs:system module_load;
+ allow modprobe rootfs:file r_file_perms;
+')
diff --git a/prebuilts/api/30.0/public/mtp.te b/prebuilts/api/30.0/public/mtp.te
new file mode 100644
index 0000000..add63c0
--- /dev/null
+++ b/prebuilts/api/30.0/public/mtp.te
@@ -0,0 +1,11 @@
+# vpn tunneling protocol manager
+type mtp, domain;
+type mtp_exec, system_file_type, exec_type, file_type;
+
+net_domain(mtp)
+
+# pptp policy
+allow mtp self:{ socket pppox_socket } create_socket_perms_no_ioctl;
+allow mtp self:global_capability_class_set net_raw;
+allow mtp ppp:process signal;
+allow mtp vpn_data_file:dir search;
diff --git a/prebuilts/api/30.0/public/net.te b/prebuilts/api/30.0/public/net.te
new file mode 100644
index 0000000..e90715e
--- /dev/null
+++ b/prebuilts/api/30.0/public/net.te
@@ -0,0 +1,39 @@
+## Network types
+type node, node_type;
+type netif, netif_type;
+type port, port_type;
+
+###
+### Domain with network access
+###
+
+# Use network sockets.
+allow netdomain self:tcp_socket create_stream_socket_perms;
+allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
+
+# Connect to ports.
+allow netdomain port_type:tcp_socket name_connect;
+# Bind to ports.
+allow {netdomain -ephemeral_app} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
+allow {netdomain -ephemeral_app} port_type:udp_socket name_bind;
+allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind;
+# See changes to the routing table.
+allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
+# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
+# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere
+# to avoid app-compat breakage.
+allow {
+ netdomain
+ -ephemeral_app
+ -mediaprovider
+ -untrusted_app_all
+} self:netlink_route_socket { bind nlmsg_readpriv };
+
+# Talks to netd via dnsproxyd socket.
+unix_socket_connect(netdomain, dnsproxyd, netd)
+
+# Talks to netd via fwmarkd socket.
+unix_socket_connect(netdomain, fwmarkd, netd)
+
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(netdomain, mdnsd, mdnsd)
diff --git a/prebuilts/api/30.0/public/netd.te b/prebuilts/api/30.0/public/netd.te
new file mode 100644
index 0000000..8005406
--- /dev/null
+++ b/prebuilts/api/30.0/public/netd.te
@@ -0,0 +1,185 @@
+# network manager
+type netd, domain, mlstrustedsubject;
+type netd_exec, system_file_type, exec_type, file_type;
+
+net_domain(netd)
+# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
+
+r_dir_file(netd, cgroup)
+
+allow netd system_server:fd use;
+
+allow netd self:global_capability_class_set { net_admin net_raw kill };
+# Note: fsetid is deliberately not included above. fsetid checks are
+# triggered by chmod on a directory or file owned by a group other
+# than one of the groups assigned to the current process to see if
+# the setgid bit should be cleared, regardless of whether the setgid
+# bit was even set. We do not appear to truly need this capability
+# for netd to operate.
+dontaudit netd self:global_capability_class_set fsetid;
+
+# Allow netd to open /dev/tun, set it up and pass it to clatd
+allow netd tun_device:chr_file rw_file_perms;
+allowxperm netd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
+allow netd self:tun_socket create;
+
+allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow netd self:netlink_route_socket nlmsg_write;
+allow netd self:netlink_nflog_socket create_socket_perms_no_ioctl;
+allow netd self:netlink_socket create_socket_perms_no_ioctl;
+allow netd self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
+allow netd self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow netd self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+allow netd shell_exec:file rx_file_perms;
+allow netd system_file:file x_file_perms;
+not_full_treble(`allow netd vendor_file:file x_file_perms;')
+allow netd devpts:chr_file rw_file_perms;
+
+# Acquire advisory lock on /system/etc/xtables.lock
+allow netd system_file:file lock;
+
+# Allow netd to write to qtaguid ctrl file.
+# TODO: Add proper rules to prevent other process to access qtaguid_proc file
+# after migration complete
+allow netd proc_qtaguid_ctrl:file rw_file_perms;
+# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
+allow netd qtaguid_device:chr_file r_file_perms;
+
+r_dir_file(netd, proc_net_type)
+# For /proc/sys/net/ipv[46]/route/flush.
+allow netd proc_net_type:file rw_file_perms;
+
+# Enables PppController and interface enumeration (among others)
+allow netd sysfs:dir r_dir_perms;
+r_dir_file(netd, sysfs_net)
+
+# Allows setting interface MTU
+allow netd sysfs_net:file w_file_perms;
+
+# TODO: added to match above sysfs rule. Remove me?
+allow netd sysfs_usb:file write;
+
+r_dir_file(netd, cgroup_bpf)
+
+allow netd fs_bpf:dir search;
+allow netd fs_bpf:file { read write };
+
+# TODO: netd previously thought it needed these permissions to do WiFi related
+# work. However, after all the WiFi stuff is gone, we still need them.
+# Why?
+allow netd self:global_capability_class_set { dac_override dac_read_search chown };
+
+# Needed to update /data/misc/net/rt_tables
+allow netd net_data_file:file create_file_perms;
+allow netd net_data_file:dir rw_dir_perms;
+allow netd self:global_capability_class_set fowner;
+
+# Needed to lock the iptables lock.
+allow netd system_file:file lock;
+
+# Allow netd to spawn dnsmasq in it's own domain
+allow netd dnsmasq:process signal;
+
+set_prop(netd, ctl_mdnsd_prop)
+set_prop(netd, netd_stable_secret_prop)
+
+# Allow netd to publish a binder service and make binder calls.
+binder_use(netd)
+add_service(netd, netd_service)
+add_service(netd, dnsresolver_service)
+allow netd dumpstate:fifo_file { getattr write };
+
+# Allow netd to call into the system server so it can check permissions.
+allow netd system_server:binder call;
+allow netd permission_service:service_manager find;
+
+# Allow netd to talk to the framework service which collects netd events.
+allow netd netd_listener_service:service_manager find;
+
+# Allow netd to operate on sockets that are passed to it.
+allow netd netdomain:{
+ icmp_socket
+ tcp_socket
+ udp_socket
+ rawip_socket
+ tun_socket
+} { read write getattr setattr getopt setopt };
+allow netd netdomain:fd use;
+
+# give netd permission to read and write netlink xfrm
+allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
+
+# Allow netd to register as hal server.
+add_hwservice(netd, system_net_netd_hwservice)
+hwbinder_use(netd)
+get_prop(netd, hwservicemanager_prop)
+get_prop(netd, device_config_netd_native_prop)
+
+###
+### Neverallow rules
+###
+### netd should NEVER do any of this
+
+# Block device access.
+neverallow netd dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow netd { domain }:process ptrace;
+
+# Write to /system.
+neverallow netd system_file:dir_file_class_set write;
+
+# Write to files in /data/data or system files on /data
+neverallow netd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
+
+# only system_server, dumpstate and network stack app may find netd service
+neverallow {
+ domain
+ -system_server
+ -dumpstate
+ -network_stack
+ -netd
+ -netutils_wrapper
+} netd_service:service_manager find;
+
+# only system_server, dumpstate and network stack app may find dnsresolver service
+neverallow {
+ domain
+ -system_server
+ -dumpstate
+ -network_stack
+ -netd
+ -netutils_wrapper
+} dnsresolver_service:service_manager find;
+
+# apps may not interact with netd over binder.
+neverallow { appdomain -network_stack } netd:binder call;
+neverallow netd { appdomain -network_stack userdebug_or_eng(`-su') }:binder call;
+
+# persist.netd.stable_secret contains RFC 7217 secret key which should never be
+# leaked to other processes. Make sure it never leaks.
+neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms;
+
+# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
+# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
+neverallow { domain -netd -init } netd_stable_secret_prop:property_service set;
+
+# If an already existing file is opened with O_CREATE, the kernel might generate
+# a false report of a create denial. Silence these denials and make sure that
+# inappropriate permissions are not granted.
+neverallow netd proc_net:dir no_w_dir_perms;
+dontaudit netd proc_net:dir write;
+
+neverallow netd sysfs_net:dir no_w_dir_perms;
+dontaudit netd sysfs_net:dir write;
+
+# Netd should not have SYS_ADMIN privs.
+neverallow netd self:capability sys_admin;
+dontaudit netd self:capability sys_admin;
+
+# Netd should not have SYS_MODULE privs, nor should it be requesting module loads
+# (things it requires should be built directly into the kernel)
+dontaudit netd self:capability sys_module;
+
+dontaudit netd kernel:system module_request;
diff --git a/prebuilts/api/30.0/public/netutils_wrapper.te b/prebuilts/api/30.0/public/netutils_wrapper.te
new file mode 100644
index 0000000..27aa749
--- /dev/null
+++ b/prebuilts/api/30.0/public/netutils_wrapper.te
@@ -0,0 +1,4 @@
+type netutils_wrapper, domain;
+type netutils_wrapper_exec, system_file_type, exec_type, file_type;
+
+neverallow domain netutils_wrapper_exec:file execute_no_trans;
diff --git a/prebuilts/api/30.0/public/network_stack.te b/prebuilts/api/30.0/public/network_stack.te
new file mode 100644
index 0000000..feff664
--- /dev/null
+++ b/prebuilts/api/30.0/public/network_stack.te
@@ -0,0 +1,2 @@
+# Network stack service app
+type network_stack, domain;
diff --git a/prebuilts/api/30.0/public/neverallow_macros b/prebuilts/api/30.0/public/neverallow_macros
new file mode 100644
index 0000000..59fa441
--- /dev/null
+++ b/prebuilts/api/30.0/public/neverallow_macros
@@ -0,0 +1,15 @@
+#
+# Common neverallow permissions
+define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }')
+define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }')
+define(`no_x_file_perms', `{ execute execute_no_trans }')
+define(`no_w_dir_perms', `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }')
+
+#####################################
+# neverallow_establish_socket_comms(src, dst)
+# neverallow src domain establishing socket connections to dst domain.
+#
+define(`neverallow_establish_socket_comms', `
+ neverallow $1 $2:socket_class_set { connect sendto };
+ neverallow $1 $2:unix_stream_socket connectto;
+')
diff --git a/prebuilts/api/30.0/public/nfc.te b/prebuilts/api/30.0/public/nfc.te
new file mode 100644
index 0000000..e3a03e7
--- /dev/null
+++ b/prebuilts/api/30.0/public/nfc.te
@@ -0,0 +1,2 @@
+# nfc subsystem
+type nfc, domain;
diff --git a/prebuilts/api/30.0/public/perfetto.te b/prebuilts/api/30.0/public/perfetto.te
new file mode 100644
index 0000000..cec0e6f
--- /dev/null
+++ b/prebuilts/api/30.0/public/perfetto.te
@@ -0,0 +1 @@
+type perfetto, domain, coredomain;
diff --git a/prebuilts/api/30.0/public/performanced.te b/prebuilts/api/30.0/public/performanced.te
new file mode 100644
index 0000000..7dcb5ea
--- /dev/null
+++ b/prebuilts/api/30.0/public/performanced.te
@@ -0,0 +1,30 @@
+# performanced
+type performanced, domain, mlstrustedsubject;
+type performanced_exec, system_file_type, exec_type, file_type;
+
+# Needed to check for app permissions.
+binder_use(performanced)
+binder_call(performanced, system_server)
+allow performanced permission_service:service_manager find;
+
+pdx_server(performanced, performance_client)
+
+# TODO: use file caps to obtain sys_nice instead of setuid / setgid.
+allow performanced self:global_capability_class_set { setuid setgid sys_nice };
+
+# Access /proc to validate we're only affecting threads in the same thread group.
+# Performanced also shields unbound kernel threads. It scans every task in the
+# root cpu set, but only affects the kernel threads.
+r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger })
+dontaudit performanced domain:dir read;
+allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched;
+
+# These /proc accesses only show up in permissive mode but they
+# generate a lot of noise in the log.
+userdebug_or_eng(`
+ dontaudit performanced domain:dir open;
+ dontaudit performanced domain:file { open read getattr };
+')
+
+# Access /dev/cpuset/cpuset.cpus
+r_dir_file(performanced, cgroup)
diff --git a/prebuilts/api/30.0/public/platform_app.te b/prebuilts/api/30.0/public/platform_app.te
new file mode 100644
index 0000000..9b1faf0
--- /dev/null
+++ b/prebuilts/api/30.0/public/platform_app.te
@@ -0,0 +1,5 @@
+###
+### Apps signed with the platform key.
+###
+
+type platform_app, domain;
diff --git a/prebuilts/api/30.0/public/postinstall.te b/prebuilts/api/30.0/public/postinstall.te
new file mode 100644
index 0000000..bcea2dc
--- /dev/null
+++ b/prebuilts/api/30.0/public/postinstall.te
@@ -0,0 +1,45 @@
+# Domain where the postinstall program runs during the update.
+# Extend the permissions in this domain to allow this program to access other
+# files needed by the specific device on your device's sepolicy directory.
+type postinstall, domain;
+
+# Allow postinstall to write to its stdout/stderr when redirected via pipes to
+# update_engine.
+allow postinstall update_engine_common:fd use;
+allow postinstall update_engine_common:fifo_file rw_file_perms;
+
+# Allow postinstall to read and execute directories and files in the same
+# mounted location.
+allow postinstall postinstall_file:file rx_file_perms;
+allow postinstall postinstall_file:lnk_file r_file_perms;
+allow postinstall postinstall_file:dir r_dir_perms;
+
+# Allow postinstall to execute the shell or other system executables.
+allow postinstall shell_exec:file rx_file_perms;
+allow postinstall system_file:file rx_file_perms;
+allow postinstall toolbox_exec:file rx_file_perms;
+
+# Allow postinstall to execute shell in recovery.
+recovery_only(`
+ allow postinstall rootfs:file rx_file_perms;
+')
+
+#
+# For OTA dexopt.
+#
+
+# Allow postinstall scripts to talk to the system server.
+binder_use(postinstall)
+binder_call(postinstall, system_server)
+
+# Need to talk to the otadexopt service.
+allow postinstall otadexopt_service:service_manager find;
+
+# Allow postinstall scripts to trigger f2fs garbage collection
+allow postinstall sysfs_fs_f2fs:file rw_file_perms;
+allow postinstall sysfs_fs_f2fs:dir r_dir_perms;
+
+# No domain other than update_engine and recovery (via update_engine_sideload)
+# should transition to postinstall, as it is only meant to run during the
+# update.
+neverallow { domain -update_engine -recovery } postinstall:process { transition dyntransition };
diff --git a/prebuilts/api/30.0/public/ppp.te b/prebuilts/api/30.0/public/ppp.te
new file mode 100644
index 0000000..b736def
--- /dev/null
+++ b/prebuilts/api/30.0/public/ppp.te
@@ -0,0 +1,23 @@
+# Point to Point Protocol daemon
+type ppp, domain;
+type ppp_device, dev_type;
+type ppp_exec, system_file_type, exec_type, file_type;
+
+net_domain(ppp)
+
+r_dir_file(ppp, proc_net_type)
+
+allow ppp mtp:{ socket pppox_socket } rw_socket_perms;
+
+# ioctls needed for VPN.
+allowxperm ppp self:udp_socket ioctl priv_sock_ioctls;
+allowxperm ppp mtp:{ socket pppox_socket } ioctl ppp_ioctls;
+
+allow ppp mtp:unix_dgram_socket rw_socket_perms;
+allow ppp ppp_device:chr_file rw_file_perms;
+allow ppp self:global_capability_class_set net_admin;
+allow ppp system_file:file rx_file_perms;
+not_full_treble(`allow ppp vendor_file:file rx_file_perms;')
+allow ppp vpn_data_file:dir w_dir_perms;
+allow ppp vpn_data_file:file create_file_perms;
+allow ppp mtp:fd use;
diff --git a/prebuilts/api/30.0/public/priv_app.te b/prebuilts/api/30.0/public/priv_app.te
new file mode 100644
index 0000000..0761fc3
--- /dev/null
+++ b/prebuilts/api/30.0/public/priv_app.te
@@ -0,0 +1,5 @@
+###
+### A domain for further sandboxing privileged apps.
+###
+
+type priv_app, domain;
diff --git a/prebuilts/api/30.0/public/profman.te b/prebuilts/api/30.0/public/profman.te
new file mode 100644
index 0000000..8ff6271
--- /dev/null
+++ b/prebuilts/api/30.0/public/profman.te
@@ -0,0 +1,29 @@
+# profman
+type profman, domain;
+type profman_exec, system_file_type, exec_type, file_type;
+
+allow profman user_profile_data_file:file { getattr read write lock map };
+
+# Dumping profile info opens the application APK file for pretty printing.
+allow profman asec_apk_file:file { read map };
+allow profman apk_data_file:file { getattr read map };
+allow profman apk_data_file:dir { getattr read search };
+
+allow profman oemfs:file { read map };
+# Reading an APK opens a ZipArchive, which unpack to tmpfs.
+allow profman tmpfs:file { read map };
+allow profman profman_dump_data_file:file { write map };
+
+allow profman installd:fd use;
+
+# Allow profman to analyze profiles for the secondary dex files. These
+# are application dex files reported back to the framework when using
+# BaseDexClassLoader.
+allow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
+allow profman { privapp_data_file app_data_file }:dir { getattr read search };
+
+###
+### neverallow rules
+###
+
+neverallow profman { privapp_data_file app_data_file }:notdevfile_class_set open;
diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te
new file mode 100644
index 0000000..9a93518
--- /dev/null
+++ b/prebuilts/api/30.0/public/property.te
@@ -0,0 +1,620 @@
+# Properties used only in /system
+system_internal_prop(apexd_prop)
+system_internal_prop(bootloader_boot_reason_prop)
+system_internal_prop(device_config_activity_manager_native_boot_prop)
+system_internal_prop(device_config_boot_count_prop)
+system_internal_prop(device_config_input_native_boot_prop)
+system_internal_prop(device_config_media_native_prop)
+system_internal_prop(device_config_netd_native_prop)
+system_internal_prop(device_config_reset_performed_prop)
+system_internal_prop(device_config_runtime_native_boot_prop)
+system_internal_prop(device_config_runtime_native_prop)
+system_internal_prop(device_config_storage_native_boot_prop)
+system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(device_config_window_manager_native_boot_prop)
+system_internal_prop(device_config_configuration_prop)
+system_internal_prop(firstboot_prop)
+system_internal_prop(fastbootd_protocol_prop)
+system_internal_prop(gsid_prop)
+system_internal_prop(init_perf_lsm_hooks_prop)
+system_internal_prop(init_svc_debug_prop)
+system_internal_prop(last_boot_reason_prop)
+system_internal_prop(netd_stable_secret_prop)
+system_internal_prop(pm_prop)
+system_internal_prop(userspace_reboot_log_prop)
+system_internal_prop(userspace_reboot_test_prop)
+system_internal_prop(system_adbd_prop)
+system_internal_prop(adbd_prop)
+system_internal_prop(traced_perf_enabled_prop)
+
+compatible_property_only(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_internal_prop(boottime_prop)
+ system_internal_prop(bpf_progs_loaded_prop)
+ system_internal_prop(charger_prop)
+ system_internal_prop(cold_boot_done_prop)
+ system_internal_prop(ctl_adbd_prop)
+ system_internal_prop(ctl_apexd_prop)
+ system_internal_prop(ctl_bootanim_prop)
+ system_internal_prop(ctl_bugreport_prop)
+ system_internal_prop(ctl_console_prop)
+ system_internal_prop(ctl_dumpstate_prop)
+ system_internal_prop(ctl_fuse_prop)
+ system_internal_prop(ctl_gsid_prop)
+ system_internal_prop(ctl_interface_restart_prop)
+ system_internal_prop(ctl_interface_stop_prop)
+ system_internal_prop(ctl_mdnsd_prop)
+ system_internal_prop(ctl_restart_prop)
+ system_internal_prop(ctl_rildaemon_prop)
+ system_internal_prop(ctl_sigstop_prop)
+ system_internal_prop(dynamic_system_prop)
+ system_internal_prop(heapprofd_enabled_prop)
+ system_internal_prop(llkd_prop)
+ system_internal_prop(lpdumpd_prop)
+ system_internal_prop(mmc_prop)
+ system_internal_prop(mock_ota_prop)
+ system_internal_prop(net_dns_prop)
+ system_internal_prop(overlay_prop)
+ system_internal_prop(persistent_properties_ready_prop)
+ system_internal_prop(safemode_prop)
+ system_internal_prop(system_lmk_prop)
+ system_internal_prop(system_trace_prop)
+ system_internal_prop(test_boot_reason_prop)
+ system_internal_prop(time_prop)
+ system_internal_prop(traced_enabled_prop)
+ system_internal_prop(traced_lazy_prop)
+')
+
+# Properties which can't be written outside system
+
+# Properties used by binder caches
+system_restricted_prop(binder_cache_bluetooth_server_prop)
+system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(binder_cache_telephony_server_prop)
+system_restricted_prop(boottime_public_prop)
+system_restricted_prop(bq_config_prop)
+system_restricted_prop(module_sdkextensions_prop)
+system_restricted_prop(nnapi_ext_deny_product_prop)
+system_restricted_prop(restorecon_prop)
+system_restricted_prop(socket_hook_prop)
+system_restricted_prop(surfaceflinger_display_prop)
+system_restricted_prop(system_boot_reason_prop)
+system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(userspace_reboot_exported_prop)
+
+compatible_property_only(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_restricted_prop(config_prop)
+ system_restricted_prop(cppreopt_prop)
+ system_restricted_prop(dalvik_prop)
+ system_restricted_prop(debuggerd_prop)
+ system_restricted_prop(default_prop)
+ system_restricted_prop(device_logging_prop)
+ system_restricted_prop(dhcp_prop)
+ system_restricted_prop(dumpstate_prop)
+ system_restricted_prop(exported2_default_prop)
+ system_restricted_prop(exported3_system_prop)
+ system_restricted_prop(exported_dumpstate_prop)
+ system_restricted_prop(exported_fingerprint_prop)
+ system_restricted_prop(exported_secure_prop)
+ system_restricted_prop(exported_vold_prop)
+ system_restricted_prop(ffs_prop)
+ system_restricted_prop(fingerprint_prop)
+ system_restricted_prop(heapprofd_prop)
+ system_restricted_prop(net_radio_prop)
+ system_restricted_prop(pan_result_prop)
+ system_restricted_prop(persist_debug_prop)
+ system_restricted_prop(shell_prop)
+ system_restricted_prop(system_radio_prop)
+ system_restricted_prop(test_harness_prop)
+ system_restricted_prop(theme_prop)
+ system_restricted_prop(use_memfd_prop)
+ system_restricted_prop(vold_prop)
+')
+
+# Properties which can be written only by vendor_init
+system_vendor_config_prop(apk_verity_prop)
+system_vendor_config_prop(cpu_variant_prop)
+system_vendor_config_prop(exported_audio_prop)
+system_vendor_config_prop(exported_camera_prop)
+system_vendor_config_prop(exported_config_prop)
+system_vendor_config_prop(exported_default_prop)
+system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(graphics_config_prop)
+system_vendor_config_prop(incremental_prop)
+system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
+system_vendor_config_prop(userspace_reboot_config_prop)
+system_vendor_config_prop(vehicle_hal_prop)
+system_vendor_config_prop(vendor_security_patch_level_prop)
+system_vendor_config_prop(vendor_socket_hook_prop)
+system_vendor_config_prop(vndk_prop)
+system_vendor_config_prop(virtual_ab_prop)
+
+# Properties with no restrictions
+system_public_prop(audio_prop)
+system_public_prop(bluetooth_a2dp_offload_prop)
+system_public_prop(bluetooth_audio_hal_prop)
+system_public_prop(bluetooth_prop)
+system_public_prop(ctl_default_prop)
+system_public_prop(ctl_interface_start_prop)
+system_public_prop(ctl_start_prop)
+system_public_prop(ctl_stop_prop)
+system_public_prop(debug_prop)
+system_public_prop(dumpstate_options_prop)
+system_public_prop(exported_system_prop)
+system_public_prop(exported2_config_prop)
+system_public_prop(exported2_radio_prop)
+system_public_prop(exported2_system_prop)
+system_public_prop(exported2_vold_prop)
+system_public_prop(exported3_radio_prop)
+system_public_prop(exported_bluetooth_prop)
+system_public_prop(exported_dalvik_prop)
+system_public_prop(exported_ffs_prop)
+system_public_prop(exported_overlay_prop)
+system_public_prop(exported_pm_prop)
+system_public_prop(exported_radio_prop)
+system_public_prop(exported_system_radio_prop)
+system_public_prop(exported_wifi_prop)
+system_public_prop(sota_prop)
+system_public_prop(hwservicemanager_prop)
+system_public_prop(lmkd_prop)
+system_public_prop(logd_prop)
+system_public_prop(logpersistd_logging_prop)
+system_public_prop(log_prop)
+system_public_prop(log_tag_prop)
+system_public_prop(lowpan_prop)
+system_public_prop(nfc_prop)
+system_public_prop(ota_prop)
+system_public_prop(powerctl_prop)
+system_public_prop(radio_prop)
+system_public_prop(serialno_prop)
+system_public_prop(system_prop)
+system_public_prop(wifi_log_prop)
+system_public_prop(wifi_prop)
+
+# Properties used in default HAL implementations
+vendor_internal_prop(rebootescrow_hal_prop)
+
+# Properties which are public for devices launching with Android O or earlier
+# This should not be used for any new properties.
+not_compatible_property(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_public_prop(boottime_prop)
+ system_public_prop(bpf_progs_loaded_prop)
+ system_public_prop(charger_prop)
+ system_public_prop(cold_boot_done_prop)
+ system_public_prop(ctl_adbd_prop)
+ system_public_prop(ctl_apexd_prop)
+ system_public_prop(ctl_bootanim_prop)
+ system_public_prop(ctl_bugreport_prop)
+ system_public_prop(ctl_console_prop)
+ system_public_prop(ctl_dumpstate_prop)
+ system_public_prop(ctl_fuse_prop)
+ system_public_prop(ctl_gsid_prop)
+ system_public_prop(ctl_interface_restart_prop)
+ system_public_prop(ctl_interface_stop_prop)
+ system_public_prop(ctl_mdnsd_prop)
+ system_public_prop(ctl_restart_prop)
+ system_public_prop(ctl_rildaemon_prop)
+ system_public_prop(ctl_sigstop_prop)
+ system_public_prop(dynamic_system_prop)
+ system_public_prop(heapprofd_enabled_prop)
+ system_public_prop(llkd_prop)
+ system_public_prop(lpdumpd_prop)
+ system_public_prop(mmc_prop)
+ system_public_prop(mock_ota_prop)
+ system_public_prop(net_dns_prop)
+ system_public_prop(overlay_prop)
+ system_public_prop(persistent_properties_ready_prop)
+ system_public_prop(safemode_prop)
+ system_public_prop(system_lmk_prop)
+ system_public_prop(system_trace_prop)
+ system_public_prop(test_boot_reason_prop)
+ system_public_prop(time_prop)
+ system_public_prop(traced_enabled_prop)
+ system_public_prop(traced_lazy_prop)
+
+ system_public_prop(config_prop)
+ system_public_prop(cppreopt_prop)
+ system_public_prop(dalvik_prop)
+ system_public_prop(debuggerd_prop)
+ system_public_prop(default_prop)
+ system_public_prop(device_logging_prop)
+ system_public_prop(dhcp_prop)
+ system_public_prop(dumpstate_prop)
+ system_public_prop(exported2_default_prop)
+ system_public_prop(exported3_system_prop)
+ system_public_prop(exported_dumpstate_prop)
+ system_public_prop(exported_fingerprint_prop)
+ system_public_prop(exported_secure_prop)
+ system_public_prop(exported_vold_prop)
+ system_public_prop(ffs_prop)
+ system_public_prop(fingerprint_prop)
+ system_public_prop(heapprofd_prop)
+ system_public_prop(net_radio_prop)
+ system_public_prop(pan_result_prop)
+ system_public_prop(persist_debug_prop)
+ system_public_prop(shell_prop)
+ system_public_prop(system_radio_prop)
+ system_public_prop(test_harness_prop)
+ system_public_prop(theme_prop)
+ system_public_prop(use_memfd_prop)
+ system_public_prop(vold_prop)
+')
+
+type vendor_default_prop, property_type;
+
+typeattribute log_prop log_property_type;
+typeattribute log_tag_prop log_property_type;
+typeattribute wifi_log_prop log_property_type;
+
+allow property_type tmpfs:filesystem associate;
+
+###
+### Neverallow rules
+###
+
+treble_sysprop_neverallow(`
+
+# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
+# neverallow domain {
+# property_type
+# -system_property_type
+# -product_property_type
+# -vendor_property_type
+# }:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ system_internal_property_type
+ -system_restricted_property_type
+ -system_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ -system_public_property_type
+}:property_service set;
+
+# init is in coredomain, but should be able to read/write all props.
+# dumpstate is also in coredomain, but should be able to read all props.
+neverallow { coredomain -init -dumpstate } {
+ vendor_property_type
+ vendor_internal_property_type
+ -vendor_restricted_property_type
+ -vendor_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { coredomain -init } {
+ vendor_property_type
+ -vendor_public_property_type
+}:property_service set;
+
+')
+
+# There is no need to perform ioctl or advisory locking operations on
+# property files. If this neverallow is being triggered, it is
+# likely that the policy is using r_file_perms directly instead of
+# the get_prop() macro.
+neverallow domain property_type:file { ioctl lock };
+
+# core_property_type should not be used for new properties or
+# device specific properties. Properties with this attribute
+# are readable to everyone, which is overly broad and should
+# be avoided.
+# New properties should have appropriate read / write access
+# control rules written.
+
+typeattribute audio_prop core_property_type;
+typeattribute config_prop core_property_type;
+typeattribute cppreopt_prop core_property_type;
+typeattribute dalvik_prop core_property_type;
+typeattribute debuggerd_prop core_property_type;
+typeattribute debug_prop core_property_type;
+typeattribute default_prop core_property_type;
+typeattribute dhcp_prop core_property_type;
+typeattribute dumpstate_prop core_property_type;
+typeattribute ffs_prop core_property_type;
+typeattribute fingerprint_prop core_property_type;
+typeattribute logd_prop core_property_type;
+typeattribute net_radio_prop core_property_type;
+typeattribute nfc_prop core_property_type;
+typeattribute ota_prop core_property_type;
+typeattribute pan_result_prop core_property_type;
+typeattribute persist_debug_prop core_property_type;
+typeattribute powerctl_prop core_property_type;
+typeattribute radio_prop core_property_type;
+typeattribute restorecon_prop core_property_type;
+typeattribute shell_prop core_property_type;
+typeattribute system_prop core_property_type;
+typeattribute system_radio_prop core_property_type;
+typeattribute vold_prop core_property_type;
+
+neverallow * {
+ core_property_type
+ -audio_prop
+ -config_prop
+ -cppreopt_prop
+ -dalvik_prop
+ -debuggerd_prop
+ -debug_prop
+ -default_prop
+ -dhcp_prop
+ -dumpstate_prop
+ -ffs_prop
+ -fingerprint_prop
+ -logd_prop
+ -net_radio_prop
+ -nfc_prop
+ -ota_prop
+ -pan_result_prop
+ -persist_debug_prop
+ -powerctl_prop
+ -radio_prop
+ -restorecon_prop
+ -shell_prop
+ -system_prop
+ -system_radio_prop
+ -vold_prop
+}:file no_rw_file_perms;
+
+# sigstop property is only used for debugging; should only be set by su which is permissive
+# for userdebug/eng
+neverallow {
+ domain
+ -init
+ -vendor_init
+} ctl_sigstop_prop:property_service set;
+
+# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
+# in the audit log
+dontaudit domain {
+ ctl_bootanim_prop
+ ctl_bugreport_prop
+ ctl_console_prop
+ ctl_default_prop
+ ctl_dumpstate_prop
+ ctl_fuse_prop
+ ctl_mdnsd_prop
+ ctl_rildaemon_prop
+}:property_service set;
+
+neverallow {
+ domain
+ -init
+} init_svc_debug_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -dumpstate
+ userdebug_or_eng(`-su')
+} init_svc_debug_prop:file no_rw_file_perms;
+
+compatible_property_only(`
+# Prevent properties from being set
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ extended_core_property_type
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ -nfc_prop
+ -powerctl_prop
+ -radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_nfc_server
+ } {
+ nfc_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ -vendor_init
+ } {
+ exported_radio_prop
+ exported3_radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ } {
+ exported2_radio_prop
+ radio_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ } {
+ bluetooth_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ -vendor_init
+ } {
+ exported_bluetooth_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_camera_server
+ -cameraserver
+ -vendor_init
+ } {
+ exported_camera_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ } {
+ wifi_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ -vendor_init
+ } {
+ exported_wifi_prop
+ }:property_service set;
+
+# Prevent properties from being read
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -vendor_init
+ } {
+ core_property_type
+ extended_core_property_type
+ exported_dalvik_prop
+ exported_ffs_prop
+ exported_system_radio_prop
+ exported2_config_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_system_prop
+ -debug_prop
+ -logd_prop
+ -nfc_prop
+ -powerctl_prop
+ -radio_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_nfc_server
+ } {
+ nfc_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -appdomain
+ -hal_telephony_server
+ } {
+ radio_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -bluetooth
+ -hal_bluetooth_server
+ } {
+ bluetooth_prop
+ }:file no_rw_file_perms;
+
+ neverallow {
+ domain
+ -coredomain
+ -hal_wifi_server
+ -wificond
+ } {
+ wifi_prop
+ }:file no_rw_file_perms;
+')
+
+compatible_property_only(`
+ # Neverallow coredomain to set vendor properties
+ neverallow {
+ coredomain
+ -init
+ -system_writes_vendor_properties_violators
+ } {
+ property_type
+ -system_property_type
+ -extended_core_property_type
+ }:property_service set;
+')
+
+neverallow {
+ -init
+ -system_server
+} {
+ userspace_reboot_log_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and system_server to set system_adbd_prop
+ -init
+ -system_server
+} {
+ system_adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and adbd to set adbd_prop
+ -init
+ -adbd
+} {
+ adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and shell to set userspace_reboot_test_prop
+ -init
+ -shell
+} {
+ userspace_reboot_test_prop
+}:property_service set;
+
+neverallow {
+ -init
+ -vendor_init
+} {
+ graphics_config_prop
+}:property_service set;
+
+neverallow {
+ -init
+ -surfaceflinger
+} {
+ surfaceflinger_display_prop
+}:property_service set;
diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts
new file mode 100644
index 0000000..6a99e3f
--- /dev/null
+++ b/prebuilts/api/30.0/public/property_contexts
@@ -0,0 +1,476 @@
+# vendor-init-readable
+persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool
+
+# vendor-init-settable
+af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
+audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool
+audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.video u:object_r:exported3_default_prop:s0 exact bool
+audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int
+camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool
+camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
+dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
+drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
+keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
+media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
+media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
+persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
+persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
+persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int
+persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
+persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
+persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool
+persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int
+persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
+persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int
+pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
+pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
+ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
+ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
+ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
+ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
+ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
+ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
+ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
+ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
+ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
+ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
+ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
+ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
+ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
+ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
+ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string
+ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
+ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
+ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
+ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
+ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
+ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
+ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
+ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string
+ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
+ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
+ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
+ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
+ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
+ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
+ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
+ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int
+ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
+ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
+ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
+ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
+ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
+ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
+ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
+ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
+ro.zygote u:object_r:exported3_default_prop:s0 exact string
+sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string
+sys.usb.controller u:object_r:exported2_system_prop:s0 exact string
+sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int
+sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int
+sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
+sys.usb.state u:object_r:exported2_system_prop:s0 exact string
+telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
+telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
+tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
+wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
+zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
+
+# vendor-init-readable
+apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
+dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
+persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
+persist.sys.theme u:object_r:theme_prop:s0 exact string
+persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
+sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
+sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int
+sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
+sys.vdso u:object_r:exported3_system_prop:s0 exact string
+
+# vendor-init-settable
+persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
+sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
+sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
+
+# public-readable
+aac_drc_boost u:object_r:exported2_default_prop:s0 exact int
+aac_drc_cut u:object_r:exported2_default_prop:s0 exact int
+aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
+aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
+aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
+drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
+dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
+dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool
+hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string
+init.svc.console u:object_r:exported2_default_prop:s0 exact string
+init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string
+init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string
+init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string
+init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string
+init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
+libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
+libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
+persist.sys.locale u:object_r:exported_system_prop:s0 exact string
+persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
+ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool
+ro.arch u:object_r:exported2_default_prop:s0 exact string
+ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
+ro.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
+ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
+ro.boot.console u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
+ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string
+ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string
+ro.boot.mode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string
+ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string
+ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string
+ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string
+ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string
+ro.bootloader u:object_r:exported2_default_prop:s0 exact string
+ro.build.date u:object_r:exported2_default_prop:s0 exact string
+ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int
+ro.build.description u:object_r:exported2_default_prop:s0 exact string
+ro.build.display.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string
+ro.build.host u:object_r:exported2_default_prop:s0 exact string
+ro.build.id u:object_r:exported2_default_prop:s0 exact string
+ro.build.product u:object_r:exported2_default_prop:s0 exact string
+ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool
+ro.build.tags u:object_r:exported2_default_prop:s0 exact string
+ro.build.user u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
+ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
+ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported
+ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none
+ro.debuggable u:object_r:exported2_default_prop:s0 exact int
+ro.hardware u:object_r:exported2_default_prop:s0 exact string
+ro.product.brand u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string
+ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string
+ro.product.device u:object_r:exported2_default_prop:s0 exact string
+ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string
+ro.product.model u:object_r:exported2_default_prop:s0 exact string
+ro.product.name u:object_r:exported2_default_prop:s0 exact string
+ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+ro.revision u:object_r:exported2_default_prop:s0 exact string
+ro.secure u:object_r:exported_secure_prop:s0 exact int
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
+service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
+sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
+sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
+vold.decrypt u:object_r:exported_vold_prop:s0 exact string
+
+# vendor-init-settable|public-readable
+aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int
+aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
+aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
+gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
+media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
+persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
+rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.board.platform u:object_r:exported_default_prop:s0 exact string
+ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
+ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string
+ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
+ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
+ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
+ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
+ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
+ro.carrier u:object_r:exported_default_prop:s0 exact string
+ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool
+ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int
+ro.frp.pst u:object_r:exported_default_prop:s0 exact string
+ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string
+ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string
+ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.camera u:object_r:exported_default_prop:s0 exact string
+ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
+ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
+ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gps u:object_r:exported_default_prop:s0 exact string
+ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string
+ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string
+ro.hardware.input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string
+ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string
+ro.hardware.lights u:object_r:exported_default_prop:s0 exact string
+ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string
+ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string
+ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string
+ro.hardware.power u:object_r:exported_default_prop:s0 exact string
+ro.hardware.radio u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string
+ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string
+ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string
+ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string
+ro.hardware.type u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string
+ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string
+ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string
+ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool
+ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
+ro.kernel.qemu. u:object_r:exported_default_prop:s0
+ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool
+ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
+ro.product.board u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
+ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string
+ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int
+ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.device u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.model u:object_r:exported_default_prop:s0 exact string
+ro.product.odm.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
+ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
+ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
+ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
+ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.sdk u:object_r:exported_default_prop:s0 exact int
+ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
+ro.vndk.version u:object_r:vndk_prop:s0 exact string
+ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
+wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
+wifi.interface u:object_r:exported_default_prop:s0 exact string
+ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
+
+# public-readable
+ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
+ro.bootmode u:object_r:exported2_default_prop:s0 exact string
+ro.build.type u:object_r:exported2_default_prop:s0 exact string
+sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string
+
+# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable
+ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int
+ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90
+ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
+cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
+cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
+cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
+cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
+
+# Graphics related properties
+graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool
+graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string
diff --git a/prebuilts/api/30.0/public/racoon.te b/prebuilts/api/30.0/public/racoon.te
new file mode 100644
index 0000000..6888740
--- /dev/null
+++ b/prebuilts/api/30.0/public/racoon.te
@@ -0,0 +1,34 @@
+# IKE key management daemon
+type racoon, domain;
+type racoon_exec, system_file_type, exec_type, file_type;
+
+typeattribute racoon mlstrustedsubject;
+
+net_domain(racoon)
+allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
+
+binder_use(racoon)
+
+allow racoon tun_device:chr_file r_file_perms;
+allowxperm racoon tun_device:chr_file ioctl TUNSETIFF;
+allow racoon cgroup:dir { add_name create };
+allow racoon kernel:system module_request;
+
+allow racoon self:key_socket create_socket_perms_no_ioctl;
+allow racoon self:tun_socket create_socket_perms_no_ioctl;
+allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw };
+
+# XXX: should we give ip-up-vpn its own label (currently racoon domain)
+allow racoon system_file:file rx_file_perms;
+not_full_treble(`allow racoon vendor_file:file rx_file_perms;')
+allow racoon vpn_data_file:file create_file_perms;
+allow racoon vpn_data_file:dir w_dir_perms;
+
+use_keystore(racoon)
+
+# Racoon (VPN) has a restricted set of permissions from the default.
+allow racoon keystore:keystore_key {
+ get
+ sign
+ verify
+};
diff --git a/prebuilts/api/30.0/public/radio.te b/prebuilts/api/30.0/public/radio.te
new file mode 100644
index 0000000..34eaf83
--- /dev/null
+++ b/prebuilts/api/30.0/public/radio.te
@@ -0,0 +1,45 @@
+# phone subsystem
+type radio, domain, mlstrustedsubject;
+
+net_domain(radio)
+bluetooth_domain(radio)
+binder_service(radio)
+
+# Talks to hal_telephony_server via the rild socket only for devices without full treble
+not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
+
+# Data file accesses.
+allow radio radio_data_file:dir create_dir_perms;
+allow radio radio_data_file:notdevfile_class_set create_file_perms;
+
+
+allow radio net_data_file:dir search;
+allow radio net_data_file:file r_file_perms;
+
+# Property service
+set_prop(radio, radio_prop)
+set_prop(radio, exported_radio_prop)
+set_prop(radio, exported2_radio_prop)
+set_prop(radio, exported3_radio_prop)
+set_prop(radio, net_radio_prop)
+
+# ctl interface
+set_prop(radio, ctl_rildaemon_prop)
+
+add_service(radio, radio_service)
+allow radio audioserver_service:service_manager find;
+allow radio cameraserver_service:service_manager find;
+allow radio drmserver_service:service_manager find;
+allow radio mediaserver_service:service_manager find;
+allow radio nfc_service:service_manager find;
+allow radio app_api_service:service_manager find;
+allow radio system_api_service:service_manager find;
+allow radio timedetector_service:service_manager find;
+allow radio timezonedetector_service:service_manager find;
+
+# Perform HwBinder IPC.
+hwbinder_use(radio)
+hal_client_domain(radio, hal_telephony)
+
+# Used by TelephonyManager
+allow radio proc_cmdline:file r_file_perms;
diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te
new file mode 100644
index 0000000..63a9cea
--- /dev/null
+++ b/prebuilts/api/30.0/public/recovery.te
@@ -0,0 +1,193 @@
+# recovery console (used in recovery init.rc for /sbin/recovery)
+
+# Declare the domain unconditionally so we can always reference it
+# in neverallow rules.
+type recovery, domain;
+
+# But the allow rules are only included in the recovery policy.
+# Otherwise recovery is only allowed the domain rules.
+recovery_only(`
+ # Allow recovery to perform an update as update_engine would do.
+ typeattribute recovery update_engine_common;
+ # Recovery can only use HALs in passthrough mode
+ passthrough_hal_client_domain(recovery, hal_bootctl)
+
+ allow recovery self:global_capability_class_set {
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ setuid
+ setgid
+ sys_admin
+ sys_tty_config
+ };
+
+ # Run helpers from / or /system without changing domain.
+ r_dir_file(recovery, rootfs)
+ allow recovery rootfs:file execute_no_trans;
+ allow recovery system_file:file execute_no_trans;
+ allow recovery toolbox_exec:file rx_file_perms;
+
+ # Mount filesystems.
+ allow recovery rootfs:dir mounton;
+ allow recovery tmpfs:dir mounton;
+ allow recovery fs_type:filesystem ~relabelto;
+ allow recovery unlabeled:filesystem ~relabelto;
+ allow recovery contextmount_type:filesystem relabelto;
+
+ # We may be asked to set an SELinux label for a type not known to the
+ # currently loaded policy. Allow it.
+ allow recovery unlabeled:{ file lnk_file } { create_file_perms relabelfrom relabelto };
+ allow recovery unlabeled:dir { create_dir_perms relabelfrom relabelto };
+
+ # Get file contexts
+ allow recovery file_contexts_file:file r_file_perms;
+
+ # Write to /proc/sys/vm/drop_caches
+ allow recovery proc_drop_caches:file w_file_perms;
+
+ # Read /proc/swaps
+ allow recovery proc_swaps:file r_file_perms;
+
+ # Read kernel config through libvintf for OTA matching
+ allow recovery config_gz:file { open read getattr };
+
+ # Write to /sys/class/android_usb/android0/enable.
+ r_dir_file(recovery, sysfs_android_usb)
+ allow recovery sysfs_android_usb:file w_file_perms;
+
+ # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq.
+ allow recovery sysfs_devices_system_cpu:file w_file_perms;
+
+ allow recovery sysfs_batteryinfo:file r_file_perms;
+
+ # Read /sysfs/fs/ext4/features
+ r_dir_file(recovery, sysfs_fs_ext4_features)
+
+ # Read from /sys/class/leds/lcd-backlight/max_brightness and write to /s/c/l/l/brightness to
+ # control backlight brightness.
+ allow recovery sysfs_leds:dir r_dir_perms;
+ allow recovery sysfs_leds:file rw_file_perms;
+ allow recovery sysfs_leds:lnk_file read;
+
+ allow recovery kernel:system syslog_read;
+
+ # Access /dev/usb-ffs/adb/ep0
+ allow recovery functionfs:dir search;
+ allow recovery functionfs:file rw_file_perms;
+ allowxperm recovery functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
+
+ # Access to /sys/fs/selinux/policyvers for compatibility check
+ allow recovery selinuxfs:file r_file_perms;
+
+ # Required to e.g. wipe userdata/cache.
+ allow recovery device:dir r_dir_perms;
+ allow recovery block_device:dir r_dir_perms;
+ allow recovery dev_type:blk_file rw_file_perms;
+ allowxperm recovery { userdata_block_device metadata_block_device cache_block_device }:blk_file ioctl BLKPBSZGET;
+
+ # GUI
+ allow recovery graphics_device:chr_file rw_file_perms;
+ allow recovery graphics_device:dir r_dir_perms;
+ allow recovery input_device:dir r_dir_perms;
+ allow recovery input_device:chr_file r_file_perms;
+ allow recovery tty_device:chr_file rw_file_perms;
+
+ # Create /tmp/recovery.log and execute /tmp/update_binary.
+ allow recovery tmpfs:file { create_file_perms x_file_perms };
+ allow recovery tmpfs:dir create_dir_perms;
+
+ # Manage files on /cache and /cache/recovery
+ allow recovery { cache_file cache_recovery_file }:dir create_dir_perms;
+ allow recovery { cache_file cache_recovery_file }:file create_file_perms;
+
+ # Read /sys/class/thermal/*/temp for thermal info.
+ r_dir_file(recovery, sysfs_thermal)
+
+ # Read files on /oem.
+ r_dir_file(recovery, oemfs);
+
+ # Reboot the device
+ set_prop(recovery, powerctl_prop)
+
+ # Read serial number of the device from system properties
+ get_prop(recovery, serialno_prop)
+
+ # Set sys.usb.ffs.ready when starting minadbd for sideload.
+ set_prop(recovery, ffs_prop)
+ set_prop(recovery, exported_ffs_prop)
+
+ # Set sys.usb.config when switching into fastboot.
+ set_prop(recovery, system_radio_prop)
+ set_prop(recovery, exported_system_radio_prop)
+
+ # Read ro.boot.bootreason
+ get_prop(recovery, bootloader_boot_reason_prop)
+
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
+ # Use setfscreatecon() to label files for OTA updates.
+ allow recovery self:process setfscreate;
+
+ # Allow recovery to create a fuse filesystem, and read files from it.
+ allow recovery fuse_device:chr_file rw_file_perms;
+ allow recovery fuse:dir r_dir_perms;
+ allow recovery fuse:file r_file_perms;
+
+ wakelock_use(recovery)
+
+ # This line seems suspect, as it should not really need to
+ # set scheduling parameters for a kernel domain task.
+ allow recovery kernel:process setsched;
+
+ # These are needed to update dynamic partitions in recovery.
+ r_dir_file(recovery, sysfs_dm)
+ allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+
+ # Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(recovery, gsid_prop)
+ allow recovery gsi_metadata_file:dir search;
+ allow recovery ota_metadata_file:dir rw_dir_perms;
+ allow recovery ota_metadata_file:file create_file_perms;
+
+ # Allow mounting /metadata for writing update states
+ allow recovery metadata_file:dir { getattr mounton };
+
+ # These are needed to allow recovery to manage network
+ allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };
+ allow recovery self:global_capability_class_set net_admin;
+ allow recovery self:tcp_socket { create ioctl };
+ allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
+
+ # Set fastbootd protocol property
+ set_prop(recovery, fastbootd_protocol_prop)
+')
+
+###
+### neverallow rules
+###
+
+# Recovery should never touch /data.
+#
+# In particular, if /data is encrypted, it is not accessible
+# to recovery anyway.
+#
+# For now, we only enforce write/execute restrictions, as domain.te
+# contains a number of read-only rules that apply to all
+# domains, including recovery.
+#
+# TODO: tighten this up further.
+neverallow recovery {
+ data_file_type
+ -cache_file
+ -cache_recovery_file
+ with_native_coverage(`-method_trace_data_file')
+}:file { no_w_file_perms no_x_file_perms };
+neverallow recovery {
+ data_file_type
+ -cache_file
+ -cache_recovery_file
+ with_native_coverage(`-method_trace_data_file')
+}:dir no_w_dir_perms;
diff --git a/prebuilts/api/30.0/public/recovery_persist.te b/prebuilts/api/30.0/public/recovery_persist.te
new file mode 100644
index 0000000..d4b4562
--- /dev/null
+++ b/prebuilts/api/30.0/public/recovery_persist.te
@@ -0,0 +1,32 @@
+# android recovery persistent log manager
+type recovery_persist, domain;
+type recovery_persist_exec, system_file_type, exec_type, file_type;
+
+allow recovery_persist pstorefs:dir search;
+allow recovery_persist pstorefs:file r_file_perms;
+
+allow recovery_persist recovery_data_file:file create_file_perms;
+allow recovery_persist recovery_data_file:dir create_dir_perms;
+
+allow recovery_persist cache_file:dir search;
+allow recovery_persist cache_file:lnk_file read;
+allow recovery_persist cache_recovery_file:dir rw_dir_perms;
+allow recovery_persist cache_recovery_file:file { r_file_perms unlink };
+
+###
+### Neverallow rules
+###
+### recovery_persist should NEVER do any of this
+
+# Block device access.
+neverallow recovery_persist dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow recovery_persist domain:process ptrace;
+
+# Write to /system.
+neverallow recovery_persist system_file:dir_file_class_set write;
+
+# Write to files in /data/data
+neverallow recovery_persist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write;
+
diff --git a/prebuilts/api/30.0/public/recovery_refresh.te b/prebuilts/api/30.0/public/recovery_refresh.te
new file mode 100644
index 0000000..d6870dc
--- /dev/null
+++ b/prebuilts/api/30.0/public/recovery_refresh.te
@@ -0,0 +1,24 @@
+# android recovery refresh log manager
+type recovery_refresh, domain;
+type recovery_refresh_exec, system_file_type, exec_type, file_type;
+
+allow recovery_refresh pstorefs:dir search;
+allow recovery_refresh pstorefs:file r_file_perms;
+# NB: domain inherits write_logd which hands us write to pmsg_device
+
+###
+### Neverallow rules
+###
+### recovery_refresh should NEVER do any of this
+
+# Block device access.
+neverallow recovery_refresh dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow recovery_refresh domain:process ptrace;
+
+# Write to /system.
+neverallow recovery_refresh system_file:dir_file_class_set write;
+
+# Write to files in /data/data or system files on /data
+neverallow recovery_refresh { app_data_file privapp_data_file system_data_file }:dir_file_class_set write;
diff --git a/prebuilts/api/30.0/public/roles b/prebuilts/api/30.0/public/roles
new file mode 100644
index 0000000..ca92934
--- /dev/null
+++ b/prebuilts/api/30.0/public/roles
@@ -0,0 +1 @@
+role r types domain;
diff --git a/prebuilts/api/30.0/public/rs.te b/prebuilts/api/30.0/public/rs.te
new file mode 100644
index 0000000..16b6e96
--- /dev/null
+++ b/prebuilts/api/30.0/public/rs.te
@@ -0,0 +1,2 @@
+type rs, domain, coredomain;
+type rs_exec, system_file_type, exec_type, file_type;
diff --git a/prebuilts/api/30.0/public/rss_hwm_reset.te b/prebuilts/api/30.0/public/rss_hwm_reset.te
new file mode 100644
index 0000000..163e1ac
--- /dev/null
+++ b/prebuilts/api/30.0/public/rss_hwm_reset.te
@@ -0,0 +1,2 @@
+# rss_hwm_reset resets RSS high-water mark counters for all procesess.
+type rss_hwm_reset, domain, coredomain, mlstrustedsubject;
diff --git a/prebuilts/api/30.0/public/runas.te b/prebuilts/api/30.0/public/runas.te
new file mode 100644
index 0000000..356a019
--- /dev/null
+++ b/prebuilts/api/30.0/public/runas.te
@@ -0,0 +1,43 @@
+type runas, domain, mlstrustedsubject;
+type runas_exec, system_file_type, exec_type, file_type;
+
+allow runas adbd:fd use;
+allow runas adbd:process sigchld;
+allow runas adbd:unix_stream_socket { read write };
+allow runas shell:fd use;
+allow runas shell:fifo_file { read write };
+allow runas shell:unix_stream_socket { read write };
+allow runas devpts:chr_file { read write ioctl };
+allow runas shell_data_file:file { read write };
+
+# run-as reads package information.
+allow runas system_data_file:file r_file_perms;
+allow runas system_data_file:lnk_file getattr;
+allow runas packages_list_file:file r_file_perms;
+
+# The app's data dir may be accessed through a symlink.
+allow runas system_data_file:lnk_file read;
+
+# run-as checks and changes to the app data dir.
+dontaudit runas self:global_capability_class_set { dac_override dac_read_search };
+allow runas app_data_file:dir { getattr search };
+
+# run-as switches to the app UID/GID.
+allow runas self:global_capability_class_set { setuid setgid };
+
+# run-as switches to the app security context.
+selinux_check_context(runas) # validate context
+allow runas self:process setcurrent;
+allow runas non_system_app_set:process dyntransition; # setcon
+
+# runas/libselinux needs access to seapp_contexts_file to
+# determine which domain to transition to.
+allow runas seapp_contexts_file:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow runas self:global_capability_class_set ~{ setuid setgid };
+neverallow runas self:global_capability2_class_set *;
diff --git a/prebuilts/api/30.0/public/runas_app.te b/prebuilts/api/30.0/public/runas_app.te
new file mode 100644
index 0000000..cdaa799
--- /dev/null
+++ b/prebuilts/api/30.0/public/runas_app.te
@@ -0,0 +1 @@
+type runas_app, domain;
diff --git a/prebuilts/api/30.0/public/scheduler_service_server.te b/prebuilts/api/30.0/public/scheduler_service_server.te
new file mode 100644
index 0000000..b3cede1
--- /dev/null
+++ b/prebuilts/api/30.0/public/scheduler_service_server.te
@@ -0,0 +1 @@
+add_hwservice(scheduler_service_server, fwk_scheduler_hwservice)
diff --git a/prebuilts/api/30.0/public/sdcardd.te b/prebuilts/api/30.0/public/sdcardd.te
new file mode 100644
index 0000000..1ae3770
--- /dev/null
+++ b/prebuilts/api/30.0/public/sdcardd.te
@@ -0,0 +1,45 @@
+type sdcardd, domain;
+type sdcardd_exec, system_file_type, exec_type, file_type;
+
+allow sdcardd cgroup:dir create_dir_perms;
+allow sdcardd fuse_device:chr_file rw_file_perms;
+allow sdcardd rootfs:dir mounton; # TODO: deprecated in M
+allow sdcardd sdcardfs:filesystem remount;
+allow sdcardd tmpfs:dir r_dir_perms;
+allow sdcardd mnt_media_rw_file:dir r_dir_perms;
+allow sdcardd storage_file:dir search;
+allow sdcardd storage_stub_file:dir { search mounton };
+allow sdcardd sdcard_type:filesystem { mount unmount };
+allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource };
+
+allow sdcardd sdcard_type:dir create_dir_perms;
+allow sdcardd sdcard_type:file create_file_perms;
+
+allow sdcardd media_rw_data_file:dir create_dir_perms;
+allow sdcardd media_rw_data_file:file create_file_perms;
+
+# Read /data/system/packages.list.
+allow sdcardd system_data_file:file r_file_perms;
+allow sdcardd packages_list_file:file r_file_perms;
+
+# Read /data/misc/installd/layout_version
+allow sdcardd install_data_file:file r_file_perms;
+allow sdcardd install_data_file:dir search;
+
+# Allow stdin/out back to vold
+allow sdcardd vold:fd use;
+allow sdcardd vold:fifo_file { read write getattr };
+
+# Allow running on top of expanded storage
+allow sdcardd mnt_expand_file:dir search;
+
+# access /proc/filesystems
+allow sdcardd proc_filesystems:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# The sdcard daemon should no longer be started from init
+neverallow init sdcardd_exec:file execute;
+neverallow init sdcardd:process { transition dyntransition };
diff --git a/prebuilts/api/30.0/public/secure_element.te b/prebuilts/api/30.0/public/secure_element.te
new file mode 100644
index 0000000..4ce6714
--- /dev/null
+++ b/prebuilts/api/30.0/public/secure_element.te
@@ -0,0 +1,2 @@
+# secure_element subsystem
+type secure_element, domain;
diff --git a/prebuilts/api/30.0/public/sensor_service_server.te b/prebuilts/api/30.0/public/sensor_service_server.te
new file mode 100644
index 0000000..7c526a5
--- /dev/null
+++ b/prebuilts/api/30.0/public/sensor_service_server.te
@@ -0,0 +1 @@
+add_hwservice(sensor_service_server, fwk_sensor_hwservice)
diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te
new file mode 100644
index 0000000..f27772e
--- /dev/null
+++ b/prebuilts/api/30.0/public/service.te
@@ -0,0 +1,226 @@
+type aidl_lazy_test_service, service_manager_type;
+type apex_service, service_manager_type;
+type audioserver_service, service_manager_type;
+type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
+type bluetooth_service, service_manager_type;
+type cameraserver_service, service_manager_type;
+type default_android_service, service_manager_type;
+type dnsresolver_service, service_manager_type;
+type drmserver_service, service_manager_type;
+type dumpstate_service, service_manager_type;
+type fingerprintd_service, service_manager_type;
+type hal_fingerprint_service, service_manager_type;
+type gatekeeper_service, app_api_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
+type idmap_service, service_manager_type;
+type iorapd_service, service_manager_type;
+type incident_service, service_manager_type;
+type installd_service, service_manager_type;
+type credstore_service, app_api_service, service_manager_type;
+type keystore_service, service_manager_type;
+type lpdump_service, service_manager_type;
+type mediaserver_service, service_manager_type;
+type mediametrics_service, service_manager_type;
+type mediaextractor_service, service_manager_type;
+type mediadrmserver_service, service_manager_type;
+type mediatranscoding_service, app_api_service, service_manager_type;
+type netd_service, service_manager_type;
+type nfc_service, service_manager_type;
+type radio_service, service_manager_type;
+type secure_element_service, service_manager_type;
+type service_manager_service, service_manager_type;
+type storaged_service, service_manager_type;
+type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
+type system_app_service, service_manager_type;
+type system_suspend_control_service, service_manager_type;
+type update_engine_service, service_manager_type;
+type virtual_touchpad_service, service_manager_type;
+type vold_service, service_manager_type;
+type vr_hwc_service, service_manager_type;
+type vrflinger_vsync_service, service_manager_type;
+
+# system_server_services broken down
+type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type adb_service, system_api_service, system_server_service, service_manager_type;
+type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type app_binding_service, system_server_service, service_manager_type;
+type app_integrity_service, system_api_service, system_server_service, service_manager_type;
+type app_prediction_service, app_api_service, system_server_service, service_manager_type;
+type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type auth_service, app_api_service, system_server_service, service_manager_type;
+type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type battery_service, system_server_service, service_manager_type;
+type binder_calls_stats_service, system_server_service, service_manager_type;
+type blob_store_service, app_api_service, system_server_service, service_manager_type;
+type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type broadcastradio_service, system_server_service, service_manager_type;
+type cacheinfo_service, system_api_service, system_server_service, service_manager_type;
+type cameraproxy_service, system_server_service, service_manager_type;
+type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type contexthub_service, app_api_service, system_server_service, service_manager_type;
+type crossprofileapps_service, app_api_service, system_server_service, service_manager_type;
+type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled
+# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
+type coverage_service, system_server_service, service_manager_type;
+type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
+type dataloader_manager_service, system_server_service, service_manager_type;
+type dbinfo_service, system_api_service, system_server_service, service_manager_type;
+type device_config_service, system_server_service, service_manager_type;
+type device_policy_service, app_api_service, system_server_service, service_manager_type;
+type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type devicestoragemonitor_service, system_server_service, service_manager_type;
+type diskstats_service, system_api_service, system_server_service, service_manager_type;
+type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type color_display_service, system_api_service, system_server_service, service_manager_type;
+type external_vibrator_service, system_server_service, service_manager_type;
+type file_integrity_service, app_api_service, system_server_service, service_manager_type;
+type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type netd_listener_service, system_server_service, service_manager_type;
+type network_watchlist_service, system_server_service, service_manager_type;
+type DockObserver_service, system_server_service, service_manager_type;
+type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type lowpan_service, system_api_service, system_server_service, service_manager_type;
+type ethernet_service, app_api_service, system_server_service, service_manager_type;
+type biometric_service, app_api_service, system_server_service, service_manager_type;
+type bugreport_service, system_api_service, system_server_service, service_manager_type;
+type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type face_service, app_api_service, system_server_service, service_manager_type;
+type fingerprint_service, app_api_service, system_server_service, service_manager_type;
+type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
+type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type hardware_service, system_server_service, service_manager_type;
+type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
+type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type incremental_service, system_server_service, service_manager_type;
+type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type iris_service, app_api_service, system_server_service, service_manager_type;
+type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type lock_settings_service, system_api_service, system_server_service, service_manager_type;
+type looper_stats_service, system_server_service, service_manager_type;
+type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type meminfo_service, system_api_service, system_server_service, service_manager_type;
+type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type network_score_service, system_api_service, system_server_service, service_manager_type;
+type network_stack_service, system_server_service, service_manager_type;
+type network_time_update_service, system_server_service, service_manager_type;
+type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type oem_lock_service, system_api_service, system_server_service, service_manager_type;
+type otadexopt_service, system_server_service, service_manager_type;
+type overlay_service, system_api_service, system_server_service, service_manager_type;
+type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type package_native_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type persistent_data_block_service, system_api_service, system_server_service, service_manager_type;
+type pinner_service, system_server_service, service_manager_type;
+type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type processinfo_service, system_server_service, service_manager_type;
+type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type recovery_service, system_server_service, service_manager_type;
+type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type role_service, app_api_service, system_server_service, service_manager_type;
+type rollback_service, app_api_service, system_server_service, service_manager_type;
+type runtime_service, system_server_service, service_manager_type;
+type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type samplingprofiler_service, system_server_service, service_manager_type;
+type scheduling_policy_service, system_server_service, service_manager_type;
+type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type;
+type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type serial_service, system_api_service, system_server_service, service_manager_type;
+type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type shortcut_service, app_api_service, system_server_service, service_manager_type;
+type slice_service, app_api_service, system_server_service, service_manager_type;
+type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_config_service, system_api_service, system_server_service, service_manager_type;
+type system_update_service, system_server_service, service_manager_type;
+type soundtrigger_middleware_service, system_server_service, service_manager_type;
+type task_service, system_server_service, service_manager_type;
+type testharness_service, system_server_service, service_manager_type;
+type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type timedetector_service, system_server_service, service_manager_type;
+type timezone_service, system_server_service, service_manager_type;
+type timezonedetector_service, system_server_service, service_manager_type;
+type trust_service, app_api_service, system_server_service, service_manager_type;
+type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
+type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type updatelock_service, system_api_service, system_server_service, service_manager_type;
+type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type usb_service, app_api_service, system_server_service, service_manager_type;
+type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type vr_manager_service, system_server_service, service_manager_type;
+type wallpaper_service, app_api_service, system_server_service, service_manager_type;
+type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type wifip2p_service, app_api_service, system_server_service, service_manager_type;
+type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
+type wifi_service, app_api_service, system_server_service, service_manager_type;
+type wifinl80211_service, service_manager_type;
+type wifiaware_service, app_api_service, system_server_service, service_manager_type;
+type window_service, system_api_service, system_server_service, service_manager_type;
+type inputflinger_service, system_api_service, system_server_service, service_manager_type;
+type wpantund_service, system_api_service, service_manager_type;
+type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type emergency_affordance_service, system_server_service, service_manager_type;
+
+###
+### HAL Services
+###
+
+type hal_identity_service, vendor_service, service_manager_type;
+type hal_light_service, vendor_service, service_manager_type;
+type hal_power_service, vendor_service, service_manager_type;
+type hal_rebootescrow_service, vendor_service, service_manager_type;
+type hal_vibrator_service, vendor_service, service_manager_type;
+
+###
+### Neverallow rules
+###
+
+# servicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a service.
+# Trigger a compile error if this occurs.
+neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };
diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te
new file mode 100644
index 0000000..63fc227
--- /dev/null
+++ b/prebuilts/api/30.0/public/servicemanager.te
@@ -0,0 +1,32 @@
+# servicemanager - the Binder context manager
+type servicemanager, domain, mlstrustedsubject;
+type servicemanager_exec, system_file_type, exec_type, file_type;
+
+# Note that we do not use the binder_* macros here.
+# servicemanager is unique in that it only provides
+# name service (aka context manager) for Binder.
+# As such, it only ever receives and transfers other references
+# created by other domains. It never passes its own references
+# or initiates a Binder IPC.
+allow servicemanager self:binder set_context_mgr;
+allow servicemanager {
+ domain
+ -init
+ -vendor_init
+ -hwservicemanager
+ -vndservicemanager
+}:binder transfer;
+
+allow servicemanager service_contexts_file:file r_file_perms;
+
+allow servicemanager vendor_service_contexts_file:file r_file_perms;
+
+# nonplat_service_contexts only accessible on non full-treble devices
+not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
+
+add_service(servicemanager, service_manager_service)
+allow servicemanager dumpstate:fd use;
+allow servicemanager dumpstate:fifo_file write;
+
+# Check SELinux permissions.
+selinux_check_access(servicemanager)
diff --git a/prebuilts/api/30.0/public/sgdisk.te b/prebuilts/api/30.0/public/sgdisk.te
new file mode 100644
index 0000000..e5a9152
--- /dev/null
+++ b/prebuilts/api/30.0/public/sgdisk.te
@@ -0,0 +1,36 @@
+# sgdisk called from vold
+type sgdisk, domain;
+type sgdisk_exec, system_file_type, exec_type, file_type;
+
+# Allowed to read/write low-level partition tables
+allow sgdisk block_device:dir search;
+allow sgdisk vold_device:blk_file rw_file_perms;
+# HDIO_GETGEO needed to get the number of disk heads
+# on vold_device. How quaint.
+allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO };
+# sgdisk also uses BLKGETSIZE and BLKGETSIZE64. BLKGETSIZE64
+# is granted to all block device users in domain.te, so
+# no need to mention it here. sgdisk should not be
+# using the BLKGETSIZE ioctl as it is useless for devices over
+# 2T in size, but we allow it for now and hope that sgdisk
+# will fix their bug.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE };
+# Force a re-read of the partition table.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART };
+# Allow reading of the physical block size.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKPBSZGET };
+
+# Inherit and use pty created by android_fork_execvp()
+allow sgdisk devpts:chr_file { read write ioctl getattr };
+
+# Allow stdin/out back to vold
+allow sgdisk vold:fd use;
+allow sgdisk vold:fifo_file { read write getattr };
+
+# Used to probe kernel to reload partition tables
+allow sgdisk self:global_capability_class_set sys_admin;
+
+# Only allow entry from vold
+neverallow { domain -vold } sgdisk:process transition;
+neverallow * sgdisk:process dyntransition;
+neverallow sgdisk { file_type fs_type -sgdisk_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/public/shared_relro.te b/prebuilts/api/30.0/public/shared_relro.te
new file mode 100644
index 0000000..8e58e42
--- /dev/null
+++ b/prebuilts/api/30.0/public/shared_relro.te
@@ -0,0 +1,11 @@
+# Process which creates/updates shared RELRO files to be used by other apps.
+type shared_relro, domain;
+
+# Grant write access to the shared relro files/directory.
+allow shared_relro shared_relro_file:dir rw_dir_perms;
+allow shared_relro shared_relro_file:file create_file_perms;
+
+# Needs to contact the "webviewupdate" and "activity" services
+allow shared_relro activity_service:service_manager find;
+allow shared_relro webviewupdate_service:service_manager find;
+allow shared_relro package_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/shell.te b/prebuilts/api/30.0/public/shell.te
new file mode 100644
index 0000000..c0412eb
--- /dev/null
+++ b/prebuilts/api/30.0/public/shell.te
@@ -0,0 +1,265 @@
+# Domain for shell processes spawned by ADB or console service.
+type shell, domain, mlstrustedsubject;
+type shell_exec, system_file_type, exec_type, file_type;
+
+# Create and use network sockets.
+net_domain(shell)
+
+# logcat
+read_logd(shell)
+control_logd(shell)
+# logcat -L (directly, or via dumpstate)
+allow shell pstorefs:dir search;
+allow shell pstorefs:file r_file_perms;
+
+# Root fs.
+allow shell rootfs:dir r_dir_perms;
+
+# read files in /data/anr
+allow shell anr_data_file:dir r_dir_perms;
+allow shell anr_data_file:file r_file_perms;
+
+# Access /data/local/tmp.
+allow shell shell_data_file:dir create_dir_perms;
+allow shell shell_data_file:file create_file_perms;
+allow shell shell_data_file:file rx_file_perms;
+allow shell shell_data_file:lnk_file create_file_perms;
+
+# Read and delete from /data/local/traces.
+allow shell trace_data_file:file { r_file_perms unlink };
+allow shell trace_data_file:dir { r_dir_perms remove_name write };
+
+# Access /data/misc/profman.
+allow shell profman_dump_data_file:dir { write remove_name r_dir_perms };
+allow shell profman_dump_data_file:file { unlink r_file_perms };
+
+# Read/execute files in /data/nativetest
+userdebug_or_eng(`
+ allow shell nativetest_data_file:dir r_dir_perms;
+ allow shell nativetest_data_file:file rx_file_perms;
+')
+
+# adb bugreport
+unix_socket_connect(shell, dumpstate, dumpstate)
+
+allow shell devpts:chr_file rw_file_perms;
+allow shell tty_device:chr_file rw_file_perms;
+allow shell console_device:chr_file rw_file_perms;
+
+allow shell input_device:dir r_dir_perms;
+allow shell input_device:chr_file r_file_perms;
+
+r_dir_file(shell, system_file)
+allow shell system_file:file x_file_perms;
+allow shell toolbox_exec:file rx_file_perms;
+allow shell tzdatacheck_exec:file rx_file_perms;
+allow shell shell_exec:file rx_file_perms;
+allow shell zygote_exec:file rx_file_perms;
+
+r_dir_file(shell, apk_data_file)
+
+# Set properties.
+set_prop(shell, shell_prop)
+set_prop(shell, ctl_bugreport_prop)
+set_prop(shell, ctl_dumpstate_prop)
+set_prop(shell, dumpstate_prop)
+set_prop(shell, exported_dumpstate_prop)
+set_prop(shell, debug_prop)
+set_prop(shell, powerctl_prop)
+set_prop(shell, log_tag_prop)
+set_prop(shell, wifi_log_prop)
+# Allow shell to start/stop traced via the persist.traced.enable
+# property (which also takes care of /data/misc initialization).
+set_prop(shell, traced_enabled_prop)
+# adjust is_loggable properties
+userdebug_or_eng(`set_prop(shell, log_prop)')
+# logpersist script
+userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
+# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
+# property.
+set_prop(shell, heapprofd_enabled_prop)
+# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
+# property.
+set_prop(shell, traced_perf_enabled_prop)
+# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
+set_prop(shell, ctl_gsid_prop)
+# Allow shell to enable Dynamic System Update
+set_prop(shell, dynamic_system_prop)
+# Allow shell to mock an OTA using persist.pm.mock-upgrade
+set_prop(shell, mock_ota_prop)
+
+userdebug_or_eng(`
+ # "systrace --boot" support - allow boottrace service to run
+ allow shell boottrace_data_file:dir rw_dir_perms;
+ allow shell boottrace_data_file:file create_file_perms;
+ set_prop(shell, persist_debug_prop)
+')
+
+# Read device's serial number from system properties
+get_prop(shell, serialno_prop)
+
+# Allow shell to read the vendor security patch level for CTS
+get_prop(shell, vendor_security_patch_level_prop)
+
+# Read state of logging-related properties
+get_prop(shell, device_logging_prop)
+
+# Read state of boot reason properties
+get_prop(shell, bootloader_boot_reason_prop)
+get_prop(shell, last_boot_reason_prop)
+get_prop(shell, system_boot_reason_prop)
+
+# Allow reading the outcome of perf_event_open LSM support test for CTS.
+get_prop(shell, init_perf_lsm_hooks_prop)
+
+# allow shell access to services
+allow shell servicemanager:service_manager list;
+# don't allow shell to access GateKeeper service
+# TODO: why is this so broad? Tightening candidate? It needs at list:
+# - dumpstate_service (so it can receive dumpstate progress updates)
+allow shell {
+ service_manager_type
+ -apex_service
+ -dnsresolver_service
+ -gatekeeper_service
+ -incident_service
+ -installd_service
+ -iorapd_service
+ -netd_service
+ -system_suspend_control_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+ -default_android_service
+}:service_manager find;
+allow shell dumpstate:binder call;
+
+# allow shell to get information from hwservicemanager
+# for instance, listing hardware services with lshal
+hwbinder_use(shell)
+allow shell hwservicemanager:hwservice_manager list;
+
+# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat.
+r_dir_file(shell, proc_net_type)
+
+allow shell {
+ proc_asound
+ proc_filesystems
+ proc_interrupts
+ proc_loadavg # b/124024827
+ proc_meminfo
+ proc_modules
+ proc_pid_max
+ proc_slabinfo
+ proc_stat
+ proc_timer
+ proc_uptime
+ proc_version
+ proc_vmstat
+ proc_zoneinfo
+}:file r_file_perms;
+
+# allow listing network interfaces under /sys/class/net.
+allow shell sysfs_net:dir r_dir_perms;
+
+r_dir_file(shell, cgroup)
+allow shell domain:dir { search open read getattr };
+allow shell domain:{ file lnk_file } { open read getattr };
+
+# statvfs() of /proc and other labeled filesystems
+# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs, overlay)
+allow shell { proc labeledfs }:filesystem getattr;
+
+# stat() of /dev
+allow shell device:dir getattr;
+
+# allow shell to read /proc/pid/attr/current for ps -Z
+allow shell domain:process getattr;
+
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
+# enable shell domain to read/write files/dirs for bootchart data
+# User will creates the start and stop file via adb shell
+# and read other files created by init process under /data/bootchart
+allow shell bootchart_data_file:dir rw_dir_perms;
+allow shell bootchart_data_file:file create_file_perms;
+
+# Make sure strace works for the non-privileged shell user
+allow shell self:process ptrace;
+
+# allow shell to get battery info
+allow shell sysfs:dir r_dir_perms;
+allow shell sysfs_batteryinfo:dir r_dir_perms;
+allow shell sysfs_batteryinfo:file r_file_perms;
+
+# Allow access to ion memory allocation device.
+allow shell ion_device:chr_file rw_file_perms;
+
+#
+# filesystem test for insecure chr_file's is done
+# via a host side test
+#
+allow shell dev_type:dir r_dir_perms;
+allow shell dev_type:chr_file getattr;
+
+# /dev/fd is a symlink
+allow shell proc:lnk_file getattr;
+
+#
+# filesystem test for insucre blk_file's is done
+# via hostside test
+#
+allow shell dev_type:blk_file getattr;
+
+# read selinux policy files
+allow shell file_contexts_file:file r_file_perms;
+allow shell property_contexts_file:file r_file_perms;
+allow shell seapp_contexts_file:file r_file_perms;
+allow shell service_contexts_file:file r_file_perms;
+allow shell sepolicy_file:file r_file_perms;
+
+# Allow shell to start up vendor shell
+allow shell vendor_shell_exec:file rx_file_perms;
+
+# Everything is labeled as rootfs in recovery mode. Allow shell to
+# execute them.
+recovery_only(`
+ allow shell rootfs:file rx_file_perms;
+')
+
+###
+### Neverallow rules
+###
+
+# Do not allow shell to hard link to any files.
+# In particular, if shell hard links to app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure the shell user never has this
+# capability.
+neverallow shell file_type:file link;
+
+# Do not allow privileged socket ioctl commands
+neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+
+# limit shell access to sensitive char drivers to
+# only getattr required for host side test.
+neverallow shell {
+ fuse_device
+ hw_random_device
+ port_device
+}:chr_file ~getattr;
+
+# Limit shell to only getattr on blk devices for host side tests.
+neverallow shell dev_type:blk_file ~getattr;
+
+# b/30861057: Shell access to existing input devices is an abuse
+# vector. The shell user can inject events that look like they
+# originate from the touchscreen etc.
+# Everyone should have already moved to UiAutomation#injectInputEvent
+# if they are running instrumentation tests (i.e. CTS), Monkey for
+# their stress tests, and the input command (adb shell input ...) for
+# injecting swipes and things.
+neverallow shell input_device:chr_file no_w_file_perms;
diff --git a/prebuilts/api/30.0/public/simpleperf.te b/prebuilts/api/30.0/public/simpleperf.te
new file mode 100644
index 0000000..218fee7
--- /dev/null
+++ b/prebuilts/api/30.0/public/simpleperf.te
@@ -0,0 +1 @@
+type simpleperf, domain;
diff --git a/prebuilts/api/30.0/public/simpleperf_app_runner.te b/prebuilts/api/30.0/public/simpleperf_app_runner.te
new file mode 100644
index 0000000..b7ff7a0
--- /dev/null
+++ b/prebuilts/api/30.0/public/simpleperf_app_runner.te
@@ -0,0 +1,43 @@
+type simpleperf_app_runner, domain, mlstrustedsubject;
+type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
+
+# run simpleperf_app_runner in adb shell.
+allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner shell:fd use;
+allow simpleperf_app_runner devpts:chr_file { read write ioctl };
+
+# simpleperf_app_runner reads package information.
+allow simpleperf_app_runner system_data_file:file r_file_perms;
+allow simpleperf_app_runner system_data_file:lnk_file getattr;
+allow simpleperf_app_runner packages_list_file:file r_file_perms;
+
+# The app's data dir may be accessed through a symlink.
+allow simpleperf_app_runner system_data_file:lnk_file read;
+
+# simpleperf_app_runner switches to the app UID/GID.
+allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
+
+# simpleperf_app_runner switches to the app security context.
+selinux_check_context(simpleperf_app_runner) # validate context
+allow simpleperf_app_runner self:process setcurrent;
+allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
+
+# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
+# determine which domain to transition to.
+allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
+
+# simpleperf_app_runner passes pipe fds.
+allow simpleperf_app_runner shell:fifo_file read;
+
+# simpleperf_app_runner checks shell data paths.
+# simpleperf_app_runner passes shell data fds.
+allow simpleperf_app_runner shell_data_file:dir { getattr search };
+allow simpleperf_app_runner shell_data_file:file { getattr write };
+
+###
+### neverallow rules
+###
+
+# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
+neverallow simpleperf_app_runner self:global_capability2_class_set *;
diff --git a/prebuilts/api/30.0/public/slideshow.te b/prebuilts/api/30.0/public/slideshow.te
new file mode 100644
index 0000000..10fbbb8
--- /dev/null
+++ b/prebuilts/api/30.0/public/slideshow.te
@@ -0,0 +1,14 @@
+# slideshow seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type slideshow, domain;
+
+allow slideshow kmsg_device:chr_file rw_file_perms;
+wakelock_use(slideshow)
+allow slideshow device:dir r_dir_perms;
+allow slideshow self:global_capability_class_set sys_tty_config;
+allow slideshow graphics_device:dir r_dir_perms;
+allow slideshow graphics_device:chr_file rw_file_perms;
+allow slideshow input_device:dir r_dir_perms;
+allow slideshow input_device:chr_file r_file_perms;
+allow slideshow tty_device:chr_file rw_file_perms;
+
diff --git a/prebuilts/api/30.0/public/stats_service_server.te b/prebuilts/api/30.0/public/stats_service_server.te
new file mode 100644
index 0000000..564ae23
--- /dev/null
+++ b/prebuilts/api/30.0/public/stats_service_server.te
@@ -0,0 +1 @@
+add_hwservice(stats_service_server, fwk_stats_hwservice)
diff --git a/prebuilts/api/30.0/public/statsd.te b/prebuilts/api/30.0/public/statsd.te
new file mode 100644
index 0000000..435bbdf
--- /dev/null
+++ b/prebuilts/api/30.0/public/statsd.te
@@ -0,0 +1,78 @@
+type statsd, domain, mlstrustedsubject;
+
+type statsd_exec, system_file_type, exec_type, file_type;
+binder_use(statsd)
+
+# Allow statsd to scan through /proc/pid for all processes.
+r_dir_file(statsd, domain)
+
+# Allow executing files on system, such as running a shell or running:
+# /system/bin/toolbox
+# /system/bin/logcat
+# /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
+allow statsd shell_exec:file rx_file_perms;
+allow statsd system_file:file execute_no_trans;
+allow statsd toolbox_exec:file rx_file_perms;
+
+userdebug_or_eng(`
+ allow statsd su:fifo_file read;
+')
+
+# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
+allow statsd stats_data_file:dir create_dir_perms;
+allow statsd stats_data_file:file create_file_perms;
+
+# Allow statsd to make binder calls to any binder service.
+binder_call(statsd, appdomain)
+binder_call(statsd, healthd)
+binder_call(statsd, incidentd)
+binder_call(statsd, system_server)
+
+# Allow statsd to interact with gpuservice
+allow statsd gpu_service:service_manager find;
+binder_call(statsd, gpuservice)
+
+# Allow logd access.
+read_logd(statsd)
+control_logd(statsd)
+
+# Grant statsd with permissions to register the services.
+allow statsd {
+ app_api_service
+ incident_service
+ system_api_service
+}:service_manager find;
+
+# Grant statsd to access health hal to access battery metrics.
+allow statsd hal_health_hwservice:hwservice_manager find;
+
+# Allow statsd to send dump info to dumpstate
+allow statsd dumpstate:fd use;
+allow statsd dumpstate:fifo_file { getattr write };
+
+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_health)
+hal_client_domain(statsd, hal_power)
+hal_client_domain(statsd, hal_power_stats)
+hal_client_domain(statsd, hal_thermal)
+
+# Allow 'adb shell cmd' to upload configs and download output.
+allow statsd adbd:fd use;
+allow statsd adbd:unix_stream_socket { getattr read write };
+allow statsd shell:fifo_file { getattr read write };
+
+unix_socket_send(statsd, statsdw, statsd)
+
+###
+### neverallow rules
+###
+
+# Only statsd and the other root services in limited circumstances.
+# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
+# Other services are prohibitted from accessing the file.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
+
+# Limited access to the directory itself.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
diff --git a/prebuilts/api/30.0/public/su.te b/prebuilts/api/30.0/public/su.te
new file mode 100644
index 0000000..99d4603
--- /dev/null
+++ b/prebuilts/api/30.0/public/su.te
@@ -0,0 +1,106 @@
+# All types must be defined regardless of build variant to ensure
+# policy compilation succeeds with userdebug/user combination at boot
+type su, domain;
+
+# File types must be defined for file_contexts.
+type su_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ # Domain used for su processes, as well as for adbd and adb shell
+ # after performing an adb root command. The domain definition is
+ # wrapped to ensure that it does not exist at all on -user builds.
+ typeattribute su mlstrustedsubject;
+
+ # Add su to various domains
+ net_domain(su)
+
+ # grant su access to vndbinder
+ vndbinder_use(su)
+
+ dontaudit su self:capability_class_set *;
+ dontaudit su kernel:security *;
+ dontaudit su { kernel file_type }:system *;
+ dontaudit su self:memprotect *;
+ dontaudit su domain:{ process process2 } *;
+ dontaudit su domain:fd *;
+ dontaudit su domain:dir *;
+ dontaudit su domain:lnk_file *;
+ dontaudit su domain:{ fifo_file file } *;
+ dontaudit su domain:socket_class_set *;
+ dontaudit su domain:ipc_class_set *;
+ dontaudit su domain:key *;
+ dontaudit su fs_type:filesystem *;
+ dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
+ dontaudit su node_type:node *;
+ dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
+ dontaudit su netif_type:netif *;
+ dontaudit su port_type:socket_class_set *;
+ dontaudit su port_type:{ tcp_socket dccp_socket } *;
+ dontaudit su domain:peer *;
+ dontaudit su domain:binder *;
+ dontaudit su property_type:property_service *;
+ dontaudit su property_type:file *;
+ dontaudit su service_manager_type:service_manager *;
+ dontaudit su hwservice_manager_type:hwservice_manager *;
+ dontaudit su vndservice_manager_type:service_manager *;
+ dontaudit su servicemanager:service_manager list;
+ dontaudit su hwservicemanager:hwservice_manager list;
+ dontaudit su vndservicemanager:service_manager list;
+ dontaudit su keystore:keystore_key *;
+ dontaudit su domain:drmservice *;
+ dontaudit su unlabeled:filesystem *;
+ dontaudit su postinstall_file:filesystem *;
+ dontaudit su domain:bpf *;
+ dontaudit su unlabeled:vsock_socket *;
+ dontaudit su self:perf_event *;
+
+ # VTS tests run in the permissive su domain on debug builds, but the HALs
+ # being tested run in enforcing mode. Because hal_foo_server is enforcing
+ # su needs to be declared as hal_foo_client to grant hal_foo_server
+ # permission to interact with it.
+ typeattribute su halclientdomain;
+ typeattribute su hal_allocator_client;
+ typeattribute su hal_atrace_client;
+ typeattribute su hal_audio_client;
+ typeattribute su hal_authsecret_client;
+ typeattribute su hal_bluetooth_client;
+ typeattribute su hal_bootctl_client;
+ typeattribute su hal_camera_client;
+ typeattribute su hal_configstore_client;
+ typeattribute su hal_confirmationui_client;
+ typeattribute su hal_contexthub_client;
+ typeattribute su hal_drm_client;
+ typeattribute su hal_cas_client;
+ typeattribute su hal_dumpstate_client;
+ typeattribute su hal_fingerprint_client;
+ typeattribute su hal_gatekeeper_client;
+ typeattribute su hal_gnss_client;
+ typeattribute su hal_graphics_allocator_client;
+ typeattribute su hal_graphics_composer_client;
+ typeattribute su hal_health_client;
+ typeattribute su hal_input_classifier_client;
+ typeattribute su hal_ir_client;
+ typeattribute su hal_keymaster_client;
+ typeattribute su hal_light_client;
+ typeattribute su hal_memtrack_client;
+ typeattribute su hal_neuralnetworks_client;
+ typeattribute su hal_nfc_client;
+ typeattribute su hal_oemlock_client;
+ typeattribute su hal_power_client;
+ typeattribute su hal_rebootescrow_client;
+ typeattribute su hal_secure_element_client;
+ typeattribute su hal_sensors_client;
+ typeattribute su hal_telephony_client;
+ typeattribute su hal_tetheroffload_client;
+ typeattribute su hal_thermal_client;
+ typeattribute su hal_tv_cec_client;
+ typeattribute su hal_tv_input_client;
+ typeattribute su hal_tv_tuner_client;
+ typeattribute su hal_usb_client;
+ typeattribute su hal_vibrator_client;
+ typeattribute su hal_vr_client;
+ typeattribute su hal_weaver_client;
+ typeattribute su hal_wifi_client;
+ typeattribute su hal_wifi_hostapd_client;
+ typeattribute su hal_wifi_supplicant_client;
+')
diff --git a/prebuilts/api/30.0/public/surfaceflinger.te b/prebuilts/api/30.0/public/surfaceflinger.te
new file mode 100644
index 0000000..c1e4844
--- /dev/null
+++ b/prebuilts/api/30.0/public/surfaceflinger.te
@@ -0,0 +1,3 @@
+# surfaceflinger - display compositor service
+type surfaceflinger, domain;
+type surfaceflinger_tmpfs, file_type;
diff --git a/prebuilts/api/30.0/public/system_app.te b/prebuilts/api/30.0/public/system_app.te
new file mode 100644
index 0000000..023058e
--- /dev/null
+++ b/prebuilts/api/30.0/public/system_app.te
@@ -0,0 +1,7 @@
+###
+### Apps that run with the system UID, e.g. com.android.system.ui,
+### com.android.settings. These are not as privileged as the system
+### server.
+###
+
+type system_app, domain;
diff --git a/prebuilts/api/30.0/public/system_server.te b/prebuilts/api/30.0/public/system_server.te
new file mode 100644
index 0000000..ff18bdf
--- /dev/null
+++ b/prebuilts/api/30.0/public/system_server.te
@@ -0,0 +1,6 @@
+#
+# System Server aka system_server spawned by zygote.
+# Most of the framework services run in this process.
+#
+type system_server, domain;
+type system_server_tmpfs, file_type, mlstrustedobject;
diff --git a/prebuilts/api/30.0/public/system_suspend_server.te b/prebuilts/api/30.0/public/system_suspend_server.te
new file mode 100644
index 0000000..8e8310d
--- /dev/null
+++ b/prebuilts/api/30.0/public/system_suspend_server.te
@@ -0,0 +1,6 @@
+# Required to export a HIDL interface.
+hwbinder_use(system_suspend_server)
+get_prop(system_suspend_server, hwservicemanager_prop)
+
+# To serve ISystemSuspend.hal.
+add_hwservice(system_suspend_server, system_suspend_hwservice)
diff --git a/prebuilts/api/30.0/public/te_macros b/prebuilts/api/30.0/public/te_macros
new file mode 100644
index 0000000..56f97752
--- /dev/null
+++ b/prebuilts/api/30.0/public/te_macros
@@ -0,0 +1,923 @@
+#####################################
+# domain_trans(olddomain, type, newdomain)
+# Allow a transition from olddomain to newdomain
+# upon executing a file labeled with type.
+# This only allows the transition; it does not
+# cause it to occur automatically - use domain_auto_trans
+# if that is what you want.
+#
+define(`domain_trans', `
+# Old domain may exec the file and transition to the new domain.
+allow $1 $2:file { getattr open read execute map };
+allow $1 $3:process transition;
+# New domain is entered by executing the file.
+allow $3 $2:file { entrypoint open read execute getattr map };
+# New domain can send SIGCHLD to its caller.
+ifelse($1, `init', `', `allow $3 $1:process sigchld;')
+# Enable AT_SECURE, i.e. libc secure mode.
+dontaudit $1 $3:process noatsecure;
+# XXX dontaudit candidate but requires further study.
+allow $1 $3:process { siginh rlimitinh };
+')
+
+#####################################
+# domain_auto_trans(olddomain, type, newdomain)
+# Automatically transition from olddomain to newdomain
+# upon executing a file labeled with type.
+#
+define(`domain_auto_trans', `
+# Allow the necessary permissions.
+domain_trans($1,$2,$3)
+# Make the transition occur by default.
+type_transition $1 $2:process $3;
+')
+
+#####################################
+# file_type_trans(domain, dir_type, file_type)
+# Allow domain to create a file labeled file_type in a
+# directory labeled dir_type.
+# This only allows the transition; it does not
+# cause it to occur automatically - use file_type_auto_trans
+# if that is what you want.
+#
+define(`file_type_trans', `
+# Allow the domain to add entries to the directory.
+allow $1 $2:dir ra_dir_perms;
+# Allow the domain to create the file.
+allow $1 $3:notdevfile_class_set create_file_perms;
+allow $1 $3:dir create_dir_perms;
+')
+
+#####################################
+# file_type_auto_trans(domain, dir_type, file_type)
+# Automatically label new files with file_type when
+# they are created by domain in directories labeled dir_type.
+#
+define(`file_type_auto_trans', `
+# Allow the necessary permissions.
+file_type_trans($1, $2, $3)
+# Make the transition occur by default.
+type_transition $1 $2:dir $3;
+type_transition $1 $2:notdevfile_class_set $3;
+')
+
+#####################################
+# r_dir_file(domain, type)
+# Allow the specified domain to read directories, files
+# and symbolic links of the specified type.
+define(`r_dir_file', `
+allow $1 $2:dir r_dir_perms;
+allow $1 $2:{ file lnk_file } r_file_perms;
+')
+
+#####################################
+# tmpfs_domain(domain)
+# Allow access to a unique type for this domain when creating tmpfs / ashmem files.
+define(`tmpfs_domain', `
+type_transition $1 tmpfs:file $1_tmpfs;
+allow $1 $1_tmpfs:file { read write getattr map };
+')
+
+# pdx macros for IPC. pdx is a high-level name which contains transport-specific
+# rules from underlying transport (e.g. UDS-based implementation).
+
+#####################################
+# pdx_service_attributes(service)
+# Defines type attribute used to identify various service-related types.
+define(`pdx_service_attributes', `
+attribute pdx_$1_endpoint_dir_type;
+attribute pdx_$1_endpoint_socket_type;
+attribute pdx_$1_channel_socket_type;
+attribute pdx_$1_server_type;
+')
+
+#####################################
+# pdx_service_socket_types(service, endpoint_dir_t)
+# Define types for endpoint and channel sockets.
+define(`pdx_service_socket_types', `
+typeattribute $2 pdx_$1_endpoint_dir_type;
+type pdx_$1_endpoint_socket, pdx_$1_endpoint_socket_type, pdx_endpoint_socket_type, file_type, coredomain_socket, mlstrustedobject, mlstrustedsubject;
+type pdx_$1_channel_socket, pdx_$1_channel_socket_type, pdx_channel_socket_type, coredomain_socket;
+userdebug_or_eng(`
+dontaudit su pdx_$1_endpoint_socket:unix_stream_socket *;
+dontaudit su pdx_$1_channel_socket:unix_stream_socket *;
+')
+')
+
+#####################################
+# pdx_server(server_domain, service)
+define(`pdx_server', `
+# Mark the server domain as a PDX server.
+typeattribute $1 pdx_$2_server_type;
+# Allow the init process to create the initial endpoint socket.
+allow init pdx_$2_endpoint_socket_type:unix_stream_socket { create bind };
+# Allow the server domain to use the endpoint socket and accept connections on it.
+# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
+# than we need (e.g. we don"t need "bind" or "connect").
+allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown listen accept };
+# Allow the server domain to apply security context label to the channel socket pair (allow process to use setsockcreatecon_raw()).
+allow $1 self:process setsockcreate;
+# Allow the server domain to create a client channel socket.
+allow $1 pdx_$2_channel_socket_type:unix_stream_socket create_stream_socket_perms;
+# Prevent other processes from claiming to be a server for the same service.
+neverallow {domain -$1} pdx_$2_endpoint_socket_type:unix_stream_socket { listen accept };
+')
+
+#####################################
+# pdx_connect(client, service)
+define(`pdx_connect', `
+# Allow client to open the service endpoint file.
+allow $1 pdx_$2_endpoint_dir_type:dir r_dir_perms;
+allow $1 pdx_$2_endpoint_socket_type:sock_file rw_file_perms;
+# Allow the client to connect to endpoint socket.
+allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { connectto read write shutdown };
+')
+
+#####################################
+# pdx_use(client, service)
+define(`pdx_use', `
+# Allow the client to use the PDX channel socket.
+# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights
+# than we need (e.g. we don"t need "bind" or "connect").
+allow $1 pdx_$2_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown };
+# Client needs to use an channel event fd from the server.
+allow $1 pdx_$2_server_type:fd use;
+# Servers may receive sync fences, gralloc buffers, etc, from clients.
+# This could be tightened on a per-server basis, but keeping track of service
+# clients is error prone.
+allow pdx_$2_server_type $1:fd use;
+')
+
+#####################################
+# pdx_client(client, service)
+define(`pdx_client', `
+pdx_connect($1, $2)
+pdx_use($1, $2)
+')
+
+#####################################
+# init_daemon_domain(domain)
+# Set up a transition from init to the daemon domain
+# upon executing its binary.
+define(`init_daemon_domain', `
+domain_auto_trans(init, $1_exec, $1)
+')
+
+#####################################
+# app_domain(domain)
+# Allow a base set of permissions required for all apps.
+define(`app_domain', `
+typeattribute $1 appdomain;
+# Label tmpfs objects for all apps.
+type_transition $1 tmpfs:file appdomain_tmpfs;
+allow $1 appdomain_tmpfs:file { execute getattr map read write };
+neverallow { $1 -runas_app -shell -simpleperf } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -runas_app -shell -simpleperf -$1 } $1:file no_rw_file_perms;
+# The Android security model guarantees the confidentiality and integrity
+# of application data and execution state. Ptrace bypasses those
+# confidentiality guarantees. Disallow ptrace access from system components to
+# apps. crash_dump is excluded, as it needs ptrace access to produce stack
+# traces. runas_app is excluded, as it operates only on debuggable apps.
+# simpleperf is excluded, as it operates only on debuggable or profileable
+# apps. llkd is excluded, as it needs ptrace access to inspect stack traces for
+# live lock conditions.
+neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') -runas_app -simpleperf } $1:process ptrace;
+')
+
+#####################################
+# untrusted_app_domain(domain)
+# Allow a base set of permissions required for all untrusted apps.
+define(`untrusted_app_domain', `
+typeattribute $1 untrusted_app_all;
+')
+
+#####################################
+# net_domain(domain)
+# Allow a base set of permissions required for network access.
+define(`net_domain', `
+typeattribute $1 netdomain;
+')
+
+#####################################
+# bluetooth_domain(domain)
+# Allow a base set of permissions required for bluetooth access.
+define(`bluetooth_domain', `
+typeattribute $1 bluetoothdomain;
+')
+
+#####################################
+# hal_attribute(hal_name)
+# Add an attribute for hal implementations along with necessary
+# restrictions.
+define(`hal_attribute', `
+attribute hal_$1;
+expandattribute hal_$1 true;
+attribute hal_$1_client;
+expandattribute hal_$1_client true;
+attribute hal_$1_server;
+expandattribute hal_$1_server false;
+
+neverallow { hal_$1_server -halserverdomain } domain:process fork;
+# hal_*_client and halclientdomain attributes are always expanded for
+# performance reasons. Neverallow rules targeting expanded attributes can not be
+# verified by CTS since these attributes are already expanded by that time.
+build_test_only(`
+neverallow { hal_$1_server -hal_$1 } domain:process fork;
+neverallow { hal_$1_client -halclientdomain } domain:process fork;
+')
+')
+
+#####################################
+# hal_server_domain(domain, hal_type)
+# Allow a base set of permissions required for a domain to offer a
+# HAL implementation of the specified type over HwBinder.
+#
+# For example, default implementation of Foo HAL:
+# type hal_foo_default, domain;
+# hal_server_domain(hal_foo_default, hal_foo)
+#
+define(`hal_server_domain', `
+typeattribute $1 halserverdomain;
+typeattribute $1 $2_server;
+typeattribute $1 $2;
+')
+
+#####################################
+# hal_client_domain(domain, hal_type)
+# Allow a base set of permissions required for a domain to be a
+# client of a HAL of the specified type.
+#
+# For example, make some_domain a client of Foo HAL:
+# hal_client_domain(some_domain, hal_foo)
+#
+define(`hal_client_domain', `
+typeattribute $1 halclientdomain;
+typeattribute $1 $2_client;
+
+# TODO(b/34170079): Make the inclusion of the rules below conditional also on
+# non-Treble devices. For now, on non-Treble device, always grant clients of a
+# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process).
+not_full_treble(`
+typeattribute $1 $2;
+# Find passthrough HAL implementations
+allow $2 system_file:dir r_dir_perms;
+allow $2 vendor_file:dir r_dir_perms;
+allow $2 vendor_file:file { read open getattr execute map };
+')
+')
+
+#####################################
+# passthrough_hal_client_domain(domain, hal_type)
+# Allow a base set of permissions required for a domain to be a
+# client of a passthrough HAL of the specified type.
+#
+# For example, make some_domain a client of passthrough Foo HAL:
+# passthrough_hal_client_domain(some_domain, hal_foo)
+#
+define(`passthrough_hal_client_domain', `
+typeattribute $1 halclientdomain;
+typeattribute $1 $2_client;
+typeattribute $1 $2;
+# Find passthrough HAL implementations
+allow $2 system_file:dir r_dir_perms;
+allow $2 vendor_file:dir r_dir_perms;
+allow $2 vendor_file:file { read open getattr execute map };
+')
+
+#####################################
+# unix_socket_connect(clientdomain, socket, serverdomain)
+# Allow a local socket connection from clientdomain via
+# socket to serverdomain.
+#
+# Note: If you see denial records that distill to the
+# following allow rules:
+# allow clientdomain property_socket:sock_file write;
+# allow clientdomain init:unix_stream_socket connectto;
+# allow clientdomain something_prop:property_service set;
+#
+# This sequence is indicative of attempting to set a property.
+# use set_prop(sourcedomain, targetproperty)
+#
+define(`unix_socket_connect', `
+allow $1 $2_socket:sock_file write;
+allow $1 $3:unix_stream_socket connectto;
+')
+
+#####################################
+# set_prop(sourcedomain, targetproperty)
+# Allows source domain to set the
+# targetproperty.
+#
+define(`set_prop', `
+unix_socket_connect($1, property, init)
+allow $1 $2:property_service set;
+get_prop($1, $2)
+')
+
+#####################################
+# get_prop(sourcedomain, targetproperty)
+# Allows source domain to read the
+# targetproperty.
+#
+define(`get_prop', `
+allow $1 $2:file { getattr open read map };
+')
+
+#####################################
+# unix_socket_send(clientdomain, socket, serverdomain)
+# Allow a local socket send from clientdomain via
+# socket to serverdomain.
+define(`unix_socket_send', `
+allow $1 $2_socket:sock_file write;
+allow $1 $3:unix_dgram_socket sendto;
+')
+
+#####################################
+# binder_use(domain)
+# Allow domain to use Binder IPC.
+define(`binder_use', `
+# Call the servicemanager and transfer references to it.
+allow $1 servicemanager:binder { call transfer };
+# Allow servicemanager to send out callbacks
+allow servicemanager $1:binder { call transfer };
+# servicemanager performs getpidcon on clients.
+allow servicemanager $1:dir search;
+allow servicemanager $1:file { read open };
+allow servicemanager $1:process getattr;
+# rw access to /dev/binder and /dev/ashmem is presently granted to
+# all domains in domain.te.
+')
+
+#####################################
+# hwbinder_use(domain)
+# Allow domain to use HwBinder IPC.
+define(`hwbinder_use', `
+# Call the hwservicemanager and transfer references to it.
+allow $1 hwservicemanager:binder { call transfer };
+# Allow hwservicemanager to send out callbacks
+allow hwservicemanager $1:binder { call transfer };
+# hwservicemanager performs getpidcon on clients.
+allow hwservicemanager $1:dir search;
+allow hwservicemanager $1:file { read open map };
+allow hwservicemanager $1:process getattr;
+# rw access to /dev/hwbinder and /dev/ashmem is presently granted to
+# all domains in domain.te.
+')
+
+#####################################
+# vndbinder_use(domain)
+# Allow domain to use Binder IPC.
+define(`vndbinder_use', `
+# Talk to the vndbinder device node
+allow $1 vndbinder_device:chr_file rw_file_perms;
+# Call the vndservicemanager and transfer references to it.
+allow $1 vndservicemanager:binder { call transfer };
+# vndservicemanager performs getpidcon on clients.
+allow vndservicemanager $1:dir search;
+allow vndservicemanager $1:file { read open map };
+allow vndservicemanager $1:process getattr;
+')
+
+#####################################
+# binder_call(clientdomain, serverdomain)
+# Allow clientdomain to perform binder IPC to serverdomain.
+define(`binder_call', `
+# Call the server domain and optionally transfer references to it.
+allow $1 $2:binder { call transfer };
+# Allow the serverdomain to transfer references to the client on the reply.
+allow $2 $1:binder transfer;
+# Receive and use open files from the server.
+allow $1 $2:fd use;
+')
+
+#####################################
+# binder_service(domain)
+# Mark a domain as being a Binder service domain.
+# Used to allow binder IPC to the various system services.
+define(`binder_service', `
+typeattribute $1 binderservicedomain;
+')
+
+#####################################
+# wakelock_use(domain)
+# Allow domain to manage wake locks
+define(`wakelock_use', `
+# TODO(b/115946999): Remove /sys/power/* permissions once CONFIG_PM_WAKELOCKS is
+# deprecated.
+# Access /sys/power/wake_lock and /sys/power/wake_unlock
+allow $1 sysfs_wake_lock:file rw_file_perms;
+# Accessing these files requires CAP_BLOCK_SUSPEND
+allow $1 self:global_capability2_class_set block_suspend;
+# system_suspend permissions
+binder_call($1, system_suspend_server)
+allow $1 system_suspend_hwservice:hwservice_manager find;
+# halclientdomain permissions
+hwbinder_use($1)
+get_prop($1, hwservicemanager_prop)
+allow $1 hidl_manager_hwservice:hwservice_manager find;
+')
+
+#####################################
+# selinux_check_access(domain)
+# Allow domain to check SELinux permissions via selinuxfs.
+define(`selinux_check_access', `
+r_dir_file($1, selinuxfs)
+allow $1 selinuxfs:file w_file_perms;
+allow $1 kernel:security compute_av;
+allow $1 self:netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind };
+')
+
+#####################################
+# selinux_check_context(domain)
+# Allow domain to check SELinux contexts via selinuxfs.
+define(`selinux_check_context', `
+r_dir_file($1, selinuxfs)
+allow $1 selinuxfs:file w_file_perms;
+allow $1 kernel:security check_context;
+')
+
+#####################################
+# create_pty(domain)
+# Allow domain to create and use a pty, isolated from any other domain ptys.
+define(`create_pty', `
+# Each domain gets a unique devpts type.
+type $1_devpts, fs_type;
+# Label the pty with the unique type when created.
+type_transition $1 devpts:chr_file $1_devpts;
+# Allow use of the pty after creation.
+allow $1 $1_devpts:chr_file { open getattr read write ioctl };
+allowxperm $1 $1_devpts:chr_file ioctl unpriv_tty_ioctls;
+# TIOCSTI is only ever used for exploits. Block it.
+# b/33073072, b/7530569
+# http://www.openwall.com/lists/oss-security/2016/09/26/14
+neverallowxperm * $1_devpts:chr_file ioctl TIOCSTI;
+# Note: devpts:dir search and ptmx_device:chr_file rw_file_perms
+# allowed to everyone via domain.te.
+')
+
+#####################################
+# Non system_app application set
+#
+define(`non_system_app_set', `{ appdomain -system_app }')
+
+#####################################
+# Recovery only
+# SELinux rules which apply only to recovery mode
+#
+define(`recovery_only', ifelse(target_recovery, `true', $1, ))
+
+#####################################
+# Full TREBLE only
+# SELinux rules which apply only to full TREBLE devices
+#
+define(`full_treble_only', ifelse(target_full_treble, `true', $1,
+ifelse(target_full_treble, `cts',
+# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify
+, )))
+
+#####################################
+# Not full TREBLE
+# SELinux rules which apply only to devices which are not full TREBLE devices
+#
+define(`not_full_treble', ifelse(target_full_treble, `true', , $1))
+
+#####################################
+# Compatible property only
+# SELinux rules which apply only to devices with compatible property
+#
+define(`compatible_property_only', ifelse(target_compatible_property, `true', $1,
+ifelse(target_compatible_property, `cts',
+# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify
+, )))
+
+#####################################
+# Not compatible property
+# SELinux rules which apply only to devices without compatible property
+#
+define(`not_compatible_property', ifelse(target_compatible_property, `true', , $1))
+
+#####################################
+# Userdebug or eng builds
+# SELinux rules which apply only to userdebug or eng builds
+#
+define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
+
+#####################################
+# asan builds
+# SELinux rules which apply only to asan builds
+#
+define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), ))
+
+#####################################
+# native coverage builds
+# SELinux rules which apply only to builds with native coverage
+#
+define(`with_native_coverage', ifelse(target_with_native_coverage, `true', userdebug_or_eng(`$1'), ))
+
+#####################################
+# Build-time-only test
+# SELinux rules which are verified during build, but not as part of *TS testing.
+#
+define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1))
+
+####################################
+# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
+#
+define(`crash_dump_fallback', `
+userdebug_or_eng(`
+ allow $1 su:fifo_file append;
+')
+allow $1 anr_data_file:file append;
+allow $1 dumpstate:fd use;
+allow $1 incidentd:fd use;
+# TODO: Figure out why write is needed.
+allow $1 dumpstate:fifo_file { append write };
+allow $1 incidentd:fifo_file { append write };
+allow $1 system_server:fifo_file { append write };
+allow $1 tombstoned:unix_stream_socket connectto;
+allow $1 tombstoned:fd use;
+allow $1 tombstoned_crash_socket:sock_file write;
+allow $1 tombstone_data_file:file append;
+')
+
+#####################################
+# WITH_DEXPREOPT builds
+# SELinux rules which apply only when pre-opting.
+#
+define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', $1))
+
+#####################################
+# write_logd(domain)
+# Ability to write to android log
+# daemon via sockets
+define(`write_logd', `
+unix_socket_send($1, logdw, logd)
+allow $1 pmsg_device:chr_file w_file_perms;
+')
+
+#####################################
+# read_logd(domain)
+# Ability to run logcat and read from android
+# log daemon via sockets
+define(`read_logd', `
+allow $1 logcat_exec:file rx_file_perms;
+unix_socket_connect($1, logdr, logd)
+')
+
+#####################################
+# read_runtime_log_tags(domain)
+# ability to directly map the runtime event log tags
+define(`read_runtime_log_tags', `
+allow $1 runtime_event_log_tags_file:file r_file_perms;
+')
+
+#####################################
+# control_logd(domain)
+# Ability to control
+# android log daemon via sockets
+define(`control_logd', `
+# Group AID_LOG checked by filesystem & logd
+# to permit control commands
+unix_socket_connect($1, logd, logd)
+')
+
+#####################################
+# use_keystore(domain)
+# Ability to use keystore.
+# Keystore is requires the following permissions
+# to call getpidcon.
+define(`use_keystore', `
+ allow keystore $1:dir search;
+ allow keystore $1:file { read open };
+ allow keystore $1:process getattr;
+ allow $1 keystore_service:service_manager find;
+ binder_call($1, keystore)
+ binder_call(keystore, $1)
+')
+
+#####################################
+# use_credstore(domain)
+# Ability to use credstore.
+define(`use_credstore', `
+ allow credstore $1:dir search;
+ allow credstore $1:file { read open };
+ allow credstore $1:process getattr;
+ allow $1 credstore_service:service_manager find;
+ binder_call($1, credstore)
+ binder_call(credstore, $1)
+')
+
+###########################################
+# use_drmservice(domain)
+# Ability to use DrmService which requires
+# DrmService to call getpidcon.
+define(`use_drmservice', `
+ allow drmserver $1:dir search;
+ allow drmserver $1:file { read open };
+ allow drmserver $1:process getattr;
+')
+
+###########################################
+# add_service(domain, service)
+# Ability for domain to add a service to service_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+define(`add_service', `
+ allow $1 $2:service_manager { add find };
+ neverallow { domain -$1 } $2:service_manager add;
+')
+
+###########################################
+# add_hwservice(domain, service)
+# Ability for domain to add a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+define(`add_hwservice', `
+ allow $1 $2:hwservice_manager { add find };
+ allow $1 hidl_base_hwservice:hwservice_manager add;
+ neverallow { domain -$1 } $2:hwservice_manager add;
+')
+
+###########################################
+# hal_attribute_hwservice(attribute, service)
+# Ability for domain to get a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+#
+# Used to pair hal_foo_client with hal_foo_hwservice
+define(`hal_attribute_hwservice', `
+ allow $1_client $2:hwservice_manager find;
+ add_hwservice($1_server, $2)
+
+ build_test_only(`
+ neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
+ ')
+')
+
+###################################
+# can_profile_heap(domain)
+# Allow processes within the domain to have their heap profiled by heapprofd.
+#
+# Note that profiling is performed differently between debug and user builds.
+# There are two modes for profiling:
+# * forked
+# * central.
+# On user builds, the default is to allow only forked mode. If it is desired
+# to allow central mode as well for a domain, use can_profile_heap_central.
+# On userdebug, this macro allows both forked and central.
+define(`can_profile_heap', `
+ # Allow central daemon to send signal for client initialization.
+ allow heapprofd $1:process signal;
+
+ # Allow executing a private heapprofd process to handle profiling on
+ # user builds (also debug builds for testing & development purposes).
+ allow $1 heapprofd_exec:file rx_file_perms;
+
+ # Allow directory & file read to the central heapprofd daemon, as it scans
+ # /proc/[pid]/cmdline for by-process-name profiling configs.
+ # Note that this excludes /proc/[pid]/mem, as it requires ptrace capabilities.
+ allow heapprofd $1:file r_file_perms;
+ allow heapprofd $1:dir r_dir_perms;
+
+ # Profilability on user implies profilability on userdebug and eng.
+ userdebug_or_eng(`
+ can_profile_heap_central($1)
+ ')
+')
+
+###################################
+# can_profile_heap_central(domain)
+# Allow processes within the domain to have their heap profiled by central
+# heapprofd.
+define(`can_profile_heap_central', `
+ # Allow central daemon to send signal for client initialization.
+ allow heapprofd $1:process signal;
+ # Allow connecting to the daemon.
+ unix_socket_connect($1, heapprofd, heapprofd)
+ # Allow daemon to use the passed fds.
+ allow heapprofd $1:fd use;
+ # Allow to read and write to heapprofd shmem.
+ # The client needs to read the read and write pointers in order to write.
+ allow $1 heapprofd_tmpfs:file { read write getattr map };
+ # Use shared memory received over the unix socket.
+ allow $1 heapprofd:fd use;
+
+ # To read and write from the received file descriptors.
+ # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
+ # process they relate to.
+ # We need to write to /proc/$PID/page_idle to find idle allocations.
+ # The client only opens /proc/self/page_idle with RDWR, everything else
+ # with RDONLY.
+ # heapprofd cannot open /proc/$PID/mem itself, as it does not have
+ # sys_ptrace.
+ allow heapprofd $1:file rw_file_perms;
+ # Allow searching the /proc/[pid] directory for cmdline.
+ allow heapprofd $1:dir r_dir_perms;
+')
+
+###################################
+# never_profile_heap(domain)
+# Opt out of heap profiling by heapprofd.
+define(`never_profile_heap', `
+ neverallow heapprofd $1:file read;
+ neverallow heapprofd $1:process signal;
+')
+
+###################################
+# can_profile_perf(domain)
+# Allow processes within the domain to be profiled, and have their stacks
+# sampled, by traced_perf.
+define(`can_profile_perf', `
+ # Allow directory & file read to traced_perf, as it stat(2)s /proc/[pid], and
+ # reads /proc/[pid]/cmdline.
+ allow traced_perf $1:file r_file_perms;
+ allow traced_perf $1:dir r_dir_perms;
+
+ # Allow central daemon to send signal to request /proc/[pid]/maps and
+ # /proc/[pid]/mem fds from this process.
+ allow traced_perf $1:process signal;
+
+ # Allow connecting to the daemon.
+ unix_socket_connect($1, traced_perf, traced_perf)
+ # Allow daemon to use the passed fds.
+ allow traced_perf $1:fd use;
+')
+
+###################################
+# never_profile_perf(domain)
+# Opt out of profiling by traced_perf.
+define(`never_profile_perf', `
+ neverallow traced_perf $1:file read;
+ neverallow traced_perf $1:process signal;
+')
+
+###################################
+# perfetto_producer(domain)
+# Allow processes within the domain to write data to Perfetto.
+# When applying this macro, you might need to also allow traced to use the
+# producer tmpfs domain, if the producer will be the one creating the shared
+# memory.
+define(`perfetto_producer', `
+ allow $1 traced:fd use;
+ allow $1 traced_tmpfs:file { read write getattr map };
+ unix_socket_connect($1, traced_producer, traced)
+
+ # Also allow the service to use the producer file descriptors. This is
+ # necessary when the producer is creating the shared memory, as it will be
+ # passed to the service as a file descriptor (obtained from memfd_create).
+ allow traced $1:fd use;
+')
+
+###########################################
+# dump_hal(hal_type)
+# Ability to dump the hal debug info
+#
+define(`dump_hal', `
+ hal_client_domain(dumpstate, $1);
+ allow $1_server dumpstate:fifo_file write;
+ allow $1_server dumpstate:fd use;
+')
+
+#####################################
+# treble_sysprop_neverallow(rules)
+# SELinux neverallow rules which enforces the owner of each property and accessibility
+# outside the owner.
+#
+# For devices launching with R or later, all properties must be explicitly marked as one of:
+# system_property_type, vendor_property_type, or product_property_type.
+# Also, exported properties must be explicitly marked as "restricted" or "public",
+# depending on the accessibility outside the owner.
+# For devices launching with Q or eariler, this neverallow rules can be relaxed with defining
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true on BoardConfig.mk.
+# See {partition}_{accessibility}_prop macros below.
+#
+# CTS uses these rules only for devices launching with R or later.
+#
+define(`treble_sysprop_neverallow', ifelse(target_treble_sysprop_neverallow, `true', $1,
+ifelse(target_treble_sysprop_neverallow, `cts',
+# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+, )))
+
+###########################################
+# define_prop(name, owner, scope)
+# Define a property with given owner and scope
+#
+define(`define_prop', `
+ type $1, property_type, $2_property_type, $2_$3_property_type;
+')
+
+###########################################
+# system_internal_prop(name)
+# Define a /system-owned property used only in /system
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`system_internal_prop', `
+ define_prop($1, system, internal)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# system_restricted_prop(name)
+# Define a /system-owned property which can't be written outside /system
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`system_restricted_prop', `
+ define_prop($1, system, restricted)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:property_service set;
+ ')
+')
+
+###########################################
+# system_public_prop(name)
+# Define a /system-owned property with no restrictions
+#
+define(`system_public_prop', `define_prop($1, system, public)')
+
+###########################################
+# system_vendor_config_prop(name)
+# Define a /system-owned property which can only be written by vendor_init
+# This is a macro for vendor-specific configuration properties which is meant
+# to be set once from vendor_init.
+#
+define(`system_vendor_config_prop', `
+ system_public_prop($1)
+ set_prop(vendor_init, $1)
+ neverallow { domain -init -vendor_init } $1:property_service set;
+')
+
+###########################################
+# product_internal_prop(name)
+# Define a /product-owned property used only in /product
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`product_internal_prop', `
+ define_prop($1, product, internal)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# product_restricted_prop(name)
+# Define a /product-owned property which can't be written outside /product
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`product_restricted_prop', `
+ define_prop($1, product, restricted)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:property_service set;
+ ')
+')
+
+###########################################
+# product_public_prop(name)
+# Define a /product-owned property with no restrictions
+#
+define(`product_public_prop', `define_prop($1, product, public)')
+
+###########################################
+# vendor_internal_prop(name)
+# Define a /vendor-owned property used only in /vendor
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`vendor_internal_prop', `
+ define_prop($1, vendor, internal)
+ treble_sysprop_neverallow(`
+# init and dumpstate are in coredomain, but should be able to read all props.
+ neverallow { coredomain -init -dumpstate } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# vendor_restricted_prop(name)
+# Define a /vendor-owned property which can't be written outside /vendor
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`vendor_restricted_prop', `
+ define_prop($1, vendor, restricted)
+ treble_sysprop_neverallow(`
+# init is in coredomain, but should be able to write all props.
+ neverallow { coredomain -init } $1:property_service set;
+ ')
+')
+
+###########################################
+# vendor_public_prop(name)
+# Define a /vendor-owned property with no restrictions
+#
+define(`vendor_public_prop', `define_prop($1, vendor, public)')
diff --git a/prebuilts/api/30.0/public/tee.te b/prebuilts/api/30.0/public/tee.te
new file mode 100644
index 0000000..0f9b32d
--- /dev/null
+++ b/prebuilts/api/30.0/public/tee.te
@@ -0,0 +1,11 @@
+##
+# trusted execution environment (tee) daemon
+#
+type tee, domain;
+
+# Device(s) for communicating with the TEE
+type tee_device, dev_type;
+
+allow tee fingerprint_vendor_data_file:dir rw_dir_perms;
+allow tee fingerprint_vendor_data_file:file create_file_perms;
+
diff --git a/prebuilts/api/30.0/public/tombstoned.te b/prebuilts/api/30.0/public/tombstoned.te
new file mode 100644
index 0000000..ea2abbb
--- /dev/null
+++ b/prebuilts/api/30.0/public/tombstoned.te
@@ -0,0 +1,17 @@
+# debugger interface
+type tombstoned, domain, mlstrustedsubject;
+type tombstoned_exec, system_file_type, exec_type, file_type;
+
+# Write to arbitrary pipes given to us.
+allow tombstoned domain:fd use;
+allow tombstoned domain:fifo_file write;
+
+allow tombstoned domain:dir r_dir_perms;
+allow tombstoned domain:file r_file_perms;
+allow tombstoned tombstone_data_file:dir rw_dir_perms;
+allow tombstoned tombstone_data_file:file { create_file_perms link };
+
+# Changes for the new stack dumping mechanism. Each trace goes into a
+# separate file, and these files are managed by tombstoned.
+allow tombstoned anr_data_file:dir rw_dir_perms;
+allow tombstoned anr_data_file:file { append create getattr open link unlink };
diff --git a/prebuilts/api/30.0/public/toolbox.te b/prebuilts/api/30.0/public/toolbox.te
new file mode 100644
index 0000000..4c2cc3e
--- /dev/null
+++ b/prebuilts/api/30.0/public/toolbox.te
@@ -0,0 +1,38 @@
+# Any toolbox command run by init.
+# At present, the only known usage is for running mkswap via fs_mgr.
+# Do NOT use this domain for toolbox when run by any other domain.
+type toolbox, domain;
+type toolbox_exec, system_file_type, exec_type, file_type;
+
+# /dev/__null__ created by init prior to policy load,
+# open fd inherited by fsck.
+allow toolbox tmpfs:chr_file { read write ioctl };
+
+# Inherit and use pty created by android_fork_execvp_ext().
+allow toolbox devpts:chr_file { read write getattr ioctl };
+
+# mkswap-specific.
+# Read/write block devices used for swap partitions.
+# Assign swap_block_device type any such partition in your
+# device/<vendor>/<product>/sepolicy/file_contexts file.
+allow toolbox block_device:dir search;
+allow toolbox swap_block_device:blk_file rw_file_perms;
+
+# Only allow entry from init via the toolbox binary.
+neverallow { domain -init } toolbox:process transition;
+neverallow * toolbox:process dyntransition;
+neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
+
+# rm -rf directories in /data
+allow toolbox system_data_root_file:dir { remove_name write };
+allow toolbox system_data_file:dir { rmdir rw_dir_perms };
+allow toolbox system_data_file:file { getattr unlink };
+
+# chattr +F and chattr +P /data/media in init
+allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
+allowxperm toolbox media_rw_data_file:dir ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
diff --git a/prebuilts/api/30.0/public/traced.te b/prebuilts/api/30.0/public/traced.te
new file mode 100644
index 0000000..ec5b850
--- /dev/null
+++ b/prebuilts/api/30.0/public/traced.te
@@ -0,0 +1,2 @@
+type traced, domain, coredomain, mlstrustedsubject;
+
diff --git a/prebuilts/api/30.0/public/traced_perf.te b/prebuilts/api/30.0/public/traced_perf.te
new file mode 100644
index 0000000..f9a0324
--- /dev/null
+++ b/prebuilts/api/30.0/public/traced_perf.te
@@ -0,0 +1 @@
+type traced_perf, domain;
diff --git a/prebuilts/api/30.0/public/traced_probes.te b/prebuilts/api/30.0/public/traced_probes.te
new file mode 100644
index 0000000..3e587c8
--- /dev/null
+++ b/prebuilts/api/30.0/public/traced_probes.te
@@ -0,0 +1 @@
+type traced_probes, domain, coredomain, mlstrustedsubject;
diff --git a/prebuilts/api/30.0/public/traceur_app.te b/prebuilts/api/30.0/public/traceur_app.te
new file mode 100644
index 0000000..7e2cc84
--- /dev/null
+++ b/prebuilts/api/30.0/public/traceur_app.te
@@ -0,0 +1,32 @@
+type traceur_app, domain;
+
+allow traceur_app servicemanager:service_manager list;
+allow traceur_app hwservicemanager:hwservice_manager list;
+
+# Allow Traceur to enable traced if necessary.
+set_prop(traceur_app, traced_enabled_prop)
+
+set_prop(traceur_app, debug_prop)
+
+allow traceur_app {
+ service_manager_type
+ -apex_service
+ -dnsresolver_service
+ -gatekeeper_service
+ -incident_service
+ -installd_service
+ -iorapd_service
+ -lpdump_service
+ -netd_service
+ -virtual_touchpad_service
+ -vold_service
+ -vr_hwc_service
+ -default_android_service
+}:service_manager find;
+
+# Allow traceur_app to use atrace HAL
+hal_client_domain(traceur_app, hal_atrace)
+
+dontaudit traceur_app service_manager_type:service_manager find;
+dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
+dontaudit traceur_app domain:binder call;
diff --git a/prebuilts/api/30.0/public/tzdatacheck.te b/prebuilts/api/30.0/public/tzdatacheck.te
new file mode 100644
index 0000000..cf9b95d
--- /dev/null
+++ b/prebuilts/api/30.0/public/tzdatacheck.te
@@ -0,0 +1,18 @@
+# The tzdatacheck command run by init.
+type tzdatacheck, domain;
+type tzdatacheck_exec, system_file_type, exec_type, file_type;
+
+allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
+allow tzdatacheck zoneinfo_data_file:file unlink;
+
+# Below are strong assertion that only init, system_server and tzdatacheck
+# can modify the /data time zone rules directories. This is to make it very
+# clear that only these domains should modify the actual time zone rules data.
+# The tzdatacheck binary itself may be executed by shell for tests but it must
+# not be able to modify the real rules.
+# If other users / binaries could modify time zone rules on device this might
+# have negative implications for users (who may get incorrect local times)
+# or break assumptions made / invalidate data held by the components actually
+# responsible for updating time zone rules.
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms;
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms;
diff --git a/prebuilts/api/30.0/public/ueventd.te b/prebuilts/api/30.0/public/ueventd.te
new file mode 100644
index 0000000..fc503b8
--- /dev/null
+++ b/prebuilts/api/30.0/public/ueventd.te
@@ -0,0 +1,83 @@
+# ueventd seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type ueventd, domain;
+type ueventd_tmpfs, file_type;
+
+# Write to /dev/kmsg.
+allow ueventd kmsg_device:chr_file rw_file_perms;
+
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner setuid };
+allow ueventd device:file create_file_perms;
+
+r_dir_file(ueventd, rootfs)
+
+# ueventd needs write access to files in /sys to regenerate uevents
+allow ueventd sysfs_type:file w_file_perms;
+r_dir_file(ueventd, sysfs_type)
+allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
+allow ueventd tmpfs:chr_file rw_file_perms;
+allow ueventd dev_type:dir create_dir_perms;
+allow ueventd dev_type:lnk_file { create unlink };
+allow ueventd dev_type:chr_file { getattr create setattr unlink };
+allow ueventd dev_type:blk_file { getattr relabelfrom relabelto create setattr unlink };
+allow ueventd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow ueventd efs_file:dir search;
+allow ueventd efs_file:file r_file_perms;
+
+# Get SELinux enforcing status.
+r_dir_file(ueventd, selinuxfs)
+
+# Access for /vendor/ueventd.rc and /vendor/firmware
+r_dir_file(ueventd, { vendor_file_type -vendor_app_file -vendor_overlay_file })
+
+# Get file contexts for new device nodes
+allow ueventd file_contexts_file:file r_file_perms;
+
+# Use setfscreatecon() to label /dev directories and files.
+allow ueventd self:process setfscreate;
+
+# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
+allow ueventd proc_cmdline:file r_file_perms;
+
+# Everything is labeled as rootfs in recovery mode. ueventd has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+ allow ueventd rootfs:file { r_file_perms execute };
+')
+
+# Suppress denials for ueventd to getattr /postinstall. This occurs when the
+# linker tries to resolve paths in ld.config.txt.
+dontaudit ueventd postinstall_mnt_dir:dir getattr;
+
+# ueventd loads modules in response to modalias events.
+allow ueventd self:global_capability_class_set sys_module;
+allow ueventd vendor_file:system module_load;
+allow ueventd kernel:key search;
+
+# ueventd is using bootstrap bionic
+allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
+allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
+
+# ueventd can set properties, particularly it sets ro.cold_boot_done to signal
+# to init that cold boot has completed.
+set_prop(ueventd, cold_boot_done_prop)
+
+# Allow ueventd to run shell scripts from vendor
+allow ueventd vendor_shell_exec:file execute;
+
+#####
+##### neverallow rules
+#####
+
+# Restrict ueventd access on block devices to maintenence operations.
+neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
+
+# Only relabelto as we would never want to relabelfrom port_device
+neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabelto };
+
+# Nobody should be able to ptrace ueventd
+neverallow * ueventd:process ptrace;
+
+# ueventd should never execute a program without changing to another domain.
+neverallow ueventd { file_type fs_type }:file execute_no_trans;
diff --git a/prebuilts/api/30.0/public/uncrypt.te b/prebuilts/api/30.0/public/uncrypt.te
new file mode 100644
index 0000000..4114b2a
--- /dev/null
+++ b/prebuilts/api/30.0/public/uncrypt.te
@@ -0,0 +1,46 @@
+# uncrypt
+type uncrypt, domain, mlstrustedsubject;
+type uncrypt_exec, system_file_type, exec_type, file_type;
+
+allow uncrypt self:global_capability_class_set { dac_override dac_read_search };
+
+userdebug_or_eng(`
+ # For debugging, allow /data/local/tmp access
+ r_dir_file(uncrypt, shell_data_file)
+')
+
+# Read /cache/recovery/command
+# Read /cache/recovery/uncrypt_file
+allow uncrypt cache_file:dir search;
+allow uncrypt cache_recovery_file:dir rw_dir_perms;
+allow uncrypt cache_recovery_file:file create_file_perms;
+
+# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/.
+allow uncrypt ota_package_file:dir r_dir_perms;
+allow uncrypt ota_package_file:file rw_file_perms;
+
+# Write to /dev/socket/uncrypt
+unix_socket_connect(uncrypt, uncrypt, uncrypt)
+
+# Set a property to reboot the device.
+set_prop(uncrypt, powerctl_prop)
+
+# Raw writes to block device
+allow uncrypt self:global_capability_class_set sys_rawio;
+allow uncrypt misc_block_device:blk_file w_file_perms;
+allow uncrypt block_device:dir r_dir_perms;
+
+# Access userdata block device.
+allow uncrypt userdata_block_device:blk_file w_file_perms;
+
+r_dir_file(uncrypt, rootfs)
+
+# uncrypt reads /proc/cmdline
+allow uncrypt proc_cmdline:file r_file_perms;
+
+# Read files in /sys
+r_dir_file(uncrypt, sysfs_dt_firmware_android)
+
+# Suppress the denials coming from ReadDefaultFstab call.
+dontaudit uncrypt gsi_metadata_file:dir search;
+dontaudit uncrypt metadata_file:dir search;
diff --git a/prebuilts/api/30.0/public/untrusted_app.te b/prebuilts/api/30.0/public/untrusted_app.te
new file mode 100644
index 0000000..43fe19a
--- /dev/null
+++ b/prebuilts/api/30.0/public/untrusted_app.te
@@ -0,0 +1,30 @@
+###
+### Untrusted apps.
+###
+### Apps are labeled based on mac_permissions.xml (maps signer and
+### optionally package name to seinfo value) and seapp_contexts (maps UID
+### and optionally seinfo value to domain for process and type for data
+### directory). The untrusted_app domain is the default assignment in
+### seapp_contexts for any app with UID between APP_AID (10000)
+### and AID_ISOLATED_START (99000) if the app has no specific seinfo
+### value as determined from mac_permissions.xml. In current AOSP, this
+### domain is assigned to all non-system apps as well as to any system apps
+### that are not signed by the platform key. To move
+### a system app into a specific domain, add a signer entry for it to
+### mac_permissions.xml and assign it one of the pre-existing seinfo values
+### or define and use a new seinfo value in both mac_permissions.xml and
+### seapp_contexts.
+###
+
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion >= 30.
+type untrusted_app, domain;
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion = 29.
+type untrusted_app_29, domain;
+# This file defines the rules for untrusted apps running with
+# 25 < targetSdkVersion <= 28.
+type untrusted_app_27, domain;
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion <= 25.
+type untrusted_app_25, domain;
diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te
new file mode 100644
index 0000000..8b767be
--- /dev/null
+++ b/prebuilts/api/30.0/public/update_engine.te
@@ -0,0 +1,87 @@
+# Domain for update_engine daemon.
+type update_engine, domain, update_engine_common;
+type update_engine_exec, system_file_type, exec_type, file_type;
+
+net_domain(update_engine);
+
+# Following permissions are needed for update_engine.
+allow update_engine self:process { setsched };
+allow update_engine self:global_capability_class_set { fowner sys_admin };
+# Note: fsetid checks are triggered when creating a file in a directory with
+# the setgid bit set to determine if the file should inherit setgid. In this
+# case, setgid on the file is undesirable so we should just suppress the
+# denial.
+dontaudit update_engine self:global_capability_class_set fsetid;
+
+allow update_engine kmsg_device:chr_file { getattr w_file_perms };
+allow update_engine update_engine_exec:file rx_file_perms;
+wakelock_use(update_engine);
+
+# Ignore these denials.
+dontaudit update_engine kernel:process setsched;
+dontaudit update_engine self:global_capability_class_set sys_rawio;
+
+# Allow using persistent storage in /data/misc/update_engine.
+allow update_engine update_engine_data_file:dir create_dir_perms;
+allow update_engine update_engine_data_file:file create_file_perms;
+
+# Allow using persistent storage in /data/misc/update_engine_log.
+allow update_engine update_engine_log_data_file:dir create_dir_perms;
+allow update_engine update_engine_log_data_file:file create_file_perms;
+
+# Don't allow kernel module loading, just silence the logs.
+dontaudit update_engine kernel:system module_request;
+
+# Register the service to perform Binder IPC.
+binder_use(update_engine)
+add_service(update_engine, update_engine_service)
+
+# Allow update_engine to call the callback function provided by priv_app/GMS core.
+binder_call(update_engine, priv_app)
+# b/142672293: No other priv-app should need this rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow update_engine priv_app:binder { call transfer };
+ auditallow priv_app update_engine:binder transfer;
+ auditallow update_engine priv_app:fd use;
+')
+
+binder_call(update_engine, gmscore_app)
+
+# Allow update_engine to call the callback function provided by system_server.
+binder_call(update_engine, system_server)
+
+# Read OTA zip file at /data/ota_package/.
+allow update_engine ota_package_file:file r_file_perms;
+allow update_engine ota_package_file:dir r_dir_perms;
+
+# Use Boot Control HAL
+hal_client_domain(update_engine, hal_bootctl)
+
+# access /proc/misc
+allow update_engine proc_misc:file r_file_perms;
+
+# read directories on /system and /vendor
+allow update_engine system_file:dir r_dir_perms;
+
+# Allow to start gsid service.
+set_prop(update_engine, ctl_gsid_prop)
+
+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
+
+# update_engine tries to determine the parent path for all devices (e.g.
+# /dev/block/by-name) by reading the default fstab and looking for the misc
+# device. ReadDefaultFstab() checks whether a GSI is running by checking
+# gsi_metadata_file. We never apply OTAs when GSI is running, so just deny
+# the access.
+dontaudit update_engine gsi_metadata_file:dir search;
+
+# Allow to write to snapshotctl_log logs.
+# TODO(b/148818798) revert when parent bug is fixed.
+userdebug_or_eng(`
+allow update_engine snapshotctl_log_data_file:dir rw_dir_perms;
+allow update_engine snapshotctl_log_data_file:file create_file_perms;
+')
diff --git a/prebuilts/api/30.0/public/update_engine_common.te b/prebuilts/api/30.0/public/update_engine_common.te
new file mode 100644
index 0000000..57d8e7e
--- /dev/null
+++ b/prebuilts/api/30.0/public/update_engine_common.te
@@ -0,0 +1,86 @@
+# update_engine payload application permissions. These are shared between the
+# background daemon and the recovery tool to sideload an update.
+
+# Allow update_engine to reach block devices in /dev/block.
+allow update_engine_common block_device:dir search;
+
+# Allow read/write on system and boot partitions.
+allow update_engine_common boot_block_device:blk_file rw_file_perms;
+allow update_engine_common system_block_device:blk_file rw_file_perms;
+
+# Where ioctls are granted via standard allow rules to block devices,
+# automatically allow common ioctls that are generally needed by
+# update_engine.
+allowxperm update_engine_common dev_type:blk_file ioctl {
+ BLKDISCARD
+ BLKDISCARDZEROES
+ BLKROGET
+ BLKROSET
+ BLKSECDISCARD
+ BLKZEROOUT
+};
+
+# Allow to set recovery options in the BCB. Used to trigger factory reset when
+# the update to an older version (channel change) or incompatible version
+# requires it.
+allow update_engine_common misc_block_device:blk_file rw_file_perms;
+
+# read fstab
+allow update_engine_common rootfs:dir getattr;
+allow update_engine_common rootfs:file r_file_perms;
+
+# Allow update_engine_common to mount on the /postinstall directory and reset the
+# labels on the mounted filesystem to postinstall_file.
+allow update_engine_common postinstall_mnt_dir:dir { mounton getattr search };
+allow update_engine_common postinstall_file:filesystem { mount unmount relabelfrom relabelto };
+allow update_engine_common labeledfs:filesystem relabelfrom;
+
+# Allow update_engine_common to read and execute postinstall_file.
+allow update_engine_common postinstall_file:file rx_file_perms;
+allow update_engine_common postinstall_file:lnk_file r_file_perms;
+allow update_engine_common postinstall_file:dir r_dir_perms;
+
+# install update.zip from cache
+r_dir_file(update_engine_common, cache_file)
+
+# A postinstall program is typically a shell script (with a #!), so we allow
+# to execute those.
+allow update_engine_common shell_exec:file rx_file_perms;
+
+# Allow update_engine_common to suspend, resume and kill the postinstall program.
+allow update_engine_common postinstall:process { signal sigstop sigkill };
+
+# access /proc/cmdline
+allow update_engine_common proc_cmdline:file r_file_perms;
+
+# Read files in /sys/firmware/devicetree/base/firmware/android/
+r_dir_file(update_engine_common, sysfs_dt_firmware_android)
+
+# Needed because libdm reads sysfs to validate when a dm path is ready.
+r_dir_file(update_engine_common, sysfs_dm)
+
+# read / write on /dev/device-mapper to map / unmap devices
+allow update_engine_common dm_device:chr_file rw_file_perms;
+
+# apply / verify updates on devices mapped via device mapper
+allow update_engine_common dm_device:blk_file rw_file_perms;
+
+# read / write metadata on super device to resize partitions
+allow update_engine_common super_block_device_type:blk_file rw_file_perms;
+
+# ioctl on super device to get block device alignment and alignment offset
+allowxperm update_engine_common super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+
+# get physical block device to map logical partitions on device mapper
+allow update_engine_common block_device:dir r_dir_perms;
+
+# Allow update_engine_common to write to statsd socket.
+unix_socket_send(update_engine_common, statsdw, statsd)
+
+# Allow to read Virtual A/B feature flags.
+get_prop(update_engine_common, virtual_ab_prop)
+
+# Allow to read/write/create OTA metadata files for snapshot status and COW file status.
+allow update_engine_common metadata_file:dir search;
+allow update_engine_common ota_metadata_file:dir rw_dir_perms;
+allow update_engine_common ota_metadata_file:file create_file_perms;
diff --git a/prebuilts/api/30.0/public/update_verifier.te b/prebuilts/api/30.0/public/update_verifier.te
new file mode 100644
index 0000000..f881aeb
--- /dev/null
+++ b/prebuilts/api/30.0/public/update_verifier.te
@@ -0,0 +1,39 @@
+# update_verifier
+type update_verifier, domain;
+type update_verifier_exec, system_file_type, exec_type, file_type;
+
+# Allow update_verifier to reach block devices in /dev/block.
+allow update_verifier block_device:dir search;
+
+# Read care map in /data/ota_package/.
+allow update_verifier ota_package_file:dir r_dir_perms;
+allow update_verifier ota_package_file:file r_file_perms;
+
+# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
+allow update_verifier sysfs:dir r_dir_perms;
+
+# Read /sys/block/dm-X/dm/name (which is a symlink to
+# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
+# dm-X and system/vendor partitions.
+allow update_verifier sysfs_dm:dir r_dir_perms;
+allow update_verifier sysfs_dm:file r_file_perms;
+
+# Read all blocks in DM wrapped system partition.
+allow update_verifier dm_device:blk_file r_file_perms;
+
+# Write to kernel message.
+allow update_verifier kmsg_device:chr_file { getattr w_file_perms };
+
+# Allow update_verifier to reboot the device.
+set_prop(update_verifier, powerctl_prop)
+
+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
+# Use Boot Control HAL
+hal_client_domain(update_verifier, hal_bootctl)
+
+# Access Checkpoint commands over binder
+allow update_verifier vold_service:service_manager find;
+binder_call(update_verifier, servicemanager)
+binder_call(update_verifier, vold)
diff --git a/prebuilts/api/30.0/public/usbd.te b/prebuilts/api/30.0/public/usbd.te
new file mode 100644
index 0000000..991e7be
--- /dev/null
+++ b/prebuilts/api/30.0/public/usbd.te
@@ -0,0 +1,5 @@
+type usbd, domain;
+type usbd_exec, system_file_type, exec_type, file_type;
+
+# Start/stop adbd via ctl.start adbd
+set_prop(usbd, ctl_adbd_prop)
diff --git a/prebuilts/api/30.0/public/vdc.te b/prebuilts/api/30.0/public/vdc.te
new file mode 100644
index 0000000..e638e50
--- /dev/null
+++ b/prebuilts/api/30.0/public/vdc.te
@@ -0,0 +1,20 @@
+# vdc spawned from init for the following services:
+# defaultcrypto
+# encrypt
+#
+# We also transition into this domain from dumpstate, when
+# collecting bug reports.
+
+type vdc, domain;
+type vdc_exec, system_file_type, exec_type, file_type;
+
+# vdc can be invoked with logwrapper, so let it write to pty
+allow vdc devpts:chr_file rw_file_perms;
+
+# vdc writes directly to kmsg during the boot process
+allow vdc kmsg_device:chr_file { getattr w_file_perms };
+
+# vdc talks to vold over Binder
+binder_use(vdc)
+binder_call(vdc, vold)
+allow vdc vold_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te
new file mode 100644
index 0000000..36bb5cb
--- /dev/null
+++ b/prebuilts/api/30.0/public/vendor_init.te
@@ -0,0 +1,281 @@
+# vendor_init is its own domain.
+type vendor_init, domain, mlstrustedsubject;
+
+# Communication to the main init process
+allow vendor_init init:unix_stream_socket { read write };
+
+# Logging to kmsg
+allow vendor_init kmsg_device:chr_file { open getattr write };
+
+# Mount on /dev/usb-ffs/adb.
+allow vendor_init device:dir mounton;
+
+# Create and remove symlinks in /.
+allow vendor_init rootfs:lnk_file { create unlink };
+
+# Create cgroups mount points in tmpfs and mount cgroups on them.
+allow vendor_init cgroup:dir create_dir_perms;
+allow vendor_init cgroup:file w_file_perms;
+
+# /config
+allow vendor_init configfs:dir mounton;
+allow vendor_init configfs:dir create_dir_perms;
+allow vendor_init configfs:{ file lnk_file } create_file_perms;
+
+# Create directories under /dev/cpuctl after chowning it to system.
+allow vendor_init self:global_capability_class_set { dac_override dac_read_search };
+
+# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files.
+# chown/chmod require open+read+setattr required for open()+fchown/fchmod().
+# system/core/init.rc requires at least cache_file and data_file_type.
+# init.<board>.rc files often include device-specific types, so
+# we just allow all file types except /system files here.
+allow vendor_init self:global_capability_class_set { chown fowner fsetid };
+
+# mkdir with FBE requires reading /data/unencrypted/{ref,mode}.
+allow vendor_init unencrypted_data_file:dir search;
+allow vendor_init unencrypted_data_file:file r_file_perms;
+
+# Set encryption policy on dirs in /data
+allowxperm vendor_init data_file_type:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+};
+
+allow vendor_init system_data_file:dir getattr;
+
+allow vendor_init {
+ file_type
+ -core_data_file_type
+ -exec_type
+ -system_file_type
+ -mnt_product_file
+ -password_slot_metadata_file
+ -ota_metadata_file
+ -unlabeled
+ -vendor_file_type
+ -vold_metadata_file
+ -gsi_metadata_file
+ -apex_metadata_file
+}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
+
+allow vendor_init unlabeled:{ dir notdevfile_class_set } { getattr relabelfrom };
+
+allow vendor_init {
+ file_type
+ -core_data_file_type
+ -exec_type
+ -password_slot_metadata_file
+ -ota_metadata_file
+ -runtime_event_log_tags_file
+ -system_file_type
+ -unlabeled
+ -vendor_file_type
+ -vold_metadata_file
+ -gsi_metadata_file
+ -apex_metadata_file
+}:file { create getattr open read write setattr relabelfrom unlink map };
+
+allow vendor_init {
+ file_type
+ -core_data_file_type
+ -exec_type
+ -password_slot_metadata_file
+ -ota_metadata_file
+ -system_file_type
+ -unlabeled
+ -vendor_file_type
+ -vold_metadata_file
+ -gsi_metadata_file
+ -apex_metadata_file
+}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink };
+
+allow vendor_init {
+ file_type
+ -apex_mnt_dir
+ -core_data_file_type
+ -exec_type
+ -password_slot_metadata_file
+ -ota_metadata_file
+ -system_file_type
+ -unlabeled
+ -vendor_file_type
+ -vold_metadata_file
+ -gsi_metadata_file
+ -apex_metadata_file
+}:lnk_file { create getattr setattr relabelfrom unlink };
+
+allow vendor_init {
+ file_type
+ -core_data_file_type
+ -exec_type
+ -mnt_product_file
+ -password_slot_metadata_file
+ -ota_metadata_file
+ -system_file_type
+ -vendor_file_type
+ -vold_metadata_file
+ -gsi_metadata_file
+ -apex_metadata_file
+}:dir_file_class_set relabelto;
+
+allow vendor_init dev_type:dir create_dir_perms;
+allow vendor_init dev_type:lnk_file create;
+
+# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
+allow vendor_init debugfs_tracing:file w_file_perms;
+
+# chown/chmod on pseudo files.
+allow vendor_init {
+ fs_type
+ -contextmount_type
+ -keychord_device
+ -sdcard_type
+ -rootfs
+ -proc_uid_time_in_state
+ -proc_uid_concurrent_active_time
+ -proc_uid_concurrent_policy_time
+}:file { open read setattr map };
+
+allow vendor_init {
+ fs_type
+ -contextmount_type
+ -sdcard_type
+ -rootfs
+ -proc_uid_time_in_state
+ -proc_uid_concurrent_active_time
+ -proc_uid_concurrent_policy_time
+}:dir { open read setattr search };
+
+# chown/chmod on devices, e.g. /dev/ttyHS0
+allow vendor_init {
+ dev_type
+ -keychord_device
+ -port_device
+ -lowpan_device
+ -hw_random_device
+}:chr_file setattr;
+
+allow vendor_init dev_type:blk_file getattr;
+
+# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
+r_dir_file(vendor_init, proc_net_type)
+allow vendor_init proc_net_type:file w_file_perms;
+allow vendor_init self:global_capability_class_set net_admin;
+
+# Write to /proc/sys/vm/page-cluster
+allow vendor_init proc_page_cluster:file w_file_perms;
+
+# Write to sysfs nodes.
+allow vendor_init sysfs_type:dir r_dir_perms;
+allow vendor_init sysfs_type:lnk_file read;
+allow vendor_init { sysfs_type -sysfs_usermodehelper }:file rw_file_perms;
+
+# setfscreatecon() for labeling directories and socket files.
+allow vendor_init self:process { setfscreate };
+
+r_dir_file(vendor_init, vendor_file_type)
+
+# Vendor init can read properties
+allow vendor_init serialno_prop:file { getattr open read map };
+
+# Vendor init can perform operations on trusted and security Extended Attributes
+allow vendor_init self:global_capability_class_set sys_admin;
+
+# Raw writes to misc block device
+allow vendor_init misc_block_device:blk_file w_file_perms;
+
+# vendor_init is using bootstrap bionic
+allow vendor_init system_bootstrap_lib_file:dir r_dir_perms;
+allow vendor_init system_bootstrap_lib_file:file { execute read open getattr map };
+
+# Everything is labeled as rootfs in recovery mode. Vendor init has to execute
+# the dynamic linker and shared libraries.
+recovery_only(`
+ allow vendor_init rootfs:file { r_file_perms execute };
+')
+
+not_compatible_property(`
+ set_prop(vendor_init, {
+ property_type
+ -system_internal_property_type
+ -system_restricted_property_type
+ })
+')
+
+# Get file context
+allow vendor_init file_contexts_file:file r_file_perms;
+
+set_prop(vendor_init, apk_verity_prop)
+set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, bluetooth_audio_hal_prop)
+set_prop(vendor_init, cpu_variant_prop)
+set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_audio_prop)
+set_prop(vendor_init, exported_bluetooth_prop)
+set_prop(vendor_init, exported_camera_prop)
+set_prop(vendor_init, exported_config_prop)
+set_prop(vendor_init, exported_dalvik_prop)
+set_prop(vendor_init, exported_default_prop)
+set_prop(vendor_init, exported_ffs_prop)
+set_prop(vendor_init, exported_overlay_prop)
+set_prop(vendor_init, exported_pm_prop)
+set_prop(vendor_init, exported_radio_prop)
+set_prop(vendor_init, exported_system_radio_prop)
+set_prop(vendor_init, exported_wifi_prop)
+set_prop(vendor_init, exported2_config_prop)
+set_prop(vendor_init, exported2_system_prop)
+set_prop(vendor_init, exported2_vold_prop)
+set_prop(vendor_init, exported3_default_prop)
+set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
+set_prop(vendor_init, lmkd_prop)
+set_prop(vendor_init, logd_prop)
+set_prop(vendor_init, log_tag_prop)
+set_prop(vendor_init, log_prop)
+set_prop(vendor_init, rebootescrow_hal_prop)
+set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, storage_config_prop)
+set_prop(vendor_init, userspace_reboot_config_prop)
+set_prop(vendor_init, vehicle_hal_prop)
+set_prop(vendor_init, vendor_default_prop)
+set_prop(vendor_init, vendor_security_patch_level_prop)
+set_prop(vendor_init, vndk_prop)
+set_prop(vendor_init, virtual_ab_prop)
+set_prop(vendor_init, wifi_log_prop)
+
+get_prop(vendor_init, exported2_radio_prop)
+get_prop(vendor_init, exported3_system_prop)
+get_prop(vendor_init, surfaceflinger_display_prop)
+get_prop(vendor_init, theme_prop)
+
+get_prop(vendor_init, ota_prop)
+
+###
+### neverallow rules
+###
+
+# Vendor init shouldn't communicate with any vendor process, nor most system processes.
+neverallow_establish_socket_comms(vendor_init, { domain -init -logd -su -vendor_init });
+
+# The vendor_init domain is only entered via an exec based transition from the
+# init domain, never via setcon().
+neverallow domain vendor_init:process dyntransition;
+neverallow { domain -init } vendor_init:process transition;
+neverallow vendor_init { file_type fs_type -init_exec }:file entrypoint;
+
+# Never read/follow symlinks created by shell or untrusted apps.
+neverallow vendor_init { app_data_file privapp_data_file }:lnk_file read;
+neverallow vendor_init shell_data_file:lnk_file read;
+# Init should not be creating subdirectories in /data/local/tmp
+neverallow vendor_init shell_data_file:dir { write add_name remove_name };
+
+# init should never execute a program without changing to another domain.
+neverallow vendor_init { file_type fs_type }:file execute_no_trans;
+
+# Init never adds or uses services via service_manager.
+neverallow vendor_init service_manager_type:service_manager { add find };
+neverallow vendor_init servicemanager:service_manager list;
+
+# vendor_init should never be ptraced
+neverallow * vendor_init:process ptrace;
diff --git a/prebuilts/api/30.0/public/vendor_misc_writer.te b/prebuilts/api/30.0/public/vendor_misc_writer.te
new file mode 100644
index 0000000..dee9941
--- /dev/null
+++ b/prebuilts/api/30.0/public/vendor_misc_writer.te
@@ -0,0 +1,13 @@
+# vendor_misc_writer
+type vendor_misc_writer, domain;
+type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type;
+
+# Raw writes to misc_block_device
+allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
+allow vendor_misc_writer block_device:dir r_dir_perms;
+
+# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to
+# load DT fstab.
+dontaudit vendor_misc_writer proc_cmdline:file read;
+dontaudit vendor_misc_writer metadata_file:dir search;
+dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search;
diff --git a/prebuilts/api/30.0/public/vendor_shell.te b/prebuilts/api/30.0/public/vendor_shell.te
new file mode 100644
index 0000000..7d30acb
--- /dev/null
+++ b/prebuilts/api/30.0/public/vendor_shell.te
@@ -0,0 +1,19 @@
+type vendor_shell, domain;
+type vendor_shell_exec, exec_type, vendor_file_type, file_type;
+
+allow vendor_shell vendor_shell_exec:file rx_file_perms;
+allow vendor_shell vendor_toolbox_exec:file rx_file_perms;
+
+# Use fd from shell when vendor_shell is started from shell
+allow vendor_shell shell:fd use;
+
+# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh`
+allow vendor_shell adbd:fd use;
+allow vendor_shell adbd:process sigchld;
+allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write };
+
+allow vendor_shell devpts:chr_file rw_file_perms;
+allow vendor_shell tty_device:chr_file rw_file_perms;
+allow vendor_shell console_device:chr_file rw_file_perms;
+allow vendor_shell input_device:dir r_dir_perms;
+allow vendor_shell input_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/public/vendor_toolbox.te b/prebuilts/api/30.0/public/vendor_toolbox.te
new file mode 100644
index 0000000..eb292ca
--- /dev/null
+++ b/prebuilts/api/30.0/public/vendor_toolbox.te
@@ -0,0 +1,16 @@
+# Toolbox installation for vendor binaries / scripts
+# Non-vendor processes are not allowed to execute the binary
+# and is always executed without transition.
+type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
+
+# Do not allow domains to transition to vendor toolbox
+# or read, execute the vendor_toolbox file.
+full_treble_only(`
+ # Do not allow non-vendor domains to transition
+ # to vendor toolbox except for the whitelisted domains.
+ neverallow {
+ coredomain
+ -init
+ -modprobe
+ } vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
+')
diff --git a/prebuilts/api/30.0/public/virtual_touchpad.te b/prebuilts/api/30.0/public/virtual_touchpad.te
new file mode 100644
index 0000000..49c8704
--- /dev/null
+++ b/prebuilts/api/30.0/public/virtual_touchpad.te
@@ -0,0 +1,16 @@
+type virtual_touchpad, domain;
+type virtual_touchpad_exec, system_file_type, exec_type, file_type;
+
+binder_use(virtual_touchpad)
+binder_service(virtual_touchpad)
+add_service(virtual_touchpad, virtual_touchpad_service)
+
+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
+
+# Requires access to /dev/uinput to create and feed the virtual device.
+allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/vndservice.te b/prebuilts/api/30.0/public/vndservice.te
new file mode 100644
index 0000000..efd9adf
--- /dev/null
+++ b/prebuilts/api/30.0/public/vndservice.te
@@ -0,0 +1,2 @@
+type service_manager_vndservice, vndservice_manager_type;
+type default_android_vndservice, vndservice_manager_type;
diff --git a/prebuilts/api/30.0/public/vndservicemanager.te b/prebuilts/api/30.0/public/vndservicemanager.te
new file mode 100644
index 0000000..6b9f73d
--- /dev/null
+++ b/prebuilts/api/30.0/public/vndservicemanager.te
@@ -0,0 +1,2 @@
+# vndservicemanager - the Binder context manager for vendor processes
+type vndservicemanager, domain;
diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te
new file mode 100644
index 0000000..1d125d3
--- /dev/null
+++ b/prebuilts/api/30.0/public/vold.te
@@ -0,0 +1,373 @@
+# volume manager
+type vold, domain;
+type vold_exec, exec_type, file_type, system_file_type;
+
+# Read already opened /cache files.
+allow vold cache_file:dir r_dir_perms;
+allow vold cache_file:file { getattr read };
+allow vold cache_file:lnk_file r_file_perms;
+
+r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
+# XXX Label sysfs files with a specific type?
+allow vold {
+ sysfs # writing to /sys/*/uevent during coldboot.
+ sysfs_devices_block
+ sysfs_dm
+ sysfs_loop # writing to /sys/block/loop*/uevent during coldboot.
+ sysfs_usb
+ sysfs_zram_uevent
+ sysfs_fs_f2fs
+}:file w_file_perms;
+
+r_dir_file(vold, rootfs)
+r_dir_file(vold, metadata_file)
+allow vold {
+ proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_cmdline
+ proc_drop_caches
+ proc_filesystems
+ proc_meminfo
+ proc_mounts
+}:file r_file_perms;
+
+#Get file contexts
+allow vold file_contexts_file:file r_file_perms;
+
+# Allow us to jump into execution domains of above tools
+allow vold self:process setexec;
+
+# For formatting adoptable storage devices
+allow vold e2fs_exec:file rx_file_perms;
+
+# Run fstrim on mounted partitions
+# allowxperm still requires the ioctl permission for the individual type
+allowxperm vold { fs_type file_type }:dir ioctl FITRIM;
+
+# Get/set file-based encryption policies on dirs in /data and adoptable storage,
+# and add/remove file-based encryption keys.
+allowxperm vold data_file_type:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_SET_ENCRYPTION_POLICY
+ FS_IOC_ADD_ENCRYPTION_KEY
+ FS_IOC_REMOVE_ENCRYPTION_KEY
+};
+
+# Only vold and init should ever set file-based encryption policies.
+neverallowxperm {
+ domain
+ -vold
+ -init
+ -vendor_init
+} data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY };
+
+# Only vold should ever add/remove file-based encryption keys.
+neverallowxperm {
+ domain
+ -vold
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+
+# Find the location on the raw block device where the
+# crypto key is stored so it can be destroyed
+allowxperm vold vold_data_file:file ioctl {
+ FS_IOC_FIEMAP
+};
+
+typeattribute vold mlstrustedsubject;
+allow vold self:process setfscreate;
+allow vold system_file:file x_file_perms;
+not_full_treble(`allow vold vendor_file:file x_file_perms;')
+allow vold block_device:dir create_dir_perms;
+allow vold device:dir write;
+allow vold devpts:chr_file rw_file_perms;
+allow vold rootfs:dir mounton;
+allow vold sdcard_type:dir mounton; # TODO: deprecated in M
+allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M
+allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M
+allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
+
+# Manage locations where storage is mounted
+allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
+allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;
+
+# Access to storage that backs emulated FUSE daemons for migration optimization
+allow vold media_rw_data_file:dir create_dir_perms;
+allow vold media_rw_data_file:file create_file_perms;
+# Allow mounting (lower filesystem) on parts of media for performance
+allow vold media_rw_data_file:dir mounton;
+
+# Allow setting extended attributes (for project quota IDs) on files and dirs
+# and to enable project ID inheritance through FS_IOC_SETFLAGS
+allowxperm vold media_rw_data_file:{ dir file } ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
+
+# Allow mounting of storage devices
+allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr };
+
+# Manage per-user primary symlinks
+allow vold mnt_user_file:dir { create_dir_perms mounton };
+allow vold mnt_user_file:lnk_file create_file_perms;
+allow vold mnt_user_file:file create_file_perms;
+
+# Manage per-user pass_through primary symlinks
+allow vold mnt_pass_through_file:dir { create_dir_perms mounton };
+allow vold mnt_pass_through_file:lnk_file create_file_perms;
+
+# Allow to create and mount expanded storage
+allow vold mnt_expand_file:dir { create_dir_perms mounton };
+allow vold apk_data_file:dir { create getattr setattr };
+allow vold shell_data_file:dir { create getattr setattr };
+
+# Allow to mount incremental file system on /data/incremental and create files
+allow vold apk_data_file:dir { mounton rw_dir_perms };
+# Allow to create and write files in /data/incremental
+allow vold apk_data_file:file rw_file_perms;
+# Allow to bind-mount incremental file system on /data/app/vmdl*.tmp and read files
+allow vold apk_tmp_file:dir { mounton r_dir_perms };
+# Allow to read incremental control file and call selinux restorecon on it
+allow vold incremental_control_file:file { r_file_perms relabelto };
+
+allow vold tmpfs:filesystem { mount unmount };
+allow vold tmpfs:dir create_dir_perms;
+allow vold tmpfs:dir mounton;
+allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid };
+allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow vold loop_control_device:chr_file rw_file_perms;
+allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
+allowxperm vold loop_device:blk_file ioctl {
+ LOOP_CLR_FD
+ LOOP_CTL_GET_FREE
+ LOOP_GET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_STATUS64
+};
+allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
+allowxperm vold vold_device:blk_file ioctl { BLKDISCARD BLKGETSIZE };
+allow vold dm_device:chr_file rw_file_perms;
+allow vold dm_device:blk_file rw_file_perms;
+allowxperm vold dm_device:blk_file ioctl BLKSECDISCARD;
+# For vold Process::killProcessesWithOpenFiles function.
+allow vold domain:dir r_dir_perms;
+allow vold domain:{ file lnk_file } r_file_perms;
+allow vold domain:process { signal sigkill };
+allow vold self:global_capability_class_set { sys_ptrace kill };
+
+allow vold kmsg_device:chr_file rw_file_perms;
+
+# Run fsck in the fsck domain.
+allow vold fsck_exec:file { r_file_perms execute };
+
+# Log fsck results
+allow vold fscklogs:dir rw_dir_perms;
+allow vold fscklogs:file create_file_perms;
+
+#
+# Rules to support encrypted fs support.
+#
+
+# Unmount and mount the fs.
+allow vold labeledfs:filesystem { mount unmount remount };
+
+# Access /efs/userdata_footer.
+# XXX Split into a separate type?
+allow vold efs_file:file rw_file_perms;
+
+# Create and mount on /data/tmp_mnt and management of expansion mounts
+allow vold {
+ system_data_file
+ system_data_root_file
+}:dir { create rw_dir_perms mounton setattr rmdir };
+allow vold system_data_file:lnk_file getattr;
+
+# Vold create users in /data/vendor_{ce,de}/[0-9]+
+allow vold vendor_data_file:dir create_dir_perms;
+
+# for secdiscard
+allow vold system_data_file:file read;
+
+# Set scheduling policy of kernel processes
+allow vold kernel:process setsched;
+
+# Property Service
+set_prop(vold, vold_prop)
+set_prop(vold, exported_vold_prop)
+set_prop(vold, exported2_vold_prop)
+set_prop(vold, powerctl_prop)
+set_prop(vold, ctl_fuse_prop)
+set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)
+set_prop(vold, boottime_prop)
+set_prop(vold, boottime_public_prop)
+get_prop(vold, storage_config_prop)
+get_prop(vold, incremental_prop)
+
+# ASEC
+allow vold asec_image_file:file create_file_perms;
+allow vold asec_image_file:dir rw_dir_perms;
+allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto };
+allow vold asec_public_file:dir { relabelto setattr };
+allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto };
+allow vold asec_public_file:file { relabelto setattr };
+# restorecon files in asec containers created on 4.2 or earlier.
+allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
+allow vold unlabeled:file { r_file_perms setattr relabelfrom };
+
+# Access to FUSE control filesystem to hard-abort FUSE mounts
+allow vold fusectlfs:file rw_file_perms;
+allow vold fusectlfs:dir rw_dir_perms;
+
+# Handle wake locks (used for device encryption)
+wakelock_use(vold)
+
+# Allow vold to publish a binder service and make binder calls.
+binder_use(vold)
+add_service(vold, vold_service)
+
+# Allow vold to call into the system server so it can check permissions.
+binder_call(vold, system_server)
+allow vold permission_service:service_manager find;
+
+# talk to batteryservice
+binder_call(vold, healthd)
+
+# talk to keymaster
+hal_client_domain(vold, hal_keymaster)
+
+# talk to health storage HAL
+hal_client_domain(vold, hal_health_storage)
+
+# talk to bootloader HAL
+full_treble_only(`hal_client_domain(vold, hal_bootctl)')
+
+# Access userdata block device.
+allow vold userdata_block_device:blk_file rw_file_perms;
+allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD;
+
+# Access metadata block device used for encryption meta-data.
+allow vold metadata_block_device:blk_file rw_file_perms;
+
+# Allow vold to manipulate /data/unencrypted
+allow vold unencrypted_data_file:{ file } create_file_perms;
+allow vold unencrypted_data_file:dir create_dir_perms;
+
+# Write to /proc/sys/vm/drop_caches
+allow vold proc_drop_caches:file w_file_perms;
+
+# Give vold a place where only vold can store files; everyone else is off limits
+allow vold vold_data_file:dir create_dir_perms;
+allow vold vold_data_file:file create_file_perms;
+
+# And a similar place in the metadata partition
+allow vold vold_metadata_file:dir create_dir_perms;
+allow vold vold_metadata_file:file create_file_perms;
+
+# linux keyring configuration
+allow vold init:key { write search setattr };
+allow vold vold:key { write search setattr };
+
+# vold temporarily changes its priority when running benchmarks
+allow vold self:global_capability_class_set sys_nice;
+
+# vold needs to chroot into app namespaces to remount when runtime permissions change
+allow vold self:global_capability_class_set sys_chroot;
+allow vold storage_file:dir mounton;
+
+# For AppFuse.
+allow vold fuse_device:chr_file rw_file_perms;
+allow vold fuse:filesystem { relabelfrom };
+allow vold app_fusefs:filesystem { relabelfrom relabelto };
+allow vold app_fusefs:filesystem { mount unmount };
+allow vold app_fuse_file:dir rw_dir_perms;
+allow vold app_fuse_file:file { read write open getattr append };
+
+# MoveTask.cpp executes cp and rm
+allow vold toolbox_exec:file rx_file_perms;
+
+# Prepare profile dir for users.
+allow vold user_profile_data_file:dir create_dir_perms;
+
+# Raw writes to misc block device
+allow vold misc_block_device:blk_file w_file_perms;
+
+# vold might need to search or mount /mnt/vendor/*
+allow vold mnt_vendor_file:dir search;
+
+dontaudit vold self:global_capability_class_set sys_resource;
+
+# vold needs to know whether we're running a GSI.
+allow vold gsi_metadata_file:dir r_dir_perms;
+allow vold gsi_metadata_file:file r_file_perms;
+
+neverallow {
+ domain
+ -vold
+ -vold_prepare_subdirs
+} vold_data_file:dir ~{ open create read getattr setattr search relabelfrom relabelto ioctl };
+
+neverallow {
+ domain
+ -init
+ -vold
+ -vold_prepare_subdirs
+} vold_data_file:dir *;
+
+neverallow {
+ domain
+ -init
+ -vold
+} vold_metadata_file:dir *;
+
+neverallow {
+ domain
+ -kernel
+ -vold
+ -vold_prepare_subdirs
+} vold_data_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow {
+ domain
+ -init
+ -vold
+ -vold_prepare_subdirs
+} vold_metadata_file:notdevfile_class_set ~{ relabelto getattr };
+
+neverallow {
+ domain
+ -init
+ -kernel
+ -vold
+ -vold_prepare_subdirs
+} { vold_data_file vold_metadata_file }:notdevfile_class_set *;
+
+neverallow { domain -vold -init } restorecon_prop:property_service set;
+
+neverallow {
+ domain
+ -system_server
+ -vdc
+ -vold
+ -update_verifier
+ -apexd
+} vold_service:service_manager find;
+
+neverallow vold {
+ domain
+ -hal_health_storage_server
+ -hal_keymaster_server
+ -system_suspend_server
+ -hal_bootctl_server
+ -healthd
+ -hwservicemanager
+ -iorapd_service
+ -servicemanager
+ -system_server
+ userdebug_or_eng(`-su')
+}:binder call;
+
+neverallow vold fsck_exec:file execute_no_trans;
+neverallow { domain -init } vold:process { transition dyntransition };
+neverallow vold *:process ptrace;
+neverallow vold *:rawip_socket *;
diff --git a/prebuilts/api/30.0/public/vold_prepare_subdirs.te b/prebuilts/api/30.0/public/vold_prepare_subdirs.te
new file mode 100644
index 0000000..3087fa8
--- /dev/null
+++ b/prebuilts/api/30.0/public/vold_prepare_subdirs.te
@@ -0,0 +1,6 @@
+# SELinux directory creation and labelling for vold-managed directories
+
+type vold_prepare_subdirs, domain;
+type vold_prepare_subdirs_exec, system_file_type, exec_type, file_type;
+
+typeattribute vold_prepare_subdirs coredomain;
diff --git a/prebuilts/api/30.0/public/vr_hwc.te b/prebuilts/api/30.0/public/vr_hwc.te
new file mode 100644
index 0000000..c146887
--- /dev/null
+++ b/prebuilts/api/30.0/public/vr_hwc.te
@@ -0,0 +1,33 @@
+type vr_hwc, domain;
+type vr_hwc_exec, system_file_type, exec_type, file_type;
+
+# Get buffer metadata.
+hal_client_domain(vr_hwc, hal_graphics_allocator)
+
+binder_use(vr_hwc)
+binder_service(vr_hwc)
+
+binder_call(vr_hwc, surfaceflinger)
+# Needed to check for app permissions.
+binder_call(vr_hwc, system_server)
+
+add_service(vr_hwc, vr_hwc_service)
+
+# Hosts the VR HWC implementation and provides a simple Binder interface for VR
+# Window Manager to receive the layers/buffers.
+hwbinder_use(vr_hwc)
+
+# Load vendor libraries.
+allow vr_hwc system_file:dir r_dir_perms;
+
+allow vr_hwc ion_device:chr_file r_file_perms;
+
+# Allow connection to VR DisplayClient to get the primary display metadata
+# (ie: size).
+pdx_client(vr_hwc, display_client)
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow vr_hwc permission_service:service_manager find;
+
+allow vr_hwc vrflinger_vsync_service:service_manager find;
diff --git a/prebuilts/api/30.0/public/watchdogd.te b/prebuilts/api/30.0/public/watchdogd.te
new file mode 100644
index 0000000..72e3685
--- /dev/null
+++ b/prebuilts/api/30.0/public/watchdogd.te
@@ -0,0 +1,6 @@
+# watchdogd seclabel is specified in init.<board>.rc
+type watchdogd, domain;
+type watchdogd_exec, system_file_type, exec_type, file_type;
+
+allow watchdogd watchdog_device:chr_file rw_file_perms;
+allow watchdogd kmsg_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/public/webview_zygote.te b/prebuilts/api/30.0/public/webview_zygote.te
new file mode 100644
index 0000000..ace3a01
--- /dev/null
+++ b/prebuilts/api/30.0/public/webview_zygote.te
@@ -0,0 +1,6 @@
+# webview_zygote is an auxiliary zygote process that is used to spawn
+# isolated_app processes for rendering untrusted web content.
+
+type webview_zygote, domain;
+type webview_zygote_exec, exec_type, file_type;
+type webview_zygote_tmpfs, file_type;
diff --git a/prebuilts/api/30.0/public/wificond.te b/prebuilts/api/30.0/public/wificond.te
new file mode 100644
index 0000000..b429884
--- /dev/null
+++ b/prebuilts/api/30.0/public/wificond.te
@@ -0,0 +1,42 @@
+# wificond
+type wificond, domain;
+type wificond_exec, system_file_type, exec_type, file_type;
+
+binder_use(wificond)
+binder_call(wificond, system_server)
+binder_call(wificond, keystore)
+
+add_service(wificond, wifinl80211_service)
+
+set_prop(wificond, exported_wifi_prop)
+set_prop(wificond, wifi_prop)
+set_prop(wificond, ctl_default_prop)
+
+# create sockets to set interfaces up and down
+allow wificond self:udp_socket create_socket_perms;
+# setting interface state up/down is a privileged ioctl
+allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
+allow wificond self:global_capability_class_set { net_admin net_raw };
+# allow wificond to speak to nl80211 in the kernel
+allow wificond self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+r_dir_file(wificond, proc_net_type)
+
+# allow wificond to check permission for dumping logs
+allow wificond permission_service:service_manager find;
+
+# dumpstate support
+allow wificond dumpstate:fd use;
+allow wificond dumpstate:fifo_file write;
+
+#### Offer the Wifi Keystore HwBinder service ###
+hwbinder_use(wificond)
+get_prop(wificond, hwservicemanager_prop)
+typeattribute wificond wifi_keystore_service_server;
+add_hwservice(wificond, system_wifi_keystore_hwservice)
+
+# Allow keystore binder access to serve the HwBinder service.
+allow wificond keystore_service:service_manager find;
+allow wificond keystore:keystore_key get;
diff --git a/prebuilts/api/30.0/public/wpantund.te b/prebuilts/api/30.0/public/wpantund.te
new file mode 100644
index 0000000..8ddd693
--- /dev/null
+++ b/prebuilts/api/30.0/public/wpantund.te
@@ -0,0 +1,29 @@
+type wpantund, domain;
+type wpantund_exec, system_file_type, exec_type, file_type;
+
+hal_client_domain(wpantund, hal_lowpan)
+net_domain(wpantund)
+
+binder_use(wpantund)
+binder_call(wpantund, system_server)
+
+# wpantund needs to be able to check in with the lowpan_service
+allow wpantund lowpan_service:service_manager find;
+
+# Allow wpantund to call any callbacks that have been registered with it.
+# Generally, only privileged apps are able to register callbacks with
+# wpantund, so we are limiting the scope for callbacks to only privileged
+# apps. We also add shell to allow the command-line utility `lowpanctl`
+# to work properly from `adb shell`.
+allow wpantund {priv_app shell}:binder call;
+
+# create sockets to set interfaces up and down, add multicast groups, etc.
+allow wpantund self:udp_socket create_socket_perms;
+
+# setting interface state up/down and changing MTU are privileged ioctls
+allowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU };
+
+# Allow us to bring up a TUN network interface.
+allow wpantund tun_device:chr_file rw_file_perms;
+allow wpantund self:global_capability_class_set { net_admin net_raw };
+allow wpantund self:tun_socket create;
diff --git a/prebuilts/api/30.0/public/zygote.te b/prebuilts/api/30.0/public/zygote.te
new file mode 100644
index 0000000..071354e
--- /dev/null
+++ b/prebuilts/api/30.0/public/zygote.te
@@ -0,0 +1,4 @@
+# zygote
+type zygote, domain;
+type zygote_tmpfs, file_type;
+type zygote_exec, system_file_type, exec_type, file_type;
diff --git a/private/access_vectors b/private/access_vectors
index b77dcc1..4144be8 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -27,6 +27,14 @@
execute
quotaon
mounton
+ audit_access
+ open
+ execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
@@ -125,7 +133,7 @@
common cap2
{
mac_override # unused by SELinux
- mac_admin # unused by SELinux
+ mac_admin
syslog
wake_alarm
block_suspend
@@ -153,6 +161,7 @@
associate
quotamod
quotaget
+ watch
}
class dir
@@ -163,9 +172,6 @@
reparent
search
rmdir
- open
- audit_access
- execmod
}
class file
@@ -173,52 +179,26 @@
{
execute_no_trans
entrypoint
- execmod
- open
- audit_access
}
class lnk_file
inherits file
-{
- open
- audit_access
- execmod
-}
class chr_file
inherits file
{
execute_no_trans
entrypoint
- execmod
- open
- audit_access
}
class blk_file
inherits file
-{
- open
- audit_access
- execmod
-}
class sock_file
inherits file
-{
- open
- audit_access
- execmod
-}
class fifo_file
inherits file
-{
- open
- audit_access
- execmod
-}
class fd
{
@@ -410,6 +390,7 @@
{
nlmsg_read
nlmsg_write
+ nlmsg_readpriv
}
class netlink_tcpdiag_socket
@@ -468,8 +449,6 @@
send
recv
relabelto
- flow_in # deprecated
- flow_out # deprecated
forward_in
forward_out
}
@@ -744,3 +723,19 @@
class xdp_socket
inherits socket
+
+class perf_event
+{
+ open
+ cpu
+ kernel
+ tracepoint
+ read
+ write
+}
+
+class lockdown
+{
+ integrity
+ confidentiality
+}
diff --git a/private/adbd.te b/private/adbd.te
index 2fa4af6..be4f0f7 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -23,6 +23,10 @@
unix_socket_connect(adbd, recovery, recovery)
')
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
@@ -83,6 +87,9 @@
set_prop(adbd, ffs_prop)
set_prop(adbd, exported_ffs_prop)
+# Set service.adb.tls.port, persist.adb.wifi. properties
+set_prop(adbd, adbd_prop)
+
# Access device logging gating property
get_prop(adbd, device_logging_prop)
@@ -92,6 +99,9 @@
# Read whether or not Test Harness Mode is enabled
get_prop(adbd, test_harness_prop)
+# Read persist.adb.tls_server.enable property
+get_prop(adbd, system_adbd_prop)
+
# Read device's overlayfs related properties and files
userdebug_or_eng(`
get_prop(adbd, persistent_properties_ready_prop)
@@ -170,13 +180,18 @@
allow adbd rootfs:dir r_dir_perms;
+# Allow killing child "perfetto" binary processes, which auto-transition to
+# their own domain. Allows propagating termination of "adb shell perfetto ..."
+# invocations.
+allow adbd perfetto:process signal;
+
# Allow to pull Perfetto traces.
allow adbd perfetto_traces_data_file:file r_file_perms;
allow adbd perfetto_traces_data_file:dir r_dir_perms;
# Connect to shell and use a socket transferred from it.
# Used for e.g. abb.
-allow adbd shell:unix_stream_socket { read write };
+allow adbd shell:unix_stream_socket { read write shutdown };
allow adbd shell:fd use;
###
diff --git a/private/aidl_lazy_test_server.te b/private/aidl_lazy_test_server.te
new file mode 100644
index 0000000..33efde0
--- /dev/null
+++ b/private/aidl_lazy_test_server.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ typeattribute aidl_lazy_test_server coredomain;
+
+ init_daemon_domain(aidl_lazy_test_server)
+')
diff --git a/private/apexd.te b/private/apexd.te
index b3aabea..9e702dd 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -11,6 +11,20 @@
allow apexd apex_metadata_file:dir create_dir_perms;
allow apexd apex_metadata_file:file create_file_perms;
+# Allow apexd to create files and directories for snapshots of apex data
+allow apexd apex_permission_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_permission_data_file:file { create_file_perms relabelto };
+allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom };
+allow apexd apex_module_data_file:file { create_file_perms relabelfrom };
+allow apexd apex_rollback_data_file:dir create_dir_perms;
+allow apexd apex_rollback_data_file:file create_file_perms;
+allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_wifi_data_file:file { create_file_perms relabelto };
+
+# Allow apexd to read directories under /data/misc_de in order to snapshot and
+# restore apex data for all users.
+allow apexd system_data_file:dir r_dir_perms;
+
# allow apexd to create loop devices with /dev/loop-control
allow apexd loop_control_device:chr_file rw_file_perms;
# allow apexd to access loop devices
@@ -32,7 +46,16 @@
allow apexd dm_device:blk_file rw_file_perms;
# sys_admin is required to access the device-mapper and mount
-allow apexd self:global_capability_class_set sys_admin;
+# dac_override, chown, and fowner are needed for snapshot and restore
+allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner };
+
+# Note: fsetid is deliberately not included above. fsetid checks are
+# triggered by chmod on a directory or file owned by a group other
+# than one of the groups assigned to the current process to see if
+# the setgid bit should be cleared, regardless of whether the setgid
+# bit was even set. We do not appear to truly need this capability
+# for apexd to operate.
+dontaudit apexd self:global_capability_class_set fsetid;
# allow apexd to create a mount point in /apex
allow apexd apex_mnt_dir:dir create_dir_perms;
@@ -50,6 +73,10 @@
allow apexd staging_data_file:dir r_dir_perms;
allow apexd staging_data_file:file { r_file_perms link };
+# allow apexd to read files from /vendor/apex
+allow apexd vendor_apex_file:dir r_dir_perms;
+allow apexd vendor_apex_file:file r_file_perms;
+
# Unmount and mount filesystems
allow apexd labeledfs:filesystem { mount unmount };
@@ -63,12 +90,6 @@
allow apexd sysfs_loop:dir r_dir_perms;
allow apexd sysfs_loop:file rw_file_perms;
-# Spawning a libbinder thread results in a dac_override deny,
-# /dev/cpuset/tasks is owned by system.
-#
-# See b/35323867#comment3
-dontaudit apexd self:global_capability_class_set { dac_override dac_read_search };
-
# Allow apexd to log to the kernel.
allow apexd kmsg_device:chr_file w_file_perms;
@@ -76,6 +97,9 @@
# not covered by rollback manager.
set_prop(apexd, powerctl_prop)
+# Allow apexd to stop itself
+set_prop(apexd, ctl_apexd_prop)
+
# Find the vold service, and call into vold to manage FS checkpoints
allow apexd vold_service:service_manager find;
binder_call(apexd, vold)
@@ -107,8 +131,27 @@
domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
')
+# Allow apexd to be invoked with logwrapper from init during userspace reboot.
+allow apexd devpts:chr_file { read write };
+
+# Allow apexd to create pts files via logwrap_fork_exec for its own use, to pass to
+# other processes
+create_pty(apexd)
+
+# Allow apexd to read file contexts when performing restorecon of snapshots.
+allow apexd file_contexts_file:file r_file_perms;
+
+# Allow apexd to execute toybox for snapshot & restore
+allow apexd toolbox_exec:file rx_file_perms;
+
neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
diff --git a/private/app.te b/private/app.te
index 0d9a2b4..9882d8f 100644
--- a/private/app.te
+++ b/private/app.te
@@ -2,6 +2,26 @@
# the implementation of ActivityManager.isDeviceInTestHarnessMode()
get_prop(appdomain, test_harness_prop)
+userdebug_or_eng(`perfetto_producer({ appdomain })')
+
+# Prevent apps from causing presubmit failures.
+# Apps can cause selinux denials by accessing CE storage
+# and/or external storage. In either case, the selinux denial is
+# not the cause of the failure, but just a symptom that
+# storage isn't ready. Many apps handle the failure appropriately.
+#
+# Apps cannot access external storage before it becomes available.
+dontaudit appdomain storage_stub_file:dir getattr;
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
+# allowed to write to CE storage before it's available.
+# Attempting to do so will be blocked by both selinux and unix
+# permissions.
+dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
+
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };
@@ -15,3 +35,9 @@
{ domain -appdomain -crash_dump -rs }:process { transition };
neverallow { appdomain -shell userdebug_or_eng(`-su') }
{ domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 23e1fd2..1157187 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -6,9 +6,11 @@
ephemeral_app
isolated_app
mediaprovider
+ mediaprovider_app
untrusted_app
untrusted_app_25
untrusted_app_27
+ untrusted_app_29
untrusted_app_all
}')
# Receive or send uevent messages.
@@ -37,9 +39,8 @@
neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
-# net.dns properties are not a public API. Temporarily exempt pre-Oreo apps,
-# but otherwise disallow untrusted apps from reading this property.
-neverallow { all_untrusted_apps -untrusted_app_25 } net_dns_prop:file read;
+# net.dns properties are not a public API. Disallow untrusted apps from reading this property.
+neverallow { all_untrusted_apps } net_dns_prop:file read;
# Shared libraries created by trusted components within an app home
# directory can be dlopen()ed. To maintain the W^X property, these files
@@ -86,7 +87,7 @@
neverallow all_untrusted_apps file_type:file link;
# Do not allow untrusted apps to access network MAC address file
-neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
# Do not allow any write access to files in /sys
neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
@@ -112,6 +113,14 @@
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *;
+# Disallow sending RTM_GETLINK messages on netlink sockets.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -untrusted_app_29
+} domain:netlink_route_socket { bind nlmsg_readpriv };
+
# Do not allow untrusted apps access to /cache
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
@@ -137,8 +146,8 @@
')
}:dir_file_class_set { create unlink };
-# No untrusted component should be touching /dev/fuse
-neverallow all_untrusted_apps fuse_device:chr_file *;
+# No untrusted component except mediaprovider_app should be touching /dev/fuse
+neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *;
# Do not allow untrusted apps to directly open the tun_device
neverallow all_untrusted_apps tun_device:chr_file open;
@@ -177,7 +186,6 @@
neverallow all_untrusted_apps {
proc
proc_asound
- proc_filesystems
proc_kmsg
proc_loadavg
proc_mounts
@@ -191,6 +199,10 @@
proc_vmstat
}:file { no_rw_file_perms no_x_file_perms };
+# /proc/filesystems is accessible to mediaprovider_app only since it handles
+# external storage
+neverallow { all_untrusted_apps - mediaprovider_app } proc_filesystems:file { no_rw_file_perms no_x_file_perms };
+
# Avoid all access to kernel configuration
neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
@@ -205,11 +217,11 @@
# other than find actions for services listed below
neverallow all_untrusted_apps *:hwservice_manager ~find;
-# Do not permit access from apps which host arbitrary code to HwBinder services,
-# except those considered sufficiently safe for access from such apps.
+# Do not permit access from apps which host arbitrary code to the protected HwBinder
+# services.
# The two main reasons for this are:
-# 1. HwBinder servers do not perform client authentication because HIDL
-# currently does not expose caller UID information and, even if it did, many
+# 1. Protected HwBinder servers do not perform client authentication because HIDL
+# currently does not expose caller UID information and, even if it did, those
# HwBinder services either operate at a level below that of apps (e.g., HALs)
# or must not rely on app identity for authorization. Thus, to be safe, the
# default assumption is that every HwBinder service treats all its clients as
@@ -218,110 +230,15 @@
# incidence rate of security issues than system/core components and have
# access to lower layes of the stack (all the way down to hardware) thus
# increasing opportunities for bypassing the Android security model.
-#
-# Safe services include:
-# - same process services: because they by definition run in the process
-# of the client and thus have the same access as the client domain in which
-# the process runs
-# - coredomain_hwservice: are considered safe because they do not pose risks
-# associated with reason #2 above.
-# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
-# designed for use by any domain.
-# - hal_graphics_allocator_hwservice: because these operations are also offered
-# by surfaceflinger Binder service, which apps are permitted to access
-# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
-# Binder service which apps were permitted to access.
-# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
-neverallow all_untrusted_apps {
- hwservice_manager_type
- -same_process_hwservice
- -coredomain_hwservice
- -hal_codec2_hwservice
- -hal_configstore_ISurfaceFlingerConfigs
- -hal_graphics_allocator_hwservice
- -hal_omx_hwservice
- -hal_cas_hwservice
- -hal_neuralnetworks_hwservice
- -untrusted_app_visible_hwservice_violators
-}:hwservice_manager find;
+neverallow all_untrusted_apps protected_hwservice:hwservice_manager find;
-# Make sure that the following services are never accessible by untrusted_apps
neverallow all_untrusted_apps {
- default_android_hwservice
- hal_atrace_hwservice
- hal_audio_hwservice
- hal_authsecret_hwservice
- hal_bluetooth_hwservice
- hal_bootctl_hwservice
- hal_camera_hwservice
- hal_confirmationui_hwservice
- hal_contexthub_hwservice
- hal_drm_hwservice
- hal_dumpstate_hwservice
- hal_fingerprint_hwservice
- hal_gatekeeper_hwservice
- hal_gnss_hwservice
- hal_graphics_composer_hwservice
- hal_health_hwservice
- hal_input_classifier_hwservice
- hal_ir_hwservice
- hal_keymaster_hwservice
- hal_light_hwservice
- hal_memtrack_hwservice
- hal_nfc_hwservice
- hal_oemlock_hwservice
- hal_power_hwservice
- hal_power_stats_hwservice
- hal_secure_element_hwservice
- hal_sensors_hwservice
- hal_telephony_hwservice
- hal_thermal_hwservice
- hal_tv_cec_hwservice
- hal_tv_input_hwservice
- hal_usb_hwservice
- hal_vibrator_hwservice
- hal_vr_hwservice
- hal_weaver_hwservice
- hal_wifi_hwservice
- hal_wifi_offload_hwservice
- hal_wifi_supplicant_hwservice
- hidl_base_hwservice
- system_net_netd_hwservice
- thermalcallback_hwservice
-}:hwservice_manager find;
-# HwBinder services offered by core components (as opposed to vendor components)
-# are considered somewhat safer due to point #2 above.
-neverallow all_untrusted_apps {
- coredomain_hwservice
- -same_process_hwservice
- -fwk_bufferhub_hwservice # Designed for use by any domain
- -hidl_allocator_hwservice # Designed for use by any domain
- -hidl_manager_hwservice # Designed for use by any domain
- -hidl_memory_hwservice # Designed for use by any domain
- -hidl_token_hwservice # Designed for use by any domain
-}:hwservice_manager find;
+ vendor_service
+}:service_manager find;
# SELinux is not an API for untrusted apps to use
neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
-# Restrict *Binder access from apps to HAL domains. We can only do this on full
-# Treble devices where *Binder communications between apps and HALs are tightly
-# restricted.
-full_treble_only(`
- neverallow all_untrusted_apps {
- halserverdomain
- -coredomain
- -hal_cas_server
- -hal_codec2_server
- -hal_configstore_server
- -hal_graphics_allocator_server
- -hal_neuralnetworks_server
- -hal_omx_server
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- -untrusted_app_visible_halserver_violators
- }:binder { call transfer };
-')
-
# Access to /proc/tty/drivers, to allow apps to determine if they
# are running in an emulated environment.
# b/33214085 b/33814662 b/33791054 b/33211769
@@ -333,11 +250,13 @@
# Untrusted apps are not allowed to use cgroups.
neverallow all_untrusted_apps cgroup:file *;
-# Untrusted apps targetting >= Q are not allowed to open /dev/ashmem directly.
-# They must use ASharedMemory NDK API instead.
+# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps
+# must not use it.
neverallow {
all_untrusted_apps
- -ephemeral_app
-untrusted_app_25
-untrusted_app_27
-} ashmem_device:chr_file open;
+} mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;
diff --git a/private/app_zygote.te b/private/app_zygote.te
index e44c1be..9285323 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -4,9 +4,6 @@
###### Policy below is different from regular zygote-spawned apps
######
-# The app_zygote needs to be able to transition domains.
-typeattribute app_zygote mlstrustedsubject;
-
# Allow access to temporary files, which is normally permitted through
# a domain macro.
tmpfs_domain(app_zygote);
@@ -61,12 +58,18 @@
allow app_zygote apk_data_file:dir r_dir_perms;
allow app_zygote apk_data_file:file { r_file_perms execute };
+# /oem accesses.
+allow app_zygote oemfs:dir search;
+
# Allow app_zygote access to /vendor/overlay
r_dir_file(app_zygote, vendor_overlay_file)
allow app_zygote system_data_file:lnk_file r_file_perms;
allow app_zygote system_data_file:file { getattr read map };
+# Send unsolicited message to system_server
+unix_socket_send(app_zygote, system_unsolzygote, system_server)
+
#####
##### Neverallow
#####
@@ -89,18 +92,19 @@
neverallow app_zygote property_socket:sock_file write;
neverallow app_zygote property_type:property_service set;
-# Should not have any access to non-app data files.
+# Should not have any access to data files.
neverallow app_zygote {
bluetooth_data_file
nfc_data_file
radio_data_file
shell_data_file
+ app_data_file
+ privapp_data_file
}:file { rwx_file_perms };
neverallow app_zygote {
service_manager_type
-activity_service
- -ashmem_device_service
-webviewupdate_service
}:service_manager find;
@@ -127,15 +131,18 @@
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
} *;
-# Only allow app_zygote to talk to the logd socket, and su/heapprofd on eng/userdebug
-# This is because cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
+# Only allow app_zygote to talk to the logd socket, and
+# su/heapprofd/traced_perf on eng/userdebug. This is because
+# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
# Think twice before changing.
neverallow app_zygote {
domain
-app_zygote
-logd
+ -system_server
userdebug_or_eng(`-su')
userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
}:unix_dgram_socket *;
neverallow app_zygote {
@@ -143,6 +150,7 @@
-app_zygote
userdebug_or_eng(`-su')
userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
}:unix_stream_socket *;
# Never allow ptrace
diff --git a/private/ashmemd.te b/private/ashmemd.te
deleted file mode 100644
index 08df515..0000000
--- a/private/ashmemd.te
+++ /dev/null
@@ -1,9 +0,0 @@
-typeattribute ashmemd coredomain;
-type ashmemd_exec, exec_type, file_type, system_file_type;
-
-init_daemon_domain(ashmemd)
-
-binder_use(ashmemd)
-add_service(ashmemd, ashmem_device_service)
-
-allow ashmemd ashmem_device:chr_file rw_file_perms;
diff --git a/private/atrace.te b/private/atrace.te
index 75be787..ad7d177 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -37,6 +37,7 @@
-installd_service
-vold_service
-lpdump_service
+ -default_android_service
}:service_manager { find };
allow atrace servicemanager:service_manager list;
@@ -55,6 +56,7 @@
allow atrace hwservicemanager:hwservice_manager list;
# Notify the camera HAL.
hal_client_domain(atrace, hal_camera)
+ hal_client_domain(atrace, hal_vibrator)
')
# Remove logspam from notification attempts to non-whitelisted services.
diff --git a/private/attributes b/private/attributes
new file mode 100644
index 0000000..e01b212
--- /dev/null
+++ b/private/attributes
@@ -0,0 +1 @@
+hal_attribute(lazy_test);
diff --git a/private/audioserver.te b/private/audioserver.te
index 05e793c..067152f 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -40,6 +40,7 @@
allow audioserver scheduling_policy_service:service_manager find;
allow audioserver mediametrics_service:service_manager find;
allow audioserver sensor_privacy_service:service_manager find;
+allow audioserver soundtrigger_middleware_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te
new file mode 100644
index 0000000..fa11ca4
--- /dev/null
+++ b/private/automotive_display_service.te
@@ -0,0 +1,33 @@
+# Display proxy service for Automotive
+type automotive_display_service, domain, coredomain;
+type automotive_display_service_exec, system_file_type, exec_type, file_type;
+
+typeattribute automotive_display_service automotive_display_service_server;
+
+# Allow to add a display service to the manager
+add_hwservice(automotive_display_service, fwk_automotive_display_hwservice);
+
+# Allow init to launch automotive display service
+init_daemon_domain(automotive_display_service)
+
+# Allow to use Binder IPC for SurfaceFlinger.
+binder_use(automotive_display_service)
+
+# Allow to use HwBinder IPC for HAL implementations.
+hwbinder_use(automotive_display_service)
+hal_client_domain(automotive_display_service, hal_graphics_composer)
+
+# Allow to read the target property.
+get_prop(automotive_display_service, hwservicemanager_prop)
+
+# Allow to find SurfaceFlinger.
+allow automotive_display_service surfaceflinger_service:service_manager find;
+
+# Allow client domain to do binder IPC to serverdomain.
+binder_call(automotive_display_service, surfaceflinger)
+
+# Allow to use a graphics mapper
+allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# Allow to use hidl token service
+allow automotive_display_service hidl_token_hwservice:hwservice_manager find;
diff --git a/private/bluetooth.te b/private/bluetooth.te
index b96fc58..1680361 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -40,6 +40,9 @@
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
# Allow write access to bluetooth specific properties
+set_prop(bluetooth, binder_cache_bluetooth_server_prop);
+neverallow { domain -bluetooth -init }
+ binder_cache_bluetooth_server_prop:property_service set;
set_prop(bluetooth, bluetooth_a2dp_offload_prop)
set_prop(bluetooth, bluetooth_audio_hal_prop)
set_prop(bluetooth, bluetooth_prop)
diff --git a/private/bootanim.te b/private/bootanim.te
index 20ff193..4740560 100644
--- a/private/bootanim.te
+++ b/private/bootanim.te
@@ -4,3 +4,6 @@
# b/68864350
dontaudit bootanim unlabeled:dir search;
+
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;
diff --git a/private/boringssl_self_test.te b/private/boringssl_self_test.te
new file mode 100644
index 0000000..50fc1fc
--- /dev/null
+++ b/private/boringssl_self_test.te
@@ -0,0 +1,74 @@
+# System and vendor domains for BoringSSL self test binaries.
+#
+# For FIPS compliance, all processes linked against libcrypto perform a startup
+# self test which computes a hash of the BoringSSL Crypto Module (BCM) and, at least once
+# per device boot, also run a series of Known Answer Tests (KAT) to verify functionality.
+#
+# The KATs are expensive, and to ensure they are run as few times as possible, they
+# are skipped if a marker file exists in /dev/boringssl/selftest whose name is
+# the hash of the BCM that was computed earlier. The files are zero length and their contents
+# should never be read or written. To avoid giving arbitrary processes access to /dev/boringssl
+# to create these marker files, there are dedicated self test binaries which this policy
+# gives access to and which are run during early-init.
+#
+# Due to build skew, the version of libcrypto in /vendor may have a different hash than
+# the system one. To cater for this there are vendor variants of the self test binaries
+# which also have permission to write to the same files in /dev/boringssl. In the case where
+# vendor and system libcrypto have the same hash, there will be a race to create the file,
+# but this is harmless.
+#
+# If the self tests fail, then the device should reboot into firmware and for this reason
+# the system boringssl_self_test domain needs to be in coredomain. As vendor domains
+# are not allowed in coredomain, this means that the vendor self tests cannot trigger a
+# reboot. However every binary linked against the vendor libcrypto will abort on startup,
+# so in practice the device will crash anyway in this unlikely scenario.
+
+# System boringssl_self_test domain
+type boringssl_self_test, domain, coredomain;
+type boringssl_self_test_exec, system_file_type, exec_type, file_type;
+
+# Vendor boringssl_self_test domain
+type vendor_boringssl_self_test, domain;
+type vendor_boringssl_self_test_exec, vendor_file_type, exec_type, file_type;
+
+# Switch to boringssl_self_test security domain when running boringssl_self_test_exec
+init_daemon_domain(boringssl_self_test)
+
+# Switch to vendor_boringssl_self_test security domain when running vendor_boringssl_self_test_exec
+init_daemon_domain(vendor_boringssl_self_test)
+
+# Marker files, common to both domains, indicating KAT have been performed on a particular libcrypto
+#
+# The files are zero length so there is no issue if both vendor and system code
+# try to create the same file simultaneously. One will succeed and the other will fail
+# silently, i.e. still indicate success. Similar harmless naming collisions will happen in the
+# system domain e.g. when system and APEX copies of libcrypto are identical.
+type boringssl_self_test_marker, file_type;
+
+# Allow self test binaries to create/check for the existence of boringssl_self_test_marker files
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:file create_file_perms;
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:dir ra_dir_perms;
+
+# Allow self test binaries to write their stdout/stderr messages to kmsg_debug
+allow { boringssl_self_test vendor_boringssl_self_test }
+ kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
+
+# No other process should be able to create marker files because their existence causes the
+# boringssl KAT to be skipped.
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:dir write;
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 00d4c79..74a8e25 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -3,26 +3,36 @@
type bpfloader_exec, system_file_type, exec_type, file_type;
typeattribute bpfloader coredomain;
-# These permission is required for pin bpf program for netd.
-allow bpfloader fs_bpf:dir create_dir_perms;
-allow bpfloader fs_bpf:file create_file_perms;
-allow bpfloader devpts:chr_file { read write };
+# These permissions are required to pin ebpf maps & programs.
+allow bpfloader fs_bpf:dir { search write add_name };
+allow bpfloader fs_bpf:file { create setattr read };
-# Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed
-# for retrieving a pinned map when bpfloader do a run time restart.
-allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };
+# Allow bpfloader to create bpf maps and programs.
+allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run };
-allow bpfloader self:global_capability_class_set sys_admin;
+allow bpfloader self:capability { chown sys_admin };
###
### Neverallow rules
###
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -init -vendor_init } fs_bpf:dir setattr;
+neverallow { domain -bpfloader } fs_bpf:dir { write add_name };
+neverallow domain fs_bpf:dir { reparent rename rmdir };
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr;
+neverallow { domain -bpfloader } fs_bpf:file create;
+neverallow domain fs_bpf:file { rename unlink };
+
neverallow { domain -bpfloader } *:bpf { map_create prog_load };
-neverallow { domain -bpfloader -netd -netutils_wrapper } *:bpf prog_run;
+neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
+neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
+
neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
+
neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
-# only system_server, netd and bpfloader can read/write the bpf maps
-neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write };
# No domain should be allowed to ptrace bpfloader
neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
diff --git a/private/bug_map b/private/bug_map
index 4b29fde..b2898bc 100644
--- a/private/bug_map
+++ b/private/bug_map
@@ -1,31 +1,34 @@
-dnsmasq netd fifo_file 77868789
-dnsmasq netd unix_stream_socket 77868789
-init app_data_file file 77873135
-init cache_file blk_file 77873135
-init logpersist file 77873135
-init nativetest_data_file dir 77873135
-init pstorefs dir 77873135
-init shell_data_file dir 77873135
-init shell_data_file file 77873135
-init shell_data_file lnk_file 77873135
-init shell_data_file sock_file 77873135
-init system_data_file chr_file 77873135
-isolated_app privapp_data_file dir 119596573
-isolated_app app_data_file dir 120394782
-mediaextractor app_data_file file 77923736
-mediaextractor radio_data_file file 77923736
-mediaprovider cache_file blk_file 77925342
-mediaprovider mnt_media_rw_file dir 77925342
-mediaprovider shell_data_file dir 77925342
-netd priv_app unix_stream_socket 77870037
-netd untrusted_app unix_stream_socket 77870037
-netd untrusted_app_25 unix_stream_socket 77870037
-netd untrusted_app_27 unix_stream_socket 77870037
-platform_app nfc_data_file dir 74331887
-system_server crash_dump process 73128755
-system_server sdcardfs file 77856826
-system_server storage_stub_file dir 112609936
-system_server zygote process 77856826
-usbd usbd capability 72472544
-vold system_data_file file 124108085
-zygote untrusted_app_25 process 77925912
+dnsmasq netd fifo_file b/77868789
+dnsmasq netd unix_stream_socket b/77868789
+gmscore_app system_data_file dir b/146166941
+init app_data_file file b/77873135
+init cache_file blk_file b/77873135
+init logpersist file b/77873135
+init nativetest_data_file dir b/77873135
+init pstorefs dir b/77873135
+init shell_data_file dir b/77873135
+init shell_data_file file b/77873135
+init shell_data_file lnk_file b/77873135
+init shell_data_file sock_file b/77873135
+init system_data_file chr_file b/77873135
+isolated_app privapp_data_file dir b/119596573
+isolated_app app_data_file dir b/120394782
+mediaextractor app_data_file file b/77923736
+mediaextractor radio_data_file file b/77923736
+mediaprovider cache_file blk_file b/77925342
+mediaprovider mnt_media_rw_file dir b/77925342
+mediaprovider shell_data_file dir b/77925342
+mediaswcodec ashmem_device chr_file b/142679232
+netd priv_app unix_stream_socket b/77870037
+netd untrusted_app unix_stream_socket b/77870037
+netd untrusted_app_25 unix_stream_socket b/77870037
+netd untrusted_app_27 unix_stream_socket b/77870037
+platform_app nfc_data_file dir b/74331887
+system_server crash_dump process b/73128755
+system_server overlayfs_file file b/142390309
+system_server sdcardfs file b/77856826
+system_server storage_stub_file dir b/145267097
+system_server zygote process b/77856826
+untrusted_app untrusted_app netlink_route_socket b/155595000
+vold system_data_file file b/124108085
+zygote untrusted_app_25 process b/77925912
diff --git a/private/clatd.te b/private/clatd.te
index 5ba0fc5..0fa774a 100644
--- a/private/clatd.te
+++ b/private/clatd.te
@@ -1 +1,36 @@
-typeattribute clatd coredomain;
+# 464xlat daemon
+type clatd, domain, coredomain;
+type clatd_exec, system_file_type, exec_type, file_type;
+
+net_domain(clatd)
+
+r_dir_file(clatd, proc_net_type)
+userdebug_or_eng(`
+ auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+# Access objects inherited from netd.
+allow clatd netd:fd use;
+allow clatd netd:fifo_file { read write };
+# TODO: Check whether some or all of these sockets should be close-on-exec.
+allow clatd netd:netlink_kobject_uevent_socket { read write };
+allow clatd netd:netlink_nflog_socket { read write };
+allow clatd netd:netlink_route_socket { read write };
+allow clatd netd:udp_socket { read write };
+allow clatd netd:unix_stream_socket { read write };
+allow clatd netd:unix_dgram_socket { read write };
+
+allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
+
+# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
+# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
+# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have
+# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices
+# so we permit any requests we see from clatd asking for this capability.
+# See https://android-review.googlesource.com/127940 and
+# https://b.corp.google.com/issues/21736319
+allow clatd self:global_capability_class_set ipc_lock;
+
+allow clatd self:netlink_route_socket nlmsg_write;
+allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
+allow clatd tun_device:chr_file rw_file_perms;
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 3b3dae1..498bca5 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -2,11 +2,15 @@
(typeattribute hal_wifi_keystore)
(typeattribute hal_wifi_keystore_client)
(typeattribute hal_wifi_keystore_server)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
;; types removed from current policy
(type untrusted_v2_app)
(type asan_reboot_prop)
(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
(type log_device)
(type mediacasserver_service)
(type mediacodec)
@@ -336,6 +340,7 @@
(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
(typeattributeset mdns_socket_26_0 (mdns_socket))
(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset hal_omx_server (mediacodec_26_0))
(typeattributeset mediacodec_26_0 (mediacodec))
(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
(typeattributeset mediacodec_service_26_0 (mediacodec_service))
@@ -432,9 +437,6 @@
(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
(typeattributeset performanced_26_0 (performanced))
(typeattributeset performanced_exec_26_0 (performanced_exec))
-(typeattributeset perfprofd_26_0 (perfprofd))
-(typeattributeset perfprofd_data_file_26_0 (perfprofd_data_file))
-(typeattributeset perfprofd_exec_26_0 (perfprofd_exec))
(typeattributeset permission_service_26_0 (permission_service))
(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
diff --git a/private/compat/26.0/26.0.compat.cil b/private/compat/26.0/26.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/private/compat/26.0/26.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 45e1dd9..b395855 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -34,6 +34,7 @@
color_display_service
content_capture_service
crossprofileapps_service
+ ctl_apexd_prop
ctl_interface_restart_prop
ctl_interface_start_prop
ctl_interface_stop_prop
@@ -117,6 +118,7 @@
mediaswcodec_tmpfs
mediaextractor_update_service
mediaprovider_tmpfs
+ metadata_bootstat_file
metadata_file
mnt_product_file
mnt_vendor_file
@@ -131,11 +133,11 @@
perfetto_exec
perfetto_tmpfs
perfetto_traces_data_file
- perfprofd_service
property_info
recovery_socket
role_service
runas_app
+ art_apex_dir
runtime_service
secure_element
secure_element_device
@@ -145,6 +147,7 @@
simpleperf_app_runner
simpleperf_app_runner_exec
slice_service
+ socket_hook_prop
staging_data_file
stats
stats_data_file
@@ -195,8 +198,11 @@
usbd
usbd_exec
usbd_tmpfs
+ vendor_apex_file
vendor_init
vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
vold_metadata_file
vold_prepare_subdirs
vold_prepare_subdirs_exec
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 365d791..0d883c0 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1,5 +1,11 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
;; types removed from current policy
(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
(type mediacodec)
(type mediacodec_exec)
(type netd_socket)
@@ -430,9 +436,6 @@
(expandtypeattribute (pdx_performance_dir_27_0) true)
(expandtypeattribute (performanced_27_0) true)
(expandtypeattribute (performanced_exec_27_0) true)
-(expandtypeattribute (perfprofd_27_0) true)
-(expandtypeattribute (perfprofd_data_file_27_0) true)
-(expandtypeattribute (perfprofd_exec_27_0) true)
(expandtypeattribute (permission_service_27_0) true)
(expandtypeattribute (persist_debug_prop_27_0) true)
(expandtypeattribute (persistent_data_block_service_27_0) true)
@@ -1047,6 +1050,7 @@
(typeattributeset mdnsd_27_0 (mdnsd))
(typeattributeset mdnsd_socket_27_0 (mdnsd_socket))
(typeattributeset mdns_socket_27_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_27_0))
(typeattributeset mediacodec_27_0 (mediacodec))
(typeattributeset mediacodec_exec_27_0 (mediacodec_exec))
(typeattributeset mediacodec_service_27_0 (mediacodec_service))
@@ -1147,9 +1151,6 @@
(typeattributeset pdx_performance_dir_27_0 (pdx_performance_dir))
(typeattributeset performanced_27_0 (performanced))
(typeattributeset performanced_exec_27_0 (performanced_exec))
-(typeattributeset perfprofd_27_0 (perfprofd))
-(typeattributeset perfprofd_data_file_27_0 (perfprofd_data_file))
-(typeattributeset perfprofd_exec_27_0 (perfprofd_exec))
(typeattributeset permission_service_27_0 (permission_service))
(typeattributeset persist_debug_prop_27_0 (persist_debug_prop))
(typeattributeset persistent_data_block_service_27_0 (persistent_data_block_service))
diff --git a/private/compat/27.0/27.0.compat.cil b/private/compat/27.0/27.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/private/compat/27.0/27.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 0e830f8..cb500c9 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -32,6 +32,7 @@
color_display_service
content_capture_service
crossprofileapps_service
+ ctl_apexd_prop
ctl_interface_restart_prop
ctl_interface_start_prop
ctl_interface_stop_prop
@@ -106,6 +107,7 @@
mediaswcodec
mediaswcodec_exec
mediaswcodec_tmpfs
+ metadata_bootstat_file
metadata_file
mnt_product_file
mnt_vendor_file
@@ -118,11 +120,11 @@
perfetto_exec
perfetto_tmpfs
perfetto_traces_data_file
- perfprofd_service
property_info
recovery_socket
role_service
runas_app
+ art_apex_dir
runtime_service
secure_element
secure_element_device
@@ -132,6 +134,7 @@
simpleperf_app_runner
simpleperf_app_runner_exec
slice_service
+ socket_hook_prop
stats
stats_data_file
stats_exec
@@ -171,10 +174,13 @@
usbd
usbd_exec
usbd_tmpfs
+ vendor_apex_file
vendor_default_prop
vendor_init
vendor_security_patch_level_prop
vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
vold_metadata_file
vold_prepare_subdirs
vold_prepare_subdirs_exec
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 305cb3a..321e938 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1,3 +1,8 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
;; types removed from current policy
(type alarm_device)
(type audio_seq_device)
@@ -5,6 +10,7 @@
(type commontime_management_service)
(type cpuctl_device)
(type full_device)
+(type hal_wifi_offload_hwservice)
(type i2c_device)
(type kmem_device)
(type mediacodec)
@@ -504,10 +510,6 @@
(expandtypeattribute (pdx_performance_dir_28_0) true)
(expandtypeattribute (performanced_28_0) true)
(expandtypeattribute (performanced_exec_28_0) true)
-(expandtypeattribute (perfprofd_28_0) true)
-(expandtypeattribute (perfprofd_data_file_28_0) true)
-(expandtypeattribute (perfprofd_exec_28_0) true)
-(expandtypeattribute (perfprofd_service_28_0) true)
(expandtypeattribute (permission_service_28_0) true)
(expandtypeattribute (persist_debug_prop_28_0) true)
(expandtypeattribute (persistent_data_block_service_28_0) true)
@@ -1242,6 +1244,7 @@
(typeattributeset mdnsd_28_0 (mdnsd))
(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_28_0))
(typeattributeset mediacodec_28_0 (mediacodec))
(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
(typeattributeset mediacodec_service_28_0 (mediacodec_service))
@@ -1347,10 +1350,6 @@
(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir))
(typeattributeset performanced_28_0 (performanced))
(typeattributeset performanced_exec_28_0 (performanced_exec))
-(typeattributeset perfprofd_28_0 (perfprofd))
-(typeattributeset perfprofd_data_file_28_0 (perfprofd_data_file))
-(typeattributeset perfprofd_exec_28_0 (perfprofd_exec))
-(typeattributeset perfprofd_service_28_0 (perfprofd_service))
(typeattributeset permission_service_28_0 (permission_service))
(typeattributeset persist_debug_prop_28_0 (persist_debug_prop))
(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service))
@@ -1381,6 +1380,8 @@
( proc
proc_fs_verity
proc_keys
+ proc_kpageflags
+ proc_lowmemorykiller
proc_pressure_cpu
proc_pressure_io
proc_pressure_mem
@@ -1617,7 +1618,9 @@
(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
(typeattributeset thermal_service_28_0 (thermal_service))
(typeattributeset timezone_service_28_0 (timezone_service))
-(typeattributeset tmpfs_28_0 (tmpfs))
+(typeattributeset tmpfs_28_0
+ ( mnt_sdcard_file
+ tmpfs))
(typeattributeset tombstoned_28_0 (tombstoned))
(typeattributeset tombstone_data_file_28_0 (tombstone_data_file))
(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket))
diff --git a/private/compat/28.0/28.0.compat.cil b/private/compat/28.0/28.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/private/compat/28.0/28.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 98c4b9c..d24d12d 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -33,6 +33,7 @@
content_capture_service
content_suggestions_service
cpu_variant_prop
+ ctl_apexd_prop
ctl_gsid_prop
dev_cpu_variant
device_config_activity_manager_native_boot_prop
@@ -44,11 +45,13 @@
device_config_runtime_native_prop
device_config_media_native_prop
device_config_service
+ device_config_sys_traced_prop
dnsresolver_service
dynamic_system_service
dynamic_system_prop
face_service
face_vendor_data_file
+ sota_prop
fastbootd
flags_health_check
flags_health_check_exec
@@ -95,6 +98,7 @@
mediaswcodec
mediaswcodec_exec
mediaswcodec_tmpfs
+ metadata_bootstat_file
mnt_product_file
network_stack
network_stack_service
@@ -113,12 +117,14 @@
rss_hwm_reset_exec
runas_app
runas_app_tmpfs
+ art_apex_dir
runtime_service
sdcard_block_device
sensor_privacy_service
server_configurable_flags_data_file
simpleperf_app_runner
simpleperf_app_runner_exec
+ socket_hook_prop
su_tmpfs
super_block_device
sysfs_fs_f2fs
@@ -139,12 +145,15 @@
traced_lazy_prop
uri_grants_service
use_memfd_prop
+ vendor_apex_file
vendor_cgroup_desc_file
vendor_idc_file
vendor_keychars_file
vendor_keylayout_file
vendor_misc_writer
vendor_misc_writer_exec
+ vendor_socket_hook_prop
vendor_task_profiles_file
+ vndk_prop
vrflinger_vsync_service
watchdogd_tmpfs))
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
new file mode 100644
index 0000000..5231498
--- /dev/null
+++ b/private/compat/29.0/29.0.cil
@@ -0,0 +1,1970 @@
+;; types removed from current policy
+(type ashmemd)
+(type hal_wifi_offload_hwservice)
+(type install_recovery)
+(type install_recovery_exec)
+(type mediacodec_service)
+(type perfprofd_data_file)
+(type perfprofd_service)
+(type sysfs_mac_address)
+(type wificond_service)
+
+(expandtypeattribute (accessibility_service_29_0) true)
+(expandtypeattribute (account_service_29_0) true)
+(expandtypeattribute (activity_service_29_0) true)
+(expandtypeattribute (activity_task_service_29_0) true)
+(expandtypeattribute (adbd_29_0) true)
+(expandtypeattribute (adb_data_file_29_0) true)
+(expandtypeattribute (adbd_exec_29_0) true)
+(expandtypeattribute (adbd_socket_29_0) true)
+(expandtypeattribute (adb_keys_file_29_0) true)
+(expandtypeattribute (adb_service_29_0) true)
+(expandtypeattribute (alarm_service_29_0) true)
+(expandtypeattribute (anr_data_file_29_0) true)
+(expandtypeattribute (apexd_29_0) true)
+(expandtypeattribute (apex_data_file_29_0) true)
+(expandtypeattribute (apexd_exec_29_0) true)
+(expandtypeattribute (apexd_prop_29_0) true)
+(expandtypeattribute (apex_metadata_file_29_0) true)
+(expandtypeattribute (apex_mnt_dir_29_0) true)
+(expandtypeattribute (apex_service_29_0) true)
+(expandtypeattribute (apk_data_file_29_0) true)
+(expandtypeattribute (apk_private_data_file_29_0) true)
+(expandtypeattribute (apk_private_tmp_file_29_0) true)
+(expandtypeattribute (apk_tmp_file_29_0) true)
+(expandtypeattribute (app_binding_service_29_0) true)
+(expandtypeattribute (app_data_file_29_0) true)
+(expandtypeattribute (appdomain_tmpfs_29_0) true)
+(expandtypeattribute (app_fuse_file_29_0) true)
+(expandtypeattribute (app_fusefs_29_0) true)
+(expandtypeattribute (appops_service_29_0) true)
+(expandtypeattribute (app_prediction_service_29_0) true)
+(expandtypeattribute (appwidget_service_29_0) true)
+(expandtypeattribute (app_zygote_29_0) true)
+(expandtypeattribute (app_zygote_tmpfs_29_0) true)
+(expandtypeattribute (asec_apk_file_29_0) true)
+(expandtypeattribute (asec_image_file_29_0) true)
+(expandtypeattribute (asec_public_file_29_0) true)
+(expandtypeattribute (ashmemd_29_0) true)
+(expandtypeattribute (ashmem_device_29_0) true)
+(expandtypeattribute (assetatlas_service_29_0) true)
+(expandtypeattribute (audio_data_file_29_0) true)
+(expandtypeattribute (audio_device_29_0) true)
+(expandtypeattribute (audiohal_data_file_29_0) true)
+(expandtypeattribute (audio_prop_29_0) true)
+(expandtypeattribute (audioserver_29_0) true)
+(expandtypeattribute (audioserver_data_file_29_0) true)
+(expandtypeattribute (audioserver_service_29_0) true)
+(expandtypeattribute (audioserver_tmpfs_29_0) true)
+(expandtypeattribute (audio_service_29_0) true)
+(expandtypeattribute (autofill_service_29_0) true)
+(expandtypeattribute (backup_data_file_29_0) true)
+(expandtypeattribute (backup_service_29_0) true)
+(expandtypeattribute (batteryproperties_service_29_0) true)
+(expandtypeattribute (battery_service_29_0) true)
+(expandtypeattribute (batterystats_service_29_0) true)
+(expandtypeattribute (binder_calls_stats_service_29_0) true)
+(expandtypeattribute (binder_device_29_0) true)
+(expandtypeattribute (binfmt_miscfs_29_0) true)
+(expandtypeattribute (biometric_service_29_0) true)
+(expandtypeattribute (blkid_29_0) true)
+(expandtypeattribute (blkid_untrusted_29_0) true)
+(expandtypeattribute (block_device_29_0) true)
+(expandtypeattribute (bluetooth_29_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_29_0) true)
+(expandtypeattribute (bluetooth_audio_hal_prop_29_0) true)
+(expandtypeattribute (bluetooth_data_file_29_0) true)
+(expandtypeattribute (bluetooth_efs_file_29_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_29_0) true)
+(expandtypeattribute (bluetooth_manager_service_29_0) true)
+(expandtypeattribute (bluetooth_prop_29_0) true)
+(expandtypeattribute (bluetooth_service_29_0) true)
+(expandtypeattribute (bluetooth_socket_29_0) true)
+(expandtypeattribute (bootanim_29_0) true)
+(expandtypeattribute (bootanim_exec_29_0) true)
+(expandtypeattribute (boot_block_device_29_0) true)
+(expandtypeattribute (bootchart_data_file_29_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_29_0) true)
+(expandtypeattribute (bootstat_29_0) true)
+(expandtypeattribute (bootstat_data_file_29_0) true)
+(expandtypeattribute (bootstat_exec_29_0) true)
+(expandtypeattribute (boottime_prop_29_0) true)
+(expandtypeattribute (boottrace_data_file_29_0) true)
+(expandtypeattribute (bpf_progs_loaded_prop_29_0) true)
+(expandtypeattribute (broadcastradio_service_29_0) true)
+(expandtypeattribute (bufferhubd_29_0) true)
+(expandtypeattribute (bufferhubd_exec_29_0) true)
+(expandtypeattribute (bugreport_service_29_0) true)
+(expandtypeattribute (cache_backup_file_29_0) true)
+(expandtypeattribute (cache_block_device_29_0) true)
+(expandtypeattribute (cache_file_29_0) true)
+(expandtypeattribute (cache_private_backup_file_29_0) true)
+(expandtypeattribute (cache_recovery_file_29_0) true)
+(expandtypeattribute (camera_data_file_29_0) true)
+(expandtypeattribute (camera_device_29_0) true)
+(expandtypeattribute (cameraproxy_service_29_0) true)
+(expandtypeattribute (cameraserver_29_0) true)
+(expandtypeattribute (cameraserver_exec_29_0) true)
+(expandtypeattribute (cameraserver_service_29_0) true)
+(expandtypeattribute (cameraserver_tmpfs_29_0) true)
+(expandtypeattribute (cgroup_29_0) true)
+(expandtypeattribute (cgroup_bpf_29_0) true)
+(expandtypeattribute (cgroup_desc_file_29_0) true)
+(expandtypeattribute (cgroup_rc_file_29_0) true)
+(expandtypeattribute (charger_29_0) true)
+(expandtypeattribute (charger_exec_29_0) true)
+(expandtypeattribute (clatd_29_0) true)
+(expandtypeattribute (clatd_exec_29_0) true)
+(expandtypeattribute (clipboard_service_29_0) true)
+(expandtypeattribute (color_display_service_29_0) true)
+(expandtypeattribute (companion_device_service_29_0) true)
+(expandtypeattribute (configfs_29_0) true)
+(expandtypeattribute (config_prop_29_0) true)
+(expandtypeattribute (connectivity_service_29_0) true)
+(expandtypeattribute (connmetrics_service_29_0) true)
+(expandtypeattribute (console_device_29_0) true)
+(expandtypeattribute (consumer_ir_service_29_0) true)
+(expandtypeattribute (content_capture_service_29_0) true)
+(expandtypeattribute (content_service_29_0) true)
+(expandtypeattribute (content_suggestions_service_29_0) true)
+(expandtypeattribute (contexthub_service_29_0) true)
+(expandtypeattribute (coredump_file_29_0) true)
+(expandtypeattribute (country_detector_service_29_0) true)
+(expandtypeattribute (coverage_service_29_0) true)
+(expandtypeattribute (cppreopt_prop_29_0) true)
+(expandtypeattribute (cpuinfo_service_29_0) true)
+(expandtypeattribute (cpu_variant_prop_29_0) true)
+(expandtypeattribute (crash_dump_29_0) true)
+(expandtypeattribute (crash_dump_exec_29_0) true)
+(expandtypeattribute (crossprofileapps_service_29_0) true)
+(expandtypeattribute (ctl_adbd_prop_29_0) true)
+(expandtypeattribute (ctl_bootanim_prop_29_0) true)
+(expandtypeattribute (ctl_bugreport_prop_29_0) true)
+(expandtypeattribute (ctl_console_prop_29_0) true)
+(expandtypeattribute (ctl_default_prop_29_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_29_0) true)
+(expandtypeattribute (ctl_fuse_prop_29_0) true)
+(expandtypeattribute (ctl_gsid_prop_29_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_29_0) true)
+(expandtypeattribute (ctl_interface_start_prop_29_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_29_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_29_0) true)
+(expandtypeattribute (ctl_restart_prop_29_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_29_0) true)
+(expandtypeattribute (ctl_sigstop_prop_29_0) true)
+(expandtypeattribute (ctl_start_prop_29_0) true)
+(expandtypeattribute (ctl_stop_prop_29_0) true)
+(expandtypeattribute (dalvikcache_data_file_29_0) true)
+(expandtypeattribute (dalvik_prop_29_0) true)
+(expandtypeattribute (dbinfo_service_29_0) true)
+(expandtypeattribute (debugfs_29_0) true)
+(expandtypeattribute (debugfs_mmc_29_0) true)
+(expandtypeattribute (debugfs_trace_marker_29_0) true)
+(expandtypeattribute (debugfs_tracing_29_0) true)
+(expandtypeattribute (debugfs_tracing_debug_29_0) true)
+(expandtypeattribute (debugfs_tracing_instances_29_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_29_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_29_0) true)
+(expandtypeattribute (debuggerd_prop_29_0) true)
+(expandtypeattribute (debug_prop_29_0) true)
+(expandtypeattribute (default_android_hwservice_29_0) true)
+(expandtypeattribute (default_android_service_29_0) true)
+(expandtypeattribute (default_android_vndservice_29_0) true)
+(expandtypeattribute (default_prop_29_0) true)
+(expandtypeattribute (dev_cpu_variant_29_0) true)
+(expandtypeattribute (device_29_0) true)
+(expandtypeattribute (device_config_activity_manager_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_boot_count_prop_29_0) true)
+(expandtypeattribute (device_config_input_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_media_native_prop_29_0) true)
+(expandtypeattribute (device_config_netd_native_prop_29_0) true)
+(expandtypeattribute (device_config_reset_performed_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_prop_29_0) true)
+(expandtypeattribute (device_config_service_29_0) true)
+(expandtypeattribute (device_identifiers_service_29_0) true)
+(expandtypeattribute (deviceidle_service_29_0) true)
+(expandtypeattribute (device_logging_prop_29_0) true)
+(expandtypeattribute (device_policy_service_29_0) true)
+(expandtypeattribute (devicestoragemonitor_service_29_0) true)
+(expandtypeattribute (devpts_29_0) true)
+(expandtypeattribute (dhcp_29_0) true)
+(expandtypeattribute (dhcp_data_file_29_0) true)
+(expandtypeattribute (dhcp_exec_29_0) true)
+(expandtypeattribute (dhcp_prop_29_0) true)
+(expandtypeattribute (diskstats_service_29_0) true)
+(expandtypeattribute (display_service_29_0) true)
+(expandtypeattribute (dm_device_29_0) true)
+(expandtypeattribute (dnsmasq_29_0) true)
+(expandtypeattribute (dnsmasq_exec_29_0) true)
+(expandtypeattribute (dnsproxyd_socket_29_0) true)
+(expandtypeattribute (dnsresolver_service_29_0) true)
+(expandtypeattribute (DockObserver_service_29_0) true)
+(expandtypeattribute (dreams_service_29_0) true)
+(expandtypeattribute (drm_data_file_29_0) true)
+(expandtypeattribute (drmserver_29_0) true)
+(expandtypeattribute (drmserver_exec_29_0) true)
+(expandtypeattribute (drmserver_service_29_0) true)
+(expandtypeattribute (drmserver_socket_29_0) true)
+(expandtypeattribute (dropbox_data_file_29_0) true)
+(expandtypeattribute (dropbox_service_29_0) true)
+(expandtypeattribute (dumpstate_29_0) true)
+(expandtypeattribute (dumpstate_exec_29_0) true)
+(expandtypeattribute (dumpstate_options_prop_29_0) true)
+(expandtypeattribute (dumpstate_prop_29_0) true)
+(expandtypeattribute (dumpstate_service_29_0) true)
+(expandtypeattribute (dumpstate_socket_29_0) true)
+(expandtypeattribute (dynamic_system_prop_29_0) true)
+(expandtypeattribute (e2fs_29_0) true)
+(expandtypeattribute (e2fs_exec_29_0) true)
+(expandtypeattribute (efs_file_29_0) true)
+(expandtypeattribute (ephemeral_app_29_0) true)
+(expandtypeattribute (ethernet_service_29_0) true)
+(expandtypeattribute (exfat_29_0) true)
+(expandtypeattribute (exported2_config_prop_29_0) true)
+(expandtypeattribute (exported2_default_prop_29_0) true)
+(expandtypeattribute (exported2_radio_prop_29_0) true)
+(expandtypeattribute (exported2_system_prop_29_0) true)
+(expandtypeattribute (exported2_vold_prop_29_0) true)
+(expandtypeattribute (exported3_default_prop_29_0) true)
+(expandtypeattribute (exported3_radio_prop_29_0) true)
+(expandtypeattribute (exported3_system_prop_29_0) true)
+(expandtypeattribute (exported_audio_prop_29_0) true)
+(expandtypeattribute (exported_bluetooth_prop_29_0) true)
+(expandtypeattribute (exported_config_prop_29_0) true)
+(expandtypeattribute (exported_dalvik_prop_29_0) true)
+(expandtypeattribute (exported_default_prop_29_0) true)
+(expandtypeattribute (exported_dumpstate_prop_29_0) true)
+(expandtypeattribute (exported_ffs_prop_29_0) true)
+(expandtypeattribute (exported_fingerprint_prop_29_0) true)
+(expandtypeattribute (exported_overlay_prop_29_0) true)
+(expandtypeattribute (exported_pm_prop_29_0) true)
+(expandtypeattribute (exported_radio_prop_29_0) true)
+(expandtypeattribute (exported_secure_prop_29_0) true)
+(expandtypeattribute (exported_system_prop_29_0) true)
+(expandtypeattribute (exported_system_radio_prop_29_0) true)
+(expandtypeattribute (exported_vold_prop_29_0) true)
+(expandtypeattribute (exported_wifi_prop_29_0) true)
+(expandtypeattribute (external_vibrator_service_29_0) true)
+(expandtypeattribute (face_service_29_0) true)
+(expandtypeattribute (face_vendor_data_file_29_0) true)
+(expandtypeattribute (fastbootd_29_0) true)
+(expandtypeattribute (ffs_prop_29_0) true)
+(expandtypeattribute (file_contexts_file_29_0) true)
+(expandtypeattribute (fingerprintd_29_0) true)
+(expandtypeattribute (fingerprintd_data_file_29_0) true)
+(expandtypeattribute (fingerprintd_exec_29_0) true)
+(expandtypeattribute (fingerprintd_service_29_0) true)
+(expandtypeattribute (fingerprint_prop_29_0) true)
+(expandtypeattribute (fingerprint_service_29_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_29_0) true)
+(expandtypeattribute (firstboot_prop_29_0) true)
+(expandtypeattribute (flags_health_check_29_0) true)
+(expandtypeattribute (flags_health_check_exec_29_0) true)
+(expandtypeattribute (font_service_29_0) true)
+(expandtypeattribute (frp_block_device_29_0) true)
+(expandtypeattribute (fs_bpf_29_0) true)
+(expandtypeattribute (fsck_29_0) true)
+(expandtypeattribute (fsck_exec_29_0) true)
+(expandtypeattribute (fscklogs_29_0) true)
+(expandtypeattribute (fsck_untrusted_29_0) true)
+(expandtypeattribute (functionfs_29_0) true)
+(expandtypeattribute (fuse_29_0) true)
+(expandtypeattribute (fuse_device_29_0) true)
+(expandtypeattribute (fwk_bufferhub_hwservice_29_0) true)
+(expandtypeattribute (fwk_camera_hwservice_29_0) true)
+(expandtypeattribute (fwk_display_hwservice_29_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_29_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_29_0) true)
+(expandtypeattribute (fwk_stats_hwservice_29_0) true)
+(expandtypeattribute (fwmarkd_socket_29_0) true)
+(expandtypeattribute (gatekeeperd_29_0) true)
+(expandtypeattribute (gatekeeper_data_file_29_0) true)
+(expandtypeattribute (gatekeeperd_exec_29_0) true)
+(expandtypeattribute (gatekeeper_service_29_0) true)
+(expandtypeattribute (gfxinfo_service_29_0) true)
+(expandtypeattribute (gps_control_29_0) true)
+(expandtypeattribute (gpu_device_29_0) true)
+(expandtypeattribute (gpu_service_29_0) true)
+(expandtypeattribute (gpuservice_29_0) true)
+(expandtypeattribute (graphics_device_29_0) true)
+(expandtypeattribute (graphicsstats_service_29_0) true)
+(expandtypeattribute (gsi_data_file_29_0) true)
+(expandtypeattribute (gsid_prop_29_0) true)
+(expandtypeattribute (gsi_metadata_file_29_0) true)
+(expandtypeattribute (hal_atrace_hwservice_29_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_29_0) true)
+(expandtypeattribute (hal_audio_hwservice_29_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_29_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_29_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_29_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_29_0) true)
+(expandtypeattribute (hal_camera_hwservice_29_0) true)
+(expandtypeattribute (hal_cas_hwservice_29_0) true)
+(expandtypeattribute (hal_codec2_hwservice_29_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_29_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_29_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_29_0) true)
+(expandtypeattribute (hal_drm_hwservice_29_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_29_0) true)
+(expandtypeattribute (hal_evs_hwservice_29_0) true)
+(expandtypeattribute (hal_face_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_service_29_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_29_0) true)
+(expandtypeattribute (hal_gnss_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_server_tmpfs_29_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_29_0) true)
+(expandtypeattribute (hal_health_hwservice_29_0) true)
+(expandtypeattribute (hal_health_storage_hwservice_29_0) true)
+(expandtypeattribute (hal_input_classifier_hwservice_29_0) true)
+(expandtypeattribute (hal_ir_hwservice_29_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_29_0) true)
+(expandtypeattribute (hal_light_hwservice_29_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_29_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_29_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_29_0) true)
+(expandtypeattribute (hal_nfc_hwservice_29_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_29_0) true)
+(expandtypeattribute (hal_omx_hwservice_29_0) true)
+(expandtypeattribute (hal_power_hwservice_29_0) true)
+(expandtypeattribute (hal_power_stats_hwservice_29_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_29_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_29_0) true)
+(expandtypeattribute (hal_sensors_hwservice_29_0) true)
+(expandtypeattribute (hal_telephony_hwservice_29_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_29_0) true)
+(expandtypeattribute (hal_thermal_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_hwservice_29_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_29_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_29_0) true)
+(expandtypeattribute (hal_vr_hwservice_29_0) true)
+(expandtypeattribute (hal_weaver_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_29_0) true)
+(expandtypeattribute (hardware_properties_service_29_0) true)
+(expandtypeattribute (hardware_service_29_0) true)
+(expandtypeattribute (hci_attach_dev_29_0) true)
+(expandtypeattribute (hdmi_control_service_29_0) true)
+(expandtypeattribute (healthd_29_0) true)
+(expandtypeattribute (healthd_exec_29_0) true)
+(expandtypeattribute (heapdump_data_file_29_0) true)
+(expandtypeattribute (heapprofd_29_0) true)
+(expandtypeattribute (heapprofd_enabled_prop_29_0) true)
+(expandtypeattribute (heapprofd_prop_29_0) true)
+(expandtypeattribute (heapprofd_socket_29_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_29_0) true)
+(expandtypeattribute (hidl_base_hwservice_29_0) true)
+(expandtypeattribute (hidl_manager_hwservice_29_0) true)
+(expandtypeattribute (hidl_memory_hwservice_29_0) true)
+(expandtypeattribute (hidl_token_hwservice_29_0) true)
+(expandtypeattribute (hwbinder_device_29_0) true)
+(expandtypeattribute (hw_random_device_29_0) true)
+(expandtypeattribute (hwservice_contexts_file_29_0) true)
+(expandtypeattribute (hwservicemanager_29_0) true)
+(expandtypeattribute (hwservicemanager_exec_29_0) true)
+(expandtypeattribute (hwservicemanager_prop_29_0) true)
+(expandtypeattribute (icon_file_29_0) true)
+(expandtypeattribute (idmap_29_0) true)
+(expandtypeattribute (idmap_exec_29_0) true)
+(expandtypeattribute (idmap_service_29_0) true)
+(expandtypeattribute (iio_device_29_0) true)
+(expandtypeattribute (imms_service_29_0) true)
+(expandtypeattribute (incident_29_0) true)
+(expandtypeattribute (incidentd_29_0) true)
+(expandtypeattribute (incident_data_file_29_0) true)
+(expandtypeattribute (incident_helper_29_0) true)
+(expandtypeattribute (incident_service_29_0) true)
+(expandtypeattribute (init_29_0) true)
+(expandtypeattribute (init_exec_29_0) true)
+(expandtypeattribute (init_tmpfs_29_0) true)
+(expandtypeattribute (inotify_29_0) true)
+(expandtypeattribute (input_device_29_0) true)
+(expandtypeattribute (inputflinger_29_0) true)
+(expandtypeattribute (inputflinger_exec_29_0) true)
+(expandtypeattribute (inputflinger_service_29_0) true)
+(expandtypeattribute (input_method_service_29_0) true)
+(expandtypeattribute (input_service_29_0) true)
+(expandtypeattribute (installd_29_0) true)
+(expandtypeattribute (install_data_file_29_0) true)
+(expandtypeattribute (installd_exec_29_0) true)
+(expandtypeattribute (installd_service_29_0) true)
+(expandtypeattribute (install_recovery_29_0) true)
+(expandtypeattribute (install_recovery_exec_29_0) true)
+(expandtypeattribute (ion_device_29_0) true)
+(expandtypeattribute (iorapd_29_0) true)
+(expandtypeattribute (iorapd_data_file_29_0) true)
+(expandtypeattribute (iorapd_exec_29_0) true)
+(expandtypeattribute (iorapd_service_29_0) true)
+(expandtypeattribute (iorapd_tmpfs_29_0) true)
+(expandtypeattribute (IProxyService_service_29_0) true)
+(expandtypeattribute (ipsec_service_29_0) true)
+(expandtypeattribute (iris_service_29_0) true)
+(expandtypeattribute (iris_vendor_data_file_29_0) true)
+(expandtypeattribute (isolated_app_29_0) true)
+(expandtypeattribute (jobscheduler_service_29_0) true)
+(expandtypeattribute (kernel_29_0) true)
+(expandtypeattribute (keychain_data_file_29_0) true)
+(expandtypeattribute (keychord_device_29_0) true)
+(expandtypeattribute (keystore_29_0) true)
+(expandtypeattribute (keystore_data_file_29_0) true)
+(expandtypeattribute (keystore_exec_29_0) true)
+(expandtypeattribute (keystore_service_29_0) true)
+(expandtypeattribute (kmsg_debug_device_29_0) true)
+(expandtypeattribute (kmsg_device_29_0) true)
+(expandtypeattribute (labeledfs_29_0) true)
+(expandtypeattribute (last_boot_reason_prop_29_0) true)
+(expandtypeattribute (launcherapps_service_29_0) true)
+(expandtypeattribute (llkd_29_0) true)
+(expandtypeattribute (llkd_exec_29_0) true)
+(expandtypeattribute (llkd_prop_29_0) true)
+(expandtypeattribute (lmkd_29_0) true)
+(expandtypeattribute (lmkd_exec_29_0) true)
+(expandtypeattribute (lmkd_socket_29_0) true)
+(expandtypeattribute (location_service_29_0) true)
+(expandtypeattribute (lock_settings_service_29_0) true)
+(expandtypeattribute (logcat_exec_29_0) true)
+(expandtypeattribute (logd_29_0) true)
+(expandtypeattribute (logd_exec_29_0) true)
+(expandtypeattribute (logd_prop_29_0) true)
+(expandtypeattribute (logdr_socket_29_0) true)
+(expandtypeattribute (logd_socket_29_0) true)
+(expandtypeattribute (logdw_socket_29_0) true)
+(expandtypeattribute (logpersist_29_0) true)
+(expandtypeattribute (logpersistd_logging_prop_29_0) true)
+(expandtypeattribute (log_prop_29_0) true)
+(expandtypeattribute (log_tag_prop_29_0) true)
+(expandtypeattribute (loop_control_device_29_0) true)
+(expandtypeattribute (loop_device_29_0) true)
+(expandtypeattribute (looper_stats_service_29_0) true)
+(expandtypeattribute (lowpan_device_29_0) true)
+(expandtypeattribute (lowpan_prop_29_0) true)
+(expandtypeattribute (lowpan_service_29_0) true)
+(expandtypeattribute (lpdumpd_prop_29_0) true)
+(expandtypeattribute (lpdump_service_29_0) true)
+(expandtypeattribute (mac_perms_file_29_0) true)
+(expandtypeattribute (mdnsd_29_0) true)
+(expandtypeattribute (mdnsd_socket_29_0) true)
+(expandtypeattribute (mdns_socket_29_0) true)
+(expandtypeattribute (mediacodec_service_29_0) true)
+(expandtypeattribute (media_data_file_29_0) true)
+(expandtypeattribute (mediadrmserver_29_0) true)
+(expandtypeattribute (mediadrmserver_exec_29_0) true)
+(expandtypeattribute (mediadrmserver_service_29_0) true)
+(expandtypeattribute (mediaextractor_29_0) true)
+(expandtypeattribute (mediaextractor_exec_29_0) true)
+(expandtypeattribute (mediaextractor_service_29_0) true)
+(expandtypeattribute (mediaextractor_tmpfs_29_0) true)
+(expandtypeattribute (mediametrics_29_0) true)
+(expandtypeattribute (mediametrics_exec_29_0) true)
+(expandtypeattribute (mediametrics_service_29_0) true)
+(expandtypeattribute (media_projection_service_29_0) true)
+(expandtypeattribute (mediaprovider_29_0) true)
+(expandtypeattribute (media_router_service_29_0) true)
+(expandtypeattribute (media_rw_data_file_29_0) true)
+(expandtypeattribute (mediaserver_29_0) true)
+(expandtypeattribute (mediaserver_exec_29_0) true)
+(expandtypeattribute (mediaserver_service_29_0) true)
+(expandtypeattribute (mediaserver_tmpfs_29_0) true)
+(expandtypeattribute (media_session_service_29_0) true)
+(expandtypeattribute (mediaswcodec_29_0) true)
+(expandtypeattribute (mediaswcodec_exec_29_0) true)
+(expandtypeattribute (meminfo_service_29_0) true)
+(expandtypeattribute (metadata_block_device_29_0) true)
+(expandtypeattribute (metadata_file_29_0) true)
+(expandtypeattribute (method_trace_data_file_29_0) true)
+(expandtypeattribute (midi_service_29_0) true)
+(expandtypeattribute (misc_block_device_29_0) true)
+(expandtypeattribute (misc_logd_file_29_0) true)
+(expandtypeattribute (misc_user_data_file_29_0) true)
+(expandtypeattribute (mmc_prop_29_0) true)
+(expandtypeattribute (mnt_expand_file_29_0) true)
+(expandtypeattribute (mnt_media_rw_file_29_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_29_0) true)
+(expandtypeattribute (mnt_product_file_29_0) true)
+(expandtypeattribute (mnt_user_file_29_0) true)
+(expandtypeattribute (mnt_vendor_file_29_0) true)
+(expandtypeattribute (modprobe_29_0) true)
+(expandtypeattribute (mount_service_29_0) true)
+(expandtypeattribute (mqueue_29_0) true)
+(expandtypeattribute (mtp_29_0) true)
+(expandtypeattribute (mtp_device_29_0) true)
+(expandtypeattribute (mtpd_socket_29_0) true)
+(expandtypeattribute (mtp_exec_29_0) true)
+(expandtypeattribute (nativetest_data_file_29_0) true)
+(expandtypeattribute (netd_29_0) true)
+(expandtypeattribute (net_data_file_29_0) true)
+(expandtypeattribute (netd_exec_29_0) true)
+(expandtypeattribute (netd_listener_service_29_0) true)
+(expandtypeattribute (net_dns_prop_29_0) true)
+(expandtypeattribute (netd_service_29_0) true)
+(expandtypeattribute (netd_stable_secret_prop_29_0) true)
+(expandtypeattribute (netif_29_0) true)
+(expandtypeattribute (netpolicy_service_29_0) true)
+(expandtypeattribute (net_radio_prop_29_0) true)
+(expandtypeattribute (netstats_service_29_0) true)
+(expandtypeattribute (netutils_wrapper_29_0) true)
+(expandtypeattribute (netutils_wrapper_exec_29_0) true)
+(expandtypeattribute (network_management_service_29_0) true)
+(expandtypeattribute (network_score_service_29_0) true)
+(expandtypeattribute (network_stack_29_0) true)
+(expandtypeattribute (network_stack_service_29_0) true)
+(expandtypeattribute (network_time_update_service_29_0) true)
+(expandtypeattribute (network_watchlist_data_file_29_0) true)
+(expandtypeattribute (network_watchlist_service_29_0) true)
+(expandtypeattribute (nfc_29_0) true)
+(expandtypeattribute (nfc_data_file_29_0) true)
+(expandtypeattribute (nfc_device_29_0) true)
+(expandtypeattribute (nfc_prop_29_0) true)
+(expandtypeattribute (nfc_service_29_0) true)
+(expandtypeattribute (nnapi_ext_deny_product_prop_29_0) true)
+(expandtypeattribute (node_29_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_29_0) true)
+(expandtypeattribute (notification_service_29_0) true)
+(expandtypeattribute (null_device_29_0) true)
+(expandtypeattribute (oemfs_29_0) true)
+(expandtypeattribute (oem_lock_service_29_0) true)
+(expandtypeattribute (ota_data_file_29_0) true)
+(expandtypeattribute (otadexopt_service_29_0) true)
+(expandtypeattribute (ota_package_file_29_0) true)
+(expandtypeattribute (overlayfs_file_29_0) true)
+(expandtypeattribute (overlay_prop_29_0) true)
+(expandtypeattribute (overlay_service_29_0) true)
+(expandtypeattribute (owntty_device_29_0) true)
+(expandtypeattribute (package_native_service_29_0) true)
+(expandtypeattribute (package_service_29_0) true)
+(expandtypeattribute (packages_list_file_29_0) true)
+(expandtypeattribute (pan_result_prop_29_0) true)
+(expandtypeattribute (password_slot_metadata_file_29_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_29_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_dir_29_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_29_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_29_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_29_0) true)
+(expandtypeattribute (pdx_performance_dir_29_0) true)
+(expandtypeattribute (perfetto_29_0) true)
+(expandtypeattribute (performanced_29_0) true)
+(expandtypeattribute (performanced_exec_29_0) true)
+(expandtypeattribute (permissionmgr_service_29_0) true)
+(expandtypeattribute (permission_service_29_0) true)
+(expandtypeattribute (persist_debug_prop_29_0) true)
+(expandtypeattribute (persistent_data_block_service_29_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_29_0) true)
+(expandtypeattribute (pinner_service_29_0) true)
+(expandtypeattribute (pipefs_29_0) true)
+(expandtypeattribute (platform_app_29_0) true)
+(expandtypeattribute (pm_prop_29_0) true)
+(expandtypeattribute (pmsg_device_29_0) true)
+(expandtypeattribute (port_29_0) true)
+(expandtypeattribute (port_device_29_0) true)
+(expandtypeattribute (postinstall_29_0) true)
+(expandtypeattribute (postinstall_apex_mnt_dir_29_0) true)
+(expandtypeattribute (postinstall_file_29_0) true)
+(expandtypeattribute (postinstall_mnt_dir_29_0) true)
+(expandtypeattribute (powerctl_prop_29_0) true)
+(expandtypeattribute (power_service_29_0) true)
+(expandtypeattribute (ppp_29_0) true)
+(expandtypeattribute (ppp_device_29_0) true)
+(expandtypeattribute (ppp_exec_29_0) true)
+(expandtypeattribute (preloads_data_file_29_0) true)
+(expandtypeattribute (preloads_media_file_29_0) true)
+(expandtypeattribute (print_service_29_0) true)
+(expandtypeattribute (priv_app_29_0) true)
+(expandtypeattribute (privapp_data_file_29_0) true)
+(expandtypeattribute (proc_29_0) true)
+(expandtypeattribute (proc_abi_29_0) true)
+(expandtypeattribute (proc_asound_29_0) true)
+(expandtypeattribute (proc_bluetooth_writable_29_0) true)
+(expandtypeattribute (proc_buddyinfo_29_0) true)
+(expandtypeattribute (proc_cmdline_29_0) true)
+(expandtypeattribute (proc_cpuinfo_29_0) true)
+(expandtypeattribute (proc_dirty_29_0) true)
+(expandtypeattribute (proc_diskstats_29_0) true)
+(expandtypeattribute (proc_drop_caches_29_0) true)
+(expandtypeattribute (processinfo_service_29_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_29_0) true)
+(expandtypeattribute (proc_filesystems_29_0) true)
+(expandtypeattribute (proc_fs_verity_29_0) true)
+(expandtypeattribute (proc_hostname_29_0) true)
+(expandtypeattribute (proc_hung_task_29_0) true)
+(expandtypeattribute (proc_interrupts_29_0) true)
+(expandtypeattribute (proc_iomem_29_0) true)
+(expandtypeattribute (proc_keys_29_0) true)
+(expandtypeattribute (proc_kmsg_29_0) true)
+(expandtypeattribute (proc_loadavg_29_0) true)
+(expandtypeattribute (proc_max_map_count_29_0) true)
+(expandtypeattribute (proc_meminfo_29_0) true)
+(expandtypeattribute (proc_min_free_order_shift_29_0) true)
+(expandtypeattribute (proc_misc_29_0) true)
+(expandtypeattribute (proc_modules_29_0) true)
+(expandtypeattribute (proc_mounts_29_0) true)
+(expandtypeattribute (proc_net_29_0) true)
+(expandtypeattribute (proc_net_tcp_udp_29_0) true)
+(expandtypeattribute (proc_overcommit_memory_29_0) true)
+(expandtypeattribute (proc_page_cluster_29_0) true)
+(expandtypeattribute (proc_pagetypeinfo_29_0) true)
+(expandtypeattribute (proc_panic_29_0) true)
+(expandtypeattribute (proc_perf_29_0) true)
+(expandtypeattribute (proc_pid_max_29_0) true)
+(expandtypeattribute (proc_pipe_conf_29_0) true)
+(expandtypeattribute (proc_pressure_cpu_29_0) true)
+(expandtypeattribute (proc_pressure_io_29_0) true)
+(expandtypeattribute (proc_pressure_mem_29_0) true)
+(expandtypeattribute (proc_qtaguid_ctrl_29_0) true)
+(expandtypeattribute (proc_qtaguid_stat_29_0) true)
+(expandtypeattribute (proc_random_29_0) true)
+(expandtypeattribute (proc_sched_29_0) true)
+(expandtypeattribute (proc_security_29_0) true)
+(expandtypeattribute (proc_slabinfo_29_0) true)
+(expandtypeattribute (proc_stat_29_0) true)
+(expandtypeattribute (procstats_service_29_0) true)
+(expandtypeattribute (proc_swaps_29_0) true)
+(expandtypeattribute (proc_sysrq_29_0) true)
+(expandtypeattribute (proc_timer_29_0) true)
+(expandtypeattribute (proc_tty_drivers_29_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_29_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_29_0) true)
+(expandtypeattribute (proc_uid_cpupower_29_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_29_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_29_0) true)
+(expandtypeattribute (proc_uid_io_stats_29_0) true)
+(expandtypeattribute (proc_uid_procstat_set_29_0) true)
+(expandtypeattribute (proc_uid_time_in_state_29_0) true)
+(expandtypeattribute (proc_uptime_29_0) true)
+(expandtypeattribute (proc_version_29_0) true)
+(expandtypeattribute (proc_vmallocinfo_29_0) true)
+(expandtypeattribute (proc_vmstat_29_0) true)
+(expandtypeattribute (proc_zoneinfo_29_0) true)
+(expandtypeattribute (profman_29_0) true)
+(expandtypeattribute (profman_dump_data_file_29_0) true)
+(expandtypeattribute (profman_exec_29_0) true)
+(expandtypeattribute (properties_device_29_0) true)
+(expandtypeattribute (properties_serial_29_0) true)
+(expandtypeattribute (property_contexts_file_29_0) true)
+(expandtypeattribute (property_data_file_29_0) true)
+(expandtypeattribute (property_info_29_0) true)
+(expandtypeattribute (property_socket_29_0) true)
+(expandtypeattribute (pstorefs_29_0) true)
+(expandtypeattribute (ptmx_device_29_0) true)
+(expandtypeattribute (qtaguid_device_29_0) true)
+(expandtypeattribute (racoon_29_0) true)
+(expandtypeattribute (racoon_exec_29_0) true)
+(expandtypeattribute (racoon_socket_29_0) true)
+(expandtypeattribute (radio_29_0) true)
+(expandtypeattribute (radio_data_file_29_0) true)
+(expandtypeattribute (radio_device_29_0) true)
+(expandtypeattribute (radio_prop_29_0) true)
+(expandtypeattribute (radio_service_29_0) true)
+(expandtypeattribute (ram_device_29_0) true)
+(expandtypeattribute (random_device_29_0) true)
+(expandtypeattribute (recovery_29_0) true)
+(expandtypeattribute (recovery_block_device_29_0) true)
+(expandtypeattribute (recovery_data_file_29_0) true)
+(expandtypeattribute (recovery_persist_29_0) true)
+(expandtypeattribute (recovery_persist_exec_29_0) true)
+(expandtypeattribute (recovery_refresh_29_0) true)
+(expandtypeattribute (recovery_refresh_exec_29_0) true)
+(expandtypeattribute (recovery_service_29_0) true)
+(expandtypeattribute (recovery_socket_29_0) true)
+(expandtypeattribute (registry_service_29_0) true)
+(expandtypeattribute (resourcecache_data_file_29_0) true)
+(expandtypeattribute (restorecon_prop_29_0) true)
+(expandtypeattribute (restrictions_service_29_0) true)
+(expandtypeattribute (rild_debug_socket_29_0) true)
+(expandtypeattribute (rild_socket_29_0) true)
+(expandtypeattribute (ringtone_file_29_0) true)
+(expandtypeattribute (role_service_29_0) true)
+(expandtypeattribute (rollback_service_29_0) true)
+(expandtypeattribute (root_block_device_29_0) true)
+(expandtypeattribute (rootfs_29_0) true)
+(expandtypeattribute (rpmsg_device_29_0) true)
+(expandtypeattribute (rs_29_0) true)
+(expandtypeattribute (rs_exec_29_0) true)
+(expandtypeattribute (rss_hwm_reset_29_0) true)
+(expandtypeattribute (rtc_device_29_0) true)
+(expandtypeattribute (rttmanager_service_29_0) true)
+(expandtypeattribute (runas_29_0) true)
+(expandtypeattribute (runas_app_29_0) true)
+(expandtypeattribute (runas_exec_29_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_29_0) true)
+(expandtypeattribute (runtime_service_29_0) true)
+(expandtypeattribute (safemode_prop_29_0) true)
+(expandtypeattribute (same_process_hal_file_29_0) true)
+(expandtypeattribute (samplingprofiler_service_29_0) true)
+(expandtypeattribute (scheduling_policy_service_29_0) true)
+(expandtypeattribute (sdcard_block_device_29_0) true)
+(expandtypeattribute (sdcardd_29_0) true)
+(expandtypeattribute (sdcardd_exec_29_0) true)
+(expandtypeattribute (sdcardfs_29_0) true)
+(expandtypeattribute (seapp_contexts_file_29_0) true)
+(expandtypeattribute (search_service_29_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_29_0) true)
+(expandtypeattribute (secure_element_29_0) true)
+(expandtypeattribute (secure_element_device_29_0) true)
+(expandtypeattribute (secure_element_service_29_0) true)
+(expandtypeattribute (selinuxfs_29_0) true)
+(expandtypeattribute (sensor_privacy_service_29_0) true)
+(expandtypeattribute (sensors_device_29_0) true)
+(expandtypeattribute (sensorservice_service_29_0) true)
+(expandtypeattribute (sepolicy_file_29_0) true)
+(expandtypeattribute (serial_device_29_0) true)
+(expandtypeattribute (serialno_prop_29_0) true)
+(expandtypeattribute (serial_service_29_0) true)
+(expandtypeattribute (server_configurable_flags_data_file_29_0) true)
+(expandtypeattribute (service_contexts_file_29_0) true)
+(expandtypeattribute (servicediscovery_service_29_0) true)
+(expandtypeattribute (servicemanager_29_0) true)
+(expandtypeattribute (servicemanager_exec_29_0) true)
+(expandtypeattribute (settings_service_29_0) true)
+(expandtypeattribute (sgdisk_29_0) true)
+(expandtypeattribute (sgdisk_exec_29_0) true)
+(expandtypeattribute (shared_relro_29_0) true)
+(expandtypeattribute (shared_relro_file_29_0) true)
+(expandtypeattribute (shell_29_0) true)
+(expandtypeattribute (shell_data_file_29_0) true)
+(expandtypeattribute (shell_exec_29_0) true)
+(expandtypeattribute (shell_prop_29_0) true)
+(expandtypeattribute (shm_29_0) true)
+(expandtypeattribute (shortcut_manager_icons_29_0) true)
+(expandtypeattribute (shortcut_service_29_0) true)
+(expandtypeattribute (simpleperf_app_runner_29_0) true)
+(expandtypeattribute (simpleperf_app_runner_exec_29_0) true)
+(expandtypeattribute (slice_service_29_0) true)
+(expandtypeattribute (slideshow_29_0) true)
+(expandtypeattribute (socket_device_29_0) true)
+(expandtypeattribute (sockfs_29_0) true)
+(expandtypeattribute (staging_data_file_29_0) true)
+(expandtypeattribute (statsd_29_0) true)
+(expandtypeattribute (stats_data_file_29_0) true)
+(expandtypeattribute (statsd_exec_29_0) true)
+(expandtypeattribute (statsdw_socket_29_0) true)
+(expandtypeattribute (statusbar_service_29_0) true)
+(expandtypeattribute (storaged_service_29_0) true)
+(expandtypeattribute (storage_file_29_0) true)
+(expandtypeattribute (storagestats_service_29_0) true)
+(expandtypeattribute (storage_stub_file_29_0) true)
+(expandtypeattribute (su_29_0) true)
+(expandtypeattribute (su_exec_29_0) true)
+(expandtypeattribute (super_block_device_29_0) true)
+(expandtypeattribute (surfaceflinger_29_0) true)
+(expandtypeattribute (surfaceflinger_service_29_0) true)
+(expandtypeattribute (surfaceflinger_tmpfs_29_0) true)
+(expandtypeattribute (swap_block_device_29_0) true)
+(expandtypeattribute (sysfs_29_0) true)
+(expandtypeattribute (sysfs_android_usb_29_0) true)
+(expandtypeattribute (sysfs_batteryinfo_29_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_29_0) true)
+(expandtypeattribute (sysfs_devices_block_29_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_29_0) true)
+(expandtypeattribute (sysfs_dm_29_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_29_0) true)
+(expandtypeattribute (sysfs_extcon_29_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_29_0) true)
+(expandtypeattribute (sysfs_fs_f2fs_29_0) true)
+(expandtypeattribute (sysfs_hwrandom_29_0) true)
+(expandtypeattribute (sysfs_ipv4_29_0) true)
+(expandtypeattribute (sysfs_kernel_notes_29_0) true)
+(expandtypeattribute (sysfs_leds_29_0) true)
+(expandtypeattribute (sysfs_loop_29_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_29_0) true)
+(expandtypeattribute (sysfs_mac_address_29_0) true)
+(expandtypeattribute (sysfs_net_29_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_29_0) true)
+(expandtypeattribute (sysfs_power_29_0) true)
+(expandtypeattribute (sysfs_rtc_29_0) true)
+(expandtypeattribute (sysfs_switch_29_0) true)
+(expandtypeattribute (sysfs_thermal_29_0) true)
+(expandtypeattribute (sysfs_transparent_hugepage_29_0) true)
+(expandtypeattribute (sysfs_uio_29_0) true)
+(expandtypeattribute (sysfs_usb_29_0) true)
+(expandtypeattribute (sysfs_usermodehelper_29_0) true)
+(expandtypeattribute (sysfs_vibrator_29_0) true)
+(expandtypeattribute (sysfs_wake_lock_29_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_29_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_29_0) true)
+(expandtypeattribute (sysfs_zram_29_0) true)
+(expandtypeattribute (sysfs_zram_uevent_29_0) true)
+(expandtypeattribute (system_app_29_0) true)
+(expandtypeattribute (system_app_data_file_29_0) true)
+(expandtypeattribute (system_app_service_29_0) true)
+(expandtypeattribute (system_asan_options_file_29_0) true)
+(expandtypeattribute (system_block_device_29_0) true)
+(expandtypeattribute (system_boot_reason_prop_29_0) true)
+(expandtypeattribute (system_bootstrap_lib_file_29_0) true)
+(expandtypeattribute (system_data_file_29_0) true)
+(expandtypeattribute (system_event_log_tags_file_29_0) true)
+(expandtypeattribute (system_file_29_0) true)
+(expandtypeattribute (systemkeys_data_file_29_0) true)
+(expandtypeattribute (system_lib_file_29_0) true)
+(expandtypeattribute (system_linker_config_file_29_0) true)
+(expandtypeattribute (system_linker_exec_29_0) true)
+(expandtypeattribute (system_lmk_prop_29_0) true)
+(expandtypeattribute (system_ndebug_socket_29_0) true)
+(expandtypeattribute (system_net_netd_hwservice_29_0) true)
+(expandtypeattribute (system_prop_29_0) true)
+(expandtypeattribute (system_radio_prop_29_0) true)
+(expandtypeattribute (system_seccomp_policy_file_29_0) true)
+(expandtypeattribute (system_security_cacerts_file_29_0) true)
+(expandtypeattribute (system_server_29_0) true)
+(expandtypeattribute (system_server_tmpfs_29_0) true)
+(expandtypeattribute (system_suspend_control_service_29_0) true)
+(expandtypeattribute (system_suspend_hwservice_29_0) true)
+(expandtypeattribute (system_trace_prop_29_0) true)
+(expandtypeattribute (system_update_service_29_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_29_0) true)
+(expandtypeattribute (system_wpa_socket_29_0) true)
+(expandtypeattribute (system_zoneinfo_file_29_0) true)
+(expandtypeattribute (task_profiles_file_29_0) true)
+(expandtypeattribute (task_service_29_0) true)
+(expandtypeattribute (tcpdump_exec_29_0) true)
+(expandtypeattribute (tee_29_0) true)
+(expandtypeattribute (tee_data_file_29_0) true)
+(expandtypeattribute (tee_device_29_0) true)
+(expandtypeattribute (telecom_service_29_0) true)
+(expandtypeattribute (test_boot_reason_prop_29_0) true)
+(expandtypeattribute (test_harness_prop_29_0) true)
+(expandtypeattribute (testharness_service_29_0) true)
+(expandtypeattribute (textclassification_service_29_0) true)
+(expandtypeattribute (textclassifier_data_file_29_0) true)
+(expandtypeattribute (textservices_service_29_0) true)
+(expandtypeattribute (thermalcallback_hwservice_29_0) true)
+(expandtypeattribute (thermal_service_29_0) true)
+(expandtypeattribute (timedetector_service_29_0) true)
+(expandtypeattribute (time_prop_29_0) true)
+(expandtypeattribute (timezone_service_29_0) true)
+(expandtypeattribute (tmpfs_29_0) true)
+(expandtypeattribute (tombstoned_29_0) true)
+(expandtypeattribute (tombstone_data_file_29_0) true)
+(expandtypeattribute (tombstoned_crash_socket_29_0) true)
+(expandtypeattribute (tombstoned_exec_29_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_29_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_29_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_29_0) true)
+(expandtypeattribute (toolbox_29_0) true)
+(expandtypeattribute (toolbox_exec_29_0) true)
+(expandtypeattribute (traced_29_0) true)
+(expandtypeattribute (trace_data_file_29_0) true)
+(expandtypeattribute (traced_consumer_socket_29_0) true)
+(expandtypeattribute (traced_enabled_prop_29_0) true)
+(expandtypeattribute (traced_lazy_prop_29_0) true)
+(expandtypeattribute (traced_probes_29_0) true)
+(expandtypeattribute (traced_producer_socket_29_0) true)
+(expandtypeattribute (traceur_app_29_0) true)
+(expandtypeattribute (trust_service_29_0) true)
+(expandtypeattribute (tty_device_29_0) true)
+(expandtypeattribute (tun_device_29_0) true)
+(expandtypeattribute (tv_input_service_29_0) true)
+(expandtypeattribute (tzdatacheck_29_0) true)
+(expandtypeattribute (tzdatacheck_exec_29_0) true)
+(expandtypeattribute (ueventd_29_0) true)
+(expandtypeattribute (ueventd_tmpfs_29_0) true)
+(expandtypeattribute (uhid_device_29_0) true)
+(expandtypeattribute (uimode_service_29_0) true)
+(expandtypeattribute (uio_device_29_0) true)
+(expandtypeattribute (uncrypt_29_0) true)
+(expandtypeattribute (uncrypt_exec_29_0) true)
+(expandtypeattribute (uncrypt_socket_29_0) true)
+(expandtypeattribute (unencrypted_data_file_29_0) true)
+(expandtypeattribute (unlabeled_29_0) true)
+(expandtypeattribute (untrusted_app_25_29_0) true)
+(expandtypeattribute (untrusted_app_27_29_0) true)
+(expandtypeattribute (untrusted_app_29_0) true)
+(expandtypeattribute (update_engine_29_0) true)
+(expandtypeattribute (update_engine_data_file_29_0) true)
+(expandtypeattribute (update_engine_exec_29_0) true)
+(expandtypeattribute (update_engine_log_data_file_29_0) true)
+(expandtypeattribute (update_engine_service_29_0) true)
+(expandtypeattribute (updatelock_service_29_0) true)
+(expandtypeattribute (update_verifier_29_0) true)
+(expandtypeattribute (update_verifier_exec_29_0) true)
+(expandtypeattribute (uri_grants_service_29_0) true)
+(expandtypeattribute (usagestats_service_29_0) true)
+(expandtypeattribute (usbaccessory_device_29_0) true)
+(expandtypeattribute (usbd_29_0) true)
+(expandtypeattribute (usb_device_29_0) true)
+(expandtypeattribute (usbd_exec_29_0) true)
+(expandtypeattribute (usbfs_29_0) true)
+(expandtypeattribute (usb_service_29_0) true)
+(expandtypeattribute (use_memfd_prop_29_0) true)
+(expandtypeattribute (userdata_block_device_29_0) true)
+(expandtypeattribute (usermodehelper_29_0) true)
+(expandtypeattribute (user_profile_data_file_29_0) true)
+(expandtypeattribute (user_service_29_0) true)
+(expandtypeattribute (vdc_29_0) true)
+(expandtypeattribute (vdc_exec_29_0) true)
+(expandtypeattribute (vendor_app_file_29_0) true)
+(expandtypeattribute (vendor_cgroup_desc_file_29_0) true)
+(expandtypeattribute (vendor_configs_file_29_0) true)
+(expandtypeattribute (vendor_data_file_29_0) true)
+(expandtypeattribute (vendor_default_prop_29_0) true)
+(expandtypeattribute (vendor_file_29_0) true)
+(expandtypeattribute (vendor_framework_file_29_0) true)
+(expandtypeattribute (vendor_hal_file_29_0) true)
+(expandtypeattribute (vendor_idc_file_29_0) true)
+(expandtypeattribute (vendor_init_29_0) true)
+(expandtypeattribute (vendor_keychars_file_29_0) true)
+(expandtypeattribute (vendor_keylayout_file_29_0) true)
+(expandtypeattribute (vendor_overlay_file_29_0) true)
+(expandtypeattribute (vendor_public_lib_file_29_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_29_0) true)
+(expandtypeattribute (vendor_shell_29_0) true)
+(expandtypeattribute (vendor_shell_exec_29_0) true)
+(expandtypeattribute (vendor_task_profiles_file_29_0) true)
+(expandtypeattribute (vendor_toolbox_exec_29_0) true)
+(expandtypeattribute (vfat_29_0) true)
+(expandtypeattribute (vibrator_service_29_0) true)
+(expandtypeattribute (video_device_29_0) true)
+(expandtypeattribute (virtual_touchpad_29_0) true)
+(expandtypeattribute (virtual_touchpad_exec_29_0) true)
+(expandtypeattribute (virtual_touchpad_service_29_0) true)
+(expandtypeattribute (vndbinder_device_29_0) true)
+(expandtypeattribute (vndk_sp_file_29_0) true)
+(expandtypeattribute (vndservice_contexts_file_29_0) true)
+(expandtypeattribute (vndservicemanager_29_0) true)
+(expandtypeattribute (voiceinteraction_service_29_0) true)
+(expandtypeattribute (vold_29_0) true)
+(expandtypeattribute (vold_data_file_29_0) true)
+(expandtypeattribute (vold_device_29_0) true)
+(expandtypeattribute (vold_exec_29_0) true)
+(expandtypeattribute (vold_metadata_file_29_0) true)
+(expandtypeattribute (vold_prepare_subdirs_29_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_29_0) true)
+(expandtypeattribute (vold_prop_29_0) true)
+(expandtypeattribute (vold_service_29_0) true)
+(expandtypeattribute (vpn_data_file_29_0) true)
+(expandtypeattribute (vrflinger_vsync_service_29_0) true)
+(expandtypeattribute (vr_hwc_29_0) true)
+(expandtypeattribute (vr_hwc_exec_29_0) true)
+(expandtypeattribute (vr_hwc_service_29_0) true)
+(expandtypeattribute (vr_manager_service_29_0) true)
+(expandtypeattribute (wallpaper_file_29_0) true)
+(expandtypeattribute (wallpaper_service_29_0) true)
+(expandtypeattribute (watchdogd_29_0) true)
+(expandtypeattribute (watchdog_device_29_0) true)
+(expandtypeattribute (watchdogd_exec_29_0) true)
+(expandtypeattribute (webviewupdate_service_29_0) true)
+(expandtypeattribute (webview_zygote_29_0) true)
+(expandtypeattribute (webview_zygote_exec_29_0) true)
+(expandtypeattribute (webview_zygote_tmpfs_29_0) true)
+(expandtypeattribute (wifiaware_service_29_0) true)
+(expandtypeattribute (wificond_29_0) true)
+(expandtypeattribute (wificond_exec_29_0) true)
+(expandtypeattribute (wificond_service_29_0) true)
+(expandtypeattribute (wifi_data_file_29_0) true)
+(expandtypeattribute (wifi_log_prop_29_0) true)
+(expandtypeattribute (wifip2p_service_29_0) true)
+(expandtypeattribute (wifi_prop_29_0) true)
+(expandtypeattribute (wifiscanner_service_29_0) true)
+(expandtypeattribute (wifi_service_29_0) true)
+(expandtypeattribute (window_service_29_0) true)
+(expandtypeattribute (wpantund_29_0) true)
+(expandtypeattribute (wpantund_exec_29_0) true)
+(expandtypeattribute (wpantund_service_29_0) true)
+(expandtypeattribute (wpa_socket_29_0) true)
+(expandtypeattribute (zero_device_29_0) true)
+(expandtypeattribute (zoneinfo_data_file_29_0) true)
+(expandtypeattribute (zygote_29_0) true)
+(expandtypeattribute (zygote_exec_29_0) true)
+(expandtypeattribute (zygote_socket_29_0) true)
+(expandtypeattribute (zygote_tmpfs_29_0) true)
+(typeattributeset accessibility_service_29_0 (accessibility_service))
+(typeattributeset account_service_29_0 (account_service))
+(typeattributeset activity_service_29_0 (activity_service))
+(typeattributeset activity_task_service_29_0 (activity_task_service))
+(typeattributeset adbd_29_0 (adbd))
+(typeattributeset adb_data_file_29_0 (adb_data_file))
+(typeattributeset adbd_exec_29_0 (adbd_exec))
+(typeattributeset adbd_socket_29_0 (adbd_socket))
+(typeattributeset adb_keys_file_29_0 (adb_keys_file))
+(typeattributeset adb_service_29_0 (adb_service))
+(typeattributeset alarm_service_29_0 (alarm_service))
+(typeattributeset anr_data_file_29_0 (anr_data_file))
+(typeattributeset apexd_29_0 (apexd))
+(typeattributeset apex_data_file_29_0 (apex_data_file))
+(typeattributeset apexd_exec_29_0 (apexd_exec))
+(typeattributeset apexd_prop_29_0 (apexd_prop))
+(typeattributeset apex_metadata_file_29_0 (apex_metadata_file))
+(typeattributeset apex_mnt_dir_29_0 (apex_mnt_dir))
+(typeattributeset apex_service_29_0 (apex_service))
+(typeattributeset apk_data_file_29_0 (apk_data_file))
+(typeattributeset apk_private_data_file_29_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_29_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_29_0 (apk_tmp_file))
+(typeattributeset app_binding_service_29_0 (app_binding_service))
+(typeattributeset app_data_file_29_0 (app_data_file))
+(typeattributeset appdomain_tmpfs_29_0 (appdomain_tmpfs))
+(typeattributeset app_fuse_file_29_0 (app_fuse_file))
+(typeattributeset app_fusefs_29_0 (app_fusefs))
+(typeattributeset appops_service_29_0 (appops_service))
+(typeattributeset app_prediction_service_29_0 (app_prediction_service))
+(typeattributeset appwidget_service_29_0 (appwidget_service))
+(typeattributeset app_zygote_29_0 (app_zygote))
+(typeattributeset app_zygote_tmpfs_29_0 (app_zygote_tmpfs))
+(typeattributeset asec_apk_file_29_0 (asec_apk_file))
+(typeattributeset asec_image_file_29_0 (asec_image_file))
+(typeattributeset asec_public_file_29_0 (asec_public_file))
+(typeattributeset ashmemd_29_0 (ashmemd))
+(typeattributeset ashmem_device_29_0 (ashmem_device))
+(typeattributeset assetatlas_service_29_0 (assetatlas_service))
+(typeattributeset audio_data_file_29_0 (audio_data_file))
+(typeattributeset audio_device_29_0 (audio_device))
+(typeattributeset audiohal_data_file_29_0 (audiohal_data_file))
+(typeattributeset audio_prop_29_0 (audio_prop))
+(typeattributeset audioserver_29_0 (audioserver))
+(typeattributeset audioserver_data_file_29_0 (audioserver_data_file))
+(typeattributeset audioserver_service_29_0 (audioserver_service))
+(typeattributeset audioserver_tmpfs_29_0 (audioserver_tmpfs))
+(typeattributeset audio_service_29_0 (audio_service))
+(typeattributeset autofill_service_29_0 (autofill_service))
+(typeattributeset backup_data_file_29_0 (backup_data_file))
+(typeattributeset backup_service_29_0 (backup_service))
+(typeattributeset batteryproperties_service_29_0 (batteryproperties_service))
+(typeattributeset battery_service_29_0 (battery_service))
+(typeattributeset batterystats_service_29_0 (batterystats_service))
+(typeattributeset binder_calls_stats_service_29_0 (binder_calls_stats_service))
+(typeattributeset binder_device_29_0 (binder_device))
+(typeattributeset binfmt_miscfs_29_0 (binfmt_miscfs))
+(typeattributeset biometric_service_29_0 (biometric_service))
+(typeattributeset blkid_29_0 (blkid))
+(typeattributeset blkid_untrusted_29_0 (blkid_untrusted))
+(typeattributeset block_device_29_0 (block_device))
+(typeattributeset bluetooth_29_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_29_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_audio_hal_prop_29_0 (bluetooth_audio_hal_prop))
+(typeattributeset bluetooth_data_file_29_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_29_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_29_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_29_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_29_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_29_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_29_0 (bluetooth_socket))
+(typeattributeset bootanim_29_0 (bootanim))
+(typeattributeset bootanim_exec_29_0 (bootanim_exec))
+(typeattributeset boot_block_device_29_0 (boot_block_device))
+(typeattributeset bootchart_data_file_29_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_29_0 (bootloader_boot_reason_prop))
+(typeattributeset bootstat_29_0 (bootstat))
+(typeattributeset bootstat_data_file_29_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_29_0 (bootstat_exec))
+(typeattributeset boottime_prop_29_0 (boottime_prop))
+(typeattributeset boottrace_data_file_29_0 (boottrace_data_file))
+(typeattributeset bpf_progs_loaded_prop_29_0 (bpf_progs_loaded_prop))
+(typeattributeset broadcastradio_service_29_0 (broadcastradio_service))
+(typeattributeset bufferhubd_29_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_29_0 (bufferhubd_exec))
+(typeattributeset bugreport_service_29_0 (bugreport_service))
+(typeattributeset cache_backup_file_29_0 (cache_backup_file))
+(typeattributeset cache_block_device_29_0 (cache_block_device))
+(typeattributeset cache_file_29_0 (cache_file))
+(typeattributeset cache_private_backup_file_29_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_29_0 (cache_recovery_file))
+(typeattributeset camera_data_file_29_0 (camera_data_file))
+(typeattributeset camera_device_29_0 (camera_device))
+(typeattributeset cameraproxy_service_29_0 (cameraproxy_service))
+(typeattributeset cameraserver_29_0 (cameraserver))
+(typeattributeset cameraserver_exec_29_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_29_0 (cameraserver_service))
+(typeattributeset cameraserver_tmpfs_29_0 (cameraserver_tmpfs))
+(typeattributeset cgroup_29_0 (cgroup))
+(typeattributeset cgroup_bpf_29_0 (cgroup_bpf))
+(typeattributeset cgroup_desc_file_29_0 (cgroup_desc_file))
+(typeattributeset cgroup_rc_file_29_0 (cgroup_rc_file))
+(typeattributeset charger_29_0 (charger))
+(typeattributeset charger_exec_29_0 (charger_exec))
+(typeattributeset clatd_29_0 (clatd))
+(typeattributeset clatd_exec_29_0 (clatd_exec))
+(typeattributeset clipboard_service_29_0 (clipboard_service))
+(typeattributeset color_display_service_29_0 (color_display_service))
+(typeattributeset companion_device_service_29_0 (companion_device_service))
+(typeattributeset configfs_29_0 (configfs))
+(typeattributeset config_prop_29_0 (config_prop))
+(typeattributeset connectivity_service_29_0 (connectivity_service))
+(typeattributeset connmetrics_service_29_0 (connmetrics_service))
+(typeattributeset console_device_29_0 (console_device))
+(typeattributeset consumer_ir_service_29_0 (consumer_ir_service))
+(typeattributeset content_capture_service_29_0 (content_capture_service))
+(typeattributeset content_service_29_0 (content_service))
+(typeattributeset content_suggestions_service_29_0 (content_suggestions_service))
+(typeattributeset contexthub_service_29_0 (contexthub_service))
+(typeattributeset coredump_file_29_0 (coredump_file))
+(typeattributeset country_detector_service_29_0 (country_detector_service))
+(typeattributeset coverage_service_29_0 (coverage_service))
+(typeattributeset cppreopt_prop_29_0 (cppreopt_prop))
+(typeattributeset cpuinfo_service_29_0 (cpuinfo_service))
+(typeattributeset cpu_variant_prop_29_0 (cpu_variant_prop))
+(typeattributeset crash_dump_29_0 (crash_dump))
+(typeattributeset crash_dump_exec_29_0 (crash_dump_exec))
+(typeattributeset crossprofileapps_service_29_0 (crossprofileapps_service))
+(typeattributeset ctl_adbd_prop_29_0 (ctl_adbd_prop))
+(typeattributeset ctl_bootanim_prop_29_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_29_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_29_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_29_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_29_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_29_0 (ctl_fuse_prop))
+(typeattributeset ctl_gsid_prop_29_0 (ctl_gsid_prop))
+(typeattributeset ctl_interface_restart_prop_29_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_29_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_29_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_29_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_29_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_29_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_29_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_29_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_29_0 (ctl_stop_prop))
+(typeattributeset dalvikcache_data_file_29_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_29_0 (dalvik_prop))
+(typeattributeset dbinfo_service_29_0 (dbinfo_service))
+(typeattributeset debugfs_29_0 (debugfs))
+(typeattributeset debugfs_mmc_29_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_29_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_29_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_29_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_29_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wakeup_sources_29_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_29_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_29_0 (debuggerd_prop))
+(typeattributeset debug_prop_29_0 (debug_prop))
+(typeattributeset default_android_hwservice_29_0 (default_android_hwservice))
+(typeattributeset default_android_service_29_0 (default_android_service))
+(typeattributeset default_android_vndservice_29_0 (default_android_vndservice))
+(typeattributeset default_prop_29_0 (default_prop apk_verity_prop))
+(typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant))
+(typeattributeset device_29_0 (device))
+(typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop))
+(typeattributeset device_config_boot_count_prop_29_0 (device_config_boot_count_prop))
+(typeattributeset device_config_input_native_boot_prop_29_0 (device_config_input_native_boot_prop))
+(typeattributeset device_config_media_native_prop_29_0 (device_config_media_native_prop))
+(typeattributeset device_config_netd_native_prop_29_0 (device_config_netd_native_prop))
+(typeattributeset device_config_reset_performed_prop_29_0 (device_config_reset_performed_prop))
+(typeattributeset device_config_runtime_native_boot_prop_29_0 (device_config_runtime_native_boot_prop))
+(typeattributeset device_config_runtime_native_prop_29_0 (device_config_runtime_native_prop))
+(typeattributeset device_config_service_29_0 (device_config_service))
+(typeattributeset device_identifiers_service_29_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_29_0 (deviceidle_service))
+(typeattributeset device_logging_prop_29_0 (device_logging_prop))
+(typeattributeset device_policy_service_29_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_29_0 (devicestoragemonitor_service))
+(typeattributeset devpts_29_0 (devpts))
+(typeattributeset dhcp_29_0 (dhcp))
+(typeattributeset dhcp_data_file_29_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_29_0 (dhcp_exec))
+(typeattributeset dhcp_prop_29_0 (dhcp_prop))
+(typeattributeset diskstats_service_29_0 (diskstats_service))
+(typeattributeset display_service_29_0 (display_service))
+(typeattributeset dm_device_29_0 (dm_device))
+(typeattributeset dnsmasq_29_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_29_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_29_0 (dnsproxyd_socket))
+(typeattributeset dnsresolver_service_29_0 (dnsresolver_service))
+(typeattributeset DockObserver_service_29_0 (DockObserver_service))
+(typeattributeset dreams_service_29_0 (dreams_service))
+(typeattributeset drm_data_file_29_0 (drm_data_file))
+(typeattributeset drmserver_29_0 (drmserver))
+(typeattributeset drmserver_exec_29_0 (drmserver_exec))
+(typeattributeset drmserver_service_29_0 (drmserver_service))
+(typeattributeset drmserver_socket_29_0 (drmserver_socket))
+(typeattributeset dropbox_data_file_29_0 (dropbox_data_file))
+(typeattributeset dropbox_service_29_0 (dropbox_service))
+(typeattributeset dumpstate_29_0 (dumpstate))
+(typeattributeset dumpstate_exec_29_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_29_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_29_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_29_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_29_0 (dumpstate_socket))
+(typeattributeset dynamic_system_prop_29_0 (dynamic_system_prop))
+(typeattributeset e2fs_29_0 (e2fs))
+(typeattributeset e2fs_exec_29_0 (e2fs_exec))
+(typeattributeset efs_file_29_0 (efs_file))
+(typeattributeset ephemeral_app_29_0 (ephemeral_app))
+(typeattributeset ethernet_service_29_0 (ethernet_service))
+(typeattributeset exfat_29_0 (exfat))
+(typeattributeset exported2_config_prop_29_0 (exported2_config_prop))
+(typeattributeset exported2_default_prop_29_0 (exported2_default_prop))
+(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop))
+(typeattributeset exported2_system_prop_29_0 (exported2_system_prop))
+(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop))
+(typeattributeset exported3_default_prop_29_0 (exported3_default_prop))
+(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop))
+(typeattributeset exported3_system_prop_29_0 (exported3_system_prop))
+(typeattributeset exported_audio_prop_29_0 (exported_audio_prop))
+(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop))
+(typeattributeset exported_config_prop_29_0 (exported_config_prop))
+(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop))
+(typeattributeset exported_default_prop_29_0
+ ( exported_default_prop
+ vndk_prop))
+(typeattributeset exported_dumpstate_prop_29_0 (exported_dumpstate_prop))
+(typeattributeset exported_ffs_prop_29_0 (exported_ffs_prop))
+(typeattributeset exported_fingerprint_prop_29_0 (exported_fingerprint_prop))
+(typeattributeset exported_overlay_prop_29_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_29_0 (exported_pm_prop))
+(typeattributeset exported_radio_prop_29_0 (exported_radio_prop))
+(typeattributeset exported_secure_prop_29_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_29_0 (exported_system_prop))
+(typeattributeset exported_system_radio_prop_29_0 (exported_system_radio_prop))
+(typeattributeset exported_vold_prop_29_0 (exported_vold_prop))
+(typeattributeset exported_wifi_prop_29_0 (exported_wifi_prop))
+(typeattributeset external_vibrator_service_29_0 (external_vibrator_service))
+(typeattributeset face_service_29_0 (face_service))
+(typeattributeset face_vendor_data_file_29_0 (face_vendor_data_file))
+(typeattributeset fastbootd_29_0 (fastbootd))
+(typeattributeset ffs_prop_29_0 (ffs_prop))
+(typeattributeset file_contexts_file_29_0 (file_contexts_file))
+(typeattributeset fingerprintd_29_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_29_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_29_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_29_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_29_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_29_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_29_0 (fingerprint_vendor_data_file))
+(typeattributeset firstboot_prop_29_0 (firstboot_prop))
+(typeattributeset flags_health_check_29_0 (flags_health_check))
+(typeattributeset flags_health_check_exec_29_0 (flags_health_check_exec))
+(typeattributeset font_service_29_0 (font_service))
+(typeattributeset frp_block_device_29_0 (frp_block_device))
+(typeattributeset fs_bpf_29_0 (fs_bpf))
+(typeattributeset fsck_29_0 (fsck))
+(typeattributeset fsck_exec_29_0 (fsck_exec))
+(typeattributeset fscklogs_29_0 (fscklogs))
+(typeattributeset fsck_untrusted_29_0 (fsck_untrusted))
+(typeattributeset functionfs_29_0 (functionfs))
+(typeattributeset fuse_29_0 (fuse))
+(typeattributeset fuse_device_29_0 (fuse_device))
+(typeattributeset fwk_bufferhub_hwservice_29_0 (fwk_bufferhub_hwservice))
+(typeattributeset fwk_camera_hwservice_29_0 (fwk_camera_hwservice))
+(typeattributeset fwk_display_hwservice_29_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_29_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_29_0 (fwk_sensor_hwservice))
+(typeattributeset fwk_stats_hwservice_29_0 (fwk_stats_hwservice))
+(typeattributeset fwmarkd_socket_29_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_29_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_29_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_29_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_29_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_29_0 (gfxinfo_service))
+(typeattributeset gps_control_29_0 (gps_control))
+(typeattributeset gpu_device_29_0 (gpu_device))
+(typeattributeset gpu_service_29_0 (gpu_service))
+(typeattributeset gpuservice_29_0 (gpuservice))
+(typeattributeset graphics_device_29_0 (graphics_device))
+(typeattributeset graphicsstats_service_29_0 (graphicsstats_service))
+(typeattributeset gsi_data_file_29_0 (gsi_data_file))
+(typeattributeset gsid_prop_29_0 (gsid_prop))
+(typeattributeset gsi_metadata_file_29_0 (gsi_metadata_file))
+(typeattributeset hal_atrace_hwservice_29_0 (hal_atrace_hwservice))
+(typeattributeset hal_audiocontrol_hwservice_29_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audio_hwservice_29_0 (hal_audio_hwservice))
+(typeattributeset hal_authsecret_hwservice_29_0 (hal_authsecret_hwservice))
+(typeattributeset hal_bluetooth_hwservice_29_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_29_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_29_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_29_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_29_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_29_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_29_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_29_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_29_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_29_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_29_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_evs_hwservice_29_0 (hal_evs_hwservice))
+(typeattributeset hal_face_hwservice_29_0 (hal_face_hwservice))
+(typeattributeset hal_fingerprint_hwservice_29_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_29_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_29_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_29_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_29_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_29_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_composer_server_tmpfs_29_0 (hal_graphics_composer_server_tmpfs))
+(typeattributeset hal_graphics_mapper_hwservice_29_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_29_0 (hal_health_hwservice))
+(typeattributeset hal_health_storage_hwservice_29_0 (hal_health_storage_hwservice))
+(typeattributeset hal_input_classifier_hwservice_29_0 (hal_input_classifier_hwservice))
+(typeattributeset hal_ir_hwservice_29_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_29_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_29_0 (hal_light_hwservice))
+(typeattributeset hal_lowpan_hwservice_29_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_29_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_29_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_29_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_29_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_29_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_29_0 (hal_power_hwservice))
+(typeattributeset hal_power_stats_hwservice_29_0 (hal_power_stats_hwservice))
+(typeattributeset hal_renderscript_hwservice_29_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_29_0 (hal_secure_element_hwservice))
+(typeattributeset hal_sensors_hwservice_29_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_29_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_29_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_29_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_29_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_29_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_gadget_hwservice_29_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_29_0 (hal_usb_hwservice))
+(typeattributeset hal_vehicle_hwservice_29_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vibrator_hwservice_29_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_29_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_29_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hostapd_hwservice_29_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hwservice_29_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_29_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_29_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_29_0 (hardware_properties_service))
+(typeattributeset hardware_service_29_0 (hardware_service))
+(typeattributeset hci_attach_dev_29_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_29_0 (hdmi_control_service))
+(typeattributeset healthd_29_0 (healthd))
+(typeattributeset healthd_exec_29_0 (healthd_exec))
+(typeattributeset heapdump_data_file_29_0 (heapdump_data_file))
+(typeattributeset heapprofd_29_0 (heapprofd))
+(typeattributeset heapprofd_enabled_prop_29_0 (heapprofd_enabled_prop))
+(typeattributeset heapprofd_prop_29_0 (heapprofd_prop))
+(typeattributeset heapprofd_socket_29_0 (heapprofd_socket))
+(typeattributeset hidl_allocator_hwservice_29_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_29_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_29_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_29_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_29_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_29_0 (hwbinder_device))
+(typeattributeset hw_random_device_29_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_29_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_29_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_29_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_29_0 (hwservicemanager_prop))
+(typeattributeset icon_file_29_0 (icon_file))
+(typeattributeset idmap_29_0 (idmap))
+(typeattributeset idmap_exec_29_0 (idmap_exec))
+(typeattributeset idmap_service_29_0 (idmap_service))
+(typeattributeset iio_device_29_0 (iio_device))
+(typeattributeset imms_service_29_0 (imms_service))
+(typeattributeset incident_29_0 (incident))
+(typeattributeset incidentd_29_0 (incidentd))
+(typeattributeset incident_data_file_29_0 (incident_data_file))
+(typeattributeset incident_helper_29_0 (incident_helper))
+(typeattributeset incident_service_29_0 (incident_service))
+(typeattributeset init_29_0 (init))
+(typeattributeset init_exec_29_0 (init_exec))
+(typeattributeset init_tmpfs_29_0 (init_tmpfs))
+(typeattributeset inotify_29_0 (inotify))
+(typeattributeset input_device_29_0 (input_device))
+(typeattributeset inputflinger_29_0 (inputflinger))
+(typeattributeset inputflinger_exec_29_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_29_0 (inputflinger_service))
+(typeattributeset input_method_service_29_0 (input_method_service))
+(typeattributeset input_service_29_0 (input_service))
+(typeattributeset installd_29_0 (installd))
+(typeattributeset install_data_file_29_0 (install_data_file))
+(typeattributeset installd_exec_29_0 (installd_exec))
+(typeattributeset installd_service_29_0 (installd_service))
+(typeattributeset install_recovery_29_0 (install_recovery))
+(typeattributeset install_recovery_exec_29_0 (install_recovery_exec))
+(typeattributeset ion_device_29_0 (ion_device))
+(typeattributeset iorapd_29_0 (iorapd))
+(typeattributeset iorapd_data_file_29_0 (iorapd_data_file))
+(typeattributeset iorapd_exec_29_0 (iorapd_exec))
+(typeattributeset iorapd_service_29_0 (iorapd_service))
+(typeattributeset iorapd_tmpfs_29_0 (iorapd_tmpfs))
+(typeattributeset IProxyService_service_29_0 (IProxyService_service))
+(typeattributeset ipsec_service_29_0 (ipsec_service))
+(typeattributeset iris_service_29_0 (iris_service))
+(typeattributeset iris_vendor_data_file_29_0 (iris_vendor_data_file))
+(typeattributeset isolated_app_29_0 (isolated_app))
+(typeattributeset jobscheduler_service_29_0 (jobscheduler_service))
+(typeattributeset kernel_29_0 (kernel))
+(typeattributeset keychain_data_file_29_0 (keychain_data_file))
+(typeattributeset keychord_device_29_0 (keychord_device))
+(typeattributeset keystore_29_0 (keystore))
+(typeattributeset keystore_data_file_29_0 (keystore_data_file))
+(typeattributeset keystore_exec_29_0 (keystore_exec))
+(typeattributeset keystore_service_29_0 (keystore_service))
+(typeattributeset kmsg_debug_device_29_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_29_0 (kmsg_device))
+(typeattributeset labeledfs_29_0 (labeledfs))
+(typeattributeset last_boot_reason_prop_29_0 (last_boot_reason_prop))
+(typeattributeset launcherapps_service_29_0 (launcherapps_service))
+(typeattributeset llkd_29_0 (llkd))
+(typeattributeset llkd_exec_29_0 (llkd_exec))
+(typeattributeset llkd_prop_29_0 (llkd_prop))
+(typeattributeset lmkd_29_0 (lmkd))
+(typeattributeset lmkd_exec_29_0 (lmkd_exec))
+(typeattributeset lmkd_socket_29_0 (lmkd_socket))
+(typeattributeset location_service_29_0 (location_service))
+(typeattributeset lock_settings_service_29_0 (lock_settings_service))
+(typeattributeset logcat_exec_29_0 (logcat_exec))
+(typeattributeset logd_29_0 (logd))
+(typeattributeset logd_exec_29_0 (logd_exec))
+(typeattributeset logd_prop_29_0 (logd_prop))
+(typeattributeset logdr_socket_29_0 (logdr_socket))
+(typeattributeset logd_socket_29_0 (logd_socket))
+(typeattributeset logdw_socket_29_0 (logdw_socket))
+(typeattributeset logpersist_29_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_29_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_29_0 (log_prop))
+(typeattributeset log_tag_prop_29_0 (log_tag_prop))
+(typeattributeset loop_control_device_29_0 (loop_control_device))
+(typeattributeset loop_device_29_0 (loop_device))
+(typeattributeset looper_stats_service_29_0 (looper_stats_service))
+(typeattributeset lowpan_device_29_0 (lowpan_device))
+(typeattributeset lowpan_prop_29_0 (lowpan_prop))
+(typeattributeset lowpan_service_29_0 (lowpan_service))
+(typeattributeset lpdumpd_prop_29_0 (lpdumpd_prop))
+(typeattributeset lpdump_service_29_0 (lpdump_service))
+(typeattributeset mac_perms_file_29_0 (mac_perms_file))
+(typeattributeset mdnsd_29_0 (mdnsd))
+(typeattributeset mdnsd_socket_29_0 (mdnsd_socket))
+(typeattributeset mdns_socket_29_0 (mdns_socket))
+(typeattributeset mediacodec_service_29_0 (mediacodec_service))
+(typeattributeset media_data_file_29_0 (media_data_file))
+(typeattributeset mediadrmserver_29_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_29_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_29_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_29_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_29_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_29_0 (mediaextractor_service))
+(typeattributeset mediaextractor_tmpfs_29_0 (mediaextractor_tmpfs))
+(typeattributeset mediametrics_29_0 (mediametrics))
+(typeattributeset mediametrics_exec_29_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_29_0 (mediametrics_service))
+(typeattributeset media_projection_service_29_0 (media_projection_service))
+(typeattributeset mediaprovider_29_0 (mediaprovider))
+(typeattributeset media_router_service_29_0 (media_router_service))
+(typeattributeset media_rw_data_file_29_0 (media_rw_data_file))
+(typeattributeset mediaserver_29_0 (mediaserver))
+(typeattributeset mediaserver_exec_29_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_29_0 (mediaserver_service))
+(typeattributeset mediaserver_tmpfs_29_0 (mediaserver_tmpfs))
+(typeattributeset media_session_service_29_0 (media_session_service))
+(typeattributeset mediaswcodec_29_0 (mediaswcodec))
+(typeattributeset mediaswcodec_exec_29_0 (mediaswcodec_exec))
+(typeattributeset meminfo_service_29_0 (meminfo_service))
+(typeattributeset metadata_block_device_29_0 (metadata_block_device))
+(typeattributeset metadata_file_29_0 (metadata_file))
+(typeattributeset method_trace_data_file_29_0 (method_trace_data_file))
+(typeattributeset midi_service_29_0 (midi_service))
+(typeattributeset misc_block_device_29_0 (misc_block_device))
+(typeattributeset misc_logd_file_29_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_29_0 (misc_user_data_file))
+(typeattributeset mmc_prop_29_0 (mmc_prop))
+(typeattributeset mnt_expand_file_29_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_29_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_29_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_product_file_29_0 (mnt_product_file))
+(typeattributeset mnt_user_file_29_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_29_0 (mnt_vendor_file))
+(typeattributeset modprobe_29_0 (modprobe))
+(typeattributeset mount_service_29_0 (mount_service))
+(typeattributeset mqueue_29_0 (mqueue))
+(typeattributeset mtp_29_0 (mtp))
+(typeattributeset mtp_device_29_0 (mtp_device))
+(typeattributeset mtpd_socket_29_0 (mtpd_socket))
+(typeattributeset mtp_exec_29_0 (mtp_exec))
+(typeattributeset nativetest_data_file_29_0 (nativetest_data_file))
+(typeattributeset netd_29_0 (netd))
+(typeattributeset net_data_file_29_0 (net_data_file))
+(typeattributeset netd_exec_29_0 (netd_exec))
+(typeattributeset netd_listener_service_29_0 (netd_listener_service))
+(typeattributeset net_dns_prop_29_0 (net_dns_prop))
+(typeattributeset netd_service_29_0 (netd_service))
+(typeattributeset netd_stable_secret_prop_29_0 (netd_stable_secret_prop))
+(typeattributeset netif_29_0 (netif))
+(typeattributeset netpolicy_service_29_0 (netpolicy_service))
+(typeattributeset net_radio_prop_29_0 (net_radio_prop))
+(typeattributeset netstats_service_29_0 (netstats_service))
+(typeattributeset netutils_wrapper_29_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_29_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_29_0 (network_management_service))
+(typeattributeset network_score_service_29_0 (network_score_service))
+(typeattributeset network_stack_29_0 (network_stack))
+(typeattributeset network_stack_service_29_0 (network_stack_service))
+(typeattributeset network_time_update_service_29_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_29_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_29_0 (network_watchlist_service))
+(typeattributeset nfc_29_0 (nfc))
+(typeattributeset nfc_data_file_29_0 (nfc_data_file))
+(typeattributeset nfc_device_29_0 (nfc_device))
+(typeattributeset nfc_prop_29_0 (nfc_prop))
+(typeattributeset nfc_service_29_0 (nfc_service))
+(typeattributeset nnapi_ext_deny_product_prop_29_0 (nnapi_ext_deny_product_prop))
+(typeattributeset node_29_0 (node))
+(typeattributeset nonplat_service_contexts_file_29_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_29_0 (notification_service))
+(typeattributeset null_device_29_0 (null_device))
+(typeattributeset oemfs_29_0 (oemfs))
+(typeattributeset oem_lock_service_29_0 (oem_lock_service))
+(typeattributeset ota_data_file_29_0 (ota_data_file))
+(typeattributeset otadexopt_service_29_0 (otadexopt_service))
+(typeattributeset ota_package_file_29_0 (ota_package_file))
+(typeattributeset overlayfs_file_29_0 (overlayfs_file))
+(typeattributeset overlay_prop_29_0 (overlay_prop))
+(typeattributeset overlay_service_29_0 (overlay_service))
+(typeattributeset owntty_device_29_0 (owntty_device))
+(typeattributeset package_native_service_29_0 (package_native_service))
+(typeattributeset package_service_29_0 (package_service))
+(typeattributeset packages_list_file_29_0 (packages_list_file))
+(typeattributeset pan_result_prop_29_0 (pan_result_prop))
+(typeattributeset password_slot_metadata_file_29_0 (password_slot_metadata_file))
+(typeattributeset pdx_bufferhub_client_channel_socket_29_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_29_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_29_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_29_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_29_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_29_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_29_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_29_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_29_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_29_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_29_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_29_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_29_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_29_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_29_0 (pdx_performance_dir))
+(typeattributeset perfetto_29_0 (perfetto))
+(typeattributeset performanced_29_0 (performanced))
+(typeattributeset performanced_exec_29_0 (performanced_exec))
+(typeattributeset permissionmgr_service_29_0 (permissionmgr_service))
+(typeattributeset permission_service_29_0 (permission_service))
+(typeattributeset persist_debug_prop_29_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_29_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_29_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_29_0 (pinner_service))
+(typeattributeset pipefs_29_0 (pipefs))
+(typeattributeset platform_app_29_0 (platform_app))
+(typeattributeset pm_prop_29_0 (pm_prop))
+(typeattributeset pmsg_device_29_0 (pmsg_device))
+(typeattributeset port_29_0 (port))
+(typeattributeset port_device_29_0 (port_device))
+(typeattributeset postinstall_29_0 (postinstall))
+(typeattributeset postinstall_apex_mnt_dir_29_0 (postinstall_apex_mnt_dir))
+(typeattributeset postinstall_file_29_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_29_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_29_0 (powerctl_prop))
+(typeattributeset power_service_29_0 (power_service))
+(typeattributeset ppp_29_0 (ppp))
+(typeattributeset ppp_device_29_0 (ppp_device))
+(typeattributeset ppp_exec_29_0 (ppp_exec))
+(typeattributeset preloads_data_file_29_0 (preloads_data_file))
+(typeattributeset preloads_media_file_29_0 (preloads_media_file))
+(typeattributeset print_service_29_0 (print_service))
+(typeattributeset priv_app_29_0 (priv_app))
+(typeattributeset privapp_data_file_29_0 (privapp_data_file))
+(typeattributeset proc_29_0
+ ( proc
+ proc_kpageflags
+ proc_lowmemorykiller))
+(typeattributeset proc_abi_29_0 (proc_abi))
+(typeattributeset proc_asound_29_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_29_0 (proc_bluetooth_writable))
+(typeattributeset proc_buddyinfo_29_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_29_0 (proc_cmdline))
+(typeattributeset proc_cpuinfo_29_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_29_0 (proc_dirty))
+(typeattributeset proc_diskstats_29_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_29_0 (proc_drop_caches))
+(typeattributeset processinfo_service_29_0 (processinfo_service))
+(typeattributeset proc_extra_free_kbytes_29_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_29_0 (proc_filesystems))
+(typeattributeset proc_fs_verity_29_0 (proc_fs_verity))
+(typeattributeset proc_hostname_29_0 (proc_hostname))
+(typeattributeset proc_hung_task_29_0 (proc_hung_task))
+(typeattributeset proc_interrupts_29_0 (proc_interrupts))
+(typeattributeset proc_iomem_29_0 (proc_iomem))
+(typeattributeset proc_keys_29_0 (proc_keys))
+(typeattributeset proc_kmsg_29_0 (proc_kmsg))
+(typeattributeset proc_loadavg_29_0 (proc_loadavg))
+(typeattributeset proc_max_map_count_29_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_29_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_29_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_29_0 (proc_misc))
+(typeattributeset proc_modules_29_0 (proc_modules))
+(typeattributeset proc_mounts_29_0 (proc_mounts))
+(typeattributeset proc_net_29_0 (proc_net))
+(typeattributeset proc_net_tcp_udp_29_0 (proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_29_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_29_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_29_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_29_0 (proc_panic))
+(typeattributeset proc_perf_29_0 (proc_perf))
+(typeattributeset proc_pid_max_29_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_29_0 (proc_pipe_conf))
+(typeattributeset proc_pressure_cpu_29_0 (proc_pressure_cpu))
+(typeattributeset proc_pressure_io_29_0 (proc_pressure_io))
+(typeattributeset proc_pressure_mem_29_0 (proc_pressure_mem))
+(typeattributeset proc_qtaguid_ctrl_29_0 (proc_qtaguid_ctrl))
+(typeattributeset proc_qtaguid_stat_29_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_29_0 (proc_random))
+(typeattributeset proc_sched_29_0 (proc_sched))
+(typeattributeset proc_security_29_0 (proc_security))
+(typeattributeset proc_slabinfo_29_0 (proc_slabinfo))
+(typeattributeset proc_stat_29_0 (proc_stat))
+(typeattributeset procstats_service_29_0 (procstats_service))
+(typeattributeset proc_swaps_29_0 (proc_swaps))
+(typeattributeset proc_sysrq_29_0 (proc_sysrq))
+(typeattributeset proc_timer_29_0 (proc_timer))
+(typeattributeset proc_tty_drivers_29_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_29_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_29_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_29_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_29_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_29_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_29_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_29_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_29_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_29_0 (proc_uptime))
+(typeattributeset proc_version_29_0 (proc_version))
+(typeattributeset proc_vmallocinfo_29_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_29_0 (proc_vmstat))
+(typeattributeset proc_zoneinfo_29_0 (proc_zoneinfo))
+(typeattributeset profman_29_0 (profman))
+(typeattributeset profman_dump_data_file_29_0 (profman_dump_data_file))
+(typeattributeset profman_exec_29_0 (profman_exec))
+(typeattributeset properties_device_29_0 (properties_device))
+(typeattributeset properties_serial_29_0 (properties_serial))
+(typeattributeset property_contexts_file_29_0 (property_contexts_file))
+(typeattributeset property_data_file_29_0 (property_data_file))
+(typeattributeset property_info_29_0 (property_info))
+(typeattributeset property_socket_29_0 (property_socket))
+(typeattributeset pstorefs_29_0 (pstorefs))
+(typeattributeset ptmx_device_29_0 (ptmx_device))
+(typeattributeset qtaguid_device_29_0 (qtaguid_device))
+(typeattributeset racoon_29_0 (racoon))
+(typeattributeset racoon_exec_29_0 (racoon_exec))
+(typeattributeset racoon_socket_29_0 (racoon_socket))
+(typeattributeset radio_29_0 (radio))
+(typeattributeset radio_data_file_29_0 (radio_data_file))
+(typeattributeset radio_device_29_0 (radio_device))
+(typeattributeset radio_prop_29_0 (radio_prop))
+(typeattributeset radio_service_29_0 (radio_service))
+(typeattributeset ram_device_29_0 (ram_device))
+(typeattributeset random_device_29_0 (random_device))
+(typeattributeset recovery_29_0 (recovery))
+(typeattributeset recovery_block_device_29_0 (recovery_block_device))
+(typeattributeset recovery_data_file_29_0 (recovery_data_file))
+(typeattributeset recovery_persist_29_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_29_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_29_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_29_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_29_0 (recovery_service))
+(typeattributeset recovery_socket_29_0 (recovery_socket))
+(typeattributeset registry_service_29_0 (registry_service))
+(typeattributeset resourcecache_data_file_29_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_29_0 (restorecon_prop))
+(typeattributeset restrictions_service_29_0 (restrictions_service))
+(typeattributeset rild_debug_socket_29_0 (rild_debug_socket))
+(typeattributeset rild_socket_29_0 (rild_socket))
+(typeattributeset ringtone_file_29_0 (ringtone_file))
+(typeattributeset role_service_29_0 (role_service))
+(typeattributeset rollback_service_29_0 (rollback_service))
+(typeattributeset root_block_device_29_0 (root_block_device))
+(typeattributeset rootfs_29_0 (rootfs))
+(typeattributeset rpmsg_device_29_0 (rpmsg_device))
+(typeattributeset rs_29_0 (rs))
+(typeattributeset rs_exec_29_0 (rs_exec))
+(typeattributeset rss_hwm_reset_29_0 (rss_hwm_reset))
+(typeattributeset rtc_device_29_0 (rtc_device))
+(typeattributeset rttmanager_service_29_0 (rttmanager_service))
+(typeattributeset runas_29_0 (runas))
+(typeattributeset runas_app_29_0 (runas_app))
+(typeattributeset runas_exec_29_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_29_0 (runtime_event_log_tags_file))
+(typeattributeset runtime_service_29_0 (runtime_service))
+(typeattributeset safemode_prop_29_0 (safemode_prop))
+(typeattributeset same_process_hal_file_29_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_29_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_29_0 (scheduling_policy_service))
+(typeattributeset sdcard_block_device_29_0 (sdcard_block_device))
+(typeattributeset sdcardd_29_0 (sdcardd))
+(typeattributeset sdcardd_exec_29_0 (sdcardd_exec))
+(typeattributeset sdcardfs_29_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_29_0 (seapp_contexts_file))
+(typeattributeset search_service_29_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_29_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_29_0 (secure_element))
+(typeattributeset secure_element_device_29_0 (secure_element_device))
+(typeattributeset secure_element_service_29_0 (secure_element_service))
+(typeattributeset selinuxfs_29_0 (selinuxfs))
+(typeattributeset sensor_privacy_service_29_0 (sensor_privacy_service))
+(typeattributeset sensors_device_29_0 (sensors_device))
+(typeattributeset sensorservice_service_29_0 (sensorservice_service))
+(typeattributeset sepolicy_file_29_0 (sepolicy_file))
+(typeattributeset serial_device_29_0 (serial_device))
+(typeattributeset serialno_prop_29_0 (serialno_prop))
+(typeattributeset serial_service_29_0 (serial_service))
+(typeattributeset server_configurable_flags_data_file_29_0 (server_configurable_flags_data_file))
+(typeattributeset service_contexts_file_29_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_29_0 (servicediscovery_service))
+(typeattributeset servicemanager_29_0 (servicemanager))
+(typeattributeset servicemanager_exec_29_0 (servicemanager_exec))
+(typeattributeset settings_service_29_0 (settings_service))
+(typeattributeset sgdisk_29_0 (sgdisk))
+(typeattributeset sgdisk_exec_29_0 (sgdisk_exec))
+(typeattributeset shared_relro_29_0 (shared_relro))
+(typeattributeset shared_relro_file_29_0 (shared_relro_file))
+(typeattributeset shell_29_0 (shell))
+(typeattributeset shell_data_file_29_0 (shell_data_file))
+(typeattributeset shell_exec_29_0 (shell_exec))
+(typeattributeset shell_prop_29_0 (shell_prop))
+(typeattributeset shm_29_0 (shm))
+(typeattributeset shortcut_manager_icons_29_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_29_0 (shortcut_service))
+(typeattributeset simpleperf_app_runner_29_0 (simpleperf_app_runner))
+(typeattributeset simpleperf_app_runner_exec_29_0 (simpleperf_app_runner_exec))
+(typeattributeset slice_service_29_0 (slice_service))
+(typeattributeset slideshow_29_0 (slideshow))
+(typeattributeset socket_device_29_0 (socket_device))
+(typeattributeset sockfs_29_0 (sockfs))
+(typeattributeset staging_data_file_29_0 (staging_data_file))
+(typeattributeset statsd_29_0 (statsd))
+(typeattributeset stats_data_file_29_0 (stats_data_file))
+(typeattributeset statsd_exec_29_0 (statsd_exec))
+(typeattributeset statsdw_socket_29_0 (statsdw_socket))
+(typeattributeset statusbar_service_29_0 (statusbar_service))
+(typeattributeset storaged_service_29_0 (storaged_service))
+(typeattributeset storage_file_29_0 (storage_file))
+(typeattributeset storagestats_service_29_0 (storagestats_service))
+(typeattributeset storage_stub_file_29_0 (storage_stub_file))
+(typeattributeset su_29_0 (su))
+(typeattributeset su_exec_29_0 (su_exec))
+(typeattributeset super_block_device_29_0 (super_block_device))
+(typeattributeset surfaceflinger_29_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service))
+(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs))
+(typeattributeset swap_block_device_29_0 (swap_block_device))
+(typeattributeset sysfs_29_0
+ ( sysfs
+ sysfs_ion
+ sysfs_suspend_stats
+ sysfs_wakeup))
+(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_block_29_0 (sysfs_devices_block))
+(typeattributeset sysfs_devices_system_cpu_29_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_29_0 (sysfs_dm))
+(typeattributeset sysfs_dt_firmware_android_29_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_extcon_29_0 (sysfs_extcon))
+(typeattributeset sysfs_fs_ext4_features_29_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_fs_f2fs_29_0 (sysfs_fs_f2fs))
+(typeattributeset sysfs_hwrandom_29_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ipv4_29_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_29_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_29_0 (sysfs_leds))
+(typeattributeset sysfs_loop_29_0 (sysfs_loop))
+(typeattributeset sysfs_lowmemorykiller_29_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_29_0 (sysfs_mac_address))
+(typeattributeset sysfs_net_29_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_29_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_29_0 (sysfs_power))
+(typeattributeset sysfs_rtc_29_0 (sysfs_rtc))
+(typeattributeset sysfs_switch_29_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_29_0 (sysfs_thermal))
+(typeattributeset sysfs_transparent_hugepage_29_0 (sysfs_transparent_hugepage))
+(typeattributeset sysfs_uio_29_0 (sysfs_uio))
+(typeattributeset sysfs_usb_29_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_29_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_29_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_29_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_reasons_29_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_29_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_29_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_29_0 (sysfs_zram_uevent))
+(typeattributeset system_app_29_0 (system_app))
+(typeattributeset system_app_data_file_29_0 (system_app_data_file))
+(typeattributeset system_app_service_29_0 (system_app_service))
+(typeattributeset system_asan_options_file_29_0 (system_asan_options_file))
+(typeattributeset system_block_device_29_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_29_0 (system_boot_reason_prop))
+(typeattributeset system_bootstrap_lib_file_29_0 (system_bootstrap_lib_file))
+(typeattributeset system_data_file_29_0 (system_data_file system_data_root_file))
+(typeattributeset system_event_log_tags_file_29_0 (system_event_log_tags_file))
+(typeattributeset system_file_29_0 (system_file))
+(typeattributeset systemkeys_data_file_29_0 (systemkeys_data_file))
+(typeattributeset system_lib_file_29_0 (system_lib_file))
+(typeattributeset system_linker_config_file_29_0 (system_linker_config_file))
+(typeattributeset system_linker_exec_29_0 (system_linker_exec))
+(typeattributeset system_lmk_prop_29_0 (system_lmk_prop))
+(typeattributeset system_ndebug_socket_29_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_29_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_29_0 (system_prop))
+(typeattributeset system_radio_prop_29_0 (system_radio_prop))
+(typeattributeset system_seccomp_policy_file_29_0 (system_seccomp_policy_file))
+(typeattributeset system_security_cacerts_file_29_0 (system_security_cacerts_file))
+(typeattributeset system_server_29_0 (system_server))
+(typeattributeset system_server_tmpfs_29_0 (system_server_tmpfs))
+(typeattributeset system_suspend_control_service_29_0 (system_suspend_control_service))
+(typeattributeset system_suspend_hwservice_29_0 (system_suspend_hwservice))
+(typeattributeset system_trace_prop_29_0 (system_trace_prop))
+(typeattributeset system_update_service_29_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_29_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_29_0 (system_wpa_socket))
+(typeattributeset system_zoneinfo_file_29_0 (system_zoneinfo_file))
+(typeattributeset task_profiles_file_29_0 (task_profiles_file))
+(typeattributeset task_service_29_0 (task_service))
+(typeattributeset tcpdump_exec_29_0 (tcpdump_exec))
+(typeattributeset tee_29_0 (tee))
+(typeattributeset tee_data_file_29_0 (tee_data_file))
+(typeattributeset tee_device_29_0 (tee_device))
+(typeattributeset telecom_service_29_0 (telecom_service))
+(typeattributeset test_boot_reason_prop_29_0 (test_boot_reason_prop))
+(typeattributeset test_harness_prop_29_0 (test_harness_prop))
+(typeattributeset testharness_service_29_0 (testharness_service))
+(typeattributeset textclassification_service_29_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_29_0 (textclassifier_data_file))
+(typeattributeset textservices_service_29_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_29_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_29_0 (thermal_service))
+(typeattributeset timedetector_service_29_0 (timedetector_service))
+(typeattributeset time_prop_29_0 (time_prop))
+(typeattributeset timezone_service_29_0 (timezone_service))
+(typeattributeset tmpfs_29_0
+ ( mnt_sdcard_file
+ tmpfs))
+(typeattributeset tombstoned_29_0 (tombstoned))
+(typeattributeset tombstone_data_file_29_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_29_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_29_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_29_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_29_0 (tombstoned_java_trace_socket))
+(typeattributeset tombstone_wifi_data_file_29_0 (tombstone_wifi_data_file))
+(typeattributeset toolbox_29_0 (toolbox))
+(typeattributeset toolbox_exec_29_0 (toolbox_exec))
+(typeattributeset traced_29_0 (traced))
+(typeattributeset trace_data_file_29_0 (trace_data_file))
+(typeattributeset traced_consumer_socket_29_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_29_0 (traced_enabled_prop))
+(typeattributeset traced_lazy_prop_29_0 (traced_lazy_prop))
+(typeattributeset traced_probes_29_0 (traced_probes))
+(typeattributeset traced_producer_socket_29_0 (traced_producer_socket))
+(typeattributeset traceur_app_29_0 (traceur_app))
+(typeattributeset trust_service_29_0 (trust_service))
+(typeattributeset tty_device_29_0 (tty_device))
+(typeattributeset tun_device_29_0 (tun_device))
+(typeattributeset tv_input_service_29_0 (tv_input_service))
+(typeattributeset tzdatacheck_29_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_29_0 (tzdatacheck_exec))
+(typeattributeset ueventd_29_0 (ueventd))
+(typeattributeset ueventd_tmpfs_29_0 (ueventd_tmpfs))
+(typeattributeset uhid_device_29_0 (uhid_device))
+(typeattributeset uimode_service_29_0 (uimode_service))
+(typeattributeset uio_device_29_0 (uio_device))
+(typeattributeset uncrypt_29_0 (uncrypt))
+(typeattributeset uncrypt_exec_29_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_29_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_29_0 (unencrypted_data_file))
+(typeattributeset unlabeled_29_0 (unlabeled))
+(typeattributeset untrusted_app_25_29_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_29_0 (untrusted_app_27))
+(typeattributeset untrusted_app_29_0 (untrusted_app))
+(typeattributeset update_engine_29_0 (update_engine))
+(typeattributeset update_engine_data_file_29_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_29_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_29_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_29_0 (update_engine_service))
+(typeattributeset updatelock_service_29_0 (updatelock_service))
+(typeattributeset update_verifier_29_0 (update_verifier))
+(typeattributeset update_verifier_exec_29_0 (update_verifier_exec))
+(typeattributeset uri_grants_service_29_0 (uri_grants_service))
+(typeattributeset usagestats_service_29_0 (usagestats_service))
+(typeattributeset usbaccessory_device_29_0 (usbaccessory_device))
+(typeattributeset usbd_29_0 (usbd))
+(typeattributeset usb_device_29_0 (usb_device))
+(typeattributeset usbd_exec_29_0 (usbd_exec))
+(typeattributeset usbfs_29_0 (usbfs))
+(typeattributeset usb_service_29_0 (usb_service))
+(typeattributeset use_memfd_prop_29_0 (use_memfd_prop))
+(typeattributeset userdata_block_device_29_0 (userdata_block_device))
+(typeattributeset usermodehelper_29_0 (usermodehelper))
+(typeattributeset user_profile_data_file_29_0 (user_profile_data_file))
+(typeattributeset user_service_29_0 (user_service))
+(typeattributeset vdc_29_0 (vdc))
+(typeattributeset vdc_exec_29_0 (vdc_exec))
+(typeattributeset vendor_app_file_29_0 (vendor_app_file))
+(typeattributeset vendor_cgroup_desc_file_29_0 (vendor_cgroup_desc_file))
+(typeattributeset vendor_configs_file_29_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_29_0 (vendor_data_file))
+(typeattributeset vendor_default_prop_29_0 (vendor_default_prop))
+(typeattributeset vendor_file_29_0 (vendor_file))
+(typeattributeset vendor_framework_file_29_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_29_0 (vendor_hal_file))
+(typeattributeset vendor_idc_file_29_0 (vendor_idc_file))
+(typeattributeset vendor_init_29_0 (vendor_init))
+(typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file))
+(typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file))
+(typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file))
+(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file))
+(typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_shell_29_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec))
+(typeattributeset vendor_task_profiles_file_29_0 (vendor_task_profiles_file))
+(typeattributeset vendor_toolbox_exec_29_0 (vendor_toolbox_exec))
+(typeattributeset vfat_29_0 (vfat))
+(typeattributeset vibrator_service_29_0 (vibrator_service))
+(typeattributeset video_device_29_0 (video_device))
+(typeattributeset virtual_touchpad_29_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_29_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_29_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_29_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_29_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_29_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_29_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_29_0 (voiceinteraction_service))
+(typeattributeset vold_29_0 (vold))
+(typeattributeset vold_data_file_29_0 (vold_data_file))
+(typeattributeset vold_device_29_0 (vold_device))
+(typeattributeset vold_exec_29_0 (vold_exec))
+(typeattributeset vold_metadata_file_29_0 (vold_metadata_file))
+(typeattributeset vold_prepare_subdirs_29_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_29_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_29_0 (vold_prop))
+(typeattributeset vold_service_29_0 (vold_service))
+(typeattributeset vpn_data_file_29_0 (vpn_data_file))
+(typeattributeset vrflinger_vsync_service_29_0 (vrflinger_vsync_service))
+(typeattributeset vr_hwc_29_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_29_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_29_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_29_0 (vr_manager_service))
+(typeattributeset wallpaper_file_29_0 (wallpaper_file))
+(typeattributeset wallpaper_service_29_0 (wallpaper_service))
+(typeattributeset watchdogd_29_0 (watchdogd))
+(typeattributeset watchdog_device_29_0 (watchdog_device))
+(typeattributeset watchdogd_exec_29_0 (watchdogd_exec))
+(typeattributeset webviewupdate_service_29_0 (webviewupdate_service))
+(typeattributeset webview_zygote_29_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_29_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_tmpfs_29_0 (webview_zygote_tmpfs))
+(typeattributeset wifiaware_service_29_0 (wifiaware_service))
+(typeattributeset wificond_29_0 (wificond))
+(typeattributeset wificond_exec_29_0 (wificond_exec))
+(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service))
+(typeattributeset wifi_data_file_29_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_29_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_29_0 (wifip2p_service))
+(typeattributeset wifi_prop_29_0 (wifi_prop))
+(typeattributeset wifiscanner_service_29_0 (wifiscanner_service))
+(typeattributeset wifi_service_29_0 (wifi_service))
+(typeattributeset window_service_29_0 (window_service))
+(typeattributeset wpantund_29_0 (wpantund))
+(typeattributeset wpantund_exec_29_0 (wpantund_exec))
+(typeattributeset wpantund_service_29_0 (wpantund_service))
+(typeattributeset wpa_socket_29_0 (wpa_socket))
+(typeattributeset zero_device_29_0 (zero_device))
+(typeattributeset zoneinfo_data_file_29_0 (zoneinfo_data_file))
+(typeattributeset zygote_29_0 (zygote))
+(typeattributeset zygote_exec_29_0 (zygote_exec))
+(typeattributeset zygote_socket_29_0 (zygote_socket))
+(typeattributeset zygote_tmpfs_29_0 (zygote_tmpfs))
diff --git a/private/compat/29.0/29.0.compat.cil b/private/compat/29.0/29.0.compat.cil
new file mode 100644
index 0000000..af4da8a
--- /dev/null
+++ b/private/compat/29.0/29.0.compat.cil
@@ -0,0 +1,3 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
new file mode 100644
index 0000000..fdea691
--- /dev/null
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -0,0 +1,130 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ aidl_lazy_test_server
+ aidl_lazy_test_server_exec
+ aidl_lazy_test_service
+ adbd_prop
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
+ app_integrity_service
+ app_search_service
+ auth_service
+ automotive_display_service
+ automotive_display_service_exec
+ ashmem_libcutils_device
+ blob_store_service
+ binder_cache_bluetooth_server_prop
+ binder_cache_system_server_prop
+ binder_cache_telephony_server_prop
+ binderfs
+ binderfs_logs
+ binderfs_logs_proc
+ boringssl_self_test
+ bq_config_prop
+ cacheinfo_service
+ charger_prop
+ cold_boot_done_prop
+ credstore
+ credstore_data_file
+ credstore_exec
+ credstore_service
+ platform_compat_service
+ ctl_apexd_prop
+ dataloader_manager_service
+ debugfs_kprobes
+ device_config_storage_native_boot_prop
+ device_config_sys_traced_prop
+ device_config_window_manager_native_boot_prop
+ device_config_configuration_prop
+ emergency_affordance_service
+ exported_camera_prop
+ fastbootd_protocol_prop
+ file_integrity_service
+ fwk_automotive_display_hwservice
+ fusectlfs
+ gmscore_app
+ graphics_config_prop
+ hal_can_bus_hwservice
+ hal_can_controller_hwservice
+ hal_identity_service
+ hal_light_service
+ hal_power_service
+ hal_rebootescrow_service
+ hal_tv_tuner_hwservice
+ hal_vibrator_service
+ incremental_control_file
+ incremental_prop
+ incremental_service
+ init_perf_lsm_hooks_prop
+ init_svc_debug_prop
+ iorap_inode2filename
+ iorap_inode2filename_data_file
+ iorap_inode2filename_exec
+ iorap_inode2filename_tmpfs
+ iorap_prefetcherd
+ iorap_prefetcherd_data_file
+ iorap_prefetcherd_exec
+ iorap_prefetcherd_tmpfs
+ mediatranscoding_service
+ mediatranscoding
+ mediatranscoding_exec
+ mediatranscoding_tmpfs
+ mirror_data_file
+ light_service
+ linkerconfig_file
+ lmkd_prop
+ media_variant_prop
+ metadata_bootstat_file
+ mnt_pass_through_file
+ mock_ota_prop
+ module_sdkextensions_prop
+ ota_metadata_file
+ ota_prop
+ prereboot_data_file
+ art_apex_dir
+ rebootescrow_hal_prop
+ securityfs
+ service_manager_service
+ service_manager_vndservice
+ simpleperf
+ snapshotctl_log_data_file
+ socket_hook_prop
+ soundtrigger_middleware_service
+ staged_install_file
+ storage_config_prop
+ surfaceflinger_display_prop
+ sysfs_dm_verity
+ system_adbd_prop
+ system_config_service
+ system_group_file
+ system_jvmti_agent_prop
+ system_passwd_file
+ system_unsolzygote_socket
+ tethering_service
+ traced_perf
+ traced_perf_enabled_prop
+ traced_perf_socket
+ timezonedetector_service
+ untrusted_app_29
+ usb_serial_device
+ userspace_reboot_config_prop
+ userspace_reboot_exported_prop
+ userspace_reboot_log_prop
+ userspace_reboot_test_prop
+ vehicle_hal_prop
+ tv_tuner_resource_mgr_service
+ vendor_apex_file
+ vendor_boringssl_self_test
+ vendor_install_recovery
+ vendor_install_recovery_exec
+ vendor_service_contexts_file
+ vendor_socket_hook_prop
+ vendor_socket_hook_prop
+ virtual_ab_prop))
diff --git a/private/coredomain.te b/private/coredomain.te
index 169f6b2..86e8009 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -22,14 +22,15 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
- userdebug_or_eng(`-perfprofd')
userdebug_or_eng(`-heapprofd')
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
+ -traced_perf
} vendor_app_file:dir { open read getattr search };
')
@@ -38,14 +39,15 @@
coredomain
-appdomain
-dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
- userdebug_or_eng(`-perfprofd')
userdebug_or_eng(`-heapprofd')
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
+ -traced_perf
-mediaserver
} vendor_app_file:file r_file_perms;
')
@@ -58,9 +60,12 @@
-idmap
-init
-installd
+ -iorap_inode2filename
+ -iorap_prefetcherd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
+ -traced_perf
-app_zygote
-webview_zygote
-zygote
@@ -75,14 +80,17 @@
-idmap
-init
-installd
+ -iorap_inode2filename
+ -iorap_prefetcherd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
+ -traced_perf
-app_zygote
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
- } vendor_overlay_file:file r_file_perms;
+ } vendor_overlay_file:file open;
')
# Core domains are not permitted to use kernel interfaces which are not
@@ -126,9 +134,9 @@
-atrace
-dumpstate
-init
- userdebug_or_eng(`-perfprofd')
-traced_probes
-shell
+ -system_server
-traceur_app
} debugfs_tracing:file no_rw_file_perms;
@@ -190,18 +198,3 @@
full_treble_only(`
neverallow coredomain tee_device:chr_file { open read append write ioctl };
')
-
-# Allow access to ashmemd to request /dev/ashmem fds.
-allow {
- coredomain
- -init
- -iorapd
- -perfprofd
-} ashmem_device_service:service_manager find;
-
-binder_call({
- coredomain
- -init
- -iorapd
- -perfprofd
-}, ashmemd)
diff --git a/private/cppreopts.te b/private/cppreopts.te
index 1a8fa0b..1192ba6 100644
--- a/private/cppreopts.te
+++ b/private/cppreopts.te
@@ -25,3 +25,7 @@
# Allow running the cp command using cppreopts permissions. Needed so we can
# write into dalvik-cache
allow cppreopts toolbox_exec:file rx_file_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but cppreopts.sh still runs.
+dontaudit cppreopts postinstall_mnt_dir:dir search;
diff --git a/private/credstore.te b/private/credstore.te
new file mode 100644
index 0000000..8d87e2f
--- /dev/null
+++ b/private/credstore.te
@@ -0,0 +1,6 @@
+typeattribute credstore coredomain;
+
+init_daemon_domain(credstore)
+
+# talk to Identity Credential
+hal_client_domain(credstore, hal_identity)
diff --git a/private/derive_sdk.te b/private/derive_sdk.te
new file mode 100644
index 0000000..1f60e34
--- /dev/null
+++ b/private/derive_sdk.te
@@ -0,0 +1,12 @@
+
+# Domain for derive_sdk
+type derive_sdk, domain, coredomain;
+type derive_sdk_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(derive_sdk)
+
+# Read /apex
+allow derive_sdk apex_mnt_dir:dir r_dir_perms;
+
+# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
+set_prop(derive_sdk, module_sdkextensions_prop)
+neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index 59554c8..a2b2b01 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -3,6 +3,10 @@
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
type dexoptanalyzer_tmpfs, file_type;
+r_dir_file(dexoptanalyzer, apk_data_file)
+# Access to /vendor/app
+r_dir_file(dexoptanalyzer, vendor_app_file)
+
# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
# own label, which differs from other labels created by other processes.
@@ -19,10 +23,13 @@
allow dexoptanalyzer installd:fd use;
allow dexoptanalyzer installd:fifo_file { getattr write };
+# Acquire advisory lock on /system/framework/arm/*
+allow dexoptanalyzer system_file:file lock;
+
# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
-allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
diff --git a/private/domain.te b/private/domain.te
index 1d26761..7116dad 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -11,7 +11,7 @@
# necessary SELinux permissions.
get_prop(domain, heapprofd_prop);
# Allow heap profiling on debug builds.
-userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
+userdebug_or_eng(`can_profile_heap_central({
domain
-bpfloader
-init
@@ -28,6 +28,27 @@
-vold
})')
+# As above, allow perf profiling most processes on debug builds.
+# zygote is excluded as system-wide profiling could end up with it
+# (unexpectedly) holding an open fd across a fork.
+userdebug_or_eng(`can_profile_perf({
+ domain
+ -bpfloader
+ -init
+ -kernel
+ -keystore
+ -llkd
+ -logd
+ -logpersist
+ -recovery
+ -recovery_persist
+ -recovery_refresh
+ -ueventd
+ -vendor_init
+ -vold
+ -zygote
+})')
+
# Path resolution access in cgroups.
allow domain cgroup:dir search;
allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
@@ -42,6 +63,12 @@
# if memfd support can be used if device supports it
get_prop(domain, use_memfd_prop);
+# Read access to sdkextensions props
+get_prop(domain, module_sdkextensions_prop)
+
+# Read access to bq configuration values
+get_prop(domain, bq_config_prop);
+
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
@@ -70,6 +97,11 @@
get_prop({coredomain appdomain shell}, exported3_default_prop)
get_prop({coredomain appdomain shell}, exported3_radio_prop)
get_prop({coredomain appdomain shell}, exported3_system_prop)
+ get_prop({coredomain appdomain shell}, exported_camera_prop)
+ get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
+ get_prop({coredomain shell}, userspace_reboot_exported_prop)
+ get_prop({coredomain shell}, userspace_reboot_log_prop)
+ get_prop({coredomain shell}, userspace_reboot_test_prop)
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
')
@@ -82,6 +114,13 @@
allow domain su:key search;
')
+# Allow access to linkerconfig file
+allow domain linkerconfig_file:dir search;
+allow domain linkerconfig_file:file r_file_perms;
+
+# Allow all processes to check for the existence of the boringssl_self_test_marker files.
+allow domain boringssl_self_test_marker:dir search;
+
# Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains.
neverallow {
@@ -92,11 +131,10 @@
userdebug_or_eng(`-incidentd')
-storaged
-system_server
- userdebug_or_eng(`-perfprofd')
} self:global_capability_class_set sys_ptrace;
# Limit ability to generate hardware unique device ID attestations to priv_apps
-neverallow { domain -priv_app } *:keystore_key gen_unique_id;
+neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id;
neverallow {
domain
@@ -127,12 +165,14 @@
-app_zygote
-dexoptanalyzer
-installd
- userdebug_or_eng(`-perfprofd')
+ -iorap_inode2filename
+ -iorap_prefetcherd
-profman
-rs # spawned by appdomain, so carryover the exception above
-runas
-system_server
-viewcompiler
+ -zygote
} { privapp_data_file app_data_file }:dir *;
# Only apps should be modifying app data. installd is exempted for
@@ -149,7 +189,7 @@
-appdomain
-app_zygote
-installd
- userdebug_or_eng(`-perfprofd')
+ -iorap_prefetcherd
-rs # spawned by appdomain, so carryover the exception above
} { privapp_data_file app_data_file }:file_class_set open;
@@ -168,8 +208,8 @@
# that these files cannot be accessed by other domains to ensure that the files
# do not change between system_server staging the files and apexd processing
# the files.
-neverallow { domain -init -system_server -apexd -installd} staging_data_file:dir *;
-neverallow { domain -init -system_app -system_server -apexd -kernel -installd } staging_data_file:file *;
+neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *;
+neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *;
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
# apexd needs the link and unlink permissions, so list every `no_w_file_perms`
# except for `link` and `unlink`.
@@ -194,6 +234,7 @@
domain
-appdomain
with_asan(`-asan_extract')
+ -iorap_prefetcherd
-shell
userdebug_or_eng(`-su')
-system_server_startup # for memfd backed executable regions
@@ -250,16 +291,15 @@
# Instead of granting them it is usually better to add the domain to
# a Unix group or change the permissions of a file.
define(`dac_override_allowed', `{
+ apexd
dnsmasq
dumpstate
init
installd
- install_recovery
userdebug_or_eng(`llkd')
lmkd
migrate_legacy_obb_data
netd
- perfprofd
postinstall_dexopt
recovery
rss_hwm_reset
@@ -279,6 +319,9 @@
# this list should be a superset of the one above.
neverallow ~{
dac_override_allowed
+ iorap_inode2filename
+ iorap_prefetcherd
+ traced_perf
traced_probes
userdebug_or_eng(`heapprofd')
} self:global_capability_class_set dac_read_search;
@@ -314,3 +357,18 @@
-hal_bootctl_server
-fastbootd
} self:global_capability_class_set sys_rawio;
+
+# Limit directory operations that doesn't need to do app data isolation.
+neverallow {
+ domain
+ -init
+ -installd
+ -zygote
+} mirror_data_file:dir *;
+
+# This property is being removed. Remove remaining access.
+neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set;
+neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read;
+
+# Kprobes should only be used by adb root
+neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 4f6d96a..72e508e 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -44,9 +44,19 @@
allow dumpstate debugfs_wakeup_sources:file r_file_perms;
allow dumpstate dev_type:blk_file getattr;
allow dumpstate webview_zygote:process signal;
-dontaudit dumpstate perfprofd:binder call;
dontaudit dumpstate update_engine:binder call;
allow dumpstate proc_net_tcp_udp:file r_file_perms;
# For comminucating with the system process to do confirmation ui.
binder_call(dumpstate, incidentcompanion_service)
+
+# For dumping dynamic partition information.
+set_prop(dumpstate, lpdumpd_prop)
+binder_call(dumpstate, lpdumpd)
+
+# For dumping device-mapper and snapshot information.
+allow dumpstate gsid_exec:file rx_file_perms;
+set_prop(dumpstate, ctl_gsid_prop)
+binder_call(dumpstate, gsid)
+
+r_dir_file(dumpstate, ota_metadata_file)
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 1283e21..56d4747 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -39,7 +39,6 @@
allow ephemeral_app cameraserver_service:service_manager find;
allow ephemeral_app mediaserver_service:service_manager find;
allow ephemeral_app mediaextractor_service:service_manager find;
-allow ephemeral_app mediacodec_service:service_manager find;
allow ephemeral_app mediametrics_service:service_manager find;
allow ephemeral_app mediadrmserver_service:service_manager find;
allow ephemeral_app drmserver_service:service_manager find;
@@ -52,13 +51,11 @@
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow ephemeral_app traced:fd use;
-allow ephemeral_app traced_tmpfs:file { read write getattr map };
-unix_socket_connect(ephemeral_app, traced_producer, traced)
+perfetto_producer(ephemeral_app)
-# Allow heap profiling if the app opts in by being marked
-# profileable/debuggable.
+# Allow profiling if the app opts in by being marked profileable/debuggable.
can_profile_heap(ephemeral_app)
+can_profile_perf(ephemeral_app)
# allow ephemeral apps to use UDP sockets provided by the system server but not
# modify them other than to connect
diff --git a/private/file.te b/private/file.te
index a856792..4492002 100644
--- a/private/file.te
+++ b/private/file.te
@@ -20,3 +20,9 @@
# /data/misc_[ce|de]/rollback : Used by installd to store snapshots
# of application data.
type rollback_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/gsi/ota
+type ota_image_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/emergencynumberdb
+type emergency_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 530bd45..9620b75 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -24,6 +24,7 @@
/lost\+found u:object_r:rootfs:s0
/acct u:object_r:cgroup:s0
/config u:object_r:rootfs:s0
+/data_mirror u:object_r:mirror_data_file:s0
/debug_ramdisk u:object_r:tmpfs:s0
/mnt u:object_r:tmpfs:s0
/postinstall u:object_r:postinstall_mnt_dir:s0
@@ -75,6 +76,7 @@
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
/dev/ashmem u:object_r:ashmem_device:s0
+/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
/dev/audio.* u:object_r:audio_device:s0
/dev/binder u:object_r:binder_device:s0
/dev/block(/.*)? u:object_r:block_device:s0
@@ -83,6 +85,7 @@
/dev/block/vold/.+ u:object_r:vold_device:s0
/dev/block/ram[0-9]* u:object_r:ram_device:s0
/dev/block/zram[0-9]* u:object_r:ram_device:s0
+/dev/boringssl/selftest(/.*)? u:object_r:boringssl_self_test_marker:s0
/dev/bus/usb(.*)? u:object_r:usb_device:s0
/dev/console u:object_r:console_device:s0
/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
@@ -147,8 +150,9 @@
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
-/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
+/dev/socket/traced_perf u:object_r:traced_perf_socket:s0
+/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
@@ -161,6 +165,8 @@
/dev/tty u:object_r:owntty_device:s0
/dev/tty[0-9]* u:object_r:tty_device:s0
/dev/ttyS[0-9]* u:object_r:serial_device:s0
+/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0
+/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0
/dev/tun u:object_r:tun_device:s0
/dev/uhid u:object_r:uhid_device:s0
/dev/uinput u:object_r:uhid_device:s0
@@ -176,16 +182,21 @@
/dev/__properties__ u:object_r:properties_device:s0
/dev/__properties__/property_info u:object_r:property_info:s0
#############################
+# Linker configuration
+#
+/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0
+#############################
# System files
#
/system(/.*)? u:object_r:system_file:s0
+/system/apex/com.android.art u:object_r:art_apex_dir:s0
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/atrace u:object_r:atrace_exec:s0
-/system/bin/ashmemd u:object_r:ashmemd_exec:s0
/system/bin/auditctl u:object_r:auditctl_exec:s0
/system/bin/bcc u:object_r:rs_exec:s0
/system/bin/blank_screen u:object_r:blank_screen_exec:s0
+/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
/system/bin/charger u:object_r:charger_exec:s0
/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
/system/bin/mke2fs u:object_r:e2fs_exec:s0
@@ -235,11 +246,13 @@
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0
+/system/bin/mediatranscoding u:object_r:mediatranscoding_exec:s0
/system/bin/mdnsd u:object_r:mdnsd_exec:s0
/system/bin/installd u:object_r:installd_exec:s0
/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0
/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0
/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0
+/system/bin/credstore u:object_r:credstore_exec:s0
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
@@ -249,17 +262,18 @@
/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
/system/bin/sdcard u:object_r:sdcardd_exec:s0
+/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0
/system/bin/dhcpcd u:object_r:dhcp_exec:s0
/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0
/system/bin/mtpd u:object_r:mtp_exec:s0
/system/bin/pppd u:object_r:ppp_exec:s0
/system/bin/racoon u:object_r:racoon_exec:s0
/system/xbin/su u:object_r:su_exec:s0
-/system/bin/perfprofd u:object_r:perfprofd_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/llkd u:object_r:llkd_exec:s0
/system/bin/lmkd u:object_r:lmkd_exec:s0
@@ -270,6 +284,7 @@
/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
+/system/bin/traced_perf u:object_r:traced_perf_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
/system/bin/heapprofd u:object_r:heapprofd_exec:s0
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
@@ -279,12 +294,13 @@
/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0
/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
-/system/bin/install-recovery\.sh u:object_r:install_recovery_exec:s0
/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0
/system/bin/profman(d)? u:object_r:profman_exec:s0
/system/bin/iorapd u:object_r:iorapd_exec:s0
+/system/bin/iorap\.inode2filename u:object_r:iorap_inode2filename_exec:s0
+/system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
/system/bin/blkid u:object_r:blkid_exec:s0
/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
@@ -300,7 +316,9 @@
/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
+/system/etc/group u:object_r:system_group_file:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
+/system/etc/passwd u:object_r:system_passwd_file:s0
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
@@ -324,9 +342,11 @@
/system/bin/watchdogd u:object_r:watchdogd_exec:s0
/system/bin/apexd u:object_r:apexd_exec:s0
/system/bin/gsid u:object_r:gsid_exec:s0
+/system/bin/simpleperf u:object_r:simpleperf_exec:s0
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
#############################
# Vendor files
@@ -351,11 +371,19 @@
/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0
-/vendor/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
+/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
+/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
+/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
# HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0
+/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0
+
+/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0
+
+/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
+
#############################
# OEM and ODM files
#
@@ -371,9 +399,9 @@
/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0
# Input configuration
-/(odm|vendor|vendor/odm)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
-/(odm|vendor|vendor/odm)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0
-/(odm|vendor|vendor/odm)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0
+/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0
/oem(/.*)? u:object_r:oemfs:s0
/oem/overlay(/.*)? u:object_r:vendor_overlay_file:s0
@@ -394,6 +422,8 @@
# Product files
#
/(product|system/product)(/.*)? u:object_r:system_file:s0
+/(product|system/product)/etc/group u:object_r:system_group_file:s0
+/(product|system/product)/etc/passwd u:object_r:system_passwd_file:s0
/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0
@@ -403,11 +433,27 @@
/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0
/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0
+/(product|system/product)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+
#############################
-# Product-Services files
+# SystemExt files
#
-/(product_services|system/product_services)(/.*)? u:object_r:system_file:s0
-/(product_services|system/product_services)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+/(system_ext|system/system_ext)(/.*)? u:object_r:system_file:s0
+/(system_ext|system/system_ext)/etc/group u:object_r:system_group_file:s0
+/(system_ext|system/system_ext)/etc/passwd u:object_r:system_passwd_file:s0
+/(system_ext|system/system_ext)/overlay(/.*)? u:object_r:vendor_overlay_file:s0
+
+/(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts u:object_r:file_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts u:object_r:hwservice_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts u:object_r:property_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts u:object_r:seapp_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0
+/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0
+
+/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
+
+/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
#############################
# Vendor files from /(product|system/product)/vendor_overlay
@@ -423,13 +469,14 @@
# NOTE: When modifying existing label rules, changes may also need to
# propagate to the "Expanded data files" section.
#
-/data(/.*)? u:object_r:system_data_file:s0
+/data u:object_r:system_data_root_file:s0
+/data/(.*)? u:object_r:system_data_file:s0
/data/system/packages\.list u:object_r:packages_list_file:s0
-/data/.layout_version u:object_r:install_data_file:s0
/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0
/data/backup(/.*)? u:object_r:backup_data_file:s0
/data/secure/backup(/.*)? u:object_r:backup_data_file:s0
/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0
+/data/system/unsolzygotesocket u:object_r:system_unsolzygote_socket:s0
/data/drm(/.*)? u:object_r:drm_data_file:s0
/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0
/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
@@ -441,12 +488,16 @@
/data/apex/active/(.*)? u:object_r:staging_data_file:s0
/data/apex/backup/(.*)? u:object_r:staging_data_file:s0
/data/app(/.*)? u:object_r:apk_data_file:s0
+# Traditional /data/app/[packageName]-[randomString]/base.apk location
/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+# /data/app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
+/data/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/data/app-private(/.*)? u:object_r:apk_private_data_file:s0
/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0
/data/gsi(/.*)? u:object_r:gsi_data_file:s0
+/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
@@ -467,6 +518,10 @@
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
+/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
@@ -482,33 +537,39 @@
/data/misc/carrierid(/.*)? u:object_r:radio_data_file:s0
/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0
/data/misc/dhcp-6\.8\.2(/.*)? u:object_r:dhcp_data_file:s0
+/data/misc/emergencynumberdb(/.*)? u:object_r:emergency_data_file:s0
/data/misc/gatekeeper(/.*)? u:object_r:gatekeeper_data_file:s0
/data/misc/incidents(/.*)? u:object_r:incident_data_file:s0
+/data/misc/installd(/.*)? u:object_r:install_data_file:s0
/data/misc/keychain(/.*)? u:object_r:keychain_data_file:s0
+/data/misc/credstore(/.*)? u:object_r:credstore_data_file:s0
/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0
/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0
/data/misc/media(/.*)? u:object_r:media_data_file:s0
/data/misc/net(/.*)? u:object_r:net_data_file:s0
/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
+/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0
/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0
/data/misc/sms(/.*)? u:object_r:radio_data_file:s0
+/data/misc/snapshotctl_log(/.*)? u:object_r:snapshotctl_log_data_file:s0
/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0
/data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0
/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0
+/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0
/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0
/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
+/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0
/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0
-/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
@@ -548,6 +609,23 @@
/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0
+# Apex data directories
+/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+
+# Apex rollback directories
+/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
+
+# Incremental directories
+/data/incremental(/.*)? u:object_r:apk_data_file:s0
+/data/incremental/MT_[^/]+/mount/.pending_reads u:object_r:incremental_control_file:s0
+/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0
+
#############################
# Expanded data files
#
@@ -555,6 +633,8 @@
/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0
/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0
/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
+# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
+/mnt/expand/[^/]+/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0
@@ -627,7 +707,11 @@
/metadata/apex(/.*)? u:object_r:apex_metadata_file:s0
/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0
/metadata/gsi(/.*)? u:object_r:gsi_metadata_file:s0
+/metadata/gsi/ota(/.*)? u:object_r:ota_metadata_file:s0
/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
+/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0
+/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
+/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0
#############################
# asec containers
@@ -640,6 +724,8 @@
# external storage
/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0
/mnt/user(/.*)? u:object_r:mnt_user_file:s0
+/mnt/pass_through(/.*)? u:object_r:mnt_pass_through_file:s0
+/mnt/sdcard u:object_r:mnt_sdcard_file:s0
/mnt/runtime(/.*)? u:object_r:storage_file:s0
/storage(/.*)? u:object_r:storage_file:s0
diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index bd841a3..b37f086 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -4,6 +4,8 @@
/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0
/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0
/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0
+/data/asan/product/lib(/.*)? u:object_r:system_lib_file:s0
+/data/asan/product/lib64(/.*)? u:object_r:system_lib_file:s0
/system/asan.options u:object_r:system_asan_options_file:s0
/system/bin/asan_extract u:object_r:asan_extract_exec:s0
/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0
diff --git a/private/fs_use b/private/fs_use
index 1964348..6fcc2cc 100644
--- a/private/fs_use
+++ b/private/fs_use
@@ -10,6 +10,7 @@
fs_use_xattr squashfs u:object_r:labeledfs:s0;
fs_use_xattr overlay u:object_r:labeledfs:s0;
fs_use_xattr erofs u:object_r:labeledfs:s0;
+fs_use_xattr incremental-fs u:object_r:labeledfs:s0;
# Label inodes from task label.
fs_use_task pipefs u:object_r:pipefs:s0;
diff --git a/private/fsverity_init.te b/private/fsverity_init.te
index c6a5edd..4bb3d0f 100644
--- a/private/fsverity_init.te
+++ b/private/fsverity_init.te
@@ -3,10 +3,6 @@
init_daemon_domain(fsverity_init)
-# Allow this shell script to run and execute toybox
-allow fsverity_init shell_exec:file rx_file_perms;
-allow fsverity_init toolbox_exec:file rx_file_perms;
-
# Allow to read /proc/keys for searching key id.
allow fsverity_init proc_keys:file r_file_perms;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 202d1b3..89232bc 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -13,6 +13,7 @@
genfscon proc /keys u:object_r:proc_keys:s0
genfscon proc /kmsg u:object_r:proc_kmsg:s0
genfscon proc /loadavg u:object_r:proc_loadavg:s0
+genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /misc u:object_r:proc_misc:s0
genfscon proc /modules u:object_r:proc_modules:s0
@@ -32,6 +33,7 @@
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
@@ -96,6 +98,8 @@
genfscon proc /vmstat u:object_r:proc_vmstat:s0
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
+genfscon fusectl / u:object_r:fusectlfs:s0
+
# selinuxfs booleans can be individually labeled.
genfscon selinuxfs / u:object_r:selinuxfs:s0
genfscon cgroup / u:object_r:cgroup:s0
@@ -113,6 +117,7 @@
genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
@@ -125,25 +130,30 @@
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
+genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
+genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
+genfscon sysfs /module/dm_verity/parameters/prefetch_cluster u:object_r:sysfs_dm_verity:s0
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
+genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
@@ -213,6 +223,7 @@
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -233,10 +244,13 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
@@ -255,6 +269,7 @@
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -275,16 +290,27 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
+genfscon securityfs / u:object_r:securityfs:s0
+
+genfscon binder /binder u:object_r:binder_device:s0
+genfscon binder /hwbinder u:object_r:hwbinder_device:s0
+genfscon binder /vndbinder u:object_r:vndbinder_device:s0
+genfscon binder /binder_logs u:object_r:binderfs_logs:s0
+genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
+genfscon binder / u:object_r:binderfs:s0
genfscon exfat / u:object_r:exfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
diff --git a/private/gmscore_app.te b/private/gmscore_app.te
new file mode 100644
index 0000000..2355326
--- /dev/null
+++ b/private/gmscore_app.te
@@ -0,0 +1,129 @@
+###
+### A domain for further sandboxing the PrebuiltGMSCore app.
+###
+typeattribute gmscore_app coredomain;
+
+app_domain(gmscore_app)
+
+allow gmscore_app sysfs_type:dir search;
+# Read access to /sys/class/net/wlan*/address
+r_dir_file(gmscore_app, sysfs_net)
+# Read access to /sys/block/zram*/mm_stat
+r_dir_file(gmscore_app, sysfs_zram)
+
+r_dir_file(gmscore_app, rootfs)
+
+# Allow GMS core to open kernel config for OTA matching through libvintf
+allow gmscore_app config_gz:file { open read getattr };
+
+# Allow GMS core to communicate with update_engine for A/B update.
+binder_call(gmscore_app, update_engine)
+allow gmscore_app update_engine_service:service_manager find;
+
+# Allow GMS core to communicate with dumpsys storaged.
+binder_call(gmscore_app, storaged)
+allow gmscore_app storaged_service:service_manager find;
+
+# Allow GMS core to access system_update_service (e.g. to publish pending
+# system update info).
+allow gmscore_app system_update_service:service_manager find;
+
+# Allow GMS core to communicate with statsd.
+binder_call(gmscore_app, statsd)
+
+# Allow GMS core to generate unique hardware IDs
+allow gmscore_app keystore:keystore_key gen_unique_id;
+
+# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check
+allow gmscore_app selinuxfs:file r_file_perms;
+
+# suppress denials for non-API accesses.
+dontaudit gmscore_app exec_type:file r_file_perms;
+dontaudit gmscore_app device:dir r_dir_perms;
+dontaudit gmscore_app fs_bpf:dir r_dir_perms;
+dontaudit gmscore_app net_dns_prop:file r_file_perms;
+dontaudit gmscore_app proc:file r_file_perms;
+dontaudit gmscore_app proc_interrupts:file r_file_perms;
+dontaudit gmscore_app proc_modules:file r_file_perms;
+dontaudit gmscore_app proc_net:file r_file_perms;
+dontaudit gmscore_app proc_stat:file r_file_perms;
+dontaudit gmscore_app proc_version:file r_file_perms;
+dontaudit gmscore_app sysfs:dir r_dir_perms;
+dontaudit gmscore_app sysfs:file r_file_perms;
+dontaudit gmscore_app sysfs_android_usb:file r_file_perms;
+dontaudit gmscore_app sysfs_dm:file r_file_perms;
+dontaudit gmscore_app sysfs_loop:file r_file_perms;
+dontaudit gmscore_app wifi_prop:file r_file_perms;
+dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
+dontaudit gmscore_app mirror_data_file:dir search;
+dontaudit gmscore_app mnt_vendor_file:dir search;
+
+# Access the network
+net_domain(gmscore_app)
+
+# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
+allow gmscore_app self:process ptrace;
+
+# Allow loading executable code from writable priv-app home
+# directories. This is a W^X violation, however, it needs
+# to be supported for now for the following reasons.
+# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367)
+# 1) com.android.opengl.shaders_cache
+# 2) com.android.skia.shaders_cache
+# 3) com.android.renderscript.cache
+# * /data/user_de/0/com.google.android.gms/app_chimera
+# TODO: Tighten (b/112357170)
+allow gmscore_app privapp_data_file:file execute;
+
+allow gmscore_app privapp_data_file:lnk_file create_file_perms;
+
+# /proc access
+allow gmscore_app proc_vmstat:file r_file_perms;
+
+# Allow interaction with gpuservice
+binder_call(gmscore_app, gpuservice)
+allow gmscore_app gpu_service:service_manager find;
+
+# find services that expose both @SystemAPI and normal APIs.
+allow gmscore_app app_api_service:service_manager find;
+allow gmscore_app system_api_service:service_manager find;
+allow gmscore_app audioserver_service:service_manager find;
+allow gmscore_app cameraserver_service:service_manager find;
+allow gmscore_app drmserver_service:service_manager find;
+allow gmscore_app mediadrmserver_service:service_manager find;
+allow gmscore_app mediaextractor_service:service_manager find;
+allow gmscore_app mediametrics_service:service_manager find;
+allow gmscore_app mediaserver_service:service_manager find;
+allow gmscore_app network_watchlist_service:service_manager find;
+allow gmscore_app nfc_service:service_manager find;
+allow gmscore_app oem_lock_service:service_manager find;
+allow gmscore_app persistent_data_block_service:service_manager find;
+allow gmscore_app radio_service:service_manager find;
+allow gmscore_app recovery_service:service_manager find;
+allow gmscore_app stats_service:service_manager find;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# Write to /cache.
+allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms;
+allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms;
+# /cache is a symlink to /data/cache on some devices. Allow reading the link.
+allow gmscore_app cache_file:lnk_file r_file_perms;
+
+# Write to /data/ota_package for OTA packages.
+allow gmscore_app ota_package_file:dir rw_dir_perms;
+allow gmscore_app ota_package_file:file create_file_perms;
+
+# Used by Finsky / Android "Verify Apps" functionality when
+# running "adb install foo.apk".
+allow gmscore_app shell_data_file:file r_file_perms;
+allow gmscore_app shell_data_file:dir r_dir_perms;
+
+# b/18504118: Allow reads from /data/anr/traces.txt
+allow gmscore_app anr_data_file:file r_file_perms;
+
+# b/148974132: com.android.vending needs this
+allow gmscore_app priv_app:tcp_socket { read write };
diff --git a/private/gpuservice.te b/private/gpuservice.te
index ebfff76..a4d84ea 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -6,6 +6,7 @@
binder_call(gpuservice, adbd)
binder_call(gpuservice, shell)
+binder_call(gpuservice, system_server)
binder_use(gpuservice)
# Access the GPU.
@@ -31,6 +32,16 @@
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
+# Needed for stats callback registration to statsd.
+allow gpuservice stats_service:service_manager find;
+allow gpuservice statsmanager_service:service_manager find;
+# TODO(b/146461633): remove this once native pullers talk to StatsManagerService
+binder_call(gpuservice, statsd);
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/private/gsid.te b/private/gsid.te
index 1a35a4b..3ff9d67 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -17,10 +17,28 @@
allow gsid self:global_capability_class_set sys_admin;
dontaudit gsid self:global_capability_class_set dac_override;
+# On FBE devices (not using dm-default-key), gsid will use loop devices to map
+# images rather than device-mapper.
+allow gsid loop_control_device:chr_file rw_file_perms;
+allow gsid loop_device:blk_file rw_file_perms;
+allowxperm gsid loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+ BLKFLSBUF
+};
+
# libfiemap_writer uses sysfs to derive the bottom of a device-mapper stacking.
# This requires traversing /sys/block/dm-N/slaves/* and reading the list of
# file names.
-allow gsid sysfs_dm:dir r_dir_perms;
+r_dir_file(gsid, sysfs_dm)
+
+# libfiemap_writer needs to read /sys/fs/f2fs/<dev>/features to determine
+# whether pin_file support is enabled.
+r_dir_file(gsid, sysfs_fs_f2fs)
# Needed to read fstab, which is used to validate that system verity does not
# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed
@@ -56,7 +74,14 @@
# Needed when running gsi_tool through "su root" rather than adb root.
allow gsid adbd:unix_stream_socket rw_socket_perms;
-neverallow { domain -gsid -init } gsid_prop:property_service set;
+neverallow {
+ domain
+ -gsid
+ -init
+ -update_engine_common
+ -recovery
+ -fastbootd
+} gsid_prop:property_service set;
# gsid needs to store images on /data, but cannot use file I/O. If it did, the
# underlying blocks would be encrypted, and we couldn't mount the GSI image in
@@ -83,19 +108,41 @@
# booted - An empty file that, if exists, indicates that a GSI is
# currently running.
#
-allow gsid metadata_file:dir search;
-allow gsid gsi_metadata_file:dir rw_dir_perms;
-allow gsid gsi_metadata_file:file create_file_perms;
+allow gsid metadata_file:dir { search getattr };
+allow gsid {
+ gsi_metadata_file
+}:dir create_dir_perms;
-allow gsid gsi_data_file:dir rw_dir_perms;
-allow gsid gsi_data_file:file create_file_perms;
-allowxperm gsid gsi_data_file:file ioctl FS_IOC_FIEMAP;
+allow gsid {
+ ota_metadata_file
+}:dir rw_dir_perms;
+
+allow gsid {
+ gsi_metadata_file
+ ota_metadata_file
+}:file create_file_perms;
+
+allow gsid {
+ gsi_data_file
+ ota_image_data_file
+}:dir rw_dir_perms;
+allow gsid {
+ gsi_data_file
+ ota_image_data_file
+}:file create_file_perms;
+allowxperm gsid {
+ gsi_data_file
+ ota_image_data_file
+}:file ioctl FS_IOC_FIEMAP;
+
+allow gsid system_server:binder call;
neverallow {
domain
-init
-gsid
-fastbootd
+ -recovery
-vold
} gsi_metadata_file:dir *;
diff --git a/private/hal_allocator_default.te b/private/hal_allocator_default.te
index 9dbe923..7aa28aa 100644
--- a/private/hal_allocator_default.te
+++ b/private/hal_allocator_default.te
@@ -3,6 +3,3 @@
type hal_allocator_default_exec, system_file_type, exec_type, file_type;
init_daemon_domain(hal_allocator_default)
-
-# To talk to ashmemd
-binder_use(hal_allocator_default)
diff --git a/private/hal_lazy_test.te b/private/hal_lazy_test.te
new file mode 100644
index 0000000..93cf235
--- /dev/null
+++ b/private/hal_lazy_test.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+ hal_attribute_hwservice(hal_lazy_test, hal_lazy_test_hwservice)
+')
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 5330c58..ec3e4d0 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -35,9 +35,7 @@
# Write trace data to the Perfetto traced daemon. This requires connecting to
# its producer socket and obtaining a (per-process) tmpfs fd.
-allow heapprofd traced:fd use;
-allow heapprofd traced_tmpfs:file { read write getattr map };
-unix_socket_connect(heapprofd, traced_producer, traced)
+perfetto_producer(heapprofd)
# When handling profiling for all processes, heapprofd needs to read
# executables/libraries/etc to do stack unwinding.
@@ -50,6 +48,8 @@
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
+
+ allow heapprofd proc_kpageflags:file r_file_perms;
')
# This is going to happen on user but is benign because central heapprofd
diff --git a/private/hidl_lazy_test_server.te b/private/hidl_lazy_test_server.te
new file mode 100644
index 0000000..04e8c9f
--- /dev/null
+++ b/private/hidl_lazy_test_server.te
@@ -0,0 +1,8 @@
+type hidl_lazy_test_server, domain;
+type hidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
+
+userdebug_or_eng(`
+ typeattribute hidl_lazy_test_server coredomain;
+ init_daemon_domain(hidl_lazy_test_server)
+ hal_server_domain(hidl_lazy_test_server, hal_lazy_test)
+')
diff --git a/private/hwservice.te b/private/hwservice.te
new file mode 100644
index 0000000..b7ba4d7
--- /dev/null
+++ b/private/hwservice.te
@@ -0,0 +1 @@
+type hal_lazy_test_hwservice, hwservice_manager_type, protected_hwservice;
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index f3745a3..c45b0ef 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,3 +1,4 @@
+android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0
android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0
android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0
android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0
@@ -9,6 +10,8 @@
android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0
android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0
android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0
+android.hardware.automotive.can::ICanController u:object_r:hal_can_controller_hwservice:s0
+android.hardware.automotive.can::ICanBus u:object_r:hal_can_bus_hwservice:s0
android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0
android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0
android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0
@@ -37,6 +40,7 @@
android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0
android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0
android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0
+android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0
android.hardware.light::ILight u:object_r:hal_light_hwservice:s0
android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0
android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0
@@ -62,6 +66,7 @@
android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
+android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0
android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0
@@ -69,7 +74,6 @@
android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
-android.hardware.wifi.offload::IOffload u:object_r:hal_wifi_offload_hwservice:s0
android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0
diff --git a/private/incident.te b/private/incident.te
index 98101e0..db9ae86 100644
--- a/private/incident.te
+++ b/private/incident.te
@@ -4,10 +4,17 @@
# switch to incident domain for incident command
domain_auto_trans(shell, incident_exec, incident)
+domain_auto_trans(dumpstate, incident_exec, incident)
# allow incident access to stdout from its parent shell.
allow incident shell:fd use;
+# allow incident to communicate with dumpstate, and write incident report to
+# /data/data/com.android.shell/files/bugreports/tmp_incident_report
+allow incident dumpstate:fd use;
+allow incident dumpstate:unix_stream_socket { read write };
+allow incident shell_data_file:file write;
+
# allow incident be able to output data for CTS to fetch.
allow incident devpts:chr_file { read write };
@@ -26,5 +33,5 @@
binder_call(incident, incidentd)
allow incident incidentd:fifo_file write;
-# only allow incident being called by shell
-neverallow { domain -su -shell -incident } incident_exec:file { execute execute_no_trans };
+# only allow incident being called by shell or dumpstate
+neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans };
diff --git a/private/incidentd.te b/private/incidentd.te
index 0c57f0f..656f69f 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -50,11 +50,8 @@
binder_call(incidentd, statsd)
# section id 3026, allow reading /data/misc/perfetto-traces.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow incidentd perfetto_traces_data_file:dir r_dir_perms;
- allow incidentd perfetto_traces_data_file:file r_file_perms;
-');
+allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+allow incidentd perfetto_traces_data_file:file r_file_perms;
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
@@ -128,10 +125,25 @@
# Run a shell.
allow incidentd shell_exec:file rx_file_perms;
+# For running am, incident-helper-cmd and similar framework commands.
+# Run /system/bin/app_process.
+allow incidentd zygote_exec:file { rx_file_perms };
+# Access the runtime feature flag properties.
+get_prop(incidentd, device_config_runtime_native_prop)
+get_prop(incidentd, device_config_runtime_native_boot_prop)
+# ART locks profile files.
+allow incidentd system_file:file lock;
+# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.
+dontaudit incidentd dalvikcache_data_file:dir r_dir_perms;
+dontaudit incidentd tmpfs:file rwx_file_perms;
+
# logd access - work to be done is a PII safe log (possibly an event log?)
userdebug_or_eng(`read_logd(incidentd)')
# TODO control_logd(incidentd)
+# Access /data/misc/logd
+r_dir_file(incidentd, misc_logd_file)
+
# Allow incidentd to find these standard groups of services.
# Others can be whitelisted individually.
allow incidentd {
@@ -150,24 +162,23 @@
# Allow incident to call back to incident with status updates.
binder_call(incidentd, incident)
+# Read device serial number from system properties
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, serialno_prop)
+')
+
+# Read ro.boot.bootreason, persist.sys.boot.bootreason
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+ get_prop(incidentd, bootloader_boot_reason_prop);
+ get_prop(incidentd, system_boot_reason_prop);
+ get_prop(incidentd, last_boot_reason_prop);
+')
+
###
### neverallow rules
###
-
-# only specific domains can find the incident service
-# TODO(b/134706389): remove "perfetto" when no longer used.
-neverallow {
- domain
- -dumpstate
- -incident
- -incidentd
- userdebug_or_eng(`-perfetto')
- -priv_app
- -statsd
- -system_app
- -system_server
-} incident_service:service_manager find;
-
# only incidentd and the other root services in limited circumstances
# can get to the files in /data/misc/incidents
#
diff --git a/private/init.te b/private/init.te
index 374b207..b0e7f80 100644
--- a/private/init.te
+++ b/private/init.te
@@ -15,6 +15,7 @@
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, fastbootd)
domain_trans(init, rootfs, recovery)
+ domain_trans(init, rootfs, linkerconfig)
')
domain_trans(init, shell_exec, shell)
domain_trans(init, init_exec, ueventd)
@@ -30,5 +31,30 @@
allow init su:process { siginh rlimitinh };
')
+# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
+# This is useful in case of remounting ext4 userdata into checkpointing mode,
+# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto)
+# that userdata is mounted onto.
+allow init sysfs_dm:file read;
+
# Allow the BoringSSL self test to request a reboot upon failure
set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
+
+# Second-stage init performs a test for whether the kernel has SELinux hooks
+# for the perf_event_open() syscall. This is done by testing for the syscall
+# outcomes corresponding to this policy.
+# TODO(b/137092007): this can be removed once the platform stops supporting
+# kernels that precede the perf_event_open hooks (Android common kernels 4.4
+# and 4.9).
+allow init self:perf_event { open cpu };
+neverallow init self:perf_event { kernel tracepoint read write };
+dontaudit init self:perf_event { kernel tracepoint read write };
+
+# Only init is allowed to set the sysprop indicating whether perf_event_open()
+# SELinux hooks were detected.
+set_prop(init, init_perf_lsm_hooks_prop)
+neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set;
diff --git a/private/install_recovery.te b/private/install_recovery.te
deleted file mode 100644
index b79d683..0000000
--- a/private/install_recovery.te
+++ /dev/null
@@ -1,3 +0,0 @@
-typeattribute install_recovery coredomain;
-
-init_daemon_domain(install_recovery)
diff --git a/private/installd.te b/private/installd.te
index b9e67ae..c89ba8b 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -2,6 +2,10 @@
init_daemon_domain(installd)
+# Run migrate_legacy_obb_data.sh in its own sandbox.
+domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data)
+allow installd shell_exec:file rx_file_perms;
+
# Run dex2oat in its own sandbox.
domain_auto_trans(installd, dex2oat_exec, dex2oat)
@@ -17,13 +21,6 @@
# Run idmap in its own sandbox.
domain_auto_trans(installd, idmap_exec, idmap)
-# Run migrate_legacy_obb_data.sh in its own sandbox.
-domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data)
-allow installd shell_exec:file rx_file_perms;
-
-# Create /data/.layout_version.* file
-type_transition installd system_data_file:file install_data_file;
-
# For collecting bugreports.
allow installd dumpstate:fd use;
allow installd dumpstate:fifo_file r_file_perms;
@@ -40,6 +37,9 @@
get_prop(installd, device_config_runtime_native_prop)
get_prop(installd, device_config_runtime_native_boot_prop)
+# Allow installd to access apk verity feature flag (for legacy case).
+get_prop(installd, apk_verity_prop)
+
# Allow installd to delete files in /data/staging
allow installd staging_data_file:file unlink;
allow installd staging_data_file:dir { open read remove_name rmdir search write };
diff --git a/private/iorap_inode2filename.te b/private/iorap_inode2filename.te
new file mode 100644
index 0000000..96b7bc2
--- /dev/null
+++ b/private/iorap_inode2filename.te
@@ -0,0 +1,9 @@
+typeattribute iorap_inode2filename coredomain;
+
+# Grant access to open most of the files under /
+allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
+allow iorap_inode2filename dalvikcache_data_file:file { getattr };
+allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
+allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
+allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
+allow iorap_inode2filename storaged_data_file:file { getattr };
diff --git a/private/iorap_prefecherd.te b/private/iorap_prefecherd.te
new file mode 100644
index 0000000..9ddb512
--- /dev/null
+++ b/private/iorap_prefecherd.te
@@ -0,0 +1,4 @@
+typeattribute iorap_prefetcherd coredomain;
+
+init_daemon_domain(iorap_prefetcherd)
+tmpfs_domain(iorap_prefetcherd)
diff --git a/private/iorapd.te b/private/iorapd.te
index 91f4ddc..73acec9 100644
--- a/private/iorapd.te
+++ b/private/iorapd.te
@@ -2,3 +2,9 @@
init_daemon_domain(iorapd)
tmpfs_domain(iorapd)
+
+domain_auto_trans(iorapd, iorap_prefetcherd_exec, iorap_prefetcherd)
+domain_auto_trans(iorapd, iorap_inode2filename_exec, iorap_inode2filename)
+
+# Allow iorapd to access the runtime native boot feature flag properties.
+get_prop(iorapd, device_config_runtime_native_boot_prop)
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 94b49b0..4c6c5aa 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -13,6 +13,10 @@
# Access already open app data files received over Binder or local socket IPC.
allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock map };
+# Allow access to network sockets received over IPC. New socket creation is not
+# permitted.
+allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl };
+
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
allow isolated_app webviewupdate_service:service_manager find;
@@ -56,15 +60,12 @@
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow isolated_app traced:fd use;
-allow isolated_app traced_tmpfs:file { read write getattr map };
-unix_socket_connect(isolated_app, traced_producer, traced)
+perfetto_producer(isolated_app)
-# Allow heap profiling if the main app has been marked as profileable or
+# Allow profiling if the main app has been marked as profileable or
# debuggable.
can_profile_heap(isolated_app)
-
-allow isolated_app ashmem_device:chr_file { getattr read ioctl lock map append write };
+can_profile_perf(isolated_app)
#####
##### Neverallow
@@ -92,12 +93,10 @@
# b/17487348
# Isolated apps can only access three services,
-# activity_service, display_service, webviewupdate_service, and
-# ashmem_device_service.
+# activity_service, display_service, webviewupdate_service.
neverallow isolated_app {
service_manager_type
-activity_service
- -ashmem_device_service
-display_service
-webviewupdate_service
}:service_manager find;
@@ -136,7 +135,7 @@
# excluding unix_stream_socket and unix_dgram_socket.
# Many of these are socket families which have never and will never
# be compiled into the Android kernel.
-neverallow isolated_app self:{
+neverallow isolated_app { self ephemeral_app priv_app untrusted_app_all }:{
socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
key_socket appletalk_socket netlink_route_socket
netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
diff --git a/private/keys.conf b/private/keys.conf
index f517b67..362e73d 100644
--- a/private/keys.conf
+++ b/private/keys.conf
@@ -15,7 +15,7 @@
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem
[@NETWORK_STACK]
-ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/networkstack.x509.pem
+ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem
[@SHARED]
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem
diff --git a/private/keystore.te b/private/keystore.te
index 7f71028..81b6dfb 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -11,9 +11,8 @@
# This is used for the ConfirmationUI async callback.
allow keystore platform_app:binder call;
-# Offer the Wifi Keystore HwBinder service
-typeattribute keystore wifi_keystore_service_server;
-add_hwservice(keystore, system_wifi_keystore_hwservice)
-
# Allow to check whether security logging is enabled.
get_prop(keystore, device_logging_prop)
+
+# Allow keystore to write to statsd.
+unix_socket_send(keystore, statsdw, statsd)
diff --git a/private/linkerconfig.te b/private/linkerconfig.te
new file mode 100644
index 0000000..414b39f
--- /dev/null
+++ b/private/linkerconfig.te
@@ -0,0 +1,19 @@
+type linkerconfig, domain, coredomain;
+type linkerconfig_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(linkerconfig)
+
+## Read and write linkerconfig subdirectory.
+allow linkerconfig linkerconfig_file:dir create_dir_perms;
+allow linkerconfig linkerconfig_file:file create_file_perms;
+
+# Allow linkerconfig to log to the kernel.
+allow linkerconfig kmsg_device:chr_file w_file_perms;
+
+# Allow linkerconfig to be invoked with logwrapper from init.
+allow linkerconfig devpts:chr_file { read write };
+
+# Allow linkerconfig to scan for apex modules
+allow linkerconfig apex_mnt_dir:dir r_dir_perms;
+
+neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms;
diff --git a/private/llkd.te b/private/llkd.te
index 385f930..f218dec 100644
--- a/private/llkd.te
+++ b/private/llkd.te
@@ -7,7 +7,7 @@
allow llkd self:global_capability_class_set kill;
userdebug_or_eng(`
- allow llkd self:global_capability_class_set sys_ptrace;
+ allow llkd self:global_capability_class_set { sys_ptrace sys_admin };
allow llkd self:global_capability_class_set { dac_override dac_read_search };
')
diff --git a/private/lmkd.te b/private/lmkd.te
index a07ce87..e51cddb 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -1,3 +1,8 @@
typeattribute lmkd coredomain;
init_daemon_domain(lmkd)
+
+# Set lmkd.* properties.
+set_prop(lmkd, lmkd_prop)
+
+neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set;
diff --git a/private/logpersist.te b/private/logpersist.te
index 4187627..ac324df 100644
--- a/private/logpersist.te
+++ b/private/logpersist.te
@@ -24,5 +24,6 @@
userdebug_or_eng(`-misc_logd_file -coredump_file')
with_native_coverage(`-method_trace_data_file')
}:file { create write append };
-neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init -dumpstate -incidentd userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_w_file_perms;
neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
diff --git a/private/lpdumpd.te b/private/lpdumpd.te
index 458a8f1..3bcd761 100644
--- a/private/lpdumpd.te
+++ b/private/lpdumpd.te
@@ -38,4 +38,5 @@
-dumpstate
-lpdumpd
-shell
+ -servicemanager
} lpdumpd:binder call;
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 30d3fe0..249fee1 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -42,5 +42,3 @@
# MtpServer sets sys.usb.ffs.mtp.ready
set_prop(mediaprovider, ffs_prop)
set_prop(mediaprovider, exported_ffs_prop)
-
-allow mediaprovider ashmem_device:chr_file { getattr read ioctl lock map append write };
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
new file mode 100644
index 0000000..335c1b6
--- /dev/null
+++ b/private/mediaprovider_app.te
@@ -0,0 +1,45 @@
+###
+### A domain for further sandboxing the MediaProvider mainline module.
+###
+type mediaprovider_app, domain, coredomain;
+
+app_domain(mediaprovider_app)
+
+# Access to /mnt/pass_through.
+allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms;
+
+# Allow MediaProvider to host a FUSE daemon for external storage
+allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
+
+# Allow MediaProvider to read/write media_rw_data_file files and dirs
+allow mediaprovider_app media_rw_data_file:file create_file_perms;
+allow mediaprovider_app media_rw_data_file:dir create_dir_perms;
+
+# Talk to the DRM service
+allow mediaprovider_app drmserver_service:service_manager find;
+
+# Talk to the MediaServer service
+allow mediaprovider_app mediaserver_service:service_manager find;
+
+# Talk to regular app services
+allow mediaprovider_app app_api_service:service_manager find;
+
+# Talk to the GPU service
+binder_call(mediaprovider_app, gpuservice)
+
+# read pipe-max-size configuration
+allow mediaprovider_app proc_pipe_conf:file r_file_perms;
+
+# Allow MediaProvider to set extended attributes (such as quota project ID)
+# on media files.
+allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
+
+allow mediaprovider_app proc_filesystems:file r_file_perms;
+
+#Allow MediaProvider to see if sdcardfs is in use
+get_prop(mediaprovider_app, storage_config_prop)
diff --git a/private/mediaserver.te b/private/mediaserver.te
index 635cf4e..c55e54a 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -2,9 +2,13 @@
init_daemon_domain(mediaserver)
tmpfs_domain(mediaserver)
+allow mediaserver appdomain_tmpfs:file { getattr map read write };
# allocate and use graphic buffers
hal_client_domain(mediaserver, hal_graphics_allocator)
+hal_client_domain(mediaserver, hal_configstore)
+hal_client_domain(mediaserver, hal_drm)
hal_client_domain(mediaserver, hal_omx)
hal_client_domain(mediaserver, hal_codec2)
+allow mediaserver mediatranscoding_service:service_manager find;
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
new file mode 100644
index 0000000..e0ad84c
--- /dev/null
+++ b/private/mediatranscoding.te
@@ -0,0 +1,3 @@
+typeattribute mediatranscoding coredomain;
+
+init_daemon_domain(mediatranscoding)
diff --git a/private/migrate_legacy_obb_data.te b/private/migrate_legacy_obb_data.te
index 4bc1e2c..b2a1fb1 100644
--- a/private/migrate_legacy_obb_data.te
+++ b/private/migrate_legacy_obb_data.te
@@ -10,6 +10,14 @@
allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
# TODO: This should not be necessary. We don't deliberately hand over
# any open file descriptors to this domain, so anything that triggers this
# should be a candidate for O_CLOEXEC.
diff --git a/private/netd.te b/private/netd.te
index 4c129b7..41473b7 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -5,8 +5,9 @@
# Allow netd to spawn dnsmasq in it's own domain
domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
-# Allow netd to start clatd in its own domain
+# Allow netd to start clatd in its own domain and kill it
domain_auto_trans(netd, clatd_exec, clatd)
+allow netd clatd:process signal;
# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
# the map created by bpfloader
diff --git a/private/network_stack.te b/private/network_stack.te
index b214538..1295a07 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -28,3 +28,11 @@
allow network_stack radio_data_file:file create_file_perms;
binder_call(network_stack, netd);
+
+# Create/use netlink_tcpdiag_socket to get tcp info
+allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
+############### Tethering Service app - Tethering.apk ##############
+hal_client_domain(network_stack, hal_tetheroffload)
+# Create and share netlink_netfilter_sockets for tetheroffload.
+allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+allow network_stack network_stack_service:service_manager find;
diff --git a/private/nfc.te b/private/nfc.te
index 5e85672..2e48eef 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -15,7 +15,6 @@
# SoundPool loading and playback
allow nfc audioserver_service:service_manager find;
allow nfc drmserver_service:service_manager find;
-allow nfc mediacodec_service:service_manager find;
allow nfc mediametrics_service:service_manager find;
allow nfc mediaextractor_service:service_manager find;
allow nfc mediaserver_service:service_manager find;
diff --git a/private/perfetto.te b/private/perfetto.te
index 419c4b9..0161361 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -13,10 +13,7 @@
# Connect to the Perfetto traced daemon as a producer. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow perfetto traced:fd use;
-allow perfetto traced_tmpfs:file { read write getattr map };
-unix_socket_connect(perfetto, traced_producer, traced)
-
+perfetto_producer(perfetto)
# Allow to write and unlink traces into /data/misc/perfetto-traces.
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
@@ -37,18 +34,28 @@
allow perfetto adbd:fd use;
allow perfetto adbd:unix_stream_socket { read write };
-# Allow adbd to reap perfetto
+# Allow adbd to reap perfetto.
allow perfetto adbd:process { sigchld };
+# Allow perfetto to write to statsd.
+unix_socket_send(perfetto, statsdw, statsd)
+
# Allow to access /dev/pts when launched in an adb shell.
allow perfetto devpts:chr_file rw_file_perms;
# Allow perfetto to ask incidentd to start a report.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow perfetto incident_service:service_manager find;
- binder_call(perfetto, incidentd)
-');
+allow perfetto incident_service:service_manager find;
+binder_call(perfetto, incidentd)
+
+# perfetto log formatter calls isatty() on its stderr. Denial when running
+# under adbd is harmless. Avoid generating denial logs.
+dontaudit perfetto adbd:unix_stream_socket getattr;
+dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
+# As above, when adbd is running in "su" domain (only the ioctl is denied in
+# practice).
+dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
+# Similarly, CTS tests end up hitting a denial on shell pipes.
+dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls;
###
### Neverallow rules
@@ -69,6 +76,7 @@
neverallow perfetto {
data_file_type
-system_data_file
+ -system_data_root_file
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
# neverallow. Currently only getattr and search are allowed.
-vendor_data_file
diff --git a/private/perfprofd.te b/private/perfprofd.te
deleted file mode 100644
index c65c6f1..0000000
--- a/private/perfprofd.te
+++ /dev/null
@@ -1,28 +0,0 @@
-userdebug_or_eng(`
- typeattribute perfprofd coredomain;
- init_daemon_domain(perfprofd)
-')
-
-neverallow {
- domain
- userdebug_or_eng(`
- -statsd
- -system_server
- -system_suspend_server
- -hal_health_server
- -hwservicemanager
- ')
-} perfprofd:binder call;
-
-neverallow perfprofd {
- domain
- userdebug_or_eng(`
- -servicemanager
- -statsd
- -su
- -system_server
- -system_suspend_server
- -hal_health_server
- -hwservicemanager
- ')
-}:binder call;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
new file mode 100644
index 0000000..41185e3
--- /dev/null
+++ b/private/permissioncontroller_app.te
@@ -0,0 +1,39 @@
+###
+### A domain for further sandboxing the GooglePermissionController app.
+###
+type permissioncontroller_app, domain, coredomain;
+
+app_domain(permissioncontroller_app)
+
+# Allow interaction with gpuservice
+binder_call(permissioncontroller_app, gpuservice)
+allow permissioncontroller_app gpu_service:service_manager find;
+
+# Allow interaction with role_service
+allow permissioncontroller_app role_service:service_manager find;
+
+# Allow interaction with usagestats_service
+allow permissioncontroller_app usagestats_service:service_manager find;
+
+# Allow interaction with activity_service
+allow permissioncontroller_app activity_service:service_manager find;
+
+allow permissioncontroller_app activity_task_service:service_manager find;
+allow permissioncontroller_app audio_service:service_manager find;
+allow permissioncontroller_app autofill_service:service_manager find;
+allow permissioncontroller_app content_capture_service:service_manager find;
+allow permissioncontroller_app device_policy_service:service_manager find;
+allow permissioncontroller_app incidentcompanion_service:service_manager find;
+allow permissioncontroller_app IProxyService_service:service_manager find;
+allow permissioncontroller_app location_service:service_manager find;
+allow permissioncontroller_app media_session_service:service_manager find;
+allow permissioncontroller_app radio_service:service_manager find;
+allow permissioncontroller_app surfaceflinger_service:service_manager find;
+allow permissioncontroller_app telecom_service:service_manager find;
+allow permissioncontroller_app trust_service:service_manager find;
+
+# Allow the app to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow permissioncontroller_app incident_service:service_manager find;
+binder_call(permissioncontroller_app, incidentd)
+allow permissioncontroller_app incidentd:fifo_file { read write };
diff --git a/private/platform_app.te b/private/platform_app.te
index bbba1d9..3beec38 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -58,7 +58,6 @@
allow platform_app mediaserver_service:service_manager find;
allow platform_app mediametrics_service:service_manager find;
allow platform_app mediaextractor_service:service_manager find;
-allow platform_app mediacodec_service:service_manager find;
allow platform_app mediadrmserver_service:service_manager find;
allow platform_app persistent_data_block_service:service_manager find;
allow platform_app radio_service:service_manager find;
@@ -74,7 +73,7 @@
binder_call(platform_app, gpuservice)
# Allow platform apps to log via statsd.
-allow platform_app statsd:binder call;
+binder_call(platform_app, statsd)
# Access to /data/preloads
allow platform_app preloads_data_file:file r_file_perms;
diff --git a/private/preloads_copy.te b/private/preloads_copy.te
index 7177839..ba54b70 100644
--- a/private/preloads_copy.te
+++ b/private/preloads_copy.te
@@ -12,3 +12,7 @@
# Allow to copy from /postinstall
allow preloads_copy system_file:dir r_dir_perms;
+
+# Silence the denial when /postinstall cannot be mounted, e.g., system_other
+# is wiped, but preloads_copy.sh still runs.
+dontaudit preloads_copy postinstall_mnt_dir:dir search;
diff --git a/private/priv_app.te b/private/priv_app.te
index ab3847b..44c81ee 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -14,9 +14,6 @@
# Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm
create_pty(priv_app)
-# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7)
-allow priv_app self:process ptrace;
-
# Allow loading executable code from writable priv-app home
# directories. This is a W^X violation, however, it needs
# to be supported for now for the following reasons.
@@ -37,7 +34,6 @@
allow priv_app audioserver_service:service_manager find;
allow priv_app cameraserver_service:service_manager find;
allow priv_app drmserver_service:service_manager find;
-allow priv_app mediacodec_service:service_manager find;
allow priv_app mediadrmserver_service:service_manager find;
allow priv_app mediaextractor_service:service_manager find;
allow priv_app mediametrics_service:service_manager find;
@@ -60,10 +56,6 @@
# /cache is a symlink to /data/cache on some devices. Allow reading the link.
allow priv_app cache_file:lnk_file r_file_perms;
-# Write to /data/ota_package for OTA packages.
-allow priv_app ota_package_file:dir rw_dir_perms;
-allow priv_app ota_package_file:file create_file_perms;
-
# Access to /data/media.
allow priv_app media_rw_data_file:dir create_dir_perms;
allow priv_app media_rw_data_file:file create_file_perms;
@@ -80,17 +72,6 @@
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
-# b/18504118: Allow reads from /data/anr/traces.txt
-allow priv_app anr_data_file:file r_file_perms;
-
-# Allow GMS core to access perfprofd output, which is stored
-# in /data/misc/perfprofd/. GMS core will need to list all
-# data stored in that directory to process them one by one.
-userdebug_or_eng(`
- allow priv_app perfprofd_data_file:file r_file_perms;
- allow priv_app perfprofd_data_file:dir r_dir_perms;
-')
-
# For AppFuse.
allow priv_app vold:fd use;
allow priv_app fuse_device:chr_file { read write };
@@ -108,25 +89,10 @@
r_dir_file(priv_app, rootfs)
-# Allow GMS core to open kernel config for OTA matching through libvintf
-allow priv_app config_gz:file { open read getattr };
-
# access the mac address
allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR;
-# Allow GMS core to communicate with update_engine for A/B update.
-binder_call(priv_app, update_engine)
-allow priv_app update_engine_service:service_manager find;
-
-# Allow GMS core to communicate with dumpsys storaged.
-binder_call(priv_app, storaged)
-allow priv_app storaged_service:service_manager find;
-
-# Allow GMS core to access system_update_service (e.g. to publish pending
-# system update info).
-allow priv_app system_update_service:service_manager find;
-
-# Allow GMS core to communicate with statsd.
+# Allow com.android.vending to communicate with statsd.
binder_call(priv_app, statsd)
# Allow Phone to read/write cached ringtones (opened by system).
@@ -138,19 +104,11 @@
allow priv_app preloads_media_file:file r_file_perms;
allow priv_app preloads_media_file:dir r_dir_perms;
-# Allow privileged apps (e.g. GMS core) to generate unique hardware IDs
-allow priv_app keystore:keystore_key gen_unique_id;
-
-# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check
-allow priv_app selinuxfs:file r_file_perms;
-
read_runtime_log_tags(priv_app)
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow priv_app traced:fd use;
-allow priv_app traced_tmpfs:file { read write getattr map };
-unix_socket_connect(priv_app, traced_producer, traced)
+perfetto_producer(priv_app)
# Allow priv_apps to request and collect incident reports.
# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
@@ -158,9 +116,9 @@
binder_call(priv_app, incidentd)
allow priv_app incidentd:fifo_file { read write };
-# Allow heap profiling if the app opts in by being marked
-# profileable/debuggable.
+# Allow profiling if the app opts in by being marked profileable/debuggable.
can_profile_heap(priv_app)
+can_profile_perf(priv_app)
# Allow priv_apps to check whether Dynamic System Update is enabled
get_prop(priv_app, dynamic_system_prop)
@@ -173,11 +131,13 @@
dontaudit priv_app proc:file read;
dontaudit priv_app proc_interrupts:file read;
dontaudit priv_app proc_modules:file read;
+dontaudit priv_app proc_net:file read;
dontaudit priv_app proc_stat:file read;
dontaudit priv_app proc_version:file read;
dontaudit priv_app sysfs:dir read;
dontaudit priv_app sysfs:file read;
dontaudit priv_app sysfs_android_usb:file read;
+dontaudit priv_app sysfs_dm:file r_file_perms;
dontaudit priv_app wifi_prop:file read;
dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
@@ -186,11 +146,20 @@
allow priv_app system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
-# Attempts to write to system_data_file is generally a sign
-# that apps are attempting to access encrypted storage before
-# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
-# denial to prevent apps from spamming the logs.
-dontaudit priv_app system_data_file:dir write;
+# allow apps like Phonesky to check the file signature of an apk installed on
+# the Incremental File System, and fill missing blocks in the apk
+allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+
+# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
+allow priv_app incremental_control_file:file { read getattr ioctl };
+
+# allow apps like Phonesky to request permission to fill blocks of an apk file
+# on the Incremental File System.
+allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL;
+
+# Required for Phonesky to be able to read APEX files under /data/apex/active/.
+allow priv_app apex_data_file:dir search;
+allow priv_app staging_data_file:file r_file_perms;
###
### neverallow rules
diff --git a/private/property_contexts b/private/property_contexts
index 8456fdb..7908bb1 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -22,6 +22,8 @@
hw. u:object_r:system_prop:s0
ro.hw. u:object_r:system_prop:s0
sys. u:object_r:system_prop:s0
+sys.audio. u:object_r:audio_prop:s0
+sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
sys.cppreopt u:object_r:cppreopt_prop:s0
sys.lpdumpd u:object_r:lpdumpd_prop:s0
sys.powerctl u:object_r:powerctl_prop:s0
@@ -35,19 +37,25 @@
debug.db. u:object_r:debuggerd_prop:s0
dumpstate. u:object_r:dumpstate_prop:s0
dumpstate.options u:object_r:dumpstate_options_prop:s0
+init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0
llk. u:object_r:llkd_prop:s0
khungtask. u:object_r:llkd_prop:s0
ro.llk. u:object_r:llkd_prop:s0
ro.khungtask. u:object_r:llkd_prop:s0
+lmkd.reinit u:object_r:lmkd_prop:s0 exact int
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
security.perf_harden u:object_r:shell_prop:s0
service.adb.root u:object_r:shell_prop:s0
service.adb.tcp.port u:object_r:shell_prop:s0
+service.adb.tls.port u:object_r:adbd_prop:s0
+persist.adb.wifi. u:object_r:adbd_prop:s0
+persist.adb.tls_server.enable u:object_r:system_adbd_prop:s0
persist.audio. u:object_r:audio_prop:s0
persist.bluetooth. u:object_r:bluetooth_prop:s0
+persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
@@ -57,18 +65,21 @@
persist.log.tag u:object_r:log_tag_prop:s0
persist.mmc. u:object_r:mmc_prop:s0
persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0
+persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0
persist.sys. u:object_r:system_prop:s0
persist.sys.safemode u:object_r:safemode_prop:s0
persist.sys.theme u:object_r:theme_prop:s0
persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0
ro.sys.safemode u:object_r:safemode_prop:s0
persist.sys.audit_safemode u:object_r:safemode_prop:s0
+persist.sys.dalvik.jvmtiagent u:object_r:system_jvmti_agent_prop:s0
persist.service. u:object_r:system_prop:s0
persist.service.bdroid. u:object_r:bluetooth_prop:s0
persist.security. u:object_r:system_prop:s0
persist.traced.enable u:object_r:traced_enabled_prop:s0
traced.lazy. u:object_r:traced_lazy_prop:s0
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
+persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
persist.vendor.overlay. u:object_r:overlay_prop:s0
ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
ro.boottime. u:object_r:boottime_prop:s0
@@ -82,12 +93,17 @@
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
pm. u:object_r:pm_prop:s0
test.sys.boot.reason u:object_r:test_boot_reason_prop:s0
+test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0
sys.lmk. u:object_r:system_lmk_prop:s0
sys.trace. u:object_r:system_trace_prop:s0
+# Fastbootd protocol control property
+fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
+
# Boolean property set by system server upon boot indicating
-# if device owner is provisioned.
-ro.device_owner u:object_r:device_logging_prop:s0
+# if device is fully owned by organization instead of being
+# a personal device.
+ro.organization_owned u:object_r:device_logging_prop:s0
# selinux non-persistent properties
selinux.restorecon_recursive u:object_r:restorecon_prop:s0
@@ -107,7 +123,6 @@
# ctl properties
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
-ctl.android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
@@ -136,6 +151,12 @@
ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
+# Restrict access to stopping apexd.
+ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
+
+# Restrict access to restart dumpstate
+ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
+
# NFC properties
nfc. u:object_r:nfc_prop:s0
@@ -148,6 +169,7 @@
ro.dalvik. u:object_r:dalvik_prop:s0
# Shared between system server and wificond
+wifi. u:object_r:wifi_prop:s0
wlan. u:object_r:wifi_prop:s0
# Lowpan properties
@@ -185,6 +207,12 @@
persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0
persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0
+persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0
+persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
+
+# Properties that relate to legacy server configurable flags
+persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
apexd. u:object_r:apexd_prop:s0
persist.apexd. u:object_r:apexd_prop:s0
@@ -197,3 +225,44 @@
# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
# which can't use NNAPI vendor extensions).
ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
+
+# Property that is set once ueventd finishes cold boot.
+ro.cold_boot_done u:object_r:cold_boot_done_prop:s0
+
+# Charger properties
+ro.charger. u:object_r:charger_prop:s0
+
+# Virtual A/B properties
+ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0
+ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0
+
+# Property to set/clear the warm reset flag after an OTA update.
+ota.warm_reset u:object_r:ota_prop:s0
+
+# Module properties
+com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+
+# Userspace reboot properties
+sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
+
+# Integer property which is used in libgui to configure the number of frames
+# tracked by buffer queue's frame event timing history. The property is set
+# by devices with video decoding pipelines long enough to overflow the default
+# history size.
+ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
+
+# Property to enable incremental feature
+ro.incremental.enable u:object_r:incremental_prop:s0
+
+# Properties to configure userspace reboot.
+init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
+init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int
+
+# surfaceflinger-settable
+graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool
diff --git a/private/radio.te b/private/radio.te
index 9ac2cf1..00a5cda 100644
--- a/private/radio.te
+++ b/private/radio.te
@@ -6,3 +6,20 @@
# Telephony code contains time / time zone detection logic so it reads the associated properties.
get_prop(radio, time_prop)
+
+# allow telephony to access platform compat to log permission denials
+allow radio platform_compat_service:service_manager find;
+
+allow radio uce_service:service_manager find;
+
+# Manage /data/misc/emergencynumberdb
+allow radio emergency_data_file:dir r_dir_perms;
+allow radio emergency_data_file:file r_file_perms;
+
+# allow sending pulled atoms to statsd
+binder_call(radio, statsd)
+
+# allow telephony to access related cache properties
+set_prop(radio, binder_cache_telephony_server_prop);
+neverallow { domain -radio -init }
+ binder_cache_telephony_server_prop:property_service set;
diff --git a/private/runas_app.te b/private/runas_app.te
index e6fd953..c1b354a 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te
@@ -16,3 +16,17 @@
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
allow runas_app untrusted_app_all:process { ptrace signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto;
+
+# Allow executing system image simpleperf without a domain transition.
+allow runas_app simpleperf_exec:file rx_file_perms;
+
+# Suppress denial logspam when simpleperf is trying to find a matching process
+# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
+# the same domain as their respective process, most of which this domain is not
+# allowed to see.
+dontaudit runas_app domain:dir search;
+
+# Allow runas_app to call perf_event_open for profiling debuggable app
+# processes, but not the whole system.
+allow runas_app self:perf_event { open read write kernel };
+neverallow runas_app self:perf_event ~{ open read write kernel };
diff --git a/private/seapp_contexts b/private/seapp_contexts
index ad8a76c..a8c61be 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -113,9 +113,10 @@
neverallow user=((?!system).)* domain=system_app
neverallow user=((?!system).)* type=system_app_data_file
-# anything with a non-known uid with a specified name should have a specified seinfo
-neverallow user=_app name=.* seinfo=""
-neverallow user=_app name=.* seinfo=default
+# any non priv-app with a non-known uid with a specified name should have a specified
+# seinfo
+neverallow user=_app isPrivApp=false name=.* seinfo=""
+neverallow user=_app isPrivApp=false name=.* seinfo=default
# neverallow shared relro to any other domain
# and neverallow any other uid into shared_relro
@@ -150,13 +151,23 @@
user=shared_relro domain=shared_relro
user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
-user=_isolated domain=isolated_app levelFrom=all
-user=_app seinfo=app_zygote domain=app_zygote levelFrom=all
+user=_isolated domain=isolated_app levelFrom=user
+user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
-user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
+user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
+user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
diff --git a/private/security_classes b/private/security_classes
index 25b4cba..04ed814 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -139,6 +139,11 @@
class xdp_socket
+class perf_event
+
+# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
+class lockdown
+
# Property service
class property_service # userspace
diff --git a/private/service.te b/private/service.te
index a8ee195..6c17521 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,7 +1,8 @@
-type ashmem_device_service, app_api_service, service_manager_type;
type attention_service, system_server_service, service_manager_type;
type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
type gsi_service, service_manager_type;
type incidentcompanion_service, system_api_service, system_server_service, service_manager_type;
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
+type statsmanager_service, system_api_service, system_server_service, service_manager_type;
+type uce_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 96d553b..5c6f1a4 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,22 +1,34 @@
+android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0
+android.hardware.light.ILights/default u:object_r:hal_light_service:s0
+android.hardware.power.IPower/default u:object_r:hal_power_service:s0
+android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
+android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
+
accessibility u:object_r:accessibility_service:s0
account u:object_r:account_service:s0
activity u:object_r:activity_service:s0
activity_task u:object_r:activity_task_service:s0
adb u:object_r:adb_service:s0
+aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
+aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
alarm u:object_r:alarm_service:s0
android.os.UpdateEngineService u:object_r:update_engine_service:s0
+android.security.identity u:object_r:credstore_service:s0
android.security.keystore u:object_r:keystore_service:s0
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
+app_integrity u:object_r:app_integrity_service:s0
app_prediction u:object_r:app_prediction_service:s0
+app_search u:object_r:app_search_service:s0
apexservice u:object_r:apex_service:s0
-ashmem_device_service u:object_r:ashmem_device_service:s0
+blob_store u:object_r:blob_store_service:s0
gsiservice u:object_r:gsi_service:s0
appops u:object_r:appops_service:s0
appwidget u:object_r:appwidget_service:s0
assetatlas u:object_r:assetatlas_service:s0
attention u:object_r:attention_service:s0
audio u:object_r:audio_service:s0
+auth u:object_r:auth_service:s0
autofill u:object_r:autofill_service:s0
backup u:object_r:backup_service:s0
batteryproperties u:object_r:batteryproperties_service:s0
@@ -28,10 +40,13 @@
bluetooth u:object_r:bluetooth_service:s0
broadcastradio u:object_r:broadcastradio_service:s0
bugreport u:object_r:bugreport_service:s0
+cacheinfo u:object_r:cacheinfo_service:s0
carrier_config u:object_r:radio_service:s0
clipboard u:object_r:clipboard_service:s0
com.android.net.IProxyService u:object_r:IProxyService_service:s0
companiondevice u:object_r:companion_device_service:s0
+platform_compat u:object_r:platform_compat_service:s0
+platform_compat_native u:object_r:platform_compat_service:s0
connectivity u:object_r:connectivity_service:s0
connmetrics u:object_r:connmetrics_service:s0
consumer_ir u:object_r:consumer_ir_service:s0
@@ -43,6 +58,7 @@
coverage u:object_r:coverage_service:s0
cpuinfo u:object_r:cpuinfo_service:s0
crossprofileapps u:object_r:crossprofileapps_service:s0
+dataloader_manager u:object_r:dataloader_manager_service:s0
dbinfo u:object_r:dbinfo_service:s0
device_config u:object_r:device_config_service:s0
device_policy u:object_r:device_policy_service:s0
@@ -62,11 +78,13 @@
dumpstate u:object_r:dumpstate_service:s0
dynamic_system u:object_r:dynamic_system_service:s0
econtroller u:object_r:radio_service:s0
+emergency_affordance u:object_r:emergency_affordance_service:s0
euicc_card_controller u:object_r:radio_service:s0
external_vibrator_service u:object_r:external_vibrator_service:s0
lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
face u:object_r:face_service:s0
+file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
@@ -90,8 +108,9 @@
iphonesubinfo u:object_r:radio_service:s0
ims u:object_r:radio_service:s0
imms u:object_r:imms_service:s0
+incremental u:object_r:incremental_service:s0
ipsec u:object_r:ipsec_service:s0
-ircs u:object_r:radio_service:s0
+ircsmessage u:object_r:radio_service:s0
iris u:object_r:iris_service:s0
isms_msim u:object_r:radio_service:s0
isms2 u:object_r:radio_service:s0
@@ -99,6 +118,7 @@
isub u:object_r:radio_service:s0
jobscheduler u:object_r:jobscheduler_service:s0
launcherapps u:object_r:launcherapps_service:s0
+lights u:object_r:light_service:s0
location u:object_r:location_service:s0
lock_settings u:object_r:lock_settings_service:s0
looper_stats u:object_r:looper_stats_service:s0
@@ -112,7 +132,7 @@
media.player u:object_r:mediaserver_service:s0
media.metrics u:object_r:mediametrics_service:s0
media.extractor u:object_r:mediaextractor_service:s0
-media.codec u:object_r:mediacodec_service:s0
+media.transcoding u:object_r:mediatranscoding_service:s0
media.resource_manager u:object_r:mediaserver_service:s0
media.sound_trigger_hw u:object_r:audioserver_service:s0
media.drm u:object_r:mediadrmserver_service:s0
@@ -137,7 +157,6 @@
overlay u:object_r:overlay_service:s0
package u:object_r:package_service:s0
package_native u:object_r:package_native_service:s0
-perfprofd u:object_r:perfprofd_service:s0
permission u:object_r:permission_service:s0
permissionmgr u:object_r:permissionmgr_service:s0
persistent_data_block u:object_r:persistent_data_block_service:s0
@@ -169,6 +188,7 @@
sensor_privacy u:object_r:sensor_privacy_service:s0
serial u:object_r:serial_service:s0
servicediscovery u:object_r:servicediscovery_service:s0
+manager u:object_r:service_manager_service:s0
settings u:object_r:settings_service:s0
shortcut u:object_r:shortcut_service:s0
simphonebook_msim u:object_r:radio_service:s0
@@ -178,25 +198,33 @@
slice u:object_r:slice_service:s0
stats u:object_r:stats_service:s0
statscompanion u:object_r:statscompanion_service:s0
+statsmanager u:object_r:statsmanager_service:s0
soundtrigger u:object_r:voiceinteraction_service:s0
+soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0
statusbar u:object_r:statusbar_service:s0
storaged u:object_r:storaged_service:s0
storaged_pri u:object_r:storaged_service:s0
storagestats u:object_r:storagestats_service:s0
SurfaceFlinger u:object_r:surfaceflinger_service:s0
suspend_control u:object_r:system_suspend_control_service:s0
+system_config u:object_r:system_config_service:s0
system_update u:object_r:system_update_service:s0
task u:object_r:task_service:s0
telecom u:object_r:telecom_service:s0
telephony.registry u:object_r:registry_service:s0
+telephony_ims u:object_r:radio_service:s0
testharness u:object_r:testharness_service:s0
+tethering u:object_r:tethering_service:s0
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
time_detector u:object_r:timedetector_service:s0
+time_zone_detector u:object_r:timezonedetector_service:s0
timezone u:object_r:timezone_service:s0
thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
+tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0
+uce u:object_r:uce_service:s0
uimode u:object_r:uimode_service:s0
updatelock u:object_r:updatelock_service:s0
uri_grants u:object_r:uri_grants_service:s0
@@ -215,7 +243,7 @@
wifip2p u:object_r:wifip2p_service:s0
wifiscanner u:object_r:wifiscanner_service:s0
wifi u:object_r:wifi_service:s0
-wificond u:object_r:wificond_service:s0
+wifinl80211 u:object_r:wifinl80211_service:s0
wifiaware u:object_r:wifiaware_service:s0
wifirtt u:object_r:rttmanager_service:s0
window u:object_r:window_service:s0
diff --git a/private/servicemanager.te b/private/servicemanager.te
index 9f675a2..6294452 100644
--- a/private/servicemanager.te
+++ b/private/servicemanager.te
@@ -3,3 +3,5 @@
init_daemon_domain(servicemanager)
read_runtime_log_tags(servicemanager)
+
+set_prop(servicemanager, ctl_interface_start_prop)
diff --git a/private/shell.te b/private/shell.te
index 02b01f5..43e4dd5 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -34,9 +34,7 @@
# Allow shell binaries to write trace data to Perfetto. Used for testing and
# cmdline utils.
-allow shell traced:fd use;
-allow shell traced_tmpfs:file { read write getattr map };
-unix_socket_connect(shell, traced_producer, traced)
+perfetto_producer(shell)
domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
@@ -52,7 +50,7 @@
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
-allow shell perfetto_traces_data_file:file r_file_perms;
+allow shell perfetto_traces_data_file:file { r_file_perms unlink };
# Allow shell to run adb shell cmd gpu commands.
binder_call(shell, gpuservice);
@@ -74,3 +72,24 @@
# Allow shell to start and comminicate with lpdumpd.
set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd)
+
+# Allow shell to set and read value of properties used for CTS tests of
+# userspace reboot
+set_prop(shell, userspace_reboot_test_prop)
+
+# Allow shell to get encryption policy of /data/local/tmp/, for CTS
+allowxperm shell shell_data_file:dir ioctl {
+ FS_IOC_GET_ENCRYPTION_POLICY
+ FS_IOC_GET_ENCRYPTION_POLICY_EX
+};
+
+# Allow shell to execute simpleperf without a domain transition.
+allow shell simpleperf_exec:file rx_file_perms;
+
+# Allow shell to call perf_event_open for profiling other shell processes, but
+# not the whole system.
+allow shell self:perf_event { open read write kernel };
+neverallow shell self:perf_event ~{ open read write kernel };
+
+# Allow to read graphics related properties.
+get_prop(shell, graphics_config_prop)
\ No newline at end of file
diff --git a/private/simpleperf.te b/private/simpleperf.te
new file mode 100644
index 0000000..0639c11
--- /dev/null
+++ b/private/simpleperf.te
@@ -0,0 +1,37 @@
+# Domain used when running /system/bin/simpleperf to profile a specific app.
+# Entered either by the app itself exec-ing the binary, or through
+# simpleperf_app_runner (with shell as its origin). Certain other domains
+# (runas_app, shell) can also exec this binary without a domain transition.
+typeattribute simpleperf coredomain;
+type simpleperf_exec, system_file_type, exec_type, file_type;
+
+domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
+
+# When running in this domain, simpleperf is scoped to profiling an individual
+# app. The necessary MAC permissions for profiling are more maintainable and
+# consistent if simpleperf is marked as an app domain as well (as, for example,
+# it will then see the same set of system libraries as the app).
+app_domain(simpleperf)
+untrusted_app_domain(simpleperf)
+
+# Allow ptrace attach to the target app, for reading JIT debug info (using
+# process_vm_readv) during unwinding and symbolization.
+allow simpleperf untrusted_app_all:process ptrace;
+
+# Allow using perf_event_open syscall for profiling the target app.
+allow simpleperf self:perf_event { open read write kernel };
+
+# Allow /proc/<pid> access for the target app (for example, when trying to
+# discover it by cmdline).
+r_dir_file(simpleperf, untrusted_app_all)
+
+# Suppress denial logspam when simpleperf is trying to find a matching process
+# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
+# the same domain as their respective processes, most of which this domain is
+# not allowed to see.
+dontaudit simpleperf domain:dir search;
+
+# Neverallows:
+
+# Profiling must be confined to the scope of an individual app.
+neverallow simpleperf self:perf_event ~{ open read write kernel };
diff --git a/private/snapshotctl.te b/private/snapshotctl.te
new file mode 100644
index 0000000..fb2bbca
--- /dev/null
+++ b/private/snapshotctl.te
@@ -0,0 +1,45 @@
+type snapshotctl, domain, coredomain;
+type snapshotctl_exec, system_file_type, exec_type, file_type;
+
+# Allow init to run snapshotctl and do auto domain transfer.
+init_daemon_domain(snapshotctl);
+
+# Allow to start gsid service.
+set_prop(snapshotctl, ctl_gsid_prop)
+
+# Allow to talk to gsid.
+binder_use(snapshotctl)
+allow snapshotctl gsi_service:service_manager find;
+binder_call(snapshotctl, gsid)
+
+# Allow to create/read/write/delete OTA metadata files for snapshot status and COW file status.
+allow snapshotctl metadata_file:dir search;
+allow snapshotctl ota_metadata_file:dir rw_dir_perms;
+allow snapshotctl ota_metadata_file:file create_file_perms;
+
+# Allow to get A/B slot suffix from device tree or kernel cmdline.
+r_dir_file(snapshotctl, sysfs_dt_firmware_android);
+allow snapshotctl proc_cmdline:file r_file_perms;
+
+# Needed to (re-)map logical partitions.
+allow snapshotctl block_device:dir r_dir_perms;
+allow snapshotctl super_block_device:blk_file r_file_perms;
+
+# Interact with device-mapper to collapse snapshots.
+allow snapshotctl dm_device:chr_file rw_file_perms;
+
+# Needed to mutate device-mapper nodes.
+allow snapshotctl self:global_capability_class_set sys_admin;
+
+# Snapshotctl talk to boot control HAL to set merge status.
+hwbinder_use(snapshotctl)
+hal_client_domain(snapshotctl, hal_bootctl)
+
+# Allow snapshotctl to write to statsd socket.
+unix_socket_send(snapshotctl, statsdw, statsd)
+
+# Logging
+userdebug_or_eng(`
+ allow snapshotctl snapshotctl_log_data_file:dir rw_dir_perms;
+ allow snapshotctl snapshotctl_log_data_file:file create_file_perms;
+')
diff --git a/private/stats.te b/private/stats.te
index 81ec1cf..3e8a3d5 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -40,12 +40,15 @@
neverallow {
domain
-dumpstate
+ -gmscore_app
+ -gpuservice
-incidentd
-platform_app
-priv_app
-shell
-stats
-statsd
+ -surfaceflinger
-system_app
-system_server
-traceur_app
diff --git a/private/statsd.te b/private/statsd.te
index 9d250bd..1483156 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,10 +1,7 @@
typeattribute statsd coredomain;
-typeattribute statsd stats_service_server;
init_daemon_domain(statsd)
-binder_call(statsd, statscompanion_service)
-
# Allow to exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. It allows statsd to capture traces and hand them
# to Android dropbox.
@@ -21,3 +18,6 @@
# Allow StatsCompanionService to pipe data to statsd.
allow statsd system_server:fifo_file { read getattr };
+
+# Allow statsd to retrieve SF statistics over binder
+binder_call(statsd, surfaceflinger);
diff --git a/private/storaged.te b/private/storaged.te
index 3ed24b2..b7d4ae9 100644
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -30,6 +30,12 @@
# Needed for GMScore to call dumpsys storaged
allow storaged priv_app:fd use;
+# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain.
+# Remove after no logs are seen for this rule.
+userdebug_or_eng(`
+ auditallow storaged priv_app:fd use;
+')
+allow storaged gmscore_app:fd use;
allow storaged { privapp_data_file app_data_file }:file write;
allow storaged permission_service:service_manager find;
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 1236627..2e9ce19 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -19,6 +19,7 @@
hal_client_domain(surfaceflinger, hal_omx)
hal_client_domain(surfaceflinger, hal_configstore)
hal_client_domain(surfaceflinger, hal_power)
+hal_client_domain(surfaceflinger, hal_bufferhub)
allow surfaceflinger hidl_token_hwservice:hwservice_manager find;
# Perform Binder IPC.
@@ -26,6 +27,7 @@
binder_call(surfaceflinger, binderservicedomain)
binder_call(surfaceflinger, appdomain)
binder_call(surfaceflinger, bootanim)
+binder_call(surfaceflinger, system_server);
binder_service(surfaceflinger)
# Binder IPC to bu, presently runs in adbd domain.
@@ -55,6 +57,7 @@
set_prop(surfaceflinger, exported2_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
+set_prop(surfaceflinger, surfaceflinger_display_prop)
# Use open files supplied by an app.
allow surfaceflinger appdomain:fd use;
@@ -66,6 +69,9 @@
allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
')
+# Needed to register as a Perfetto producer.
+perfetto_producer(surfaceflinger)
+
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow surfaceflinger adbd:unix_stream_socket { read write getattr };
@@ -110,6 +116,20 @@
pdx_client(surfaceflinger, bufferhub_client)
pdx_client(surfaceflinger, performance_client)
+# Allow supplying timestats statistics to statsd
+allow surfaceflinger stats_service:service_manager find;
+allow surfaceflinger statsmanager_service:service_manager find;
+# TODO(146461633): remove this once native pullers talk to StatsManagerService
+binder_call(surfaceflinger, statsd);
+
+# Allow pushing jank event atoms to statsd
+userdebug_or_eng(`
+ unix_socket_send(surfaceflinger, statsdw, statsd)
+')
+
+# Surfaceflinger should not be reading default vendor-defined properties.
+dontaudit surfaceflinger vendor_default_prop:file read;
+
###
### Neverallow rules
###
diff --git a/private/system_app.te b/private/system_app.te
index 9ed1d36..0b77bb3 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -62,6 +62,9 @@
set_prop(system_app, ctl_default_prop)
set_prop(system_app, ctl_bugreport_prop)
+# Allow developer settings to query gsid status
+get_prop(system_app, gsid_prop)
+
# Create /data/anr/traces.txt.
allow system_app anr_data_file:dir ra_dir_perms;
allow system_app anr_data_file:file create_file_perms;
@@ -69,6 +72,12 @@
# Settings need to access app name and icon from asec
allow system_app asec_apk_file:file r_file_perms;
+# Allow system_app (adb data loader) to write data to /data/incremental
+allow system_app apk_data_file:file write;
+
+# Allow system app (adb data loader) to read logs
+allow system_app incremental_control_file:file r_file_perms;
+
# Allow system apps (like Settings) to interact with statsd
binder_call(system_app, statsd)
@@ -78,6 +87,9 @@
# Allow system apps to interact with gpuservice
binder_call(system_app, gpuservice)
+# Allow system app to interact with Dumpstate HAL
+hal_client_domain(system_app, hal_dumpstate)
+
allow system_app servicemanager:service_manager list;
# TODO: scope this down? Too broad?
allow system_app {
@@ -93,6 +105,7 @@
-virtual_touchpad_service
-vold_service
-vr_hwc_service
+ -default_android_service
}:service_manager find;
# suppress denials for services system_app should not be accessing.
dontaudit system_app {
@@ -149,3 +162,10 @@
# app domains which access /dev/fuse should not run as system_app
neverallow system_app fuse_device:chr_file *;
+
+# Apps which run as UID=system should not rely on any attacker controlled
+# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we
+# allow writes to files passed by file descriptor to support dumpstate and
+# bug reports, but not reads.
+neverallow system_app shell_data_file:dir { no_w_dir_perms open search read };
+neverallow system_app shell_data_file:file { open read ioctl lock };
diff --git a/private/system_server.te b/private/system_server.te
index 5bec849..66c46ed 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -7,6 +7,7 @@
typeattribute system_server mlstrustedsubject;
typeattribute system_server scheduler_service_server;
typeattribute system_server sensor_service_server;
+typeattribute system_server stats_service_server;
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
@@ -14,9 +15,22 @@
# Create a socket for connections from crash_dump.
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
+# Create a socket for connections from zygotes.
+type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket";
+
allow system_server zygote_tmpfs:file read;
allow system_server appdomain_tmpfs:file { getattr map read write };
+# For Incremental Service to check if incfs is available
+allow system_server proc_filesystems:file r_file_perms;
+
+# To create files and get permission to fill blocks on Incremental File System
+allow system_server incremental_control_file:file { ioctl r_file_perms };
+allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
+
+# To get signature of an APK installed on Incremental File System and fill in data blocks
+allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file r_file_perms;
@@ -37,10 +51,12 @@
allow system_server zygote:process sigchld;
# May kill zygote on crashes.
-allow system_server zygote:process sigkill;
-allow system_server crash_dump:process sigkill;
-allow system_server webview_zygote:process sigkill;
-allow system_server app_zygote:process sigkill;
+allow system_server {
+ app_zygote
+ crash_dump
+ webview_zygote
+ zygote
+}:process { sigkill signull };
# Read /system/bin/app_process.
allow system_server zygote_exec:file r_file_perms;
@@ -110,6 +126,8 @@
# Kill apps.
allow system_server appdomain:process { getpgid sigkill signal };
+# signull allowed for kill(pid, 0) existence test.
+allow system_server appdomain:process { signull };
# Set scheduling info for apps.
allow system_server appdomain:process { getsched setsched };
@@ -125,6 +143,7 @@
allow system_server bootanim:process { getsched setsched };
# Set scheduling info for psi monitor thread.
+# TODO: delete this line b/131761776
allow system_server kernel:process { getsched setsched };
# Allow system_server to write to /proc/<pid>/*
@@ -152,6 +171,9 @@
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs_wakeup_sources:file r_file_perms;
+# Read /sys/kernel/ion/*.
+allow system_server sysfs_ion:file r_file_perms;
+
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;
@@ -186,6 +208,7 @@
binder_call(system_server, dumpstate)
binder_call(system_server, fingerprintd)
binder_call(system_server, gatekeeperd)
+binder_call(system_server, gpuservice)
binder_call(system_server, idmap)
binder_call(system_server, installd)
binder_call(system_server, incidentd)
@@ -198,13 +221,11 @@
binder_call(system_server, vold)
binder_call(system_server, wificond)
binder_call(system_server, wpantund)
-userdebug_or_eng(`
- binder_call(system_server, perfprofd)
-')
binder_service(system_server)
# Use HALs
hal_client_domain(system_server, hal_allocator)
+hal_client_domain(system_server, hal_audio)
hal_client_domain(system_server, hal_authsecret)
hal_client_domain(system_server, hal_broadcastradio)
hal_client_domain(system_server, hal_codec2)
@@ -224,6 +245,7 @@
hal_client_domain(system_server, hal_omx)
hal_client_domain(system_server, hal_power)
hal_client_domain(system_server, hal_power_stats)
+hal_client_domain(system_server, hal_rebootescrow)
hal_client_domain(system_server, hal_sensors)
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
@@ -236,7 +258,6 @@
hal_client_domain(system_server, hal_weaver)
hal_client_domain(system_server, hal_wifi)
hal_client_domain(system_server, hal_wifi_hostapd)
-hal_client_domain(system_server, hal_wifi_offload)
hal_client_domain(system_server, hal_wifi_supplicant)
# Talk with graphics composer fences
@@ -267,6 +288,7 @@
mediametrics
mediaserver
mediaswcodec
+ netd
sdcardd
statsd
surfaceflinger
@@ -279,12 +301,17 @@
hal_camera_server
hal_codec2_server
hal_face_server
+ hal_fingerprint_server
+ hal_gnss_server
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
+ hal_neuralnetworks_server
hal_omx_server
+ hal_power_stats_server
hal_sensors_server
hal_vr_server
+ system_suspend_server
}:process { signal };
# Use sockets received over binder from various services.
@@ -297,6 +324,8 @@
allow system_server mediadrmserver:tcp_socket rw_socket_perms;
allow system_server mediadrmserver:udp_socket rw_socket_perms;
+userdebug_or_eng(`perfetto_producer({ system_server })')
+
# Get file context
allow system_server file_contexts_file:file r_file_perms;
# access for mac_permissions
@@ -319,7 +348,6 @@
r_dir_file(system_server, sysfs_wakeup_reasons)
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
-allow system_server sysfs_mac_address:file r_file_perms;
allow system_server sysfs_power:dir search;
allow system_server sysfs_power:file rw_file_perms;
allow system_server sysfs_thermal:dir search;
@@ -423,17 +451,15 @@
# with no DAC access to it, for dropbox to read.
allow system_server incident_data_file:file read;
+# Manage /data/misc/prereboot.
+allow system_server prereboot_data_file:dir rw_dir_perms;
+allow system_server prereboot_data_file:file create_file_perms;
+
# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over
# binder.
allow system_server perfetto_traces_data_file:file read;
allow system_server perfetto:fd use;
-# Allow dropbox to read /data/misc/perfprofd. Only the fd is sent over binder.
-userdebug_or_eng(`
- allow system_server perfprofd_data_file:file { getattr read };
- allow system_server perfprofd:fd use;
-')
-
# Manage /data/backup.
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms;
@@ -450,6 +476,10 @@
allow system_server adb_keys_file:dir create_dir_perms;
allow system_server adb_keys_file:file create_file_perms;
+# Manage /data/misc/emergencynumberdb
+allow system_server emergency_data_file:dir create_dir_perms;
+allow system_server emergency_data_file:file create_file_perms;
+
# Manage /data/misc/network_watchlist
allow system_server network_watchlist_data_file:dir create_dir_perms;
allow system_server network_watchlist_data_file:file create_file_perms;
@@ -588,6 +618,8 @@
set_prop(system_server, exported_overlay_prop)
set_prop(system_server, pm_prop)
set_prop(system_server, exported_pm_prop)
+set_prop(system_server, socket_hook_prop)
+set_prop(system_server, audio_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
@@ -605,6 +637,10 @@
set_prop(system_server, device_config_runtime_native_boot_prop)
set_prop(system_server, device_config_runtime_native_prop)
set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_storage_native_boot_prop)
+set_prop(system_server, device_config_sys_traced_prop)
+set_prop(system_server, device_config_window_manager_native_boot_prop)
+set_prop(system_server, device_config_configuration_prop)
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
@@ -634,9 +670,24 @@
# Read gsid.image_running.
get_prop(system_server, gsid_prop)
+# Read the property that mocks an OTA
+get_prop(system_server, mock_ota_prop)
+
+# Read the property as feature flag for protecting apks with fs-verity.
+get_prop(system_server, apk_verity_prop)
+
+# Read wifi.interface
+get_prop(system_server, wifi_prop)
+
+# Read the vendor property that indicates if Incremental features is enabled
+get_prop(system_server, incremental_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
+# Create a socket for connections from zygotes.
+allow system_server system_unsolzygote_socket:sock_file create_file_perms;
+
# Manage cache files.
allow system_server cache_file:lnk_file r_file_perms;
allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms };
@@ -703,6 +754,7 @@
allow system_server audioserver_service:service_manager find;
allow system_server batteryproperties_service:service_manager find;
allow system_server cameraserver_service:service_manager find;
+allow system_server dataloader_manager_service:service_manager find;
allow system_server dnsresolver_service:service_manager find;
allow system_server drmserver_service:service_manager find;
allow system_server dumpstate_service:service_manager find;
@@ -713,13 +765,13 @@
allow system_server hal_fingerprint_service:service_manager find;
allow system_server idmap_service:service_manager find;
allow system_server incident_service:service_manager find;
+allow system_server incremental_service:service_manager find;
allow system_server installd_service:service_manager find;
allow system_server iorapd_service:service_manager find;
allow system_server keystore_service:service_manager find;
allow system_server mediaserver_service:service_manager find;
allow system_server mediametrics_service:service_manager find;
allow system_server mediaextractor_service:service_manager find;
-allow system_server mediacodec_service:service_manager find;
allow system_server mediadrmserver_service:service_manager find;
allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find;
@@ -729,10 +781,7 @@
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server vold_service:service_manager find;
-allow system_server wificond_service:service_manager find;
-userdebug_or_eng(`
- allow system_server perfprofd_service:service_manager find;
-')
+allow system_server wifinl80211_service:service_manager find;
add_service(system_server, batteryproperties_service)
@@ -785,9 +834,6 @@
allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
allow system_server fingerprintd_data_file:file { getattr unlink };
-# Allow system process to read network MAC address
-allow system_server sysfs_mac_address:file r_file_perms;
-
userdebug_or_eng(`
# Allow system server to create and write method traces in /data/misc/trace.
allow system_server method_trace_data_file:dir w_dir_perms;
@@ -816,6 +862,12 @@
allow system_server adbd:fd use;
allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+# Read service.adb.tls.port, persist.adb.wifi. properties
+get_prop(system_server, adbd_prop)
+
+# Set persist.adb.tls_server.enable property
+set_prop(system_server, system_adbd_prop)
+
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
@@ -846,6 +898,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
@@ -870,6 +923,9 @@
allow system_server debugfs_wifi_tracing:dir search;
allow system_server debugfs_wifi_tracing:file rw_file_perms;
+# Allow system_server to read tracepoint ids in order to attach BPF programs to them.
+allow system_server debugfs_tracing:file r_file_perms;
+
# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
# asanwrapper.
with_asan(`
@@ -879,10 +935,11 @@
')
# allow system_server to read the eBPF maps that stores the traffic stats information and update
-# the map after snapshot is recorded
+# the map after snapshot is recorded, and to read, update and run the maps and programs used for
+# time in state accounting
allow system_server fs_bpf:dir search;
allow system_server fs_bpf:file { read write };
-allow system_server bpfloader:bpf { map_read map_write };
+allow system_server bpfloader:bpf { map_read map_write prog_run };
# ART Profiles.
# Allow system_server to open profile snapshots for read.
@@ -900,6 +957,8 @@
userdebug_or_eng(`
allow system_server user_profile_data_file:file create_file_perms;
')
+# Allow system server to load JVMTI agents under control of a property.
+get_prop(system_server,system_jvmti_agent_prop)
# UsbDeviceManager uses /dev/usb-ffs
allow system_server functionfs:dir search;
@@ -908,6 +967,10 @@
# system_server contains time / time zone detection logic so reads the associated properties.
get_prop(system_server, time_prop)
+# system_server reads this property to know it should expect the lmkd sends notification to it
+# on low memory kills.
+get_prop(system_server, system_lmk_prop)
+
###
### Neverallow rules
###
@@ -950,6 +1013,16 @@
# Only allow crash_dump to connect to system_ndebug_socket.
neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
+# Only allow zygotes to connect to system_unsolzygote_socket.
+neverallow {
+ domain
+ -init
+ -system_server
+ -zygote
+ -app_zygote
+ -webview_zygote
+} system_unsolzygote_socket:sock_file { open write };
+
# Only allow init, system_server, flags_health_check to set properties for server configurable flags
neverallow {
domain
@@ -963,6 +1036,9 @@
device_config_runtime_native_boot_prop
device_config_runtime_native_prop
device_config_media_native_prop
+ device_config_storage_native_boot_prop
+ device_config_sys_traced_prop
+ device_config_window_manager_native_boot_prop
}:property_service set;
# system_server should never be executing dex2oat. This is either
@@ -984,8 +1060,13 @@
# system_server should never use JIT functionality
# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html
# in the section titled "A Short ROP Chain" for why.
-neverallow system_server self:process execmem;
-neverallow system_server ashmem_device:chr_file execute;
+# However, in emulator builds without OpenGL passthrough, we use software
+# rendering via SwiftShader, which requires JIT support. These builds are
+# never shipped to users.
+ifelse(target_requires_insecure_execmem_for_swiftshader, `true',
+ `allow system_server self:process execmem;',
+ `neverallow system_server self:process execmem;')
+neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute;
# TODO: deal with tmpfs_domain pub/priv split properly
neverallow system_server system_server_tmpfs:file execute;
@@ -999,6 +1080,9 @@
allow system_server apex_service:service_manager find;
allow system_server apexd:binder call;
+# Allow system server to scan /apex for flattened APEXes
+allow system_server apex_mnt_dir:dir r_dir_perms;
+
# Allow system server to communicate to system-suspend's control interface
allow system_server system_suspend_control_service:service_manager find;
binder_call(system_server, system_suspend)
@@ -1014,12 +1098,43 @@
allow system_server apex_data_file:dir { getattr search };
allow system_server apex_data_file:file r_file_perms;
+# Allow the system server to read files under /vendor/apex. This is where
+# vendor APEX packages might be installed and system_server needs to parse
+# these packages to inspect the signatures and other metadata.
+allow system_server vendor_apex_file:dir { getattr search };
+allow system_server vendor_apex_file:file r_file_perms;
+
+# Allow the system server to manage relevant apex module data files.
+allow system_server apex_module_data_file:dir { getattr search };
+allow system_server apex_permission_data_file:dir create_dir_perms;
+allow system_server apex_permission_data_file:file create_file_perms;
+allow system_server apex_wifi_data_file:dir create_dir_perms;
+allow system_server apex_wifi_data_file:file create_file_perms;
+
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
# communicate which slots are available for use.
allow system_server metadata_file:dir search;
allow system_server password_slot_metadata_file:dir rw_dir_perms;
allow system_server password_slot_metadata_file:file create_file_perms;
+# Allow system server rw access to files in /metadata/staged-install folder
+allow system_server staged_install_file:dir rw_dir_perms;
+allow system_server staged_install_file:file create_file_perms;
+
+# Allow init to set sysprop used to compute stats about userspace reboot.
+set_prop(system_server, userspace_reboot_log_prop)
+
+# JVMTI agent settings are only readable from the system server.
+neverallow {
+ domain
+ -system_server
+ -dumpstate
+ -init
+ -vendor_init
+} {
+ system_jvmti_agent_prop
+}:file no_rw_file_perms;
+
# Read/Write /proc/pressure/memory
allow system_server proc_pressure_mem:file rw_file_perms;
@@ -1042,3 +1157,16 @@
-system_server
} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+ binder_cache_system_server_prop:property_service set;
+
+# Allow system server to attach BPF programs to tracepoints. Deny read permission so that
+# system_server cannot use this access to read perf event data like process stacks.
+allow system_server self:perf_event { open write cpu kernel };
+neverallow system_server self:perf_event ~{ open write cpu kernel };
+
+# Do not allow any domain other than init or system server to set the property
+neverallow { domain -init -system_server } socket_hook_prop:property_service set;
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index f1427a9..902941e 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -7,13 +7,6 @@
allow system_server_startup self:process execmem;
allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };
-# Allow to pick up integrity-checked artifacts from the dalvik cache.
-allow system_server_startup dalvikcache_data_file:dir r_dir_perms;
-allow system_server_startup dalvikcache_data_file:file { r_file_perms execute };
-
-# While doing the above, will touch the apex mount dir.
-allow system_server_startup mnt_expand_file:dir getattr;
-
# Allow system_server_startup to run setcon() and enter the
# system_server domain
allow system_server_startup self:process setcurrent;
diff --git a/private/system_suspend.te b/private/system_suspend.te
index 961cd67..d33dc8e 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -10,10 +10,11 @@
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
-# TODO(b/128923994): remove once all debugging info moves to SystemSuspend.
-# Access to /sys/power/{ wake_lock, wake_unlock } suspend blocker interface.
-allow system_suspend self:global_capability2_class_set block_suspend;
-allow system_suspend sysfs_wake_lock:file rw_file_perms;
+# Access to wakeup and suspend stats.
+r_dir_file(system_suspend, sysfs_suspend_stats)
+r_dir_file(system_suspend, sysfs_wakeup)
+# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
+allow system_suspend sysfs_type:dir search;
neverallow {
domain
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 289f69e..fdcd0a3 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -20,6 +20,10 @@
; Unfortunately, we can't currently express this in module policy language:
(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
+; Apps, except isolated apps, are clients of Drm-related services
+; Unfortunately, we can't currently express this in module policy language:
+(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app))))))
+
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
; typeattribute { appdomain -isolated_app } hal_configstore_client;
diff --git a/private/traced.te b/private/traced.te
index 2d7d07f..2410d7e 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -24,7 +24,10 @@
allow traced perfetto:fd use;
allow traced shell:fd use;
allow traced shell:fifo_file { read write };
-allow traced perfetto_traces_data_file:file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
@@ -36,6 +39,23 @@
allow traced iorapd:fd use;
allow traced iorapd_tmpfs:file { read write };
+# Allow traced to use shared memory supplied by producers. Typically, traced
+# (i.e. the tracing service) creates the shared memory used for data transfer
+# from the producer. This rule allows an alternative scheme, where the producer
+# creates the shared memory, that is then adopted by traced (after validating
+# that it is appropriately sealed).
+# This list has to replicate the tmpfs domains of all applicable domains that
+# have perfetto_producer() macro applied to them.
+# perfetto_tmpfs excluded as it should never need to use the producer-supplied
+# shared memory scheme.
+allow traced {
+ appdomain_tmpfs
+ heapprofd_tmpfs
+ surfaceflinger_tmpfs
+ traced_probes_tmpfs
+ userdebug_or_eng(`system_server_tmpfs')
+}:file { getattr map read write };
+
# Allow traced to notify Traceur when a trace ends by setting the
# sys.trace.trace_end_signal property.
set_prop(traced, system_trace_prop)
@@ -61,7 +81,9 @@
# passed through the socket.
neverallow traced {
data_file_type
+ -perfetto_traces_data_file
-system_data_file
+ -system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
# subsequent neverallow. Currently only getattr and search are allowed.
-vendor_data_file
diff --git a/private/traced_perf.te b/private/traced_perf.te
new file mode 100644
index 0000000..9483e6c
--- /dev/null
+++ b/private/traced_perf.te
@@ -0,0 +1,58 @@
+# Performance profiler, backed by perf_event_open(2).
+# See go/perfetto-perf-android.
+typeattribute traced_perf coredomain;
+typeattribute traced_perf mlstrustedsubject;
+
+type traced_perf_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(traced_perf)
+perfetto_producer(traced_perf)
+
+# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide
+# profiling, but retain samples only for profileable processes.
+# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH
+# check (which would require a process:attach SELinux allow-rule).
+allow traced_perf self:perf_event { open cpu kernel read write tracepoint };
+
+# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a
+# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of
+# sampled stacks, which requires opening the backing libraries/executables (as
+# symbols are usually not mapped into the process space). Not all such files
+# are world-readable, e.g. odex files that included user profiles during
+# profile-guided optimization.
+allow traced_perf self:capability { kill dac_read_search };
+
+# Allow reading /system/data/packages.list.
+allow traced_perf packages_list_file:file r_file_perms;
+
+# Allow reading files for stack unwinding and symbolization.
+r_dir_file(traced_perf, nativetest_data_file)
+r_dir_file(traced_perf, system_file_type)
+r_dir_file(traced_perf, apk_data_file)
+r_dir_file(traced_perf, dalvikcache_data_file)
+r_dir_file(traced_perf, vendor_file_type)
+
+# Do not audit the cases where traced_perf attempts to access /proc/[pid] for
+# domains that it cannot read.
+dontaudit traced_perf domain:dir { search getattr open };
+
+# Do not audit failures to signal a process, as there are cases when this is
+# expected (native processes on debug builds use the policy for enforcing which
+# processes are profileable).
+dontaudit traced_perf domain:process signal;
+
+# Never allow access to app data files
+neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
+
+# Never allow profiling highly privileged processes.
+never_profile_heap(`{
+ bpfloader
+ init
+ kernel
+ keystore
+ llkd
+ logd
+ ueventd
+ vendor_init
+ vold
+}')
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 4820e3f..dd6ece0 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -1,14 +1,14 @@
# Perfetto tracing probes, has tracefs access.
type traced_probes_exec, system_file_type, exec_type, file_type;
+type traced_probes_tmpfs, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced_probes)
+tmpfs_domain(traced_probes)
# Write trace data to the Perfetto traced damon. This requires connecting to its
# producer socket and obtaining a (per-process) tmpfs fd.
-allow traced_probes traced:fd use;
-allow traced_probes traced_tmpfs:file { read write getattr map };
-unix_socket_connect(traced_probes, traced_producer, traced)
+perfetto_producer(traced_probes)
# Allow traced_probes to access tracefs.
allow traced_probes debugfs_tracing:dir r_dir_perms;
@@ -74,6 +74,9 @@
hal_client_domain(traced_probes, hal_health)
hal_client_domain(traced_probes, hal_power_stats)
+# Allow access to Atrace HAL for enabling vendor/device specific tracing categories.
+hal_client_domain(traced_probes, hal_atrace)
+
# On debug builds allow to ingest system logs into the trace.
userdebug_or_eng(`read_logd(traced_probes)')
@@ -98,6 +101,7 @@
-apk_data_file
-dalvikcache_data_file
-system_data_file
+ -system_data_root_file
-system_app_data_file
-backup_data_file
-bootstat_data_file
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index c15fa22..6e7a99c 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -1,20 +1,11 @@
###
### Untrusted apps.
###
-### This file defines the rules for untrusted apps.
-### Apps are labeled based on mac_permissions.xml (maps signer and
-### optionally package name to seinfo value) and seapp_contexts (maps UID
-### and optionally seinfo value to domain for process and type for data
-### directory). The untrusted_app domain is the default assignment in
-### seapp_contexts for any app with UID between APP_AID (10000)
-### and AID_ISOLATED_START (99000) if the app has no specific seinfo
-### value as determined from mac_permissions.xml. In current AOSP, this
-### domain is assigned to all non-system apps as well as to any system apps
-### that are not signed by the platform key. To move
-### a system app into a specific domain, add a signer entry for it to
-### mac_permissions.xml and assign it one of the pre-existing seinfo values
-### or define and use a new seinfo value in both mac_permissions.xml and
-### seapp_contexts.
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion >= 30.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
###
typeattribute untrusted_app coredomain;
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index a35d81b..a1abc41 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -4,19 +4,8 @@
### This file defines the rules for untrusted apps running with
### targetSdkVersion <= 25.
###
-### Apps are labeled based on mac_permissions.xml (maps signer and
-### optionally package name to seinfo value) and seapp_contexts (maps UID
-### and optionally seinfo value to domain for process and type for data
-### directory). The untrusted_app domain is the default assignment in
-### seapp_contexts for any app with UID between APP_AID (10000)
-### and AID_ISOLATED_START (99000) if the app has no specific seinfo
-### value as determined from mac_permissions.xml. In current AOSP, this
-### domain is assigned to all non-system apps as well as to any system apps
-### that are not signed by the platform key. To move
-### a system app into a specific domain, add a signer entry for it to
-### mac_permissions.xml and assign it one of the pre-existing seinfo values
-### or define and use a new seinfo value in both mac_permissions.xml and
-### seapp_contexts.
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
###
typeattribute untrusted_app_25 coredomain;
@@ -26,11 +15,6 @@
net_domain(untrusted_app_25)
bluetooth_domain(untrusted_app_25)
-# b/34115651, b/33308258 - net.dns* properties read
-# This will go away in a future Android release
-get_prop(untrusted_app_25, net_dns_prop)
-auditallow untrusted_app_25 net_dns_prop:file read;
-
# b/35917228 - /proc/misc access
# This will go away in a future Android release
allow untrusted_app_25 proc_misc:file r_file_perms;
@@ -61,3 +45,9 @@
# ASharedMemory instead.
allow untrusted_app_25 ashmem_device:chr_file rw_file_perms;
auditallow untrusted_app_25 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms;
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_25 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index eaa1791..b7b6d72 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -4,20 +4,8 @@
### This file defines the rules for untrusted apps running with
### 25 < targetSdkVersion <= 28.
###
-### This file defines the rules for untrusted apps.
-### Apps are labeled based on mac_permissions.xml (maps signer and
-### optionally package name to seinfo value) and seapp_contexts (maps UID
-### and optionally seinfo value to domain for process and type for data
-### directory). The untrusted_app_27 domain is the default assignment in
-### seapp_contexts for any app with UID between APP_AID (10000)
-### and AID_ISOLATED_START (99000) if the app has no specific seinfo
-### value as determined from mac_permissions.xml. In current AOSP, this
-### domain is assigned to all non-system apps as well as to any system apps
-### that are not signed by the platform key. To move
-### a system app into a specific domain, add a signer entry for it to
-### mac_permissions.xml and assign it one of the pre-existing seinfo values
-### or define and use a new seinfo value in both mac_permissions.xml and
-### seapp_contexts.
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
###
typeattribute untrusted_app_27 coredomain;
@@ -45,3 +33,9 @@
# ASharedMemory instead.
allow untrusted_app_27 ashmem_device:chr_file rw_file_perms;
auditallow untrusted_app_27 ashmem_device:chr_file open;
+
+# Read /mnt/sdcard symlink.
+allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms;
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_27 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te
new file mode 100644
index 0000000..344ae89
--- /dev/null
+++ b/private/untrusted_app_29.te
@@ -0,0 +1,19 @@
+###
+### Untrusted_29.
+###
+### This file defines the rules for untrusted apps running with
+### targetSdkVersion = 29.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app_29 coredomain;
+
+app_domain(untrusted_app_29)
+untrusted_app_domain(untrusted_app_29)
+net_domain(untrusted_app_29)
+bluetooth_domain(untrusted_app_29)
+
+# allow binding to netlink route sockets and sending RTM_GETLINK messages.
+allow untrusted_app_29 self:netlink_route_socket { bind nlmsg_readpriv };
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 3c20c08..d9fd5a1 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -92,7 +92,6 @@
allow untrusted_app_all drmserver_service:service_manager find;
allow untrusted_app_all mediaserver_service:service_manager find;
allow untrusted_app_all mediaextractor_service:service_manager find;
-allow untrusted_app_all mediacodec_service:service_manager find;
allow untrusted_app_all mediametrics_service:service_manager find;
allow untrusted_app_all mediadrmserver_service:service_manager find;
allow untrusted_app_all nfc_service:service_manager find;
@@ -104,14 +103,6 @@
# Allow untrusted apps to interact with gpuservice
binder_call(untrusted_app_all, gpuservice)
-# Allow GMS core to access perfprofd output, which is stored
-# in /data/misc/perfprofd/. GMS core will need to list all
-# data stored in that directory to process them one by one.
-userdebug_or_eng(`
- allow untrusted_app_all perfprofd_data_file:file r_file_perms;
- allow untrusted_app_all perfprofd_data_file:dir r_dir_perms;
-')
-
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
@@ -144,13 +135,11 @@
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-allow untrusted_app_all traced:fd use;
-allow untrusted_app_all traced_tmpfs:file { read write getattr map };
-unix_socket_connect(untrusted_app_all, traced_producer, traced)
+perfetto_producer(untrusted_app_all)
-# Allow heap profiling if the app opts in by being marked
-# profileable/debuggable.
+# Allow profiling if the app opts in by being marked profileable/debuggable.
can_profile_heap(untrusted_app_all)
+can_profile_perf(untrusted_app_all)
# allow untrusted apps to use UDP sockets provided by the system server but not
# modify them other than to connect
@@ -173,12 +162,6 @@
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app_all)
-# Attempts to write to system_data_file is generally a sign
-# that apps are attempting to access encrypted storage before
-# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
-# denial to prevent third party apps from spamming the logs.
-dontaudit untrusted_app_all system_data_file:dir write;
-
# Allow access to kcov via its ioctl interface for coverage
# guided kernel fuzzing.
userdebug_or_eng(`
@@ -186,6 +169,7 @@
allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
')
-# Allow access to ashmemd to request /dev/ashmem fds.
-binder_call(untrusted_app_all, ashmemd)
-allow untrusted_app_all ashmem_device:chr_file { getattr read ioctl lock map append write };
+# Allow signalling simpleperf domain, which is the domain that the simpleperf
+# profiler runs as when executed by the app. The signals are used to control
+# the profiler (which would be profiling the app that is sending the signal).
+allow untrusted_app_all simpleperf:process signal;
diff --git a/private/update_engine.te b/private/update_engine.te
index 5af7db6..e4e7009 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -1,3 +1,7 @@
typeattribute update_engine coredomain;
init_daemon_domain(update_engine);
+
+# Allow to talk to gsid.
+allow update_engine gsi_service:service_manager find;
+binder_call(update_engine, gsid)
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 50efc22..6a68f1f 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -2,3 +2,6 @@
# Sometimes we have to write to non-existent files to avoid conditional
# init behavior. See b/35303861 for an example.
dontaudit vendor_init sysfs:dir write;
+
+# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
+allow vendor_init system_data_root_file:dir rw_dir_perms;
diff --git a/private/viewcompiler.te b/private/viewcompiler.te
index 3c9c1ee..d1f0964 100644
--- a/private/viewcompiler.te
+++ b/private/viewcompiler.te
@@ -17,7 +17,7 @@
allow viewcompiler app_data_file:file { getattr write };
# Allow the view compiler to read resources from the apps APK.
-allow viewcompiler apk_data_file:file read;
+allow viewcompiler apk_data_file:file { read map };
# priv-apps are moving to a world where they can only execute
# signed code. Make sure viewcompiler never can write to privapp
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 348d3ce..f3ec058 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -14,6 +14,10 @@
vendor_data_file
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file
@@ -23,6 +27,10 @@
vold_data_file
}:dir { create_dir_perms relabelto };
allow vold_prepare_subdirs {
+ apex_module_data_file
+ apex_permission_data_file
+ apex_rollback_data_file
+ apex_wifi_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file
@@ -32,5 +40,6 @@
system_data_file
vold_data_file
}:file { getattr unlink };
+allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
diff --git a/private/vzwomatrigger_app.te b/private/vzwomatrigger_app.te
new file mode 100644
index 0000000..8deb22b
--- /dev/null
+++ b/private/vzwomatrigger_app.te
@@ -0,0 +1,6 @@
+###
+### A domain for further sandboxing the VzwOmaTrigger app.
+###
+type vzwomatrigger_app, domain;
+
+app_domain(vzwomatrigger_app)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 2f5007a..969ab9c 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -64,8 +64,8 @@
# Directory listing in /system.
allow webview_zygote system_file:dir r_dir_perms;
-# Read system properties managed by zygote.
-allow webview_zygote zygote_tmpfs:file read;
+# Read and inspect temporary files (like system properties) managed by zygote.
+allow webview_zygote zygote_tmpfs:file { read getattr };
# Child of zygote.
allow webview_zygote zygote:fd use;
allow webview_zygote zygote:process sigchld;
@@ -77,6 +77,9 @@
allow webview_zygote system_data_file:lnk_file r_file_perms;
+# Send unsolicited message to system_server
+unix_socket_send(webview_zygote, system_unsolzygote, system_server)
+
#####
##### Neverallow
#####
@@ -113,7 +116,6 @@
neverallow webview_zygote {
service_manager_type
-activity_service
- -ashmem_device_service
-webviewupdate_service
}:service_manager find;
diff --git a/private/wificond.te b/private/wificond.te
index cc76447..5476e33 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -1,4 +1,3 @@
typeattribute wificond coredomain;
init_daemon_domain(wificond)
-hal_client_domain(wificond, hal_wifi_offload)
diff --git a/private/zygote.te b/private/zygote.te
index 0466372..5f08f8d 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -3,6 +3,7 @@
typeattribute zygote mlstrustedsubject;
init_daemon_domain(zygote)
+tmpfs_domain(zygote)
read_runtime_log_tags(zygote)
@@ -49,8 +50,49 @@
# is ensured by fsverity protection (checked in art_apex_boot_integrity).
allow zygote dalvikcache_data_file:file execute;
+# Bind mount on /data/data and mounted volumes
+allow zygote { system_data_file mnt_expand_file }:dir mounton;
+
+# Relabel /data/user /data/user_de and /data/data
+allow zygote tmpfs:{ dir lnk_file } relabelfrom;
+allow zygote system_data_file:{ dir lnk_file } relabelto;
+
+# Zygote opens /mnt/expand to mount CE DE storage on each vol
+allow zygote mnt_expand_file:dir { open read search relabelto };
+
+# Bind mount subdirectories on /data/misc/profiles/cur
+allow zygote { user_profile_data_file }:dir { mounton search };
+
+# Create and bind dirs on /data/data
+allow zygote tmpfs:dir { create_dir_perms mounton };
+
+# Goes into media directory and bind mount obb directory
+allow zygote media_rw_data_file:dir { getattr search };
+
+# Read if sdcardfs is supported
+allow zygote proc_filesystems:file r_file_perms;
+
+# Create symlink for /data/user/0
+allow zygote tmpfs:lnk_file create;
+
+allow zygote mirror_data_file:dir r_dir_perms;
+
+# Get inode of data directories
+allow zygote {
+ system_data_file
+ radio_data_file
+ app_data_file
+ shell_data_file
+ bluetooth_data_file
+ privapp_data_file
+ nfc_data_file
+ mnt_expand_file
+}:dir getattr;
+
# Allow zygote to create JIT memory.
allow zygote self:process execmem;
+allow zygote zygote_tmpfs:file execute;
+allow zygote ashmem_libcutils_device:chr_file execute;
# Execute idmap and dex2oat within zygote's own domain.
# TODO: Should either of these be transitioned to the same domain
@@ -93,18 +135,16 @@
allow zygote mnt_user_file:dir { create_dir_perms mounton };
allow zygote mnt_user_file:lnk_file create_file_perms;
allow zygote mnt_user_file:file create_file_perms;
+
+# Allow mounting user-specific storage source if started before vold.
+allow zygote mnt_pass_through_file:dir { create_dir_perms mounton };
+
# Allowed to mount user-specific storage into place
allow zygote storage_file:dir { search mounton };
# Allow mounting and creating files, dirs on sdcardfs.
-# TODO: reduce this back to only sdcardfs once b/123533205 is root-caused
-# (Technically "sdcardfs" and "media_rw_data_file" are equivalent, since
-# sdcardfs simply wraps files stored under /data/media.)
-allow zygote { sdcard_type media_rw_data_file }:dir { create_dir_perms mounton };
-allow zygote { sdcard_type media_rw_data_file }:file { create_file_perms };
-
-# Allow zygote to expand app files while preloading libraries
-allow zygote mnt_expand_file:dir getattr;
+allow zygote { sdcard_type }:dir { create_dir_perms mounton };
+allow zygote { sdcard_type }:file { create_file_perms };
# Handle --invoke-with command when launching Zygote with a wrapper command.
allow zygote zygote_exec:file rx_file_perms;
@@ -140,9 +180,26 @@
get_prop(zygote, device_config_runtime_native_prop)
get_prop(zygote, device_config_runtime_native_boot_prop)
+# Allow the zygote to access window manager native boot feature flags
+# to initialize WindowManager static properties.
+get_prop(zygote, device_config_window_manager_native_boot_prop)
+
# ingore spurious denials
dontaudit zygote self:global_capability_class_set sys_resource;
+# Ignore spurious denials calling access() on fuse
+# TODO(b/151316657): avoid the denials
+dontaudit zygote media_rw_data_file:dir setattr;
+
+# Allow zygote to use ashmem fds from system_server.
+allow zygote system_server:fd use;
+
+# Send unsolicited message to system_server
+unix_socket_send(zygote, system_unsolzygote, system_server)
+
+# Allow zygote to access media_variant_prop for static initialization
+get_prop(zygote, media_variant_prop)
+
###
### neverallow rules
###
@@ -174,3 +231,9 @@
bluetooth_prop
exported_bluetooth_prop
}:file create_file_perms;
+
+# Zygote should not be able to access app private data.
+neverallow zygote {
+ privapp_data_file
+ app_data_file
+}:dir ~getattr;
diff --git a/property_contexts.mk b/property_contexts.mk
deleted file mode 100644
index eb19d20..0000000
--- a/property_contexts.mk
+++ /dev/null
@@ -1,170 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-plat_pcfiles := $(call build_policy, property_contexts, $(PLAT_PRIVATE_POLICY))
-ifeq ($(PRODUCT_COMPATIBLE_PROPERTY),true)
-plat_pcfiles += $(LOCAL_PATH)/public/property_contexts
-endif
-
-plat_property_contexts.tmp := $(intermediates)/plat_property_contexts.tmp
-$(plat_property_contexts.tmp): PRIVATE_PC_FILES := $(plat_pcfiles)
-$(plat_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_property_contexts.tmp): $(plat_pcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(plat_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
- @mkdir -p $(dir $@)
- $(hide) cp -f $< $@
- $(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
-
-built_plat_pc := $(LOCAL_BUILT_MODULE)
-plat_pcfiles :=
-plat_property_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := product_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_pcfiles := $(call build_policy, property_contexts, $(PRODUCT_PRIVATE_POLICY))
-
-product_property_contexts.tmp := $(intermediates)/product_property_contexts.tmp
-$(product_property_contexts.tmp): PRIVATE_PC_FILES := $(product_pcfiles)
-$(product_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_property_contexts.tmp): $(product_pcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(product_property_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/property_info_checker
- @mkdir -p $(dir $@)
- $(hide) cp -f $< $@
- $(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $@
-
-built_product_pc := $(LOCAL_BUILT_MODULE)
-product_pcfiles :=
-product_property_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := vendor_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_pcfiles := $(call build_policy, property_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-
-vendor_property_contexts.tmp := $(intermediates)/vendor_property_contexts.tmp
-$(vendor_property_contexts.tmp): PRIVATE_PC_FILES := $(vendor_pcfiles)
-$(vendor_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_property_contexts.tmp): $(vendor_pcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
-$(LOCAL_BUILT_MODULE): $(vendor_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
- @mkdir -p $(dir $@)
- $(hide) cp -f $< $@
- $(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $@
-
-built_vendor_pc := $(LOCAL_BUILT_MODULE)
-vendor_pcfiles :=
-vendor_property_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := odm_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-odm_pcfiles := $(call build_policy, property_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
-
-odm_property_contexts.tmp := $(intermediates)/odm_property_contexts.tmp
-$(odm_property_contexts.tmp): PRIVATE_PC_FILES := $(odm_pcfiles)
-$(odm_property_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_property_contexts.tmp): $(odm_pcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_PC_FILES) > $@
-
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_PLAT_PC := $(built_plat_pc)
-$(LOCAL_BUILT_MODULE): PRIVATE_BUILT_VENDOR_PC := $(built_vendor_pc)
-$(LOCAL_BUILT_MODULE): $(odm_property_contexts.tmp) $(built_sepolicy) $(built_plat_pc) $(built_vendor_pc) $(HOST_OUT_EXECUTABLES)/property_info_checker
- @mkdir -p $(dir $@)
- $(hide) cp -f $< $@
- $(hide) $(HOST_OUT_EXECUTABLES)/property_info_checker $(PRIVATE_SEPOLICY) $(PRIVATE_BUILT_PLAT_PC) $(PRIVATE_BUILT_VENDOR_PC) $@
-
-built_odm_pc := $(LOCAL_BUILT_MODULE)
-odm_pcfiles :=
-odm_property_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_property_contexts.recovery
-LOCAL_MODULE_STEM := plat_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_plat_pc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := product_property_contexts.recovery
-LOCAL_MODULE_STEM := product_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_product_pc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := vendor_property_contexts.recovery
-LOCAL_MODULE_STEM := vendor_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_vendor_pc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := odm_property_contexts.recovery
-LOCAL_MODULE_STEM := odm_property_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_odm_pc)
- $(hide) cp -f $< $@
diff --git a/public/adbd.te b/public/adbd.te
index 68a176c..4a1f633 100644
--- a/public/adbd.te
+++ b/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/public/aidl_lazy_test_server.te b/public/aidl_lazy_test_server.te
new file mode 100644
index 0000000..626d008
--- /dev/null
+++ b/public/aidl_lazy_test_server.te
@@ -0,0 +1,9 @@
+type aidl_lazy_test_server, domain;
+type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type;
+
+userdebug_or_eng(`
+ binder_use(aidl_lazy_test_server)
+ binder_call(aidl_lazy_test_server, binderservicedomain)
+
+ add_service(aidl_lazy_test_server, aidl_lazy_test_service)
+')
diff --git a/public/apexd.te b/public/apexd.te
index 3957ed6..93c257f 100644
--- a/public/apexd.te
+++ b/public/apexd.te
@@ -7,7 +7,7 @@
set_prop(apexd, apexd_prop)
neverallow { domain -init -apexd -system_server } apex_service:service_manager find;
-neverallow { domain -init -apexd -system_server } apexd:binder call;
+neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call;
neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace;
diff --git a/public/app.te b/public/app.te
index 5c48e71..e5b9fd6 100644
--- a/public/app.te
+++ b/public/app.te
@@ -11,7 +11,7 @@
# WebView and other application-specific JIT compilers
allow appdomain self:process execmem;
-allow appdomain ashmem_device:chr_file execute;
+allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute;
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;
@@ -293,6 +293,8 @@
use_keystore({ appdomain -isolated_app -ephemeral_app })
+use_credstore({ appdomain -isolated_app -ephemeral_app })
+
allow appdomain console_device:chr_file { read write };
# only allow unprivileged socket ioctl commands
@@ -315,7 +317,7 @@
allow appdomain proc_meminfo:file r_file_perms;
# For app fuse.
-allow appdomain app_fuse_file:file { getattr read append write };
+allow appdomain app_fuse_file:file { getattr read append write map };
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client)
pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager)
@@ -357,9 +359,6 @@
allow appdomain system_server_tmpfs:file { getattr map read write };
allow appdomain zygote_tmpfs:file { map read };
-# Allow vendor apps access to ashmemd to request /dev/ashmem fds.
-binder_call({ appdomain -coredomain }, ashmemd)
-
###
### Neverallow rules
###
@@ -393,7 +392,7 @@
neverallow appdomain tee_device:chr_file { read write };
# Privileged netlink socket interfaces.
-neverallow appdomain
+neverallow { appdomain -network_stack }
domain:{
netlink_tcpdiag_socket
netlink_nflog_socket
@@ -467,10 +466,10 @@
# Write to various other parts of /data.
neverallow appdomain drm_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app }
apk_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
-neverallow { appdomain -platform_app }
+neverallow { appdomain -platform_app -system_app }
apk_tmp_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
neverallow { appdomain -platform_app }
@@ -485,6 +484,7 @@
neverallow { appdomain -bluetooth }
bluetooth_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
+neverallow { domain -credstore -init } credstore_data_file:dir_file_class_set *;
neverallow appdomain
keystore_data_file:dir_file_class_set
{ create write setattr relabelfrom relabelto append unlink link rename };
diff --git a/public/ashmemd.te b/public/ashmemd.te
deleted file mode 100644
index 542f093..0000000
--- a/public/ashmemd.te
+++ /dev/null
@@ -1 +0,0 @@
-type ashmemd, domain;
diff --git a/public/attributes b/public/attributes
index 857efc5..0c91692 100644
--- a/public/attributes
+++ b/public/attributes
@@ -86,6 +86,49 @@
# These properties are not accessible from device-specific domains
attribute extended_core_property_type;
+# Properties used for representing ownership. All properties should have one
+# of: system_property_type, product_property_type, or vendor_property_type.
+
+# All properties defined by /system.
+attribute system_property_type;
+expandattribute system_property_type false;
+
+# All /system-defined properties used only in /system.
+attribute system_internal_property_type;
+expandattribute system_internal_property_type false;
+
+# All /system-defined properties which can't be written outside /system.
+attribute system_restricted_property_type;
+expandattribute system_restricted_property_type false;
+
+# All /system-defined properties with no restrictions.
+attribute system_public_property_type;
+expandattribute system_public_property_type false;
+
+# All properties defined by /product.
+# Currently there are no enforcements between /system and /product, so for now
+# /product attributes are just replaced to /system attributes.
+define(`product_property_type', `system_property_type')
+define(`product_internal_type', `system_internal_property_type')
+define(`product_restricted_type', `system_restricted_property_type')
+define(`product_public_type', `system_public_property_type')
+
+# All properties defined by /vendor.
+attribute vendor_property_type;
+expandattribute vendor_property_type false;
+
+# All /vendor-defined properties used only in /vendor.
+attribute vendor_internal_property_type;
+expandattribute vendor_internal_property_type false;
+
+# All /vendor-defined properties which can't be written outside /vendor.
+attribute vendor_restricted_property_type;
+expandattribute vendor_restricted_property_type false;
+
+# All /vendor-defined properties with no restrictions.
+attribute vendor_public_property_type;
+expandattribute vendor_public_property_type false;
+
# All service_manager types created by system_server
attribute system_server_service;
@@ -98,6 +141,12 @@
# services which export only system_api
attribute system_api_service;
+# services which served by vendor and also using the copy of libbinder on
+# system (for instance via libbinder_ndk). services using a different copy
+# of libbinder currently need their own context manager (e.g.
+# vndservicemanager)
+attribute vendor_service;
+
# All types used for services managed by servicemanager.
# On change, update CHECK_SC_ASSERT_ATTRS
# definition in tools/checkfc.c.
@@ -114,6 +163,9 @@
# All HwBinder services guaranteed to be offered only by core domain components
attribute coredomain_hwservice;
+# All HwBinder services that untrusted apps can't directly access
+attribute protected_hwservice;
+
# All types used for services managed by vndservicemanager
attribute vndservice_manager_type;
@@ -251,6 +303,8 @@
hal_attribute(bufferhub);
hal_attribute(broadcastradio);
hal_attribute(camera);
+hal_attribute(can_bus);
+hal_attribute(can_controller);
hal_attribute(cas);
hal_attribute(codec2);
hal_attribute(configstore);
@@ -267,6 +321,7 @@
hal_attribute(graphics_composer);
hal_attribute(health);
hal_attribute(health_storage);
+hal_attribute(identity);
hal_attribute(input_classifier);
hal_attribute(ir);
hal_attribute(keymaster);
@@ -279,6 +334,7 @@
hal_attribute(omx);
hal_attribute(power);
hal_attribute(power_stats);
+hal_attribute(rebootescrow);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
@@ -286,6 +342,7 @@
hal_attribute(thermal);
hal_attribute(tv_cec);
hal_attribute(tv_input);
+hal_attribute(tv_tuner);
hal_attribute(usb);
hal_attribute(usb_gadget);
hal_attribute(vehicle);
@@ -294,7 +351,6 @@
hal_attribute(weaver);
hal_attribute(wifi);
hal_attribute(wifi_hostapd);
-hal_attribute(wifi_offload);
hal_attribute(wifi_supplicant);
# HwBinder services offered across the core-vendor boundary
@@ -304,6 +360,7 @@
# from one core domain to another, without having to update the vendor image
# which contains clients of this service.
+attribute automotive_display_service_server;
attribute camera_service_server;
attribute display_service_server;
attribute scheduler_service_server;
diff --git a/public/audioserver.te b/public/audioserver.te
index 2ad86e3..a8a33cc 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -1,3 +1,6 @@
# audioserver - audio services daemon
type audioserver, domain;
type audioserver_tmpfs, file_type;
+
+# Allow audioserver to signal audio HAL processes and dump their stacks.
+allow audioserver hal_audio_server:process signal;
diff --git a/public/bootanim.te b/public/bootanim.te
index e8cb98b..bd2bec6 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -23,6 +23,7 @@
allow bootanim audioserver_service:service_manager find;
allow bootanim surfaceflinger_service:service_manager find;
+allow bootanim surfaceflinger:unix_stream_socket { read write };
# Allow access to ion memory allocation device
allow bootanim ion_device:chr_file rw_file_perms;
diff --git a/public/bootstat.te b/public/bootstat.te
index a2a060b..e91f2a5 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -15,6 +15,9 @@
set_prop(bootstat, bootloader_boot_reason_prop)
set_prop(bootstat, system_boot_reason_prop)
set_prop(bootstat, last_boot_reason_prop)
+allow bootstat metadata_file:dir search;
+allow bootstat metadata_bootstat_file:dir rw_dir_perms;
+allow bootstat metadata_bootstat_file:file create_file_perms;
# ToDo: TBI move access for the following to a system health HAL
@@ -36,6 +39,7 @@
-bootanim
-bootstat
-dumpstate
+ userdebug_or_eng(`-incidentd')
-init
-recovery
-shell
diff --git a/public/charger.te b/public/charger.te
index 238b413..4b341ea 100644
--- a/public/charger.te
+++ b/public/charger.te
@@ -42,3 +42,7 @@
set_prop(charger, exported_system_prop)
set_prop(charger, exported2_system_prop)
set_prop(charger, exported3_system_prop)
+
+get_prop(charger, charger_prop)
+
+hal_client_domain(charger, hal_health)
diff --git a/public/clatd.te b/public/clatd.te
deleted file mode 100644
index 35d6190..0000000
--- a/public/clatd.te
+++ /dev/null
@@ -1,36 +0,0 @@
-# 464xlat daemon
-type clatd, domain;
-type clatd_exec, system_file_type, exec_type, file_type;
-
-net_domain(clatd)
-
-r_dir_file(clatd, proc_net_type)
-userdebug_or_eng(`
- auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
-')
-
-# Access objects inherited from netd.
-allow clatd netd:fd use;
-allow clatd netd:fifo_file { read write };
-# TODO: Check whether some or all of these sockets should be close-on-exec.
-allow clatd netd:netlink_kobject_uevent_socket { read write };
-allow clatd netd:netlink_nflog_socket { read write };
-allow clatd netd:netlink_route_socket { read write };
-allow clatd netd:udp_socket { read write };
-allow clatd netd:unix_stream_socket { read write };
-allow clatd netd:unix_dgram_socket { read write };
-
-allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
-
-# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
-# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
-# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have
-# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices
-# so we permit any requests we see from clatd asking for this capability.
-# See https://android-review.googlesource.com/127940 and
-# https://b.corp.google.com/issues/21736319
-allow clatd self:global_capability_class_set ipc_lock;
-
-allow clatd self:netlink_route_socket nlmsg_write;
-allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
-allow clatd tun_device:chr_file rw_file_perms;
\ No newline at end of file
diff --git a/public/credstore.te b/public/credstore.te
new file mode 100644
index 0000000..db16a8d
--- /dev/null
+++ b/public/credstore.te
@@ -0,0 +1,16 @@
+type credstore, domain;
+type credstore_exec, system_file_type, exec_type, file_type;
+
+# credstore daemon
+binder_use(credstore)
+binder_service(credstore)
+binder_call(credstore, system_server)
+
+allow credstore credstore_data_file:dir create_dir_perms;
+allow credstore credstore_data_file:file create_file_perms;
+
+add_service(credstore, credstore_service)
+allow credstore sec_key_att_app_id_provider_service:service_manager find;
+allow credstore dropbox_service:service_manager find;
+
+r_dir_file(credstore, cgroup)
diff --git a/public/device.te b/public/device.te
index e20a68b..32563d6 100644
--- a/public/device.te
+++ b/public/device.te
@@ -1,6 +1,7 @@
# Device types
type device, dev_type, fs_type;
type ashmem_device, dev_type, mlstrustedobject;
+type ashmem_libcutils_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
type hwbinder_device, dev_type, mlstrustedobject;
@@ -50,6 +51,7 @@
type tun_device, dev_type, mlstrustedobject;
type usbaccessory_device, dev_type, mlstrustedobject;
type usb_device, dev_type, mlstrustedobject;
+type usb_serial_device, dev_type;
type properties_device, dev_type;
type properties_serial, dev_type;
type property_info, dev_type;
diff --git a/public/dnsmasq.te b/public/dnsmasq.te
index d189c89..86f1eb1 100644
--- a/public/dnsmasq.te
+++ b/public/dnsmasq.te
@@ -23,3 +23,6 @@
allow dnsmasq netd:unix_stream_socket { getattr read write };
allow dnsmasq netd:unix_dgram_socket { read write };
allow dnsmasq netd:udp_socket { read write };
+
+# sometimes a network device vanishes and we try to load module netdev-{devicename}
+dontaudit dnsmasq kernel:system module_request;
diff --git a/public/domain.te b/public/domain.te
index f348701..8cb4950 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -70,28 +70,20 @@
allow domain owntty_device:chr_file rw_file_perms;
allow domain null_device:chr_file rw_file_perms;
allow domain zero_device:chr_file rw_file_perms;
-allow {
- domain
- # TODO(b/113362644): route coredomain to ashmemd
- #-coredomain
- -mediaprovider
- -ephemeral_app
- -isolated_app
- -untrusted_app_all
-} ashmem_device:chr_file rw_file_perms;
-# Allow using fds to /dev/ashmem.
-allow domain ashmemd:fd use;
+# /dev/ashmem is being deprecated by means of constraining and eventually
+# removing all "open" permissions. We preserve the other permissions.
+allow domain ashmem_device:chr_file { getattr read ioctl lock map append write };
+# This device is used by libcutils, which is accessible to everyone.
+allow domain ashmem_libcutils_device:chr_file rw_file_perms;
-# /dev/binder can be accessed by non-vendor domains and by apps
-allow {
- coredomain
- appdomain
- binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- -hwservicemanager
-} binder_device:chr_file rw_file_perms;
-# Devices which are not full TREBLE have fewer restrictions on access to /dev/binder
-not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
+# /dev/binder can be accessed by ... everyone! :)
+allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
+
+# /dev/binderfs needs to be accessed by everyone too!
+allow domain binderfs:dir { getattr search };
+allow domain binderfs_logs_proc:dir search;
+
allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
allow domain random_device:chr_file rw_file_perms;
@@ -113,6 +105,14 @@
get_prop(domain, exported_vold_prop)
get_prop(domain, exported2_default_prop)
get_prop(domain, logd_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, vendor_socket_hook_prop)
+get_prop(domain, vndk_prop)
+
+# Binder cache properties are world-readable
+get_prop(domain, binder_cache_bluetooth_server_prop)
+get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
@@ -136,10 +136,12 @@
allow domain system_file:lnk_file { getattr read };
# Global access to /system/etc/security/cacerts/*, /system/etc/seccomp_policy/*, /system/lib[64]/*,
-# linker and its config.
+# /(system|product|system_ext)/etc/(group|passwd), linker and its config.
allow domain system_seccomp_policy_file:file r_file_perms;
# cacerts are accessible from public Java API.
allow domain system_security_cacerts_file:file r_file_perms;
+allow domain system_group_file:file r_file_perms;
+allow domain system_passwd_file:file r_file_perms;
allow domain system_linker_exec:file { execute read open getattr map };
allow domain system_linker_config_file:file r_file_perms;
allow domain system_lib_file:file { execute read open getattr map };
@@ -221,8 +223,9 @@
allow domain system_data_file:dir getattr;
')
allow { coredomain appdomain } system_data_file:dir getattr;
-# /data has the label system_data_file. Vendor components need the search
-# permission on system_data_file for path traversal to /data/vendor.
+# /data has the label system_data_root_file. Vendor components need the search
+# permission on system_data_root_file for path traversal to /data/vendor.
+allow domain system_data_root_file:dir { search getattr } ;
allow domain system_data_file:dir search;
# TODO restrict this to non-coredomain
allow domain vendor_data_file:dir { getattr search };
@@ -236,9 +239,6 @@
# /dev/cpu_variant:.*
allow domain dev_cpu_variant:file r_file_perms;
-# jemalloc needs to read /proc/sys/vm/overcommit_memory
-allow domain proc_overcommit_memory:file r_file_perms;
-
# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
allow domain proc_perf:file r_file_perms;
@@ -421,11 +421,9 @@
neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write };
neverallow { domain -init -vendor_init } proc_security:file { append open read write };
-# Nobody is allowed to make binder calls into init.
-# Only servicemanager may transfer binder references to init
-# vendor_init shouldn't use binder at all.
-neverallow * init:binder ~{ transfer };
-neverallow { domain -servicemanager } init:binder { transfer };
+# Init can't do anything with binder calls. If this neverallow rule is being
+# triggered, it's probably due to a service with no SELinux domain.
+neverallow * init:binder *;
neverallow * vendor_init:binder *;
# Don't allow raw read/write/open access to block_device
@@ -506,9 +504,9 @@
# system_app_service rather than the generic type.
# New service_types are defined in {,hw,vnd}service.te and new mappings
# from service name to service_type are defined in {,hw,vnd}service_contexts.
-neverallow * default_android_service:service_manager add;
-neverallow * default_android_vndservice:service_manager { add find };
-neverallow * default_android_hwservice:hwservice_manager { add find };
+neverallow * default_android_service:service_manager *;
+neverallow * default_android_vndservice:service_manager *;
+neverallow * default_android_hwservice:hwservice_manager *;
# Looking up the base class/interface of all HwBinder services is a bad idea.
# hwservicemanager currently offer such lookups only to make it so that security
@@ -523,6 +521,7 @@
# anyone but init to modify unknown properties.
neverallow { domain -init -vendor_init } default_prop:property_service set;
neverallow { domain -init -vendor_init } mmc_prop:property_service set;
+neverallow { domain -init -vendor_init } vndk_prop:property_service set;
compatible_property_only(`
neverallow { domain -init } default_prop:property_service set;
@@ -532,6 +531,7 @@
neverallow { domain -init } exported2_default_prop:property_service set;
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
# Only core domains are allowed to access package_manager properties
@@ -553,8 +553,10 @@
-hal_camera_server
-hal_cas_server
-hal_drm_server
+ userdebug_or_eng(`-incidentd')
-init
-mediadrmserver
+ -mediaserver
-recovery
-shell
-system_server
@@ -625,30 +627,23 @@
neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
-# On full TREBLE devices, only core components and apps can use Binder and servicemanager. Non-core
-# domain apps need this because Android framework offers many of its services to apps as Binder
-# services.
+# system services cant add vendor services
+neverallow {
+ coredomain
+} vendor_service:service_manager add;
+
full_treble_only(`
+ # vendor services cant add system services
neverallow {
domain
-coredomain
- -appdomain
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } binder_device:chr_file rw_file_perms;
+ -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone
+ } {
+ service_manager_type
+ -vendor_service
+ }:service_manager add;
')
-# libcutils can probe for /dev/binder permissions with access(). Ignore
-# generated denials. See b/129073672 for details.
-dontaudit domain binder_device:chr_file audit_access;
-
-full_treble_only(`
- neverallow {
- domain
- -coredomain
- -appdomain # restrictions for vendor apps are declared lower down
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } service_manager_type:service_manager find;
-')
full_treble_only(`
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
# services which can change any time framework/core is updated, breakage is likely.
@@ -662,6 +657,8 @@
-audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
-cameraserver_service
-drmserver_service
+ -hal_light_service # TODO(b/148154485) remove once all violators are gone
+ -credstore_service
-keystore_service
-mediadrmserver_service
-mediaextractor_service
@@ -674,14 +671,6 @@
-vr_manager_service
}:service_manager find;
')
-full_treble_only(`
- neverallow {
- domain
- -coredomain
- -appdomain
- -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
- } servicemanager:binder { call transfer };
-')
# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder.
full_treble_only(`
@@ -745,20 +734,11 @@
userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
-init
-tombstoned # linker to tombstoned
- userdebug_or_eng('-heapprofd`)
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
});
')
- # Vendor domains (except netdomain) are not permitted to initiate communications to netd sockets
-full_treble_only(`
- neverallow_establish_socket_comms({
- domain
- -coredomain
- -netdomain
- -socket_between_core_and_vendor_violators
- }, netd);
-')
-
# Vendor domains are not permitted to initiate create/open sockets owned by core domains
full_treble_only(`
neverallow {
@@ -884,6 +864,7 @@
} {
core_data_file_type
-system_data_file # default label for files on /data. Covered below...
+ -system_data_root_file
-vendor_data_file
-zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
@@ -895,6 +876,7 @@
core_data_file_type
-unencrypted_data_file
-system_data_file
+ -system_data_root_file
-vendor_data_file
-zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
@@ -946,6 +928,7 @@
coredomain
-init
-shell
+ -ueventd
} vendor_shell_exec:file { execute execute_no_trans };
')
@@ -963,6 +946,8 @@
-system_lib_file
-system_linker_exec
-crash_dump_exec
+ -iorap_prefetcherd_exec
+ -iorap_inode2filename_exec
-netutils_wrapper_exec
userdebug_or_eng(`-tcpdump_exec')
}:file { entrypoint execute execute_no_trans };
@@ -976,6 +961,7 @@
-init
-shell
-system_executes_vendor_violators
+ -ueventd
} {
vendor_file_type
-same_process_hal_file
@@ -1004,17 +990,22 @@
# TODO(b/37168747): clean up fwk access to /vendor
-crash_dump
-init # starts vendor executables
+ -iorap_inode2filename
+ -iorap_prefetcherd
-kernel # loads /vendor/firmware
- userdebug_or_eng(`-perfprofd')
userdebug_or_eng(`-heapprofd')
-shell
-system_executes_vendor_violators
+ -traced_perf # library/binary access for symbolization
-ueventd # reads /vendor/ueventd.rc
+ -vold # loads incremental fs driver
} {
vendor_file_type
-same_process_hal_file
-vendor_app_file
+ -vendor_apex_file
-vendor_configs_file
+ -vendor_service_contexts_file
-vendor_framework_file
-vendor_idc_file
-vendor_keychars_file
@@ -1041,13 +1032,16 @@
system_file_type
-crash_dump_exec
-file_contexts_file
+ -iorap_inode2filename_exec
-netutils_wrapper_exec
-property_contexts_file
-system_event_log_tags_file
+ -system_group_file
-system_lib_file
with_asan(`-system_asan_options_file')
-system_linker_exec
-system_linker_config_file
+ -system_passwd_file
-system_seccomp_policy_file
-system_security_cacerts_file
-system_zoneinfo_file
@@ -1169,6 +1163,7 @@
-appdomain # finer-grained rules for appdomain are listed below
-system_server #populate com.android.providers.settings/databases/settings.db.
-installd # creation of app sandbox
+ -iorap_inode2filename
-traced_probes # resolve inodes for i/o tracing.
# only needs open and read, the rest is neverallow in
# traced_probes.te.
@@ -1193,10 +1188,11 @@
-zygote
} shell:process { transition dyntransition };
-# Only domains spawned from zygote, runas and simpleperf_app_runner may have the appdomain
-# attribute.
+# Only domains spawned from zygote, runas and simpleperf_app_runner may have
+# the appdomain attribute. simpleperf is excluded as a domain transitioned to
+# when running an app-scoped profiling session.
neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } {
- appdomain -shell userdebug_or_eng(`-su')
+ appdomain -shell -simpleperf userdebug_or_eng(`-su')
}:process { transition dyntransition };
# Minimize read access to shell- or app-writable symlinks.
@@ -1291,6 +1287,9 @@
# Do not allow executable files in debugfs.
neverallow domain debugfs_type:file { execute execute_no_trans };
+# Don't allow access to the FUSE control filesystem, except to vold and init's
+neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
+
# Profiles contain untrusted data and profman parses that. We should only run
# in from installd forked processes.
neverallow {
@@ -1302,7 +1301,7 @@
# Enforce restrictions on kernel module origin.
# Do not allow kernel module loading except from system,
# vendor, and boot partitions.
-neverallow * ~{ system_file vendor_file rootfs }:system module_load;
+neverallow * ~{ system_file_type vendor_file_type rootfs }:system module_load;
# Only allow filesystem caps to be set at build time. Runtime changes
# to filesystem capabilities are not permitted.
@@ -1328,10 +1327,12 @@
-appdomain
-bootanim
-crash_dump
- -init
- -kernel
- -perfprofd
-heapprofd
+ -init
+ -iorap_inode2filename
+ -iorap_prefetcherd
+ -kernel
+ -traced_perf
-ueventd
} vendor_file:file { no_w_file_perms no_x_file_perms open };
')
@@ -1408,3 +1409,12 @@
-hal_codec2_server
-hal_omx_server
} hal_codec2_hwservice:hwservice_manager add;
+
+# Only apps targetting < Q are allowed to open /dev/ashmem directly.
+# Apps must use ASharedMemory NDK API. Native code must use libcutils API.
+neverallow {
+ domain
+ -ephemeral_app # We don't distinguish ephemeral apps based on target API.
+ -untrusted_app_25
+ -untrusted_app_27
+} ashmem_device:chr_file open;
diff --git a/public/drmserver.te b/public/drmserver.te
index b7b641c..e2c6638 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te
@@ -10,6 +10,7 @@
binder_use(drmserver)
binder_call(drmserver, system_server)
binder_call(drmserver, appdomain)
+binder_call(drmserver, mediametrics)
binder_service(drmserver)
# Inherit or receive open files from system_server.
allow drmserver system_server:fd use;
@@ -48,8 +49,12 @@
allow drmserver oemfs:dir search;
allow drmserver oemfs:file r_file_perms;
+# overlay package access
+allow drmserver vendor_overlay_file:file { read map };
+
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
+allow drmserver mediametrics_service:service_manager find;
selinux_check_access(drmserver)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index c89d200..8d99a3c 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -81,15 +81,18 @@
hal_codec2_server
hal_drm_server
hal_face_server
+ hal_fingerprint_server
hal_graphics_allocator_server
hal_graphics_composer_server
hal_health_server
+ hal_neuralnetworks_server
hal_omx_server
hal_power_server
hal_power_stats_server
hal_sensors_server
hal_thermal_server
hal_vr_server
+ system_suspend_server
}:process signal;
# Connect to tombstoned to intercept dumps.
@@ -133,9 +136,11 @@
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, { appdomain netd wificond })
-hal_client_domain(dumpstate, hal_dumpstate)
-hal_client_domain(dumpstate, hal_wifi)
-hal_client_domain(dumpstate, hal_graphics_allocator)
+dump_hal(hal_identity)
+dump_hal(hal_dumpstate)
+dump_hal(hal_wifi)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_neuralnetworks)
# Vibrate the device after we are done collecting the bugreport
hal_client_domain(dumpstate, hal_vibrator)
@@ -214,10 +219,12 @@
')
# Access /data/misc/logd
-userdebug_or_eng(`
- allow dumpstate misc_logd_file:dir r_dir_perms;
- allow dumpstate misc_logd_file:file r_file_perms;
-')
+allow dumpstate misc_logd_file:dir r_dir_perms;
+allow dumpstate misc_logd_file:file r_file_perms;
+
+# Access /data/misc/prereboot
+allow dumpstate prereboot_data_file:dir r_dir_perms;
+allow dumpstate prereboot_data_file:file r_file_perms;
allow dumpstate app_fuse_file:dir r_dir_perms;
allow dumpstate overlayfs_file:dir r_dir_perms;
@@ -227,17 +234,16 @@
-apex_service
-dumpstate_service
-gatekeeper_service
- -iorapd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
+ -default_android_service
}:service_manager find;
# suppress denials for services dumpstate should not be accessing.
dontaudit dumpstate {
apex_service
dumpstate_service
gatekeeper_service
- iorapd_service
virtual_touchpad_service
vold_service
vr_hwc_service
@@ -277,9 +283,16 @@
# Allow dumpstate to run top
allow dumpstate proc_stat:file r_file_perms;
+allow dumpstate proc_pressure_cpu:file r_file_perms;
+allow dumpstate proc_pressure_mem:file r_file_perms;
+allow dumpstate proc_pressure_io:file r_file_perms;
+
# Allow dumpstate to talk to installd over binder
binder_call(dumpstate, installd);
+# Allow dumpstate to talk to iorapd over binder.
+binder_call(dumpstate, iorapd)
+
# Allow dumpstate to run ip xfrm policy
allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
@@ -291,9 +304,21 @@
# Allow dumpstate to run ss
allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
+# Allow dumpstate to read linkerconfig directory
+allow dumpstate linkerconfig_file:dir { read open };
+
# For when dumpstate runs df
-dontaudit dumpstate mnt_vendor_file:dir search;
-dontaudit dumpstate apex_mnt_dir:dir getattr;
+dontaudit dumpstate {
+ mnt_vendor_file
+ mirror_data_file
+ mnt_user_file
+}:dir search;
+dontaudit dumpstate {
+ apex_mnt_dir
+ linkerconfig_file
+ mirror_data_file
+ mnt_user_file
+}:dir getattr;
# Allow dumpstate to talk to bufferhubd over binder
binder_call(dumpstate, bufferhubd);
@@ -301,9 +326,22 @@
# Allow dumpstate to talk to mediaswcodec over binder
binder_call(dumpstate, mediaswcodec);
+# Allow dumpstate to talk to these stable AIDL services over binder
+binder_call(dumpstate, hal_rebootescrow_server)
+allow hal_rebootescrow_server dumpstate:fifo_file write;
+allow hal_rebootescrow_server dumpstate:fd use;
+
# Allow dumpstate to kill vendor dumpstate service by init
set_prop(dumpstate, ctl_dumpstate_prop)
+#Access /data/misc/snapshotctl_log
+allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
+allow dumpstate snapshotctl_log_data_file:file r_file_perms;
+
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs:dir r_dir_perms;
+allow dumpstate binderfs_logs:file r_file_perms;
+
###
### neverallow rules
###
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 8ebe387..8787817 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -45,6 +45,7 @@
allow fastbootd dm_device:chr_file rw_file_perms;
allow fastbootd dm_device:blk_file rw_file_perms;
+ allow fastbootd cache_block_device:blk_file rw_file_perms;
allow fastbootd super_block_device_type:blk_file rw_file_perms;
allow fastbootd {
boot_block_device
@@ -53,12 +54,13 @@
userdata_block_device
}:blk_file { w_file_perms getattr ioctl };
- # For disabling/wiping GSI.
+ # For disabling/wiping GSI, and for modifying/deleting files created via
+ # libfiemap.
allow fastbootd metadata_block_device:blk_file r_file_perms;
allow fastbootd {rootfs tmpfs}:dir mounton;
- allow fastbootd metadata_file:dir search;
- allow fastbootd gsi_metadata_file:dir r_dir_perms;
- allow fastbootd gsi_metadata_file:file rw_file_perms;
+ allow fastbootd metadata_file:dir { search getattr };
+ allow fastbootd gsi_metadata_file:dir rw_dir_perms;
+ allow fastbootd gsi_metadata_file:file create_file_perms;
allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
@@ -66,6 +68,7 @@
metadata_block_device
userdata_block_device
dm_device
+ cache_block_device
}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
allow fastbootd misc_block_device:blk_file rw_file_perms;
@@ -77,6 +80,9 @@
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
+ # Needed because libdm reads sysfs to validate when a dm path is ready.
+ r_dir_file(fastbootd, sysfs_dm)
+
# Needed for realpath() call to resolve symlinks.
allow fastbootd block_device:dir getattr;
userdebug_or_eng(`
@@ -104,6 +110,24 @@
allow fastbootd labeledfs:filesystem { mount unmount };
get_prop(fastbootd, persistent_properties_ready_prop)
')
+
+ # Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(fastbootd, gsid_prop)
+ allow fastbootd gsi_metadata_file:dir search;
+ allow fastbootd ota_metadata_file:dir rw_dir_perms;
+ allow fastbootd ota_metadata_file:file create_file_perms;
+
+ # Determine allocation scheme (whether B partitions needs to be
+ # at the second half of super.
+ get_prop(fastbootd, virtual_ab_prop)
+
+ # Needed for TCP protocol
+ allow fastbootd node:tcp_socket node_bind;
+ allow fastbootd port:tcp_socket name_bind;
+ allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
+
+ # Get fastbootd protocol property
+ get_prop(fastbootd, fastbootd_protocol_prop)
')
###
diff --git a/public/file.te b/public/file.te
index da990e3..91257e2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -4,11 +4,15 @@
type sockfs, fs_type;
type rootfs, fs_type;
type proc, fs_type, proc_type;
+type binderfs, fs_type;
+type binderfs_logs, fs_type;
+type binderfs_logs_proc, fs_type;
# Security-sensitive proc nodes that should not be writable to most.
type proc_security, fs_type, proc_type;
type proc_drop_caches, fs_type, proc_type;
type proc_overcommit_memory, fs_type, proc_type;
type proc_min_free_order_shift, fs_type, proc_type;
+type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type;
type sysfs_usermodehelper, fs_type, sysfs_type;
@@ -32,6 +36,7 @@
type proc_keys, fs_type, proc_type;
type proc_kmsg, fs_type, proc_type;
type proc_loadavg, fs_type, proc_type;
+type proc_lowmemorykiller, fs_type, proc_type;
type proc_max_map_count, fs_type, proc_type;
type proc_meminfo, fs_type, proc_type;
type proc_misc, fs_type, proc_type;
@@ -70,6 +75,7 @@
type proc_vmstat, fs_type, proc_type;
type proc_zoneinfo, fs_type, proc_type;
type selinuxfs, fs_type, mlstrustedobject;
+type fusectlfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type cgroup_bpf, fs_type;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
@@ -79,8 +85,10 @@
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_devices_block, fs_type, sysfs_type;
type sysfs_dm, fs_type, sysfs_type;
+type sysfs_dm_verity, fs_type, sysfs_type;
type sysfs_dt_firmware_android, fs_type, sysfs_type;
type sysfs_extcon, fs_type, sysfs_type;
+type sysfs_ion, fs_type, sysfs_type;
type sysfs_ipv4, fs_type, sysfs_type;
type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
type sysfs_leds, fs_type, sysfs_type;
@@ -88,13 +96,14 @@
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
-type sysfs_mac_address, fs_type, sysfs_type;
type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
+type sysfs_suspend_stats, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
type sysfs_transparent_hugepage, fs_type, sysfs_type;
type sysfs_usb, fs_type, sysfs_type;
+type sysfs_wakeup, fs_type, sysfs_type;
type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;
type sysfs_fs_f2fs, sysfs_type, fs_type;
@@ -122,6 +131,7 @@
type vfat, sdcard_type, fs_type, mlstrustedobject;
type exfat, sdcard_type, fs_type, mlstrustedobject;
type debugfs, fs_type, debugfs_type;
+type debugfs_kprobes, fs_type, debugfs_type;
type debugfs_mmc, fs_type, debugfs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
@@ -129,6 +139,7 @@
type debugfs_tracing_instances, fs_type, debugfs_type;
type debugfs_wakeup_sources, fs_type, debugfs_type;
type debugfs_wifi_tracing, fs_type, debugfs_type;
+type securityfs, fs_type;
type pstorefs, fs_type;
type functionfs, fs_type, mlstrustedobject;
@@ -150,10 +161,14 @@
type system_lib_file, system_file_type, file_type;
# system libraries that are available only to bootstrap processes
type system_bootstrap_lib_file, system_file_type, file_type;
+# Default type for the group file /system/etc/group.
+type system_group_file, system_file_type, file_type;
# Default type for linker executable /system/bin/linker[64].
type system_linker_exec, system_file_type, file_type;
# Default type for linker config /system/etc/ld.config.*.
type system_linker_config_file, system_file_type, file_type;
+# Default type for the passwd file /system/etc/passwd.
+type system_passwd_file, system_file_type, file_type;
# Default type for linker config /system/etc/seccomp_policy/*.
type system_seccomp_policy_file, system_file_type, file_type;
# Default type for cacerts in /system/etc/security/cacerts/*.
@@ -170,6 +185,12 @@
type task_profiles_file, system_file_type, file_type;
# Vendor task profiles file under /vendor/etc/task_profiles.json
type vendor_task_profiles_file, vendor_file_type, file_type;
+# Type for /system/apex/com.android.art
+type art_apex_dir, system_file_type, file_type;
+# /linkerconfig(/.*)?
+type linkerconfig_file, file_type;
+# Control files under /data/incremental
+type incremental_control_file, file_type, data_file_type, core_data_file_type;
# Default type for directories search for
# HAL implementations
@@ -208,6 +229,12 @@
type password_slot_metadata_file, file_type;
# APEX files within /metadata
type apex_metadata_file, file_type;
+# libsnapshot files within /metadata
+type ota_metadata_file, file_type;
+# property files within /metadata/bootstat
+type metadata_bootstat_file, file_type;
+# Staged install files within /metadata/staged-install
+type staged_install_file, file_type;
# Type for /dev/cpu_variant:.*.
type dev_cpu_variant, file_type;
@@ -219,6 +246,8 @@
type cgroup_rc_file, file_type;
# /cores for coredumps on userdebug / eng builds
type coredump_file, file_type;
+# Type of /data itself
+type system_data_root_file, file_type, data_file_type, core_data_file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type, core_data_file_type;
# Type for /data/system/packages.list.
@@ -229,8 +258,7 @@
type vendor_data_file, file_type, data_file_type;
# Unencrypted data
type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
-# /data/.layout_version or other installd-created files that
-# are created in a system_data_file directory.
+# installd-create files in /data/misc/installd such as layout_version
type install_data_file, file_type, data_file_type, core_data_file_type;
# /data/drm - DRM plugin data
type drm_data_file, file_type, data_file_type, core_data_file_type;
@@ -260,6 +288,8 @@
type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/profman
type profman_dump_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/prereboot
+type prereboot_data_file, file_type, data_file_type, core_data_file_type;
# /data/resource-cache
type resourcecache_data_file, file_type, data_file_type, core_data_file_type;
# /data/local - writable by shell
@@ -286,11 +316,15 @@
type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type;
# /data/app-staging
type staging_data_file, file_type, data_file_type, core_data_file_type;
+# /vendor/apex
+type vendor_apex_file, vendor_file_type, file_type;
# Mount locations managed by vold
type mnt_media_rw_file, file_type;
type mnt_user_file, file_type;
+type mnt_pass_through_file, file_type;
type mnt_expand_file, file_type;
+type mnt_sdcard_file, file_type;
type storage_file, file_type;
# Label for storage dirs which are just mount stubs
@@ -313,8 +347,15 @@
# /postinstall/apex: Mount point used for APEX images within /postinstall.
type postinstall_apex_mnt_dir, file_type;
+# /data_mirror: Contains mirror directory for storing all apps data.
+type mirror_data_file, file_type, core_data_file_type;
+
# /data/misc subdirectories
type adb_keys_file, file_type, data_file_type, core_data_file_type;
+type apex_module_data_file, file_type, data_file_type, core_data_file_type;
+type apex_permission_data_file, file_type, data_file_type, core_data_file_type;
+type apex_rollback_data_file, file_type, data_file_type, core_data_file_type;
+type apex_wifi_data_file, file_type, data_file_type, core_data_file_type;
type audio_data_file, file_type, data_file_type, core_data_file_type;
type audioserver_data_file, file_type, data_file_type, core_data_file_type;
type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
@@ -322,6 +363,7 @@
type bootstat_data_file, file_type, data_file_type, core_data_file_type;
type boottrace_data_file, file_type, data_file_type, core_data_file_type;
type camera_data_file, file_type, data_file_type, core_data_file_type;
+type credstore_data_file, file_type, data_file_type, core_data_file_type;
type gatekeeper_data_file, file_type, data_file_type, core_data_file_type;
type incident_data_file, file_type, data_file_type, core_data_file_type;
type keychain_data_file, file_type, data_file_type, core_data_file_type;
@@ -335,6 +377,7 @@
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
type shared_relro_file, file_type, data_file_type, core_data_file_type;
+type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type;
type stats_data_file, file_type, data_file_type, core_data_file_type;
type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
@@ -344,7 +387,6 @@
type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
type vold_data_file, file_type, data_file_type, core_data_file_type;
type iorapd_data_file, file_type, data_file_type, core_data_file_type;
-type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type tee_data_file, file_type, data_file_type;
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
@@ -422,11 +464,13 @@
type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
+type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
type tombstoned_intercept_socket, file_type, coredomain_socket;
-type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
+type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject;
+type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
type uncrypt_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
@@ -464,8 +508,11 @@
# service_contexts file
type service_contexts_file, system_file_type, file_type;
+# vendor service_contexts file
+type vendor_service_contexts_file, vendor_file_type, file_type;
+
# nonplat service_contexts file (only accessible on non full-treble devices)
-type nonplat_service_contexts_file, file_type;
+type nonplat_service_contexts_file, vendor_file_type, file_type;
# hwservice_contexts file
type hwservice_contexts_file, system_file_type, file_type;
diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index 151c7c0..6315d44 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te
@@ -10,6 +10,10 @@
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_storage_native_boot_prop)
+set_prop(flags_health_check, device_config_sys_traced_prop)
+set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
+set_prop(flags_health_check, device_config_configuration_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/global_macros b/public/global_macros
index 1a1d593..2c87fde 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -22,7 +22,7 @@
# Common groupings of permissions.
#
define(`x_file_perms', `{ getattr execute execute_no_trans map }')
-define(`r_file_perms', `{ getattr open read ioctl lock map }')
+define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_reads }')
define(`w_file_perms', `{ open append write lock map }')
define(`rx_file_perms', `{ r_file_perms x_file_perms }')
define(`ra_file_perms', `{ r_file_perms append }')
@@ -30,7 +30,7 @@
define(`rwx_file_perms', `{ rw_file_perms x_file_perms }')
define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }')
-define(`r_dir_perms', `{ open getattr read search ioctl lock }')
+define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_reads }')
define(`w_dir_perms', `{ open search write add_name remove_name lock }')
define(`ra_dir_perms', `{ r_dir_perms add_name write }')
define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }')
diff --git a/public/gmscore_app.te b/public/gmscore_app.te
new file mode 100644
index 0000000..b574bf3
--- /dev/null
+++ b/public/gmscore_app.te
@@ -0,0 +1,5 @@
+###
+### A domain for further sandboxing the PrebuiltGMSCore app.
+###
+
+type gmscore_app, domain;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 2ce953a..5958f2c 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -17,6 +17,9 @@
allow hal_audio dumpstate:fd use;
allow hal_audio dumpstate:fifo_file write;
+# Needed to allow sound trigger hal to access shared memory from apps.
+allow hal_audio_server appdomain:fd use;
+
# allow hal audio to use vnbinder
vndbinder_use(hal_audio)
diff --git a/public/hal_can.te b/public/hal_can.te
new file mode 100644
index 0000000..c75495b
--- /dev/null
+++ b/public/hal_can.te
@@ -0,0 +1,9 @@
+# CAN controller
+binder_call(hal_can_controller_client, hal_can_controller_server)
+add_hwservice(hal_can_controller_server, hal_can_controller_hwservice)
+allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager find;
+
+# CAN bus
+binder_call(hal_can_bus_client, hal_can_bus_server)
+add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
+allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
diff --git a/public/hal_codec2.te b/public/hal_codec2.te
index 60cd3b0..8c7816a 100644
--- a/public/hal_codec2.te
+++ b/public/hal_codec2.te
@@ -1,3 +1,6 @@
+get_prop(hal_codec2_client, media_variant_prop)
+get_prop(hal_codec2_server, media_variant_prop)
+
binder_call(hal_codec2_client, hal_codec2_server)
binder_call(hal_codec2_server, hal_codec2_client)
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index 1a95b72..069da47 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -34,6 +34,7 @@
userdebug_or_eng(`-su')
-tombstoned
userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
}:{ unix_dgram_socket unix_stream_socket } *;
# Should never need access to anything on /data
diff --git a/public/hal_drm.te b/public/hal_drm.te
index bfee2d3..5987491 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -24,6 +24,9 @@
allow hal_drm ion_device:chr_file rw_file_perms;
allow hal_drm hal_graphics_allocator:fd use;
+# Allow access to hidl_memory allocation service
+allow hal_drm hal_allocator_server:fd use;
+
# Allow access to fds allocated by mediaserver
allow hal_drm mediaserver:fd use;
@@ -31,6 +34,8 @@
allow hal_drm tee_device:chr_file rw_file_perms;
+allow hal_drm_server { appdomain -isolated_app }:fd use;
+
# only allow unprivileged socket ioctl commands
allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
diff --git a/public/hal_evs.te b/public/hal_evs.te
index bf2e38b..789333a 100644
--- a/public/hal_evs.te
+++ b/public/hal_evs.te
@@ -2,4 +2,4 @@
hwbinder_use(hal_evs_server)
binder_call(hal_evs_client, hal_evs_server)
binder_call(hal_evs_server, hal_evs_client)
-allow hal_evs_client hal_evs_hwservice:hwservice_manager find;
+hal_attribute_hwservice(hal_evs, hal_evs_hwservice)
diff --git a/public/hal_identity.te b/public/hal_identity.te
new file mode 100644
index 0000000..3a95743
--- /dev/null
+++ b/public/hal_identity.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_identity_client, hal_identity_server)
+
+add_service(hal_identity_server, hal_identity_service)
+binder_call(hal_identity_server, servicemanager)
+
+allow hal_identity_client hal_identity_service:service_manager find;
diff --git a/public/hal_light.te b/public/hal_light.te
index 333fcac..7054d7b 100644
--- a/public/hal_light.te
+++ b/public/hal_light.te
@@ -4,6 +4,16 @@
hal_attribute_hwservice(hal_light, hal_light_hwservice)
+# client finds and uses server via service_manager
+allow hal_light_client hal_light_service:service_manager find;
+binder_use(hal_light_client)
+
+# server adds itself via service_manager
+add_service(hal_light_server, hal_light_service)
+binder_call(hal_light_server, servicemanager)
+
+allow hal_light_server dumpstate:fifo_file write;
+
allow hal_light sysfs_leds:lnk_file read;
allow hal_light sysfs_leds:file rw_file_perms;
allow hal_light sysfs_leds:dir r_dir_perms;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 1ef6cad..228d990 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -5,6 +5,8 @@
hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_allocator:fd use;
+allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_graphics_allocator:fd use;
# Allow NN HAL service to use a client-provided fd residing in /data/data/.
allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
@@ -13,6 +15,12 @@
# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/.
allow hal_neuralnetworks_server shell_data_file:file { read write getattr map };
+# Allow NN HAL service to read a client-provided ION memory fd.
+allow hal_neuralnetworks_server ion_device:chr_file r_file_perms;
+
+# Allow NN HAL service to use a client-provided fd residing in /storage
+allow hal_neuralnetworks_server storage_file:file { getattr map read };
+
# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product
# property to determine whether to deny NNAPI extensions use for apps
# on product partition (apps in GSI are not allowed to use NNAPI extensions).
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 0f05d8a..4117878 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -3,6 +3,7 @@
neverallow {
halserverdomain
-hal_bluetooth_server
+ -hal_can_controller_server
-hal_wifi_server
-hal_wifi_hostapd_server
-hal_wifi_supplicant_server
@@ -18,6 +19,7 @@
neverallow {
halserverdomain
-hal_automotive_socket_exemption
+ -hal_can_controller_server
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server
diff --git a/public/hal_omx.te b/public/hal_omx.te
index 707cae8..8e74383 100644
--- a/public/hal_omx.te
+++ b/public/hal_omx.te
@@ -22,6 +22,9 @@
allow hal_omx_client hidl_token_hwservice:hwservice_manager find;
+get_prop(hal_omx_client, media_variant_prop)
+get_prop(hal_omx_server, media_variant_prop)
+
binder_call(hal_omx_client, hal_omx_server)
binder_call(hal_omx_server, hal_omx_client)
diff --git a/public/hal_power.te b/public/hal_power.te
index 028011a..c94771b 100644
--- a/public/hal_power.te
+++ b/public/hal_power.te
@@ -3,3 +3,8 @@
binder_call(hal_power_server, hal_power_client)
hal_attribute_hwservice(hal_power, hal_power_hwservice)
+
+add_service(hal_power_server, hal_power_service)
+binder_call(hal_power_server, servicemanager)
+binder_call(hal_power_client, servicemanager)
+allow hal_power_client hal_power_service:service_manager find;
diff --git a/public/hal_rebootescrow.te b/public/hal_rebootescrow.te
new file mode 100644
index 0000000..4352630
--- /dev/null
+++ b/public/hal_rebootescrow.te
@@ -0,0 +1,7 @@
+# HwBinder IPC from client to server
+binder_call(hal_rebootescrow_client, hal_rebootescrow_server)
+
+add_service(hal_rebootescrow_server, hal_rebootescrow_service)
+binder_use(hal_rebootescrow_server)
+
+allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find;
diff --git a/public/hal_tv_tuner.te b/public/hal_tv_tuner.te
new file mode 100644
index 0000000..0da4ec7
--- /dev/null
+++ b/public/hal_tv_tuner.te
@@ -0,0 +1,4 @@
+binder_call(hal_tv_tuner_client, hal_tv_tuner_server)
+binder_call(hal_tv_tuner_server, hal_tv_tuner_client)
+
+hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice)
diff --git a/public/hal_vibrator.te b/public/hal_vibrator.te
index ab6138d..a34621d 100644
--- a/public/hal_vibrator.te
+++ b/public/hal_vibrator.te
@@ -1,8 +1,16 @@
-# HwBinder IPC from client to server
+# HwBinder IPC client/server
binder_call(hal_vibrator_client, hal_vibrator_server)
+binder_call(hal_vibrator_server, hal_vibrator_client);
hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
+add_service(hal_vibrator_server, hal_vibrator_service)
+binder_call(hal_vibrator_server, servicemanager)
+
+allow hal_vibrator_client hal_vibrator_service:service_manager find;
+
+allow hal_vibrator_server dumpstate:fifo_file write;
+
# vibrator sysfs rw access
allow hal_vibrator sysfs_vibrator:file rw_file_perms;
allow hal_vibrator sysfs_vibrator:dir search;
diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te
deleted file mode 100644
index 765e72a..0000000
--- a/public/hal_wifi_offload.te
+++ /dev/null
@@ -1,8 +0,0 @@
-## HwBinder IPC from client to server, and callbacks
-binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
-binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
-
-hal_attribute_hwservice(hal_wifi_offload, hal_wifi_offload_hwservice)
-
-r_dir_file(hal_wifi_offload, proc_net_type)
-r_dir_file(hal_wifi_offload, sysfs_type)
diff --git a/public/healthd.te b/public/healthd.te
index 5fe4add..7ea23e1 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -46,7 +46,6 @@
allow healthd input_device:chr_file r_file_perms;
allow healthd tty_device:chr_file rw_file_perms;
allow healthd ashmem_device:chr_file execute;
-allow healthd self:process execmem;
allow healthd proc_sysrq:file rw_file_perms;
# Healthd needs to tell init to continue the boot
diff --git a/public/hwservice.te b/public/hwservice.te
index 7425878..6f223dd 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -1,74 +1,96 @@
-type default_android_hwservice, hwservice_manager_type;
+# hwservice types. By default most of the HALs are protected_hwservice, which means
+# access from untrusted apps is prohibited.
+type default_android_hwservice, hwservice_manager_type, protected_hwservice;
+type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_audio_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_camera_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_health_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_ir_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_light_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_power_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_usb_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_vr_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice;
+type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice;
+type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice;
+
+# Following is the hwservices that are explicitly not marked with protected_hwservice.
+# These are directly accessible from untrusted apps.
+# - same process services: because they by definition run in the process
+# of the client and thus have the same access as the client domain in which
+# the process runs
+# - coredomain_hwservice: are considered safer than ordinary hwservices which
+# are from vendor partition
+# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been
+# designed for use by any domain.
+# - hal_graphics_allocator_hwservice: because these operations are also offered
+# by surfaceflinger Binder service, which apps are permitted to access
+# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec
+# Binder service which apps were permitted to access.
+# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice.
+# - hal_drm_hwservice: versions > API 29 are designed specifically with
+# untrusted app access in mind.
type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice;
-type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice;
-type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
-type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
-type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
-type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice;
-type hal_atrace_hwservice, hwservice_manager_type;
-type hal_audiocontrol_hwservice, hwservice_manager_type;
-type hal_audio_hwservice, hwservice_manager_type;
-type hal_authsecret_hwservice, hwservice_manager_type;
-type hal_bluetooth_hwservice, hwservice_manager_type;
-type hal_bootctl_hwservice, hwservice_manager_type;
-type hal_broadcastradio_hwservice, hwservice_manager_type;
-type hal_camera_hwservice, hwservice_manager_type;
+type hal_cas_hwservice, hwservice_manager_type;
type hal_codec2_hwservice, hwservice_manager_type;
type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type;
-type hal_confirmationui_hwservice, hwservice_manager_type;
-type hal_contexthub_hwservice, hwservice_manager_type;
type hal_drm_hwservice, hwservice_manager_type;
-type hal_cas_hwservice, hwservice_manager_type;
-type hal_dumpstate_hwservice, hwservice_manager_type;
-type hal_evs_hwservice, hwservice_manager_type;
-type hal_face_hwservice, hwservice_manager_type;
-type hal_fingerprint_hwservice, hwservice_manager_type;
-type hal_gatekeeper_hwservice, hwservice_manager_type;
-type hal_gnss_hwservice, hwservice_manager_type;
type hal_graphics_allocator_hwservice, hwservice_manager_type;
-type hal_graphics_composer_hwservice, hwservice_manager_type;
type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice;
-type hal_health_hwservice, hwservice_manager_type;
-type hal_health_storage_hwservice, hwservice_manager_type;
-type hal_input_classifier_hwservice, hwservice_manager_type;
-type hal_ir_hwservice, hwservice_manager_type;
-type hal_keymaster_hwservice, hwservice_manager_type;
-type hal_light_hwservice, hwservice_manager_type;
-type hal_lowpan_hwservice, hwservice_manager_type;
-type hal_memtrack_hwservice, hwservice_manager_type;
type hal_neuralnetworks_hwservice, hwservice_manager_type;
-type hal_nfc_hwservice, hwservice_manager_type;
-type hal_oemlock_hwservice, hwservice_manager_type;
type hal_omx_hwservice, hwservice_manager_type;
-type hal_power_hwservice, hwservice_manager_type;
-type hal_power_stats_hwservice, hwservice_manager_type;
type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
-type hal_secure_element_hwservice, hwservice_manager_type;
-type hal_sensors_hwservice, hwservice_manager_type;
-type hal_telephony_hwservice, hwservice_manager_type;
-type hal_tetheroffload_hwservice, hwservice_manager_type;
-type hal_thermal_hwservice, hwservice_manager_type;
-type hal_tv_cec_hwservice, hwservice_manager_type;
-type hal_tv_input_hwservice, hwservice_manager_type;
-type hal_usb_hwservice, hwservice_manager_type;
-type hal_usb_gadget_hwservice, hwservice_manager_type;
-type hal_vehicle_hwservice, hwservice_manager_type;
-type hal_vibrator_hwservice, hwservice_manager_type;
-type hal_vr_hwservice, hwservice_manager_type;
-type hal_weaver_hwservice, hwservice_manager_type;
-type hal_wifi_hwservice, hwservice_manager_type;
-type hal_wifi_hostapd_hwservice, hwservice_manager_type;
-type hal_wifi_offload_hwservice, hwservice_manager_type;
-type hal_wifi_supplicant_hwservice, hwservice_manager_type;
type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_base_hwservice, hwservice_manager_type;
type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
-type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
-type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
-type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
-type thermalcallback_hwservice, hwservice_manager_type;
###
### Neverallow rules
diff --git a/public/idmap.te b/public/idmap.te
index 92c649c..f41f573 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -27,4 +27,5 @@
# Allow the idmap2d binary to register as a service and communicate via AIDL
binder_use(idmap)
+binder_service(idmap)
add_service(idmap, idmap_service)
diff --git a/public/init.te b/public/init.te
index 6857ff9..403b4c5 100644
--- a/public/init.te
+++ b/public/init.te
@@ -14,7 +14,7 @@
allow init kmsg_device:chr_file { getattr write relabelto };
# /dev/kmsg_debug
userdebug_or_eng(`
- allow init kmsg_debug_device:chr_file { write relabelto };
+ allow init kmsg_debug_device:chr_file { open write relabelto };
')
# /dev/__properties__
allow init properties_device:dir relabelto;
@@ -28,6 +28,8 @@
allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
# /dev/socket
allow init { device socket_device }:dir relabelto;
+# allow init to establish connection and communicate with lmkd
+unix_socket_connect(init, lmkd, lmkd)
# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
allow init { null_device ptmx_device random_device } : chr_file relabelto;
# /dev/device-mapper, /dev/block(/.*)?
@@ -48,6 +50,9 @@
allow init super_block_device:lnk_file relabelto;
+# Create /mnt/sdcard -> /storage/self/primary symlink.
+allow init mnt_sdcard_file:lnk_file create;
+
# setrlimit
allow init self:global_capability_class_set sys_resource;
@@ -77,7 +82,20 @@
# Create and mount on directories in /.
allow init rootfs:dir create_dir_perms;
-allow init { rootfs cache_file cgroup storage_file system_data_file system_file vendor_file postinstall_mnt_dir }:dir mounton;
+allow init {
+ rootfs
+ cache_file
+ cgroup
+ linkerconfig_file
+ storage_file
+ mnt_user_file
+ system_data_file
+ system_data_root_file
+ system_file
+ vendor_file
+ postinstall_mnt_dir
+ mirror_data_file
+}:dir mounton;
allow init cgroup_bpf:dir { create mounton };
# Mount bpf fs on sys/fs/bpf
@@ -89,6 +107,9 @@
# Mount tmpfs on /apex
allow init apex_mnt_dir:dir mounton;
+# Bind-mount on /system/apex/com.android.art
+allow init art_apex_dir:dir mounton;
+
# Create and remove symlinks in /.
allow init rootfs:lnk_file { create unlink };
@@ -168,6 +189,7 @@
-app_data_file
-exec_type
-iorapd_data_file
+ -credstore_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
@@ -185,6 +207,7 @@
-exec_type
-gsi_data_file
-iorapd_data_file
+ -credstore_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
@@ -203,6 +226,7 @@
-exec_type
-gsi_data_file
-iorapd_data_file
+ -credstore_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
@@ -221,6 +245,7 @@
-exec_type
-gsi_data_file
-iorapd_data_file
+ -credstore_data_file
-keystore_data_file
-misc_logd_file
-nativetest_data_file
@@ -269,7 +294,6 @@
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
allow init {
- ashmem_device
binder_device
console_device
devpts
@@ -334,7 +358,7 @@
proc_net_type
proc_max_map_count
proc_min_free_order_shift
- proc_overcommit_memory
+ proc_overcommit_memory # /proc/sys/vm/overcommit_memory
proc_panic
proc_page_cluster
proc_perf
@@ -361,9 +385,11 @@
# init access to /sys files.
allow init {
sysfs_android_usb
+ sysfs_dm_verity
sysfs_leds
sysfs_power
sysfs_fs_f2fs
+ sysfs_dm
}:file w_file_perms;
allow init {
@@ -419,6 +445,11 @@
allow init self:global_capability_class_set kill;
allow init domain:process { getpgid sigkill signal };
+# Init creates credstore's directory on boot, and walks through
+# the directory as part of a recursive restorecon.
+allow init credstore_data_file:dir { open create read getattr setattr search };
+allow init credstore_data_file:file { getattr };
+
# Init creates keystore's directory on boot, and walks through
# the directory as part of a recursive restorecon.
allow init keystore_data_file:dir { open create read getattr setattr search };
@@ -483,6 +514,7 @@
allow init self:global_capability_class_set net_raw;
# Set scheduling info for psi monitor thread.
+# TODO: delete or revise this line b/131761776
allow init kernel:process { getsched setsched };
# swapon() needs write access to swap device
@@ -523,14 +555,11 @@
allow init unencrypted_data_file:dir create_dir_perms;
# Set encryption policy on dirs in /data
-allowxperm init data_file_type:dir ioctl {
+allowxperm init { data_file_type unlabeled }:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
FS_IOC_SET_ENCRYPTION_POLICY
};
-# Allow init to write to /proc/sys/vm/overcommit_memory
-allow init proc_overcommit_memory:file { write };
-
# Raw writes to misc block device
allow init misc_block_device:blk_file w_file_perms;
@@ -546,14 +575,8 @@
# Metadata setup
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
-
-# Allow init to use binder
-binder_use(init);
-allow init apex_service:service_manager find;
-# Allow servicemanager to pass it
-allow servicemanager init:binder transfer;
-# Allow calls from init to apexd
-allow init apexd:binder call;
+allow init metadata_bootstat_file:dir create_dir_perms;
+allow init metadata_bootstat_file:file w_file_perms;
# Allow init to touch PSI monitors
allow init proc_pressure_mem:file { rw_file_perms setattr };
@@ -562,6 +585,9 @@
allow init system_bootstrap_lib_file:dir r_dir_perms;
allow init system_bootstrap_lib_file:file { execute read open getattr map };
+# stat the root dir of fuse filesystems (for the mount handler)
+allow init fuse:dir { search getattr };
+
###
### neverallow rules
###
@@ -579,10 +605,17 @@
# init should never execute a program without changing to another domain.
neverallow init { file_type fs_type }:file execute_no_trans;
-# init can only find the APEX service
-neverallow init { service_manager_type -apex_service }:service_manager { find };
+# The use of sensitive environment variables, such as LD_PRELOAD, is disallowed
+# when init is executing other binaries. The use of LD_PRELOAD for init spawned
+# services is generally considered a no-no, as it injects libraries which the
+# binary was not expecting. This is especially problematic for APEXes. The use
+# of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads
+# code into a process which wasn't expecting that code, with potentially
+# unexpected side effects. (b/140789528)
+neverallow init *:process noatsecure;
+
# init can never add binder services
-neverallow init service_manager_type:service_manager { add };
+neverallow init service_manager_type:service_manager { add find };
# init can never list binder services
neverallow init servicemanager:service_manager list;
@@ -594,3 +627,8 @@
# No domain should be allowed to ptrace init.
neverallow * init:process ptrace;
+
+# init owns the root of /data
+# TODO(b/140259336) We want to remove vendor_init
+# TODO(b/141108496) We want to remove toolbox
+neverallow { domain -init -toolbox -vendor_init -vold } system_data_root_file:dir { write add_name remove_name };
diff --git a/public/install_recovery.te b/public/install_recovery.te
deleted file mode 100644
index 0aee9ab..0000000
--- a/public/install_recovery.te
+++ /dev/null
@@ -1,27 +0,0 @@
-# service flash_recovery in init.rc
-type install_recovery, domain;
-type install_recovery_exec, system_file_type, exec_type, file_type;
-
-allow install_recovery self:global_capability_class_set { dac_override dac_read_search };
-
-# /system/bin/install-recovery.sh is a shell script.
-# Needs to execute /system/bin/sh
-allow install_recovery shell_exec:file rx_file_perms;
-
-# Execute /system/bin/applypatch
-allow install_recovery system_file:file rx_file_perms;
-not_full_treble(`allow install_recovery vendor_file:file rx_file_perms;')
-
-allow install_recovery toolbox_exec:file rx_file_perms;
-
-# Update the recovery block device based off a diff of the boot block device
-allow install_recovery block_device:dir search;
-allow install_recovery boot_block_device:blk_file r_file_perms;
-allow install_recovery recovery_block_device:blk_file rw_file_perms;
-
-# Create and delete /cache/saved.file
-allow install_recovery cache_file:dir rw_dir_perms;
-allow install_recovery cache_file:file create_file_perms;
-
-# Write to /proc/sys/vm/drop_caches
-allow install_recovery proc_drop_caches:file w_file_perms;
diff --git a/public/installd.te b/public/installd.te
index f0ac52a..c8cc89d 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -57,6 +57,9 @@
# optimizing application code.
allow installd system_data_file:lnk_file { create getattr read setattr unlink };
+# Manage lower filesystem via pass_through mounts
+allow installd mnt_pass_through_file:dir r_dir_perms;
+
# Upgrade /data/media for multi-user if necessary.
allow installd media_rw_data_file:dir create_dir_perms;
allow installd media_rw_data_file:file { getattr unlink };
@@ -70,14 +73,18 @@
allow installd sdcard_type:dir { search open read write remove_name getattr rmdir };
allow installd sdcard_type:file { getattr unlink };
+# Create app's mirror data directory in /data_mirror, and bind mount the real directory to it
+allow installd mirror_data_file:dir { create_dir_perms mounton };
+
# Upgrade /data/misc/keychain for multi-user if necessary.
allow installd misc_user_data_file:dir create_dir_perms;
allow installd misc_user_data_file:file create_file_perms;
allow installd keychain_data_file:dir create_dir_perms;
allow installd keychain_data_file:file {r_file_perms unlink};
-# Create /data/.layout_version.* file
+# Create /data/misc/installd/layout_version.* file
allow installd install_data_file:file create_file_perms;
+allow installd install_data_file:dir rw_dir_perms;
# Create files under /data/dalvik-cache.
allow installd dalvikcache_data_file:dir create_dir_perms;
@@ -104,6 +111,7 @@
# upon creation via setfilecon or running restorecon_recursive,
# setting owner/mode, creating symlinks within them, and deleting them
# upon package uninstall.
+
# Types extracted from seapp_contexts type= fields.
allow installd {
system_app_data_file
@@ -125,6 +133,9 @@
privapp_data_file
}:notdevfile_class_set { create_file_perms relabelfrom relabelto };
+# Allow zygote to unmount mirror directories
+allow installd labeledfs:filesystem unmount;
+
# Similar for the files under /data/misc/profiles/
allow installd user_profile_data_file:dir create_dir_perms;
allow installd user_profile_data_file:file create_file_perms;
@@ -161,16 +172,18 @@
allow installd preloads_media_file:file { r_file_perms unlink };
allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir };
+# Allow installd to read /proc/filesystems
+allow installd proc_filesystems:file r_file_perms;
+
###
### Neverallow rules
###
-# only system_server, installd and dumpstate may interact with installd over binder
+# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder
neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find;
-neverallow { domain -system_server -dumpstate } installd:binder call;
+neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call;
neverallow installd {
domain
- -ashmemd
-system_server
-servicemanager
userdebug_or_eng(`-su')
diff --git a/public/ioctl_defines b/public/ioctl_defines
index c5b412b..4cc3bba 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -801,13 +801,18 @@
define(`FS_IOC32_GETVERSION', `0x80047601')
define(`FS_IOC32_SETFLAGS', `0x40046602')
define(`FS_IOC32_SETVERSION', `0x40047602')
+define(`FS_IOC_ADD_ENCRYPTION_KEY', `0xc0506617')
define(`FS_IOC_ENABLE_VERITY', `0x6685')
define(`FS_IOC_FIEMAP', `0xc020660b')
+define(`FS_IOC_FSGETXATTR', `0x801c581f')
+define(`FS_IOC_FSSETXATTR', `0x401c5820')
define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
+define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
define(`FS_IOC_GETFLAGS', `0x80086601')
define(`FS_IOC_GETVERSION', `0x80087601')
define(`FS_IOC_MEASURE_VERITY', `0x6686')
+define(`FS_IOC_REMOVE_ENCRYPTION_KEY', `0xc0406618')
define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613')
define(`FS_IOC_SETFLAGS', `0x40086602')
define(`FS_IOC_SETVERSION', `0x40087602')
@@ -1050,6 +1055,10 @@
define(`IMGETVERSION', `0x80044942')
define(`IMHOLD_L1', `0x80044948')
define(`IMSETDEVNAME', `0x80184947')
+define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e')
+define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
+define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
+define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
diff --git a/public/iorap_inode2filename.te b/public/iorap_inode2filename.te
new file mode 100644
index 0000000..4041ddd
--- /dev/null
+++ b/public/iorap_inode2filename.te
@@ -0,0 +1,77 @@
+# iorap.inode2filename -> look up file paths from an inode
+type iorap_inode2filename, domain;
+type iorap_inode2filename_exec, exec_type, file_type, system_file_type;
+type iorap_inode2filename_tmpfs, file_type;
+
+r_dir_file(iorap_inode2filename, rootfs)
+
+# Allow usage of pipes (child stdout -> parent pipe).
+allow iorap_inode2filename iorapd:fd use;
+allow iorap_inode2filename iorapd:fifo_file { read write getattr };
+
+# Allow reading most files under / ignoring usual access controls.
+allow iorap_inode2filename self:capability dac_read_search;
+
+typeattribute iorap_inode2filename mlstrustedsubject;
+
+# Grant access to open most of the files under /
+allow iorap_inode2filename apex_data_file:dir { getattr open read search };
+allow iorap_inode2filename apex_data_file:file { getattr };
+allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search };
+allow iorap_inode2filename apex_mnt_dir:file { getattr };
+allow iorap_inode2filename apk_data_file:dir { getattr open read search };
+allow iorap_inode2filename apk_data_file:file { getattr };
+allow iorap_inode2filename app_data_file:dir { getattr open read search };
+allow iorap_inode2filename app_data_file:file { getattr };
+allow iorap_inode2filename backup_data_file:dir { getattr open read search };
+allow iorap_inode2filename backup_data_file:file { getattr };
+allow iorap_inode2filename bluetooth_data_file:dir { getattr open read search };
+allow iorap_inode2filename bluetooth_data_file:file { getattr };
+allow iorap_inode2filename bootchart_data_file:dir { getattr open read search };
+allow iorap_inode2filename bootchart_data_file:file { getattr };
+allow iorap_inode2filename metadata_file:dir { getattr open read search search };
+allow iorap_inode2filename metadata_file:file { getattr };
+allow iorap_inode2filename packages_list_file:dir { getattr open read search };
+allow iorap_inode2filename packages_list_file:file { getattr };
+allow iorap_inode2filename privapp_data_file:dir { getattr open read search };
+allow iorap_inode2filename privapp_data_file:file { getattr };
+allow iorap_inode2filename property_data_file:dir { getattr open read search };
+allow iorap_inode2filename property_data_file:file { getattr };
+allow iorap_inode2filename radio_data_file:dir { getattr open read search };
+allow iorap_inode2filename radio_data_file:file { getattr };
+allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search };
+allow iorap_inode2filename resourcecache_data_file:file { getattr };
+allow iorap_inode2filename recovery_data_file:dir { getattr open read search };
+allow iorap_inode2filename ringtone_file:dir { getattr open read search };
+allow iorap_inode2filename ringtone_file:file { getattr };
+allow iorap_inode2filename same_process_hal_file:dir { getattr open read search };
+allow iorap_inode2filename same_process_hal_file:file { getattr };
+allow iorap_inode2filename sepolicy_file:file { getattr };
+allow iorap_inode2filename staging_data_file:dir { getattr open read search };
+allow iorap_inode2filename staging_data_file:file { getattr };
+allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search };
+allow iorap_inode2filename system_bootstrap_lib_file:file { getattr };
+allow iorap_inode2filename system_app_data_file:dir { getattr open read search };
+allow iorap_inode2filename system_app_data_file:file { getattr };
+allow iorap_inode2filename system_data_file:dir { getattr open read search };
+allow iorap_inode2filename system_data_file:file { getattr };
+allow iorap_inode2filename system_data_file:lnk_file { getattr open read };
+allow iorap_inode2filename system_data_root_file:dir { getattr open read search };
+allow iorap_inode2filename textclassifier_data_file:dir { getattr open read search };
+allow iorap_inode2filename textclassifier_data_file:file { getattr };
+allow iorap_inode2filename toolbox_exec:file getattr;
+allow iorap_inode2filename user_profile_data_file:dir { getattr open read search };
+allow iorap_inode2filename user_profile_data_file:file { getattr };
+allow iorap_inode2filename unencrypted_data_file:dir { getattr open read search };
+allow iorap_inode2filename unlabeled:file { getattr };
+allow iorap_inode2filename vendor_file:dir { getattr open read search };
+allow iorap_inode2filename vendor_file:file { getattr };
+allow iorap_inode2filename vendor_overlay_file:file { getattr };
+allow iorap_inode2filename zygote_exec:file { getattr };
+
+###
+### neverallow rules
+###
+
+neverallow { domain -init -iorapd } iorap_inode2filename:process { transition dyntransition };
+neverallow iorap_inode2filename domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/iorap_prefetcherd.te b/public/iorap_prefetcherd.te
new file mode 100644
index 0000000..ad9db14
--- /dev/null
+++ b/public/iorap_prefetcherd.te
@@ -0,0 +1,54 @@
+# volume manager
+type iorap_prefetcherd, domain;
+type iorap_prefetcherd_exec, exec_type, file_type, system_file_type;
+type iorap_prefetcherd_tmpfs, file_type;
+
+r_dir_file(iorap_prefetcherd, rootfs)
+
+# Allow read/write /proc/sys/vm/drop/caches
+allow iorap_prefetcherd proc_drop_caches:file rw_file_perms;
+
+# iorap_prefetcherd temporarily changes its priority when running benchmarks
+allow iorap_prefetcherd self:global_capability_class_set sys_nice;
+
+# Allow usage of pipes (--input-fd=# and --output-fd=# command line parameters).
+allow iorap_prefetcherd iorapd:fd use;
+allow iorap_prefetcherd iorapd:fifo_file { read write };
+
+# Allow reading most files under / ignoring usual access controls.
+allow iorap_prefetcherd self:capability dac_read_search;
+
+typeattribute iorap_prefetcherd mlstrustedsubject;
+
+# Grant logcat access
+allow iorap_prefetcherd logcat_exec:file { open read };
+
+# Grant access to open most of the files under /
+allow iorap_prefetcherd apk_data_file:dir { open read search };
+allow iorap_prefetcherd apk_data_file:file { open read };
+allow iorap_prefetcherd app_data_file:dir { open read search };
+allow iorap_prefetcherd app_data_file:file { open read };
+allow iorap_prefetcherd dalvikcache_data_file:dir { open read search };
+allow iorap_prefetcherd dalvikcache_data_file:file{ open read };
+allow iorap_prefetcherd packages_list_file:dir { open read search };
+allow iorap_prefetcherd packages_list_file:file { open read };
+allow iorap_prefetcherd privapp_data_file:dir { open read search };
+allow iorap_prefetcherd privapp_data_file:file { open read };
+allow iorap_prefetcherd same_process_hal_file:dir{ open read search };
+allow iorap_prefetcherd same_process_hal_file:file { open read };
+allow iorap_prefetcherd system_data_file:dir { open read search };
+allow iorap_prefetcherd system_data_file:file { open read };
+allow iorap_prefetcherd system_data_file:lnk_file { open read };
+allow iorap_prefetcherd user_profile_data_file:dir { open read search };
+allow iorap_prefetcherd user_profile_data_file:file { open read };
+allow iorap_prefetcherd vendor_overlay_file:dir { open read search };
+allow iorap_prefetcherd vendor_overlay_file:file { open read };
+# Note: Do not add any /vendor labels because they can be customized
+# by the vendor and we won't know about them beforehand.
+
+###
+### neverallow rules
+###
+
+neverallow { domain -init -iorapd } iorap_prefetcherd:process { transition dyntransition };
+neverallow iorap_prefetcherd domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/iorapd.te b/public/iorapd.te
index abf7adb..b970699 100644
--- a/public/iorapd.te
+++ b/public/iorapd.te
@@ -23,6 +23,9 @@
allow iorapd user_service:service_manager find;
# IPackageManagerNative
allow iorapd package_native_service:service_manager find;
+# Allow dumpstate (bugreport) to call into iorapd.
+allow iorapd dumpstate:fd use;
+allow iorapd dumpstate:fifo_file write;
# talk to batteryservice
binder_call(iorapd, healthd)
@@ -36,6 +39,19 @@
# tracing sessions and read trace data.
unix_socket_connect(iorapd, traced_consumer, traced)
+# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
+allow iorapd system_file:file rx_file_perms;
+
+# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd.
+allow iorapd iorap_inode2filename:process signull;
+allow iorapd iorap_prefetcherd:process signull;
+
+# Allowing system_server to check for the existence and size of files under iorapd
+# dir without collecting any sensitive app data.
+# This is used to predict if iorapd is doing prefetching or not.
+allow system_server iorapd_data_file:dir { getattr open read search };
+allow system_server iorapd_data_file:file getattr;
+
###
### neverallow rules
###
@@ -49,6 +65,7 @@
domain
-init
-iorapd
+ -system_server
} iorapd_data_file:dir *;
neverallow {
@@ -63,10 +80,11 @@
-kernel
-vendor_init
-iorapd
+ -system_server
} { iorapd_data_file }:notdevfile_class_set *;
-# Only system_server can interact with iorapd over binder
-neverallow { domain -system_server -iorapd } iorapd_service:service_manager find;
+# Only system_server and shell (for dumpsys) can interact with iorapd over binder
+neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find;
neverallow iorapd {
domain
-healthd
diff --git a/public/kernel.te b/public/kernel.te
index 804b631..35018e9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -65,10 +65,10 @@
allow kernel { app_data_file privapp_data_file }:file read;
allow kernel asec_image_file:file read;
-# Allow reading loop device in update_engine_unittests. (b/28319454)
+# Allow mounting loop device in update_engine_unittests. (b/28319454)
# and for LTP kernel tests (b/73220071)
userdebug_or_eng(`
- allow kernel update_engine_data_file:file read;
+ allow kernel update_engine_data_file:file { read write };
allow kernel nativetest_data_file:file { read write };
')
@@ -85,8 +85,11 @@
# Needed because APEX uses the loopback driver, which issues requests from
# a kernel thread in earlier kernel version.
allow kernel apexd:fd use;
-allow kernel apex_data_file:file read;
-allow kernel staging_data_file:file read;
+allow kernel {
+ apex_data_file
+ staging_data_file
+ vendor_apex_file
+}:file read;
# Allow the first-stage init (which is running in the kernel domain) to execute the
# dynamic linker when it re-executes /init to switch into the second stage.
@@ -104,7 +107,7 @@
')
# required by VTS lidbm unit test
-allow kernel appdomain_tmpfs:file read;
+allow kernel appdomain_tmpfs:file { read write };
###
### neverallow rules
diff --git a/public/keystore.te b/public/keystore.te
index e869f32..27c4624 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -6,6 +6,7 @@
binder_use(keystore)
binder_service(keystore)
binder_call(keystore, system_server)
+binder_call(keystore, wificond)
allow keystore keystore_data_file:dir create_dir_perms;
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
diff --git a/public/lmkd.te b/public/lmkd.te
index 51d1aa2..67e93e1 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -10,19 +10,18 @@
# b/16236289
allow lmkd self:global_capability_class_set ipc_lock;
-## Open and write to /proc/PID/oom_score_adj
+## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns
## TODO: maybe scope this down?
-r_dir_file(lmkd, appdomain)
-allow lmkd appdomain:file write;
-r_dir_file(lmkd, system_server)
-allow lmkd system_server:file write;
+r_dir_file(lmkd, domain)
+allow lmkd domain:file write;
## Writes to /sys/module/lowmemorykiller/parameters/minfree
r_dir_file(lmkd, sysfs_lowmemorykiller)
allow lmkd sysfs_lowmemorykiller:file w_file_perms;
-# setsched and send kill signals
-allow lmkd appdomain:process { setsched sigkill };
+# setsched and send kill signals to any registered process
+allow lmkd domain:process { setsched sigkill };
+# TODO: delete this line b/131761776
allow lmkd kernel:process { setsched };
# Clean up old cgroups
@@ -35,6 +34,7 @@
allow lmkd self:global_capability_class_set sys_nice;
allow lmkd proc_zoneinfo:file r_file_perms;
+allow lmkd proc_vmstat:file r_file_perms;
# Set sys.lmk.* properties.
set_prop(lmkd, system_lmk_prop)
@@ -47,6 +47,9 @@
# reboot because orderly shutdown may not be possible.
allow lmkd proc_sysrq:file rw_file_perms;
+# Read /proc/lowmemorykiller
+allow lmkd proc_lowmemorykiller:file r_file_perms;
+
# Read /proc/meminfo
allow lmkd proc_meminfo:file r_file_perms;
@@ -57,6 +60,9 @@
# Read/Write /proc/pressure/memory
allow lmkd proc_pressure_mem:file rw_file_perms;
+# Allow lmkd to connect during reinit.
+allow lmkd lmkd_socket:sock_file write;
+
# Allow lmkd to write to statsd.
unix_socket_send(lmkd, statsdw, statsd)
@@ -64,3 +70,4 @@
# never honor LD_PRELOAD
neverallow * lmkd:process noatsecure;
+neverallow lmkd self:global_capability_class_set sys_ptrace;
diff --git a/public/logpersist.te b/public/logpersist.te
index c7cab80..c8e6af4 100644
--- a/public/logpersist.te
+++ b/public/logpersist.te
@@ -1,6 +1,10 @@
# android debug logging, logpersist domains
type logpersist, domain;
+# logcatd is a shell script that execs logcat with various parameters.
+allow logpersist shell_exec:file rx_file_perms;
+allow logpersist logcat_exec:file rx_file_perms;
+
###
### Neverallow rules
###
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 4bedb0f..859ec9c 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -34,6 +34,9 @@
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
+# overlay package access
+allow mediaextractor vendor_overlay_file:file { read map };
+
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 70d0a55..52d3581 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -74,7 +74,6 @@
allow mediaserver batterystats_service:service_manager find;
allow mediaserver drmserver_service:service_manager find;
allow mediaserver mediaextractor_service:service_manager find;
-allow mediaserver mediacodec_service:service_manager find;
allow mediaserver mediametrics_service:service_manager find;
allow mediaserver media_session_service:service_manager find;
allow mediaserver permission_service:service_manager find;
@@ -131,6 +130,9 @@
# b/120491318 allow mediaserver to access void:fd
allow mediaserver vold:fd use;
+# overlay package access
+allow mediaserver vendor_overlay_file:file { read getattr map };
+
hal_client_domain(mediaserver, hal_allocator)
###
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
new file mode 100644
index 0000000..386535b
--- /dev/null
+++ b/public/mediatranscoding.te
@@ -0,0 +1,26 @@
+# mediatranscoding - daemon for transcoding video and image.
+type mediatranscoding, domain;
+type mediatranscoding_exec, system_file_type, exec_type, file_type;
+
+binder_use(mediatranscoding)
+binder_service(mediatranscoding)
+
+add_service(mediatranscoding, mediatranscoding_service)
+
+allow mediatranscoding system_server:fd use;
+
+# mediatranscoding should never execute any executable without a
+# domain transition
+neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/modprobe.te b/public/modprobe.te
index 1190409..2c7d64b 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -1,6 +1,7 @@
type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
+allow modprobe proc_cmdline:file r_file_perms;
allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
diff --git a/public/net.te b/public/net.te
index afa2a9c..e90715e 100644
--- a/public/net.te
+++ b/public/net.te
@@ -18,7 +18,16 @@
allow {netdomain -ephemeral_app} port_type:udp_socket name_bind;
allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind;
# See changes to the routing table.
-allow netdomain self:netlink_route_socket { create read getattr write setattr lock append bind connect getopt setopt shutdown nlmsg_read };
+allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
+# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
+# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere
+# to avoid app-compat breakage.
+allow {
+ netdomain
+ -ephemeral_app
+ -mediaprovider
+ -untrusted_app_all
+} self:netlink_route_socket { bind nlmsg_readpriv };
# Talks to netd via dnsproxyd socket.
unix_socket_connect(netdomain, dnsproxyd, netd)
diff --git a/public/netd.te b/public/netd.te
index c8877b2..8005406 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -63,7 +63,7 @@
r_dir_file(netd, cgroup_bpf)
allow netd fs_bpf:dir search;
-allow netd fs_bpf:file { read write setattr };
+allow netd fs_bpf:file { read write };
# TODO: netd previously thought it needed these permissions to do WiFi related
# work. However, after all the WiFi stuff is gone, we still need them.
@@ -81,9 +81,6 @@
# Allow netd to spawn dnsmasq in it's own domain
allow netd dnsmasq:process signal;
-# Allow netd to start clatd in its own domain
-allow netd clatd:process signal;
-
set_prop(netd, ctl_mdnsd_prop)
set_prop(netd, netd_stable_secret_prop)
@@ -176,3 +173,13 @@
neverallow netd sysfs_net:dir no_w_dir_perms;
dontaudit netd sysfs_net:dir write;
+
+# Netd should not have SYS_ADMIN privs.
+neverallow netd self:capability sys_admin;
+dontaudit netd self:capability sys_admin;
+
+# Netd should not have SYS_MODULE privs, nor should it be requesting module loads
+# (things it requires should be built directly into the kernel)
+dontaudit netd self:capability sys_module;
+
+dontaudit netd kernel:system module_request;
diff --git a/public/neverallow_macros b/public/neverallow_macros
index e2b6ed1..59fa441 100644
--- a/public/neverallow_macros
+++ b/public/neverallow_macros
@@ -1,7 +1,7 @@
#
# Common neverallow permissions
define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }')
-define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock }')
+define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }')
define(`no_x_file_perms', `{ execute execute_no_trans }')
define(`no_w_dir_perms', `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }')
diff --git a/public/perfprofd.te b/public/perfprofd.te
deleted file mode 100644
index 47dfbf2..0000000
--- a/public/perfprofd.te
+++ /dev/null
@@ -1,121 +0,0 @@
-# perfprofd - perf profile collection daemon
-type perfprofd, domain;
-type perfprofd_exec, system_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
-
- typeattribute perfprofd coredomain;
- typeattribute perfprofd mlstrustedsubject;
-
- # perfprofd access to sysfs directory structure.
- allow perfprofd sysfs_type:dir search;
-
- # perfprofd needs to control CPU hot-plug in order to avoid kernel
- # perfevents problems in cases where CPU goes on/off during measurement;
- # this means read access to /sys/devices/system/cpu/possible
- # and read/write access to /sys/devices/system/cpu/cpu*/online
- allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
-
- # perfprofd checks for the existence of and then invokes simpleperf;
- # simpleperf retains perfprofd domain after exec
- allow perfprofd system_file:file rx_file_perms;
-
- # perfprofd reads a config file from /data/data/com.google.android.gms/files
- allow perfprofd { privapp_data_file app_data_file }:file r_file_perms;
- allow perfprofd { privapp_data_file app_data_file }:dir search;
- allow perfprofd self:global_capability_class_set { dac_override dac_read_search };
-
- # perfprofd opens a file for writing in /data/misc/perfprofd
- allow perfprofd perfprofd_data_file:file create_file_perms;
- allow perfprofd perfprofd_data_file:dir rw_dir_perms;
-
- # perfprofd uses the system log
- read_logd(perfprofd);
- write_logd(perfprofd);
-
- # perfprofd inspects /sys/power/wake_unlock
- wakelock_use(perfprofd);
-
- # perfprofd looks at thermals.
- allow perfprofd sysfs_thermal:dir r_dir_perms;
-
- # perfprofd gets charging status.
- hal_client_domain(perfprofd, hal_health)
-
- # simpleperf reads kernel notes.
- allow perfprofd sysfs_kernel_notes:file r_file_perms;
-
- # Simpleperf & perfprofd query a range of proc stats.
- allow perfprofd proc_loadavg:file r_file_perms;
- allow perfprofd proc_stat:file r_file_perms;
- allow perfprofd proc_modules:file r_file_perms;
-
- # simpleperf writes to perf_event_paranoid under /proc.
- allow perfprofd proc_perf:file write;
-
- # Simpleperf: kptr_restrict. This would be required to dump kernel symbols.
- dontaudit perfprofd proc_security:file *;
-
- # simpleperf uses ioctl() to turn on kernel perf events measurements
- allow perfprofd self:global_capability_class_set sys_admin;
-
- # simpleperf needs to examine /proc to collect task/thread info
- r_dir_file(perfprofd, domain)
-
- # simpleperf needs to access /proc/<pid>/exec
- allow perfprofd self:global_capability_class_set { sys_resource sys_ptrace };
- neverallow perfprofd domain:process ptrace;
-
- # simpleperf needs open/read any file that turns up in a profile
- # to see whether it has a build ID
- allow perfprofd exec_type:file r_file_perms;
- # App & ART artifacts.
- r_dir_file(perfprofd, apk_data_file)
- r_dir_file(perfprofd, dalvikcache_data_file)
- # Vendor libraries.
- r_dir_file(perfprofd, vendor_file)
- # Vendor apps.
- r_dir_file(perfprofd, vendor_app_file)
- # SP HAL files.
- r_dir_file(perfprofd, same_process_hal_file)
-
- # simpleperf will set security.perf_harden to enable access to perf_event_open()
- set_prop(perfprofd, shell_prop)
-
- # simpleperf examines debugfs on startup to collect tracepoint event types
- r_dir_file(perfprofd, debugfs_tracing)
- r_dir_file(perfprofd, debugfs_tracing_debug)
-
- # simpleperf is going to execute "sleep"
- allow perfprofd toolbox_exec:file rx_file_perms;
- # simpleperf is going to execute "mv" on a temp file
- allow perfprofd shell_exec:file rx_file_perms;
-
- # needed for simpleperf on some kernels
- allow perfprofd self:global_capability_class_set ipc_lock;
-
- # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
- # use the fallback cwd code, do not spam the log. But ensure this is correctly
- # removed at some point. b/70232908.
- dontaudit perfprofd shell_data_file:dir *;
- dontaudit perfprofd shell_data_file:file *;
-
- # Allow perfprofd to publish a binder service and make binder calls.
- binder_use(perfprofd)
- add_service(perfprofd, perfprofd_service)
-
- # Use devpts for streams from cmd.
- #
- # This is normally granted to binderservicedomain, but this service
- # has tighter restrictions on the callers (see below), so must enable
- # this manually.
- allow perfprofd devpts:chr_file rw_file_perms;
-
- # Use socket & pipe supplied by su, for cmd perfprofd dump.
- allow perfprofd su:unix_stream_socket { read write getattr sendto };
- allow perfprofd su:fifo_file r_file_perms;
-
- # Allow perfprofd to submit to dropbox.
- allow perfprofd dropbox_service:service_manager find;
- binder_call(perfprofd, system_server)
-')
diff --git a/public/property.te b/public/property.te
index e166c00..9a93518 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,130 +1,298 @@
-type apexd_prop, property_type;
-type audio_prop, property_type, core_property_type;
-type boottime_prop, property_type;
-type bluetooth_a2dp_offload_prop, property_type;
-type bluetooth_audio_hal_prop, property_type;
-type bluetooth_prop, property_type;
-type bpf_progs_loaded_prop, property_type;
-type bootloader_boot_reason_prop, property_type;
-type config_prop, property_type, core_property_type;
-type cppreopt_prop, property_type, core_property_type;
-type cpu_variant_prop, property_type;
-type ctl_adbd_prop, property_type;
-type ctl_bootanim_prop, property_type;
-type ctl_bugreport_prop, property_type;
-type ctl_console_prop, property_type;
-type ctl_default_prop, property_type;
-type ctl_dumpstate_prop, property_type;
-type ctl_fuse_prop, property_type;
-type ctl_gsid_prop, property_type;
-type ctl_interface_restart_prop, property_type;
-type ctl_interface_start_prop, property_type;
-type ctl_interface_stop_prop, property_type;
-type ctl_mdnsd_prop, property_type;
-type ctl_restart_prop, property_type;
-type ctl_rildaemon_prop, property_type;
-type ctl_sigstop_prop, property_type;
-type ctl_start_prop, property_type;
-type ctl_stop_prop, property_type;
-type dalvik_prop, property_type, core_property_type;
-type debuggerd_prop, property_type, core_property_type;
-type debug_prop, property_type, core_property_type;
-type default_prop, property_type, core_property_type;
-type device_config_activity_manager_native_boot_prop, property_type;
-type device_config_boot_count_prop, property_type;
-type device_config_reset_performed_prop, property_type;
-type device_config_input_native_boot_prop, property_type;
-type device_config_netd_native_prop, property_type;
-type device_config_runtime_native_boot_prop, property_type;
-type device_config_runtime_native_prop, property_type;
-type device_config_media_native_prop, property_type;
-type device_logging_prop, property_type;
-type dhcp_prop, property_type, core_property_type;
-type dumpstate_options_prop, property_type;
-type dumpstate_prop, property_type, core_property_type;
-type dynamic_system_prop, property_type;
-type exported_secure_prop, property_type;
-type ffs_prop, property_type, core_property_type;
-type fingerprint_prop, property_type, core_property_type;
-type firstboot_prop, property_type;
-type gsid_prop, property_type;
-type heapprofd_enabled_prop, property_type;
-type heapprofd_prop, property_type;
-type hwservicemanager_prop, property_type;
-type last_boot_reason_prop, property_type;
-type system_lmk_prop, property_type;
-type llkd_prop, property_type;
-type logd_prop, property_type, core_property_type;
-type logpersistd_logging_prop, property_type;
-type log_prop, property_type, log_property_type;
-type log_tag_prop, property_type, log_property_type;
-type lowpan_prop, property_type;
-type lpdumpd_prop, property_type;
-type mmc_prop, property_type;
-type net_dns_prop, property_type;
-type net_radio_prop, property_type, core_property_type;
-type netd_stable_secret_prop, property_type;
-type nfc_prop, property_type, core_property_type;
-type nnapi_ext_deny_product_prop, property_type;
-type overlay_prop, property_type;
-type pan_result_prop, property_type, core_property_type;
-type persist_debug_prop, property_type, core_property_type;
-type persistent_properties_ready_prop, property_type;
-type pm_prop, property_type;
-type powerctl_prop, property_type, core_property_type;
-type radio_prop, property_type, core_property_type;
-type restorecon_prop, property_type, core_property_type;
-type safemode_prop, property_type;
-type serialno_prop, property_type;
-type shell_prop, property_type, core_property_type;
-type system_boot_reason_prop, property_type;
-type system_prop, property_type, core_property_type;
-type system_radio_prop, property_type, core_property_type;
-type system_trace_prop, property_type;
-type test_boot_reason_prop, property_type;
-type test_harness_prop, property_type;
-type theme_prop, property_type;
-type time_prop, property_type;
-type traced_enabled_prop, property_type;
-type traced_lazy_prop, property_type;
-type use_memfd_prop, property_type;
-type vold_prop, property_type, core_property_type;
-type wifi_log_prop, property_type, log_property_type;
-type wifi_prop, property_type;
-type vendor_security_patch_level_prop, property_type;
+# Properties used only in /system
+system_internal_prop(apexd_prop)
+system_internal_prop(bootloader_boot_reason_prop)
+system_internal_prop(device_config_activity_manager_native_boot_prop)
+system_internal_prop(device_config_boot_count_prop)
+system_internal_prop(device_config_input_native_boot_prop)
+system_internal_prop(device_config_media_native_prop)
+system_internal_prop(device_config_netd_native_prop)
+system_internal_prop(device_config_reset_performed_prop)
+system_internal_prop(device_config_runtime_native_boot_prop)
+system_internal_prop(device_config_runtime_native_prop)
+system_internal_prop(device_config_storage_native_boot_prop)
+system_internal_prop(device_config_sys_traced_prop)
+system_internal_prop(device_config_window_manager_native_boot_prop)
+system_internal_prop(device_config_configuration_prop)
+system_internal_prop(firstboot_prop)
+system_internal_prop(fastbootd_protocol_prop)
+system_internal_prop(gsid_prop)
+system_internal_prop(init_perf_lsm_hooks_prop)
+system_internal_prop(init_svc_debug_prop)
+system_internal_prop(last_boot_reason_prop)
+system_internal_prop(netd_stable_secret_prop)
+system_internal_prop(pm_prop)
+system_internal_prop(userspace_reboot_log_prop)
+system_internal_prop(userspace_reboot_test_prop)
+system_internal_prop(system_adbd_prop)
+system_internal_prop(adbd_prop)
+system_internal_prop(traced_perf_enabled_prop)
-# Properties for whitelisting
-type exported_audio_prop, property_type;
-type exported_bluetooth_prop, property_type;
-type exported_config_prop, property_type;
-type exported_dalvik_prop, property_type;
-type exported_default_prop, property_type;
-type exported_dumpstate_prop, property_type;
-type exported_ffs_prop, property_type;
-type exported_fingerprint_prop, property_type;
-type exported_overlay_prop, property_type;
-type exported_pm_prop, property_type;
-type exported_radio_prop, property_type;
-type exported_system_prop, property_type;
-type exported_system_radio_prop, property_type;
-type exported_vold_prop, property_type;
-type exported_wifi_prop, property_type;
-type exported2_config_prop, property_type;
-type exported2_default_prop, property_type;
-type exported2_radio_prop, property_type;
-type exported2_system_prop, property_type;
-type exported2_vold_prop, property_type;
-type exported3_default_prop, property_type;
-type exported3_radio_prop, property_type;
-type exported3_system_prop, property_type;
+compatible_property_only(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_internal_prop(boottime_prop)
+ system_internal_prop(bpf_progs_loaded_prop)
+ system_internal_prop(charger_prop)
+ system_internal_prop(cold_boot_done_prop)
+ system_internal_prop(ctl_adbd_prop)
+ system_internal_prop(ctl_apexd_prop)
+ system_internal_prop(ctl_bootanim_prop)
+ system_internal_prop(ctl_bugreport_prop)
+ system_internal_prop(ctl_console_prop)
+ system_internal_prop(ctl_dumpstate_prop)
+ system_internal_prop(ctl_fuse_prop)
+ system_internal_prop(ctl_gsid_prop)
+ system_internal_prop(ctl_interface_restart_prop)
+ system_internal_prop(ctl_interface_stop_prop)
+ system_internal_prop(ctl_mdnsd_prop)
+ system_internal_prop(ctl_restart_prop)
+ system_internal_prop(ctl_rildaemon_prop)
+ system_internal_prop(ctl_sigstop_prop)
+ system_internal_prop(dynamic_system_prop)
+ system_internal_prop(heapprofd_enabled_prop)
+ system_internal_prop(llkd_prop)
+ system_internal_prop(lpdumpd_prop)
+ system_internal_prop(mmc_prop)
+ system_internal_prop(mock_ota_prop)
+ system_internal_prop(net_dns_prop)
+ system_internal_prop(overlay_prop)
+ system_internal_prop(persistent_properties_ready_prop)
+ system_internal_prop(safemode_prop)
+ system_internal_prop(system_lmk_prop)
+ system_internal_prop(system_trace_prop)
+ system_internal_prop(test_boot_reason_prop)
+ system_internal_prop(time_prop)
+ system_internal_prop(traced_enabled_prop)
+ system_internal_prop(traced_lazy_prop)
+')
+
+# Properties which can't be written outside system
+
+# Properties used by binder caches
+system_restricted_prop(binder_cache_bluetooth_server_prop)
+system_restricted_prop(binder_cache_system_server_prop)
+system_restricted_prop(binder_cache_telephony_server_prop)
+system_restricted_prop(boottime_public_prop)
+system_restricted_prop(bq_config_prop)
+system_restricted_prop(module_sdkextensions_prop)
+system_restricted_prop(nnapi_ext_deny_product_prop)
+system_restricted_prop(restorecon_prop)
+system_restricted_prop(socket_hook_prop)
+system_restricted_prop(surfaceflinger_display_prop)
+system_restricted_prop(system_boot_reason_prop)
+system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(userspace_reboot_exported_prop)
+
+compatible_property_only(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_restricted_prop(config_prop)
+ system_restricted_prop(cppreopt_prop)
+ system_restricted_prop(dalvik_prop)
+ system_restricted_prop(debuggerd_prop)
+ system_restricted_prop(default_prop)
+ system_restricted_prop(device_logging_prop)
+ system_restricted_prop(dhcp_prop)
+ system_restricted_prop(dumpstate_prop)
+ system_restricted_prop(exported2_default_prop)
+ system_restricted_prop(exported3_system_prop)
+ system_restricted_prop(exported_dumpstate_prop)
+ system_restricted_prop(exported_fingerprint_prop)
+ system_restricted_prop(exported_secure_prop)
+ system_restricted_prop(exported_vold_prop)
+ system_restricted_prop(ffs_prop)
+ system_restricted_prop(fingerprint_prop)
+ system_restricted_prop(heapprofd_prop)
+ system_restricted_prop(net_radio_prop)
+ system_restricted_prop(pan_result_prop)
+ system_restricted_prop(persist_debug_prop)
+ system_restricted_prop(shell_prop)
+ system_restricted_prop(system_radio_prop)
+ system_restricted_prop(test_harness_prop)
+ system_restricted_prop(theme_prop)
+ system_restricted_prop(use_memfd_prop)
+ system_restricted_prop(vold_prop)
+')
+
+# Properties which can be written only by vendor_init
+system_vendor_config_prop(apk_verity_prop)
+system_vendor_config_prop(cpu_variant_prop)
+system_vendor_config_prop(exported_audio_prop)
+system_vendor_config_prop(exported_camera_prop)
+system_vendor_config_prop(exported_config_prop)
+system_vendor_config_prop(exported_default_prop)
+system_vendor_config_prop(exported3_default_prop)
+system_vendor_config_prop(graphics_config_prop)
+system_vendor_config_prop(incremental_prop)
+system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
+system_vendor_config_prop(userspace_reboot_config_prop)
+system_vendor_config_prop(vehicle_hal_prop)
+system_vendor_config_prop(vendor_security_patch_level_prop)
+system_vendor_config_prop(vendor_socket_hook_prop)
+system_vendor_config_prop(vndk_prop)
+system_vendor_config_prop(virtual_ab_prop)
+
+# Properties with no restrictions
+system_public_prop(audio_prop)
+system_public_prop(bluetooth_a2dp_offload_prop)
+system_public_prop(bluetooth_audio_hal_prop)
+system_public_prop(bluetooth_prop)
+system_public_prop(ctl_default_prop)
+system_public_prop(ctl_interface_start_prop)
+system_public_prop(ctl_start_prop)
+system_public_prop(ctl_stop_prop)
+system_public_prop(debug_prop)
+system_public_prop(dumpstate_options_prop)
+system_public_prop(exported_system_prop)
+system_public_prop(exported2_config_prop)
+system_public_prop(exported2_radio_prop)
+system_public_prop(exported2_system_prop)
+system_public_prop(exported2_vold_prop)
+system_public_prop(exported3_radio_prop)
+system_public_prop(exported_bluetooth_prop)
+system_public_prop(exported_dalvik_prop)
+system_public_prop(exported_ffs_prop)
+system_public_prop(exported_overlay_prop)
+system_public_prop(exported_pm_prop)
+system_public_prop(exported_radio_prop)
+system_public_prop(exported_system_radio_prop)
+system_public_prop(exported_wifi_prop)
+system_public_prop(sota_prop)
+system_public_prop(hwservicemanager_prop)
+system_public_prop(lmkd_prop)
+system_public_prop(logd_prop)
+system_public_prop(logpersistd_logging_prop)
+system_public_prop(log_prop)
+system_public_prop(log_tag_prop)
+system_public_prop(lowpan_prop)
+system_public_prop(nfc_prop)
+system_public_prop(ota_prop)
+system_public_prop(powerctl_prop)
+system_public_prop(radio_prop)
+system_public_prop(serialno_prop)
+system_public_prop(system_prop)
+system_public_prop(wifi_log_prop)
+system_public_prop(wifi_prop)
+
+# Properties used in default HAL implementations
+vendor_internal_prop(rebootescrow_hal_prop)
+
+# Properties which are public for devices launching with Android O or earlier
+# This should not be used for any new properties.
+not_compatible_property(`
+ # DO NOT ADD ANY PROPERTIES HERE
+ system_public_prop(boottime_prop)
+ system_public_prop(bpf_progs_loaded_prop)
+ system_public_prop(charger_prop)
+ system_public_prop(cold_boot_done_prop)
+ system_public_prop(ctl_adbd_prop)
+ system_public_prop(ctl_apexd_prop)
+ system_public_prop(ctl_bootanim_prop)
+ system_public_prop(ctl_bugreport_prop)
+ system_public_prop(ctl_console_prop)
+ system_public_prop(ctl_dumpstate_prop)
+ system_public_prop(ctl_fuse_prop)
+ system_public_prop(ctl_gsid_prop)
+ system_public_prop(ctl_interface_restart_prop)
+ system_public_prop(ctl_interface_stop_prop)
+ system_public_prop(ctl_mdnsd_prop)
+ system_public_prop(ctl_restart_prop)
+ system_public_prop(ctl_rildaemon_prop)
+ system_public_prop(ctl_sigstop_prop)
+ system_public_prop(dynamic_system_prop)
+ system_public_prop(heapprofd_enabled_prop)
+ system_public_prop(llkd_prop)
+ system_public_prop(lpdumpd_prop)
+ system_public_prop(mmc_prop)
+ system_public_prop(mock_ota_prop)
+ system_public_prop(net_dns_prop)
+ system_public_prop(overlay_prop)
+ system_public_prop(persistent_properties_ready_prop)
+ system_public_prop(safemode_prop)
+ system_public_prop(system_lmk_prop)
+ system_public_prop(system_trace_prop)
+ system_public_prop(test_boot_reason_prop)
+ system_public_prop(time_prop)
+ system_public_prop(traced_enabled_prop)
+ system_public_prop(traced_lazy_prop)
+
+ system_public_prop(config_prop)
+ system_public_prop(cppreopt_prop)
+ system_public_prop(dalvik_prop)
+ system_public_prop(debuggerd_prop)
+ system_public_prop(default_prop)
+ system_public_prop(device_logging_prop)
+ system_public_prop(dhcp_prop)
+ system_public_prop(dumpstate_prop)
+ system_public_prop(exported2_default_prop)
+ system_public_prop(exported3_system_prop)
+ system_public_prop(exported_dumpstate_prop)
+ system_public_prop(exported_fingerprint_prop)
+ system_public_prop(exported_secure_prop)
+ system_public_prop(exported_vold_prop)
+ system_public_prop(ffs_prop)
+ system_public_prop(fingerprint_prop)
+ system_public_prop(heapprofd_prop)
+ system_public_prop(net_radio_prop)
+ system_public_prop(pan_result_prop)
+ system_public_prop(persist_debug_prop)
+ system_public_prop(shell_prop)
+ system_public_prop(system_radio_prop)
+ system_public_prop(test_harness_prop)
+ system_public_prop(theme_prop)
+ system_public_prop(use_memfd_prop)
+ system_public_prop(vold_prop)
+')
+
type vendor_default_prop, property_type;
+typeattribute log_prop log_property_type;
+typeattribute log_tag_prop log_property_type;
+typeattribute wifi_log_prop log_property_type;
+
allow property_type tmpfs:filesystem associate;
###
### Neverallow rules
###
+treble_sysprop_neverallow(`
+
+# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties
+# neverallow domain {
+# property_type
+# -system_property_type
+# -product_property_type
+# -vendor_property_type
+# }:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ system_internal_property_type
+ -system_restricted_property_type
+ -system_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { domain -coredomain } {
+ system_property_type
+ -system_public_property_type
+}:property_service set;
+
+# init is in coredomain, but should be able to read/write all props.
+# dumpstate is also in coredomain, but should be able to read all props.
+neverallow { coredomain -init -dumpstate } {
+ vendor_property_type
+ vendor_internal_property_type
+ -vendor_restricted_property_type
+ -vendor_public_property_type
+}:file no_rw_file_perms;
+
+neverallow { coredomain -init } {
+ vendor_property_type
+ -vendor_public_property_type
+}:property_service set;
+
+')
+
# There is no need to perform ioctl or advisory locking operations on
# property files. If this neverallow is being triggered, it is
# likely that the policy is using r_file_perms directly instead of
@@ -138,6 +306,31 @@
# New properties should have appropriate read / write access
# control rules written.
+typeattribute audio_prop core_property_type;
+typeattribute config_prop core_property_type;
+typeattribute cppreopt_prop core_property_type;
+typeattribute dalvik_prop core_property_type;
+typeattribute debuggerd_prop core_property_type;
+typeattribute debug_prop core_property_type;
+typeattribute default_prop core_property_type;
+typeattribute dhcp_prop core_property_type;
+typeattribute dumpstate_prop core_property_type;
+typeattribute ffs_prop core_property_type;
+typeattribute fingerprint_prop core_property_type;
+typeattribute logd_prop core_property_type;
+typeattribute net_radio_prop core_property_type;
+typeattribute nfc_prop core_property_type;
+typeattribute ota_prop core_property_type;
+typeattribute pan_result_prop core_property_type;
+typeattribute persist_debug_prop core_property_type;
+typeattribute powerctl_prop core_property_type;
+typeattribute radio_prop core_property_type;
+typeattribute restorecon_prop core_property_type;
+typeattribute shell_prop core_property_type;
+typeattribute system_prop core_property_type;
+typeattribute system_radio_prop core_property_type;
+typeattribute vold_prop core_property_type;
+
neverallow * {
core_property_type
-audio_prop
@@ -154,6 +347,7 @@
-logd_prop
-net_radio_prop
-nfc_prop
+ -ota_prop
-pan_result_prop
-persist_debug_prop
-powerctl_prop
@@ -186,6 +380,18 @@
ctl_rildaemon_prop
}:property_service set;
+neverallow {
+ domain
+ -init
+} init_svc_debug_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -dumpstate
+ userdebug_or_eng(`-su')
+} init_svc_debug_prop:file no_rw_file_perms;
+
compatible_property_only(`
# Prevent properties from being set
neverallow {
@@ -268,6 +474,16 @@
neverallow {
domain
-coredomain
+ -hal_camera_server
+ -cameraserver
+ -vendor_init
+ } {
+ exported_camera_prop
+ }:property_service set;
+
+ neverallow {
+ domain
+ -coredomain
-hal_wifi_server
-wificond
} {
@@ -353,119 +569,52 @@
-system_writes_vendor_properties_violators
} {
property_type
- -apexd_prop
- -audio_prop
- -bluetooth_a2dp_offload_prop
- -bluetooth_audio_hal_prop
- -bluetooth_prop
- -bootloader_boot_reason_prop
- -boottime_prop
- -bpf_progs_loaded_prop
- -config_prop
- -cppreopt_prop
- -ctl_adbd_prop
- -ctl_bootanim_prop
- -ctl_bugreport_prop
- -ctl_console_prop
- -ctl_default_prop
- -ctl_dumpstate_prop
- -ctl_fuse_prop
- -ctl_gsid_prop
- -ctl_interface_restart_prop
- -ctl_interface_start_prop
- -ctl_interface_stop_prop
- -ctl_mdnsd_prop
- -ctl_restart_prop
- -ctl_rildaemon_prop
- -ctl_sigstop_prop
- -ctl_start_prop
- -ctl_stop_prop
- -dalvik_prop
- -debug_prop
- -debuggerd_prop
- -default_prop
- -device_logging_prop
- -dhcp_prop
- -dumpstate_options_prop
- -dumpstate_prop
- -exported2_config_prop
- -exported2_default_prop
- -exported2_radio_prop
- -exported2_system_prop
- -exported2_vold_prop
- -exported3_default_prop
- -exported3_radio_prop
- -exported3_system_prop
- -exported_bluetooth_prop
- -exported_config_prop
- -exported_dalvik_prop
- -exported_default_prop
- -exported_dumpstate_prop
- -exported_ffs_prop
- -exported_fingerprint_prop
- -exported_overlay_prop
- -exported_pm_prop
- -exported_radio_prop
- -exported_secure_prop
- -exported_system_prop
- -exported_system_radio_prop
- -exported_vold_prop
- -exported_wifi_prop
+ -system_property_type
-extended_core_property_type
- -ffs_prop
- -fingerprint_prop
- -firstboot_prop
- -device_config_activity_manager_native_boot_prop
- -device_config_reset_performed_prop
- -device_config_boot_count_prop
- -device_config_input_native_boot_prop
- -device_config_netd_native_prop
- -device_config_runtime_native_boot_prop
- -device_config_runtime_native_prop
- -device_config_media_native_prop
- -dynamic_system_prop
- -gsid_prop
- -heapprofd_enabled_prop
- -heapprofd_prop
- -hwservicemanager_prop
- -last_boot_reason_prop
- -system_lmk_prop
- -log_prop
- -log_tag_prop
- -logd_prop
- -logpersistd_logging_prop
- -lowpan_prop
- -lpdumpd_prop
- -mmc_prop
- -net_dns_prop
- -net_radio_prop
- -netd_stable_secret_prop
- -nfc_prop
- -overlay_prop
- -pan_result_prop
- -persist_debug_prop
- -persistent_properties_ready_prop
- -pm_prop
- -powerctl_prop
- -radio_prop
- -restorecon_prop
- -safemode_prop
- -serialno_prop
- -shell_prop
- -system_boot_reason_prop
- -system_prop
- -system_radio_prop
- -system_trace_prop
- -test_boot_reason_prop
- -test_harness_prop
- -theme_prop
- -time_prop
- -traced_enabled_prop
- -traced_lazy_prop
- -vendor_default_prop
- -vendor_security_patch_level_prop
- -vold_prop
- -wifi_log_prop
- -wifi_prop
}:property_service set;
')
+
+neverallow {
+ -init
+ -system_server
+} {
+ userspace_reboot_log_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and system_server to set system_adbd_prop
+ -init
+ -system_server
+} {
+ system_adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and adbd to set adbd_prop
+ -init
+ -adbd
+} {
+ adbd_prop
+}:property_service set;
+
+neverallow {
+ # Only allow init and shell to set userspace_reboot_test_prop
+ -init
+ -shell
+} {
+ userspace_reboot_test_prop
+}:property_service set;
+
+neverallow {
+ -init
+ -vendor_init
+} {
+ graphics_config_prop
+}:property_service set;
+
+neverallow {
+ -init
+ -surfaceflinger
+} {
+ surfaceflinger_display_prop
+}:property_service set;
diff --git a/public/property_contexts b/public/property_contexts
index 803a959..6a99e3f 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -1,5 +1,5 @@
# vendor-init-readable
-persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int
+persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool
# vendor-init-settable
af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int
@@ -11,14 +11,17 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
+dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string
@@ -33,6 +36,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -62,11 +66,14 @@
dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
-dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
@@ -89,12 +96,14 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
+ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
@@ -107,21 +116,41 @@
ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string
ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int
ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string
+ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool
ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string
ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool
ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string
ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int
ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool
ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int
ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool
+ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.low u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int
+ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool
ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int
ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string
ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int
@@ -129,6 +158,7 @@
ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int
ro.opengles.version u:object_r:exported3_default_prop:s0 exact int
ro.radio.noril u:object_r:exported3_default_prop:s0 exact string
+ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string
ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool
ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool
@@ -137,9 +167,11 @@
ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool
ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int
ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string
-ro.url.legal u:object_r:exported3_default_prop:s0 exact string
-ro.url.legal.android_privacy u:object_r:exported3_default_prop:s0 exact string
+ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string
ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
+ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string
+ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string
ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
@@ -153,13 +185,15 @@
sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool
sys.usb.state u:object_r:exported2_system_prop:s0 exact string
telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
+telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int
tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
+zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
# vendor-init-readable
-apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
+apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string
persist.sys.theme u:object_r:theme_prop:s0 exact string
@@ -180,6 +214,7 @@
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int
ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
@@ -195,10 +230,11 @@
libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
persist.sys.locale u:object_r:exported_system_prop:s0 exact string
persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
-ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
+ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool
ro.arch u:object_r:exported2_default_prop:s0 exact string
ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
ro.baseband u:object_r:exported2_default_prop:s0 exact string
@@ -207,6 +243,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
@@ -235,10 +273,11 @@
ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
-ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
-ro.crypto.type u:object_r:exported_vold_prop:s0 exact string
+ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported
+ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none
ro.debuggable u:object_r:exported2_default_prop:s0 exact int
ro.hardware u:object_r:exported2_default_prop:s0 exact string
ro.product.brand u:object_r:exported2_default_prop:s0 exact string
@@ -251,8 +290,10 @@
ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
ro.revision u:object_r:exported2_default_prop:s0 exact string
ro.secure u:object_r:exported_secure_prop:s0 exact int
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
vold.decrypt u:object_r:exported_vold_prop:s0 exact string
@@ -263,6 +304,7 @@
aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int
aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int
aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int
+config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool
gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
@@ -273,12 +315,16 @@
ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
ro.board.platform u:object_r:exported_default_prop:s0 exact string
ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
+ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string
ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string
+ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string
ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string
ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string
ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
+ro.build.ab_update u:object_r:exported_default_prop:s0 exact string
ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string
ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
ro.carrier u:object_r:exported_default_prop:s0 exact string
@@ -329,9 +375,11 @@
ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool
ro.kernel.qemu. u:object_r:exported_default_prop:s0
ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool
ro.odm.build.date u:object_r:exported_default_prop:s0 exact string
ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string
+ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string
ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.board u:object_r:exported_default_prop:s0 exact string
ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string
@@ -347,18 +395,23 @@
ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string
ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string
ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string
+ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted
ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string
ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int
ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string
-ro.vndk.lite u:object_r:exported_default_prop:s0 exact bool
-ro.vndk.version u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string
+ro.vendor.build.version.sdk u:object_r:exported_default_prop:s0 exact int
+ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
+ro.vndk.version u:object_r:vndk_prop:s0 exact string
ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
+wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
wifi.direct.interface u:object_r:exported_default_prop:s0 exact string
wifi.interface u:object_r:exported_default_prop:s0 exact string
ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
+ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool
# public-readable
ro.boot.revision u:object_r:exported2_default_prop:s0 exact string
@@ -373,8 +426,10 @@
ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int
+ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int
ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int
-ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string
+ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90
ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool
@@ -392,5 +447,30 @@
ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties. These are world-readable
+cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0
+cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0
+cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0
+cache_key.display_info u:object_r:binder_cache_system_server_prop:s0
+cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0
+cache_key.package_info u:object_r:binder_cache_system_server_prop:s0
+
+cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string
+cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
+cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
+
+# Graphics related properties
+graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool
+graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string
diff --git a/public/radio.te b/public/radio.te
index 4527707..34eaf83 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -35,6 +35,7 @@
allow radio app_api_service:service_manager find;
allow radio system_api_service:service_manager find;
allow radio timedetector_service:service_manager find;
+allow radio timezonedetector_service:service_manager find;
# Perform HwBinder IPC.
hwbinder_use(radio)
diff --git a/public/recovery.te b/public/recovery.te
index 2b77bc3..63a9cea 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -85,7 +85,7 @@
allow recovery device:dir r_dir_perms;
allow recovery block_device:dir r_dir_perms;
allow recovery dev_type:blk_file rw_file_perms;
- allowxperm recovery { userdata_block_device metadata_block_device }:blk_file ioctl BLKPBSZGET;
+ allowxperm recovery { userdata_block_device metadata_block_device cache_block_device }:blk_file ioctl BLKPBSZGET;
# GUI
allow recovery graphics_device:chr_file rw_file_perms;
@@ -125,6 +125,9 @@
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
@@ -142,6 +145,24 @@
# These are needed to update dynamic partitions in recovery.
r_dir_file(recovery, sysfs_dm)
allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+
+ # Allow using libfiemap/gsid directly (no binder in recovery).
+ set_prop(recovery, gsid_prop)
+ allow recovery gsi_metadata_file:dir search;
+ allow recovery ota_metadata_file:dir rw_dir_perms;
+ allow recovery ota_metadata_file:file create_file_perms;
+
+ # Allow mounting /metadata for writing update states
+ allow recovery metadata_file:dir { getattr mounton };
+
+ # These are needed to allow recovery to manage network
+ allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };
+ allow recovery self:global_capability_class_set net_admin;
+ allow recovery self:tcp_socket { create ioctl };
+ allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS };
+
+ # Set fastbootd protocol property
+ set_prop(recovery, fastbootd_protocol_prop)
')
###
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 83c1840..1ae3770 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -22,8 +22,9 @@
allow sdcardd system_data_file:file r_file_perms;
allow sdcardd packages_list_file:file r_file_perms;
-# Read /data/.layout_version
+# Read /data/misc/installd/layout_version
allow sdcardd install_data_file:file r_file_perms;
+allow sdcardd install_data_file:dir search;
# Allow stdin/out back to vold
allow sdcardd vold:fd use;
diff --git a/public/service.te b/public/service.te
index 92f8a09..f27772e 100644
--- a/public/service.te
+++ b/public/service.te
@@ -1,3 +1,4 @@
+type aidl_lazy_test_service, service_manager_type;
type apex_service, service_manager_type;
type audioserver_service, service_manager_type;
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
@@ -10,23 +11,24 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
type installd_service, service_manager_type;
+type credstore_service, app_api_service, service_manager_type;
type keystore_service, service_manager_type;
type lpdump_service, service_manager_type;
type mediaserver_service, service_manager_type;
type mediametrics_service, service_manager_type;
type mediaextractor_service, service_manager_type;
-type mediacodec_service, service_manager_type;
type mediadrmserver_service, service_manager_type;
+type mediatranscoding_service, app_api_service, service_manager_type;
type netd_service, service_manager_type;
type nfc_service, service_manager_type;
-type perfprofd_service, service_manager_type;
type radio_service, service_manager_type;
type secure_element_service, service_manager_type;
+type service_manager_service, service_manager_type;
type storaged_service, service_manager_type;
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type system_app_service, service_manager_type;
@@ -45,18 +47,23 @@
type adb_service, system_api_service, system_server_service, service_manager_type;
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
+type app_integrity_service, system_api_service, system_server_service, service_manager_type;
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
+type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type auth_service, app_api_service, system_server_service, service_manager_type;
type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type battery_service, system_server_service, service_manager_type;
type binder_calls_stats_service, system_server_service, service_manager_type;
+type blob_store_service, app_api_service, system_server_service, service_manager_type;
type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type broadcastradio_service, system_server_service, service_manager_type;
+type cacheinfo_service, system_api_service, system_server_service, service_manager_type;
type cameraproxy_service, system_server_service, service_manager_type;
type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type contexthub_service, app_api_service, system_server_service, service_manager_type;
@@ -74,6 +81,7 @@
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
+type dataloader_manager_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_config_service, system_server_service, service_manager_type;
type device_policy_service, app_api_service, system_server_service, service_manager_type;
@@ -84,6 +92,7 @@
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type color_display_service, system_api_service, system_server_service, service_manager_type;
type external_vibrator_service, system_server_service, service_manager_type;
+type file_integrity_service, app_api_service, system_server_service, service_manager_type;
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;
@@ -94,6 +103,7 @@
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type biometric_service, app_api_service, system_server_service, service_manager_type;
type bugreport_service, system_api_service, system_server_service, service_manager_type;
+type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
@@ -102,12 +112,14 @@
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, system_api_service, system_server_service, service_manager_type;
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type incremental_service, system_server_service, service_manager_type;
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type iris_service, app_api_service, system_server_service, service_manager_type;
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type lock_settings_service, system_api_service, system_server_service, service_manager_type;
type looper_stats_service, system_server_service, service_manager_type;
@@ -157,7 +169,9 @@
type slice_service, app_api_service, system_server_service, service_manager_type;
type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type system_config_service, system_api_service, system_server_service, service_manager_type;
type system_update_service, system_server_service, service_manager_type;
+type soundtrigger_middleware_service, system_server_service, service_manager_type;
type task_service, system_server_service, service_manager_type;
type testharness_service, system_server_service, service_manager_type;
type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -166,8 +180,10 @@
type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type timedetector_service, system_server_service, service_manager_type;
type timezone_service, system_server_service, service_manager_type;
+type timezonedetector_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type;
type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type updatelock_service, system_api_service, system_server_service, service_manager_type;
type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -182,11 +198,23 @@
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
type wifi_service, app_api_service, system_server_service, service_manager_type;
-type wificond_service, service_manager_type;
+type wifinl80211_service, service_manager_type;
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
type wpantund_service, system_api_service, service_manager_type;
+type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type emergency_affordance_service, system_server_service, service_manager_type;
+
+###
+### HAL Services
+###
+
+type hal_identity_service, vendor_service, service_manager_type;
+type hal_light_service, vendor_service, service_manager_type;
+type hal_power_service, vendor_service, service_manager_type;
+type hal_rebootescrow_service, vendor_service, service_manager_type;
+type hal_vibrator_service, vendor_service, service_manager_type;
###
### Neverallow rules
diff --git a/public/servicemanager.te b/public/servicemanager.te
index df20941..63fc227 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -18,8 +18,15 @@
}:binder transfer;
allow servicemanager service_contexts_file:file r_file_perms;
+
+allow servicemanager vendor_service_contexts_file:file r_file_perms;
+
# nonplat_service_contexts only accessible on non full-treble devices
not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
+add_service(servicemanager, service_manager_service)
+allow servicemanager dumpstate:fd use;
+allow servicemanager dumpstate:fifo_file write;
+
# Check SELinux permissions.
selinux_check_access(servicemanager)
diff --git a/public/sgdisk.te b/public/sgdisk.te
index 9d71249..e5a9152 100644
--- a/public/sgdisk.te
+++ b/public/sgdisk.te
@@ -17,6 +17,8 @@
allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE };
# Force a re-read of the partition table.
allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART };
+# Allow reading of the physical block size.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKPBSZGET };
# Inherit and use pty created by android_fork_execvp()
allow sgdisk devpts:chr_file { read write ioctl getattr };
diff --git a/public/shell.te b/public/shell.te
index 56196c3..c0412eb 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -78,10 +78,15 @@
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
# property.
set_prop(shell, heapprofd_enabled_prop)
+# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
+# property.
+set_prop(shell, traced_perf_enabled_prop)
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
set_prop(shell, ctl_gsid_prop)
# Allow shell to enable Dynamic System Update
set_prop(shell, dynamic_system_prop)
+# Allow shell to mock an OTA using persist.pm.mock-upgrade
+set_prop(shell, mock_ota_prop)
userdebug_or_eng(`
# "systrace --boot" support - allow boottrace service to run
@@ -104,6 +109,9 @@
get_prop(shell, last_boot_reason_prop)
get_prop(shell, system_boot_reason_prop)
+# Allow reading the outcome of perf_event_open LSM support test for CTS.
+get_prop(shell, init_perf_lsm_hooks_prop)
+
# allow shell access to services
allow shell servicemanager:service_manager list;
# don't allow shell to access GateKeeper service
@@ -122,6 +130,7 @@
-virtual_touchpad_service
-vold_service
-vr_hwc_service
+ -default_android_service
}:service_manager find;
allow shell dumpstate:binder call;
@@ -130,7 +139,7 @@
hwbinder_use(shell)
allow shell hwservicemanager:hwservice_manager list;
-# allow shell to look through /proc/ for lsmod, ps, top, netstat.
+# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat.
r_dir_file(shell, proc_net_type)
allow shell {
@@ -146,6 +155,7 @@
proc_timer
proc_uptime
proc_version
+ proc_vmstat
proc_zoneinfo
}:file r_file_perms;
diff --git a/public/simpleperf.te b/public/simpleperf.te
new file mode 100644
index 0000000..218fee7
--- /dev/null
+++ b/public/simpleperf.te
@@ -0,0 +1 @@
+type simpleperf, domain;
diff --git a/public/statsd.te b/public/statsd.te
index 089cae9..435bbdf 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -27,9 +27,6 @@
binder_call(statsd, appdomain)
binder_call(statsd, healthd)
binder_call(statsd, incidentd)
-userdebug_or_eng(`
- binder_call(statsd, perfprofd)
-')
binder_call(statsd, system_server)
# Allow statsd to interact with gpuservice
@@ -44,9 +41,6 @@
allow statsd {
app_api_service
incident_service
- userdebug_or_eng(`
- perfprofd_service
- ')
system_api_service
}:service_manager find;
diff --git a/public/su.te b/public/su.te
index a2f435e..99d4603 100644
--- a/public/su.te
+++ b/public/su.te
@@ -52,6 +52,7 @@
dontaudit su postinstall_file:filesystem *;
dontaudit su domain:bpf *;
dontaudit su unlabeled:vsock_socket *;
+ dontaudit su self:perf_event *;
# VTS tests run in the permissive su domain on debug builds, but the HALs
# being tested run in enforcing mode. Because hal_foo_server is enforcing
@@ -86,6 +87,7 @@
typeattribute su hal_nfc_client;
typeattribute su hal_oemlock_client;
typeattribute su hal_power_client;
+ typeattribute su hal_rebootescrow_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
typeattribute su hal_telephony_client;
@@ -93,12 +95,12 @@
typeattribute su hal_thermal_client;
typeattribute su hal_tv_cec_client;
typeattribute su hal_tv_input_client;
+ typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
typeattribute su hal_vr_client;
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
typeattribute su hal_wifi_hostapd_client;
- typeattribute su hal_wifi_offload_client;
typeattribute su hal_wifi_supplicant_client;
')
diff --git a/public/te_macros b/public/te_macros
index 85783dc..56f97752 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -171,16 +171,17 @@
# Label tmpfs objects for all apps.
type_transition $1 tmpfs:file appdomain_tmpfs;
allow $1 appdomain_tmpfs:file { execute getattr map read write };
-neverallow { $1 -runas_app -shell } { domain -$1 }:file no_rw_file_perms;
-neverallow { appdomain -runas_app -shell -$1 } $1:file no_rw_file_perms;
+neverallow { $1 -runas_app -shell -simpleperf } { domain -$1 }:file no_rw_file_perms;
+neverallow { appdomain -runas_app -shell -simpleperf -$1 } $1:file no_rw_file_perms;
# The Android security model guarantees the confidentiality and integrity
# of application data and execution state. Ptrace bypasses those
-# confidentiality guarantees. Disallow ptrace access from system components
-# to apps. Crash_dump is excluded, as it needs ptrace access to
-# produce stack traces. llkd is excluded, as it needs to inspect
-# the kernel stack for live lock conditions. runas_app is excluded, as it can
-# only access debuggable apps.
-neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') -runas_app } $1:process ptrace;
+# confidentiality guarantees. Disallow ptrace access from system components to
+# apps. crash_dump is excluded, as it needs ptrace access to produce stack
+# traces. runas_app is excluded, as it operates only on debuggable apps.
+# simpleperf is excluded, as it operates only on debuggable or profileable
+# apps. llkd is excluded, as it needs ptrace access to inspect stack traces for
+# live lock conditions.
+neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') -runas_app -simpleperf } $1:process ptrace;
')
#####################################
@@ -337,6 +338,8 @@
define(`binder_use', `
# Call the servicemanager and transfer references to it.
allow $1 servicemanager:binder { call transfer };
+# Allow servicemanager to send out callbacks
+allow servicemanager $1:binder { call transfer };
# servicemanager performs getpidcon on clients.
allow servicemanager $1:dir search;
allow servicemanager $1:file { read open };
@@ -596,6 +599,18 @@
binder_call(keystore, $1)
')
+#####################################
+# use_credstore(domain)
+# Ability to use credstore.
+define(`use_credstore', `
+ allow credstore $1:dir search;
+ allow credstore $1:file { read open };
+ allow credstore $1:process getattr;
+ allow $1 credstore_service:service_manager find;
+ binder_call($1, credstore)
+ binder_call(credstore, $1)
+')
+
###########################################
# use_drmservice(domain)
# Ability to use DrmService which requires
@@ -648,11 +663,12 @@
# Allow processes within the domain to have their heap profiled by heapprofd.
#
# Note that profiling is performed differently between debug and user builds.
-# This macro covers both user and debug builds, but see
-# can_profile_heap_userdebug_or_eng for a variant that can be used when
-# allowing profiling for a domain only on debug builds, without granting
-# the exec permission. The exec permission is necessary for user builds, but
-# only a nice-to-have for development and testing purposes on debug builds.
+# There are two modes for profiling:
+# * forked
+# * central.
+# On user builds, the default is to allow only forked mode. If it is desired
+# to allow central mode as well for a domain, use can_profile_heap_central.
+# On userdebug, this macro allows both forked and central.
define(`can_profile_heap', `
# Allow central daemon to send signal for client initialization.
allow heapprofd $1:process signal;
@@ -668,37 +684,39 @@
allow heapprofd $1:dir r_dir_perms;
# Profilability on user implies profilability on userdebug and eng.
- can_profile_heap_userdebug_or_eng($1)
+ userdebug_or_eng(`
+ can_profile_heap_central($1)
+ ')
')
###################################
-# can_profile_heap_userdebug_or_eng(domain)
-# Allow processes within the domain to have their heap profiled by heapprofd on
-# debug builds only.
-#
-# Only necessary when can_profile_heap cannot be applied, see its description
-# for rationale.
-define(`can_profile_heap_userdebug_or_eng', `
- userdebug_or_eng(`
- # Allow central daemon to send signal for client initialization.
- allow heapprofd $1:process signal;
- # Allow connecting to the daemon.
- unix_socket_connect($1, heapprofd, heapprofd)
- # Allow daemon to use the passed fds.
- allow heapprofd $1:fd use;
- # Allow to read and write to heapprofd shmem.
- # The client needs to read the read and write pointers in order to write.
- allow $1 heapprofd_tmpfs:file { read write getattr map };
- # Use shared memory received over the unix socket.
- allow $1 heapprofd:fd use;
+# can_profile_heap_central(domain)
+# Allow processes within the domain to have their heap profiled by central
+# heapprofd.
+define(`can_profile_heap_central', `
+ # Allow central daemon to send signal for client initialization.
+ allow heapprofd $1:process signal;
+ # Allow connecting to the daemon.
+ unix_socket_connect($1, heapprofd, heapprofd)
+ # Allow daemon to use the passed fds.
+ allow heapprofd $1:fd use;
+ # Allow to read and write to heapprofd shmem.
+ # The client needs to read the read and write pointers in order to write.
+ allow $1 heapprofd_tmpfs:file { read write getattr map };
+ # Use shared memory received over the unix socket.
+ allow $1 heapprofd:fd use;
- # To read from the received file descriptors.
- # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
- # process they relate to.
- allow heapprofd $1:file r_file_perms;
- # Allow searching the /proc/[pid] directory for cmdline.
- allow heapprofd $1:dir r_dir_perms;
- ')
+ # To read and write from the received file descriptors.
+ # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
+ # process they relate to.
+ # We need to write to /proc/$PID/page_idle to find idle allocations.
+ # The client only opens /proc/self/page_idle with RDWR, everything else
+ # with RDONLY.
+ # heapprofd cannot open /proc/$PID/mem itself, as it does not have
+ # sys_ptrace.
+ allow heapprofd $1:file rw_file_perms;
+ # Allow searching the /proc/[pid] directory for cmdline.
+ allow heapprofd $1:dir r_dir_perms;
')
###################################
@@ -708,3 +726,198 @@
neverallow heapprofd $1:file read;
neverallow heapprofd $1:process signal;
')
+
+###################################
+# can_profile_perf(domain)
+# Allow processes within the domain to be profiled, and have their stacks
+# sampled, by traced_perf.
+define(`can_profile_perf', `
+ # Allow directory & file read to traced_perf, as it stat(2)s /proc/[pid], and
+ # reads /proc/[pid]/cmdline.
+ allow traced_perf $1:file r_file_perms;
+ allow traced_perf $1:dir r_dir_perms;
+
+ # Allow central daemon to send signal to request /proc/[pid]/maps and
+ # /proc/[pid]/mem fds from this process.
+ allow traced_perf $1:process signal;
+
+ # Allow connecting to the daemon.
+ unix_socket_connect($1, traced_perf, traced_perf)
+ # Allow daemon to use the passed fds.
+ allow traced_perf $1:fd use;
+')
+
+###################################
+# never_profile_perf(domain)
+# Opt out of profiling by traced_perf.
+define(`never_profile_perf', `
+ neverallow traced_perf $1:file read;
+ neverallow traced_perf $1:process signal;
+')
+
+###################################
+# perfetto_producer(domain)
+# Allow processes within the domain to write data to Perfetto.
+# When applying this macro, you might need to also allow traced to use the
+# producer tmpfs domain, if the producer will be the one creating the shared
+# memory.
+define(`perfetto_producer', `
+ allow $1 traced:fd use;
+ allow $1 traced_tmpfs:file { read write getattr map };
+ unix_socket_connect($1, traced_producer, traced)
+
+ # Also allow the service to use the producer file descriptors. This is
+ # necessary when the producer is creating the shared memory, as it will be
+ # passed to the service as a file descriptor (obtained from memfd_create).
+ allow traced $1:fd use;
+')
+
+###########################################
+# dump_hal(hal_type)
+# Ability to dump the hal debug info
+#
+define(`dump_hal', `
+ hal_client_domain(dumpstate, $1);
+ allow $1_server dumpstate:fifo_file write;
+ allow $1_server dumpstate:fd use;
+')
+
+#####################################
+# treble_sysprop_neverallow(rules)
+# SELinux neverallow rules which enforces the owner of each property and accessibility
+# outside the owner.
+#
+# For devices launching with R or later, all properties must be explicitly marked as one of:
+# system_property_type, vendor_property_type, or product_property_type.
+# Also, exported properties must be explicitly marked as "restricted" or "public",
+# depending on the accessibility outside the owner.
+# For devices launching with Q or eariler, this neverallow rules can be relaxed with defining
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true on BoardConfig.mk.
+# See {partition}_{accessibility}_prop macros below.
+#
+# CTS uses these rules only for devices launching with R or later.
+#
+define(`treble_sysprop_neverallow', ifelse(target_treble_sysprop_neverallow, `true', $1,
+ifelse(target_treble_sysprop_neverallow, `cts',
+# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+$1
+# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify
+, )))
+
+###########################################
+# define_prop(name, owner, scope)
+# Define a property with given owner and scope
+#
+define(`define_prop', `
+ type $1, property_type, $2_property_type, $2_$3_property_type;
+')
+
+###########################################
+# system_internal_prop(name)
+# Define a /system-owned property used only in /system
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`system_internal_prop', `
+ define_prop($1, system, internal)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# system_restricted_prop(name)
+# Define a /system-owned property which can't be written outside /system
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`system_restricted_prop', `
+ define_prop($1, system, restricted)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:property_service set;
+ ')
+')
+
+###########################################
+# system_public_prop(name)
+# Define a /system-owned property with no restrictions
+#
+define(`system_public_prop', `define_prop($1, system, public)')
+
+###########################################
+# system_vendor_config_prop(name)
+# Define a /system-owned property which can only be written by vendor_init
+# This is a macro for vendor-specific configuration properties which is meant
+# to be set once from vendor_init.
+#
+define(`system_vendor_config_prop', `
+ system_public_prop($1)
+ set_prop(vendor_init, $1)
+ neverallow { domain -init -vendor_init } $1:property_service set;
+')
+
+###########################################
+# product_internal_prop(name)
+# Define a /product-owned property used only in /product
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`product_internal_prop', `
+ define_prop($1, product, internal)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# product_restricted_prop(name)
+# Define a /product-owned property which can't be written outside /product
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`product_restricted_prop', `
+ define_prop($1, product, restricted)
+ treble_sysprop_neverallow(`
+ neverallow { domain -coredomain } $1:property_service set;
+ ')
+')
+
+###########################################
+# product_public_prop(name)
+# Define a /product-owned property with no restrictions
+#
+define(`product_public_prop', `define_prop($1, product, public)')
+
+###########################################
+# vendor_internal_prop(name)
+# Define a /vendor-owned property used only in /vendor
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`vendor_internal_prop', `
+ define_prop($1, vendor, internal)
+ treble_sysprop_neverallow(`
+# init and dumpstate are in coredomain, but should be able to read all props.
+ neverallow { coredomain -init -dumpstate } $1:file no_rw_file_perms;
+ ')
+')
+
+###########################################
+# vendor_restricted_prop(name)
+# Define a /vendor-owned property which can't be written outside /vendor
+# For devices launching with Q or eariler, this restriction can be relaxed with
+# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true
+#
+define(`vendor_restricted_prop', `
+ define_prop($1, vendor, restricted)
+ treble_sysprop_neverallow(`
+# init is in coredomain, but should be able to write all props.
+ neverallow { coredomain -init } $1:property_service set;
+ ')
+')
+
+###########################################
+# vendor_public_prop(name)
+# Define a /vendor-owned property with no restrictions
+#
+define(`vendor_public_prop', `define_prop($1, vendor, public)')
diff --git a/public/toolbox.te b/public/toolbox.te
index fcf0ec3..4c2cc3e 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -24,5 +24,15 @@
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
# rm -rf directories in /data
+allow toolbox system_data_root_file:dir { remove_name write };
allow toolbox system_data_file:dir { rmdir rw_dir_perms };
allow toolbox system_data_file:file { getattr unlink };
+
+# chattr +F and chattr +P /data/media in init
+allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
+allowxperm toolbox media_rw_data_file:dir ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
diff --git a/public/traced_perf.te b/public/traced_perf.te
new file mode 100644
index 0000000..f9a0324
--- /dev/null
+++ b/public/traced_perf.te
@@ -0,0 +1 @@
+type traced_perf, domain;
diff --git a/public/traceur_app.te b/public/traceur_app.te
index 5333015..7e2cc84 100644
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@@ -21,6 +21,7 @@
-virtual_touchpad_service
-vold_service
-vr_hwc_service
+ -default_android_service
}:service_manager find;
# Allow traceur_app to use atrace HAL
diff --git a/public/ueventd.te b/public/ueventd.te
index 98e3bda..fc503b8 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -6,7 +6,7 @@
# Write to /dev/kmsg.
allow ueventd kmsg_device:chr_file rw_file_perms;
-allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner };
+allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner setuid };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
@@ -59,17 +59,17 @@
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
+# ueventd can set properties, particularly it sets ro.cold_boot_done to signal
+# to init that cold boot has completed.
+set_prop(ueventd, cold_boot_done_prop)
+
+# Allow ueventd to run shell scripts from vendor
+allow ueventd vendor_shell_exec:file execute;
+
#####
##### neverallow rules
#####
-# ueventd must never set properties, otherwise deadlocks may occur.
-# https://android-review.googlesource.com/#/c/133120/6/init/devices.cpp@941
-# No writing to the property socket, connecting to init, or setting properties.
-neverallow ueventd property_socket:sock_file write;
-neverallow ueventd init:unix_stream_socket connectto;
-neverallow ueventd property_type:property_service set;
-
# Restrict ueventd access on block devices to maintenence operations.
neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
@@ -78,3 +78,6 @@
# Nobody should be able to ptrace ueventd
neverallow * ueventd:process ptrace;
+
+# ueventd should never execute a program without changing to another domain.
+neverallow ueventd { file_type fs_type }:file execute_no_trans;
diff --git a/public/uncrypt.te b/public/uncrypt.te
index 28dc3f2..4114b2a 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -15,9 +15,9 @@
allow uncrypt cache_recovery_file:dir rw_dir_perms;
allow uncrypt cache_recovery_file:file create_file_perms;
-# Read OTA zip file at /data/ota_package/.
+# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/.
allow uncrypt ota_package_file:dir r_dir_perms;
-allow uncrypt ota_package_file:file r_file_perms;
+allow uncrypt ota_package_file:file rw_file_perms;
# Write to /dev/socket/uncrypt
unix_socket_connect(uncrypt, uncrypt, uncrypt)
@@ -40,3 +40,7 @@
# Read files in /sys
r_dir_file(uncrypt, sysfs_dt_firmware_android)
+
+# Suppress the denials coming from ReadDefaultFstab call.
+dontaudit uncrypt gsi_metadata_file:dir search;
+dontaudit uncrypt metadata_file:dir search;
diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 5289bf9..43fe19a 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -16,6 +16,15 @@
### seapp_contexts.
###
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion >= 30.
type untrusted_app, domain;
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion = 29.
+type untrusted_app_29, domain;
+# This file defines the rules for untrusted apps running with
+# 25 < targetSdkVersion <= 28.
type untrusted_app_27, domain;
+# This file defines the rules for untrusted apps running with
+# targetSdkVersion <= 25.
type untrusted_app_25, domain;
diff --git a/public/update_engine.te b/public/update_engine.te
index 7bcaca6..8b767be 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -36,8 +36,16 @@
binder_use(update_engine)
add_service(update_engine, update_engine_service)
-# Allow update_engine to call the callback function provided by priv_app.
+# Allow update_engine to call the callback function provided by priv_app/GMS core.
binder_call(update_engine, priv_app)
+# b/142672293: No other priv-app should need this rule now that GMS core runs in its own domain.
+userdebug_or_eng(`
+ auditallow update_engine priv_app:binder { call transfer };
+ auditallow priv_app update_engine:binder transfer;
+ auditallow update_engine priv_app:fd use;
+')
+
+binder_call(update_engine, gmscore_app)
# Allow update_engine to call the callback function provided by system_server.
binder_call(update_engine, system_server)
@@ -54,3 +62,26 @@
# read directories on /system and /vendor
allow update_engine system_file:dir r_dir_perms;
+
+# Allow to start gsid service.
+set_prop(update_engine, ctl_gsid_prop)
+
+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
+# Allow to get the DSU status
+get_prop(update_engine, gsid_prop)
+
+# update_engine tries to determine the parent path for all devices (e.g.
+# /dev/block/by-name) by reading the default fstab and looking for the misc
+# device. ReadDefaultFstab() checks whether a GSI is running by checking
+# gsi_metadata_file. We never apply OTAs when GSI is running, so just deny
+# the access.
+dontaudit update_engine gsi_metadata_file:dir search;
+
+# Allow to write to snapshotctl_log logs.
+# TODO(b/148818798) revert when parent bug is fixed.
+userdebug_or_eng(`
+allow update_engine snapshotctl_log_data_file:dir rw_dir_perms;
+allow update_engine snapshotctl_log_data_file:file create_file_perms;
+')
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index a326d4c..57d8e7e 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -56,6 +56,9 @@
# Read files in /sys/firmware/devicetree/base/firmware/android/
r_dir_file(update_engine_common, sysfs_dt_firmware_android)
+# Needed because libdm reads sysfs to validate when a dm path is ready.
+r_dir_file(update_engine_common, sysfs_dm)
+
# read / write on /dev/device-mapper to map / unmap devices
allow update_engine_common dm_device:chr_file rw_file_perms;
@@ -73,3 +76,11 @@
# Allow update_engine_common to write to statsd socket.
unix_socket_send(update_engine_common, statsdw, statsd)
+
+# Allow to read Virtual A/B feature flags.
+get_prop(update_engine_common, virtual_ab_prop)
+
+# Allow to read/write/create OTA metadata files for snapshot status and COW file status.
+allow update_engine_common metadata_file:dir search;
+allow update_engine_common ota_metadata_file:dir rw_dir_perms;
+allow update_engine_common ota_metadata_file:file create_file_perms;
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 8d40cdd..f881aeb 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -27,6 +27,9 @@
# Allow update_verifier to reboot the device.
set_prop(update_verifier, powerctl_prop)
+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
# Use Boot Control HAL
hal_client_domain(update_verifier, hal_bootctl)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 375673c..36bb5cb 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -51,6 +51,7 @@
-system_file_type
-mnt_product_file
-password_slot_metadata_file
+ -ota_metadata_file
-unlabeled
-vendor_file_type
-vold_metadata_file
@@ -65,6 +66,7 @@
-core_data_file_type
-exec_type
-password_slot_metadata_file
+ -ota_metadata_file
-runtime_event_log_tags_file
-system_file_type
-unlabeled
@@ -79,6 +81,7 @@
-core_data_file_type
-exec_type
-password_slot_metadata_file
+ -ota_metadata_file
-system_file_type
-unlabeled
-vendor_file_type
@@ -93,6 +96,7 @@
-core_data_file_type
-exec_type
-password_slot_metadata_file
+ -ota_metadata_file
-system_file_type
-unlabeled
-vendor_file_type
@@ -107,6 +111,7 @@
-exec_type
-mnt_product_file
-password_slot_metadata_file
+ -ota_metadata_file
-system_file_type
-vendor_file_type
-vold_metadata_file
@@ -193,36 +198,22 @@
not_compatible_property(`
set_prop(vendor_init, {
property_type
- -device_config_activity_manager_native_boot_prop
- -device_config_boot_count_prop
- -device_config_reset_performed_prop
- -device_config_input_native_boot_prop
- -device_config_netd_native_prop
- -device_config_runtime_native_boot_prop
- -device_config_runtime_native_prop
- -device_config_media_native_prop
- -restorecon_prop
- -netd_stable_secret_prop
- -firstboot_prop
- -pm_prop
- -system_boot_reason_prop
- -bootloader_boot_reason_prop
- -last_boot_reason_prop
- -apexd_prop
- -gsid_prop
- -nnapi_ext_deny_product_prop
+ -system_internal_property_type
+ -system_restricted_property_type
})
')
# Get file context
allow vendor_init file_contexts_file:file r_file_perms;
+set_prop(vendor_init, apk_verity_prop)
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, bluetooth_audio_hal_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)
+set_prop(vendor_init, exported_camera_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)
@@ -237,18 +228,29 @@
set_prop(vendor_init, exported2_vold_prop)
set_prop(vendor_init, exported3_default_prop)
set_prop(vendor_init, exported3_radio_prop)
+set_prop(vendor_init, incremental_prop)
+set_prop(vendor_init, lmkd_prop)
set_prop(vendor_init, logd_prop)
set_prop(vendor_init, log_tag_prop)
set_prop(vendor_init, log_prop)
+set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, storage_config_prop)
+set_prop(vendor_init, userspace_reboot_config_prop)
+set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
set_prop(vendor_init, vendor_security_patch_level_prop)
+set_prop(vendor_init, vndk_prop)
+set_prop(vendor_init, virtual_ab_prop)
set_prop(vendor_init, wifi_log_prop)
get_prop(vendor_init, exported2_radio_prop)
get_prop(vendor_init, exported3_system_prop)
+get_prop(vendor_init, surfaceflinger_display_prop)
get_prop(vendor_init, theme_prop)
+get_prop(vendor_init, ota_prop)
+
###
### neverallow rules
###
diff --git a/public/vendor_misc_writer.te b/public/vendor_misc_writer.te
index 7093fec..dee9941 100644
--- a/public/vendor_misc_writer.te
+++ b/public/vendor_misc_writer.te
@@ -6,6 +6,8 @@
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
allow vendor_misc_writer block_device:dir r_dir_perms;
-# Silence the denial when calling libfstab's ReadDefaultFstab.
+# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to
+# load DT fstab.
dontaudit vendor_misc_writer proc_cmdline:file read;
dontaudit vendor_misc_writer metadata_file:dir search;
+dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search;
diff --git a/public/vndservice.te b/public/vndservice.te
index 0d309bf..efd9adf 100644
--- a/public/vndservice.te
+++ b/public/vndservice.te
@@ -1 +1,2 @@
+type service_manager_vndservice, vndservice_manager_type;
type default_android_vndservice, vndservice_manager_type;
diff --git a/public/vold.te b/public/vold.te
index 2a278eb..1d125d3 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -43,12 +43,29 @@
# allowxperm still requires the ioctl permission for the individual type
allowxperm vold { fs_type file_type }:dir ioctl FITRIM;
-# Get encryption policy for dirs in /data
+# Get/set file-based encryption policies on dirs in /data and adoptable storage,
+# and add/remove file-based encryption keys.
allowxperm vold data_file_type:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
FS_IOC_SET_ENCRYPTION_POLICY
+ FS_IOC_ADD_ENCRYPTION_KEY
+ FS_IOC_REMOVE_ENCRYPTION_KEY
};
+# Only vold and init should ever set file-based encryption policies.
+neverallowxperm {
+ domain
+ -vold
+ -init
+ -vendor_init
+} data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY };
+
+# Only vold should ever add/remove file-based encryption keys.
+neverallowxperm {
+ domain
+ -vold
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+
# Find the location on the raw block device where the
# crypto key is stored so it can be destroyed
allowxperm vold vold_data_file:file ioctl {
@@ -75,6 +92,17 @@
# Access to storage that backs emulated FUSE daemons for migration optimization
allow vold media_rw_data_file:dir create_dir_perms;
allow vold media_rw_data_file:file create_file_perms;
+# Allow mounting (lower filesystem) on parts of media for performance
+allow vold media_rw_data_file:dir mounton;
+
+# Allow setting extended attributes (for project quota IDs) on files and dirs
+# and to enable project ID inheritance through FS_IOC_SETFLAGS
+allowxperm vold media_rw_data_file:{ dir file } ioctl {
+ FS_IOC_FSGETXATTR
+ FS_IOC_FSSETXATTR
+ FS_IOC_GETFLAGS
+ FS_IOC_SETFLAGS
+};
# Allow mounting of storage devices
allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr };
@@ -84,11 +112,24 @@
allow vold mnt_user_file:lnk_file create_file_perms;
allow vold mnt_user_file:file create_file_perms;
+# Manage per-user pass_through primary symlinks
+allow vold mnt_pass_through_file:dir { create_dir_perms mounton };
+allow vold mnt_pass_through_file:lnk_file create_file_perms;
+
# Allow to create and mount expanded storage
allow vold mnt_expand_file:dir { create_dir_perms mounton };
allow vold apk_data_file:dir { create getattr setattr };
allow vold shell_data_file:dir { create getattr setattr };
+# Allow to mount incremental file system on /data/incremental and create files
+allow vold apk_data_file:dir { mounton rw_dir_perms };
+# Allow to create and write files in /data/incremental
+allow vold apk_data_file:file rw_file_perms;
+# Allow to bind-mount incremental file system on /data/app/vmdl*.tmp and read files
+allow vold apk_tmp_file:dir { mounton r_dir_perms };
+# Allow to read incremental control file and call selinux restorecon on it
+allow vold incremental_control_file:file { r_file_perms relabelto };
+
allow vold tmpfs:filesystem { mount unmount };
allow vold tmpfs:dir create_dir_perms;
allow vold tmpfs:dir mounton;
@@ -135,7 +176,10 @@
allow vold efs_file:file rw_file_perms;
# Create and mount on /data/tmp_mnt and management of expansion mounts
-allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
+allow vold {
+ system_data_file
+ system_data_root_file
+}:dir { create rw_dir_perms mounton setattr rmdir };
allow vold system_data_file:lnk_file getattr;
# Vold create users in /data/vendor_{ce,de}/[0-9]+
@@ -154,6 +198,11 @@
set_prop(vold, powerctl_prop)
set_prop(vold, ctl_fuse_prop)
set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)
+set_prop(vold, boottime_prop)
+set_prop(vold, boottime_public_prop)
+get_prop(vold, storage_config_prop)
+get_prop(vold, incremental_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;
@@ -166,6 +215,10 @@
allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
allow vold unlabeled:file { r_file_perms setattr relabelfrom };
+# Access to FUSE control filesystem to hard-abort FUSE mounts
+allow vold fusectlfs:file rw_file_perms;
+allow vold fusectlfs:dir rw_dir_perms;
+
# Handle wake locks (used for device encryption)
wakelock_use(vold)
@@ -302,7 +355,6 @@
neverallow vold {
domain
- -ashmemd
-hal_health_storage_server
-hal_keymaster_server
-system_suspend_server
diff --git a/public/wificond.te b/public/wificond.te
index 656abad..b429884 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -4,8 +4,9 @@
binder_use(wificond)
binder_call(wificond, system_server)
+binder_call(wificond, keystore)
-add_service(wificond, wificond_service)
+add_service(wificond, wifinl80211_service)
set_prop(wificond, exported_wifi_prop)
set_prop(wificond, wifi_prop)
@@ -29,3 +30,13 @@
# dumpstate support
allow wificond dumpstate:fd use;
allow wificond dumpstate:fifo_file write;
+
+#### Offer the Wifi Keystore HwBinder service ###
+hwbinder_use(wificond)
+get_prop(wificond, hwservicemanager_prop)
+typeattribute wificond wifi_keystore_service_server;
+add_hwservice(wificond, system_wifi_keystore_hwservice)
+
+# Allow keystore binder access to serve the HwBinder service.
+allow wificond keystore_service:service_manager find;
+allow wificond keystore:keystore_key get;
diff --git a/seapp_contexts.mk b/seapp_contexts.mk
index 9c22099..462fa27 100644
--- a/seapp_contexts.mk
+++ b/seapp_contexts.mk
@@ -19,6 +19,29 @@
##################################
include $(CLEAR_VARS)
+LOCAL_MODULE := system_ext_seapp_contexts
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+system_ext_sc_files := $(call build_policy, seapp_contexts, $(SYSTEM_EXT_PRIVATE_POLICY))
+plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY))
+
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(system_ext_sc_files)
+$(LOCAL_BUILT_MODULE): PRIVATE_SC_NEVERALLOW_FILES := $(plat_sc_neverallow_files)
+$(LOCAL_BUILT_MODULE): $(built_sepolicy) $(system_ext_sc_files) $(HOST_OUT_EXECUTABLES)/checkseapp $(plat_sc_neverallow_files)
+ @mkdir -p $(dir $@)
+ $(hide) grep -ihe '^neverallow' $(PRIVATE_SC_NEVERALLOW_FILES) > $@.tmp
+ $(hide) $(HOST_OUT_EXECUTABLES)/checkseapp -p $(PRIVATE_SEPOLICY) -o $@ $(PRIVATE_SC_FILES) $@.tmp
+
+system_ext_sc_files :=
+plat_sc_neverallow_files :=
+
+##################################
+include $(CLEAR_VARS)
LOCAL_MODULE := product_seapp_contexts
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -50,7 +73,7 @@
include $(BUILD_SYSTEM)/base_rules.mk
vendor_sc_files := $(call build_policy, seapp_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(vendor_sc_files)
@@ -73,7 +96,7 @@
include $(BUILD_SYSTEM)/base_rules.mk
odm_sc_files := $(call build_policy, seapp_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
-plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+plat_sc_neverallow_files := $(call build_policy, seapp_contexts, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): PRIVATE_SC_FILES := $(odm_sc_files)
diff --git a/service_contexts.mk b/service_contexts.mk
deleted file mode 100644
index da2bc23..0000000
--- a/service_contexts.mk
+++ /dev/null
@@ -1,89 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_service_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-plat_svcfiles := $(call build_policy, service_contexts, $(PLAT_PRIVATE_POLICY))
-
-plat_service_contexts.tmp := $(intermediates)/plat_service_contexts.tmp
-$(plat_service_contexts.tmp): PRIVATE_SVC_FILES := $(plat_svcfiles)
-$(plat_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_service_contexts.tmp): $(plat_svcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(plat_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
-
-built_plat_svc := $(LOCAL_BUILT_MODULE)
-plat_svcfiles :=
-plat_service_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_service_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_svcfiles := $(call build_policy, service_contexts, $(PRODUCT_PRIVATE_POLICY))
-
-product_service_contexts.tmp := $(intermediates)/product_service_contexts.tmp
-$(product_service_contexts.tmp): PRIVATE_SVC_FILES := $(product_svcfiles)
-$(product_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_service_contexts.tmp): $(product_svcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(product_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
-
-product_svcfiles :=
-product_service_contexts.tmp :=
-
-##################################
-# nonplat_service_contexts is only allowed on non-full-treble devices
-ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_service_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_svcfiles := $(call build_policy, service_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-
-vendor_service_contexts.tmp := $(intermediates)/vendor_service_contexts.tmp
-$(vendor_service_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_svcfiles)
-$(vendor_service_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_service_contexts.tmp): $(vendor_svcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(vendor_service_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -s $(PRIVATE_SEPOLICY) $@
-
-built_vendor_svc := $(LOCAL_BUILT_MODULE)
-vendor_svcfiles :=
-vendor_service_contexts.tmp :=
-
-endif
diff --git a/tests/Android.bp b/tests/Android.bp
index a7d7023..926b5e4 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -11,7 +11,6 @@
"libbase",
"libsepol",
],
- stl: "libc++_static",
sanitize: {
never: true,
},
@@ -33,7 +32,7 @@
python_binary_host {
name: "treble_sepolicy_tests",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"mini_parser.py",
"policy.py",
"treble_sepolicy_tests.py",
@@ -45,7 +44,7 @@
python_binary_host {
name: "sepolicy_tests",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"policy.py",
"sepolicy_tests.py",
],
@@ -56,7 +55,7 @@
python_binary_host {
name: "searchpolicy",
srcs: [
- "FcSort.py",
+ "fc_sort.py",
"policy.py",
"searchpolicy.py",
],
@@ -72,3 +71,11 @@
],
defaults: ["py2_only"],
}
+
+python_binary_host {
+ name: "fc_sort",
+ srcs: [
+ "fc_sort.py",
+ ],
+ defaults: ["py2_only"],
+}
diff --git a/tests/FcSort.py b/tests/FcSort.py
deleted file mode 100755
index 7cf1998..0000000
--- a/tests/FcSort.py
+++ /dev/null
@@ -1,125 +0,0 @@
-#!/usr/bin/env python
-import sys
-import os
-
-class FileContextsNode:
- path = None
- fileType = None
- context = None
- Type = None
- meta = None
- stemLen = None
- strLen = None
- Type = None
- def __init__(self, path, fileType, context, meta, stemLen, strLen):
- self.path = path
- self.fileType = fileType
- self.context = context
- self.meta = meta
- self.stemLen = stemLen
- self.strlen = strLen
- self.Type = context.split(":")[2]
-
-metaChars = frozenset(['.', '^', '$', '?', '*', '+', '|', '[', '(', '{'])
-escapedMetaChars = frozenset(['\.', '\^', '\$', '\?', '\*', '\+', '\|', '\[', '\(', '\{'])
-
-def getStemLen(path):
- global metaChars
- stemLen = 0
- i = 0
- while i < len(path):
- if path[i] == "\\":
- i += 1
- elif path[i] in metaChars:
- break
- stemLen += 1
- i += 1
- return stemLen
-
-
-def getIsMeta(path):
- global metaChars
- global escapedMetaChars
- metaCharsCount = 0
- escapedMetaCharsCount = 0
- for c in metaChars:
- if c in path:
- metaCharsCount += 1
- for c in escapedMetaChars:
- if c in path:
- escapedMetaCharsCount += 1
- return metaCharsCount > escapedMetaCharsCount
-
-def CreateNode(line):
- global metaChars
- if (len(line) == 0) or (line[0] == '#'):
- return None
-
- split = line.split()
- path = split[0].strip()
- context = split[-1].strip()
- fileType = None
- if len(split) == 3:
- fileType = split[1].strip()
- meta = getIsMeta(path)
- stemLen = getStemLen(path)
- strLen = len(path.replace("\\", ""))
-
- return FileContextsNode(path, fileType, context, meta, stemLen, strLen)
-
-def ReadFileContexts(files):
- fc = []
- for f in files:
- fd = open(f)
- for line in fd:
- node = CreateNode(line.strip())
- if node != None:
- fc.append(node)
- return fc
-
-# Comparator function for list.sort() based off of fc_sort.c
-# Compares two FileContextNodes a and b and returns 1 if a is more
-# specific or -1 if b is more specific.
-def compare(a, b):
- # The regex without metachars is more specific
- if a.meta and not b.meta:
- return -1
- if b.meta and not a.meta:
- return 1
-
- # The regex with longer stemlen (regex before any meta characters) is more specific.
- if a.stemLen < b.stemLen:
- return -1
- if b.stemLen < a.stemLen:
- return 1
-
- # The regex with longer string length is more specific
- if a.strLen < b.strLen:
- return -1
- if b.strLen < a.strLen:
- return 1
-
- # A regex with a fileType defined (e.g. file, dir) is more specific.
- if a.fileType is None and b.fileType is not None:
- return -1
- if b.fileType is None and a.fileType is not None:
- return 1
-
- # Regexes are equally specific.
- return 0
-
-def FcSort(files):
- for f in files:
- if not os.path.exists(f):
- sys.exit("Error: File_contexts file " + f + " does not exist\n")
-
- Fc = ReadFileContexts(files)
- Fc.sort(cmp=compare)
-
- return Fc
-
-if __name__ == '__main__':
- if len(sys.argv) < 2:
- sys.exit("Usage: fc_sort.py <file_contexts 1> <file_contexts 2> <file_contexts 3>")
-
- FcSorted = FcSort(sys.argv[1:])
diff --git a/tests/combine_maps.py b/tests/combine_maps.py
index a2bf38d..1a7dfaa 100644
--- a/tests/combine_maps.py
+++ b/tests/combine_maps.py
@@ -18,7 +18,8 @@
mapping files from x to y (top) and y to z (bottom), it's possible to construct
a mapping file from x to z. We do the following to combine two maps.
1. Add all new types declarations from top to bottom.
-2. Say, a new type "bar" in top is mapped like this "foo_V_v<-bar", then we map
+2. Add all new typeattribute declarations from top to bottom.
+3. Say, a new type "bar" in top is mapped like this "foo_V_v<-bar", then we map
"bar" to whatever "foo" is mapped to in the bottom map. We do this for all new
types in the top map.
@@ -33,6 +34,7 @@
def Combine(top, bottom):
bottom.types.update(top.types)
+ bottom.typeattributes.update(top.typeattributes)
for top_ta in top.typeattributesets:
top_type_set = top.typeattributesets[top_ta]
@@ -43,6 +45,11 @@
# Typeattributes in V.v.cil have _V_v suffix, but not in V.v.ignore.cil
bottom_type = m.group(1) if m else top_ta
+ # If type doesn't exist in bottom map, no need to maintain mappings to
+ # that type.
+ if bottom_type not in bottom.rTypeattributesets.keys():
+ continue
+
for bottom_ta in bottom.rTypeattributesets[bottom_type]:
bottom.typeattributesets[bottom_ta].update(top_type_set)
diff --git a/tests/fc_sort.py b/tests/fc_sort.py
new file mode 100755
index 0000000..cbb0e5e
--- /dev/null
+++ b/tests/fc_sort.py
@@ -0,0 +1,142 @@
+#!/usr/bin/env python
+import sys
+import os
+import argparse
+
+class FileContextsNode:
+ path = None
+ fileType = None
+ context = None
+ Type = None
+ meta = None
+ stemLen = None
+ strLen = None
+ Type = None
+ line = None
+ def __init__(self, path, fileType, context, meta, stemLen, strLen, line):
+ self.path = path
+ self.fileType = fileType
+ self.context = context
+ self.meta = meta
+ self.stemLen = stemLen
+ self.strlen = strLen
+ self.Type = context.split(":")[2]
+ self.line = line
+
+metaChars = frozenset(['.', '^', '$', '?', '*', '+', '|', '[', '(', '{'])
+escapedMetaChars = frozenset(['\.', '\^', '\$', '\?', '\*', '\+', '\|', '\[', '\(', '\{'])
+
+def getStemLen(path):
+ global metaChars
+ stemLen = 0
+ i = 0
+ while i < len(path):
+ if path[i] == "\\":
+ i += 1
+ elif path[i] in metaChars:
+ break
+ stemLen += 1
+ i += 1
+ return stemLen
+
+
+def getIsMeta(path):
+ global metaChars
+ global escapedMetaChars
+ metaCharsCount = 0
+ escapedMetaCharsCount = 0
+ for c in metaChars:
+ if c in path:
+ metaCharsCount += 1
+ for c in escapedMetaChars:
+ if c in path:
+ escapedMetaCharsCount += 1
+ return metaCharsCount > escapedMetaCharsCount
+
+def CreateNode(line):
+ global metaChars
+ if (len(line) == 0) or (line[0] == '#'):
+ return None
+
+ split = line.split()
+ path = split[0].strip()
+ context = split[-1].strip()
+ fileType = None
+ if len(split) == 3:
+ fileType = split[1].strip()
+ meta = getIsMeta(path)
+ stemLen = getStemLen(path)
+ strLen = len(path.replace("\\", ""))
+
+ return FileContextsNode(path, fileType, context, meta, stemLen, strLen, line)
+
+def ReadFileContexts(files):
+ fc = []
+ for f in files:
+ fd = open(f)
+ for line in fd:
+ node = CreateNode(line.strip())
+ if node != None:
+ fc.append(node)
+ return fc
+
+# Comparator function for list.sort() based off of fc_sort.c
+# Compares two FileContextNodes a and b and returns 1 if a is more
+# specific or -1 if b is more specific.
+def compare(a, b):
+ # The regex without metachars is more specific
+ if a.meta and not b.meta:
+ return -1
+ if b.meta and not a.meta:
+ return 1
+
+ # The regex with longer stemlen (regex before any meta characters) is more specific.
+ if a.stemLen < b.stemLen:
+ return -1
+ if b.stemLen < a.stemLen:
+ return 1
+
+ # The regex with longer string length is more specific
+ if a.strLen < b.strLen:
+ return -1
+ if b.strLen < a.strLen:
+ return 1
+
+ # A regex with a fileType defined (e.g. file, dir) is more specific.
+ if a.fileType is None and b.fileType is not None:
+ return -1
+ if b.fileType is None and a.fileType is not None:
+ return 1
+
+ # Regexes are equally specific.
+ return 0
+
+def FcSort(files):
+ for f in files:
+ if not os.path.exists(f):
+ sys.exit("Error: File_contexts file " + f + " does not exist\n")
+
+ Fc = ReadFileContexts(files)
+ Fc.sort(cmp=compare)
+
+ return Fc
+
+def PrintFc(Fc, out):
+ if not out:
+ f = sys.stdout
+ else:
+ f = open(out, "w")
+ for node in Fc:
+ f.write(node.line + "\n")
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description="SELinux file_contexts sorting tool.")
+ parser.add_argument("-i", dest="input", help="Path to the file_contexts file(s).", nargs="?", action='append')
+ parser.add_argument("-o", dest="output", help="Path to the output file", nargs=1)
+ args = parser.parse_args()
+ if not args.input:
+ parser.error("Must include path to policy")
+ if not not args.output:
+ args.output = args.output[0]
+
+ PrintFc(FcSort(args.input),args.output)
diff --git a/tests/policy.py b/tests/policy.py
index 90e387f..0f51e2f 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -3,7 +3,7 @@
import os
import sys
import platform
-import FcSort
+import fc_sort
###
# Check whether the regex will match a file path starting with the provided
@@ -413,7 +413,7 @@
self.__FcDict[t] = [rec[0]]
except:
pass
- self.__FcSorted = FcSort.FcSort(FcPaths)
+ self.__FcSorted = fc_sort.FcSort(FcPaths)
# load policy
def __InitPolicy(self, PolicyPath):
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 0851d3b..cf1e856 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -244,8 +244,8 @@
ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
ret += "See examples of how to fix this:\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/781036\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/852612\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/781036\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/852612\n"
return ret
###
@@ -270,7 +270,7 @@
ret += "latest API level.\n"
ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
ret += "See examples of how to fix this:\n"
- ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/822743\n"
+ ret += "https://android-review.googlesource.com/c/platform/system/sepolicy/+/822743\n"
return ret
def TestTrebleCompatMapping():
diff --git a/tools/fc_sort/Android.bp b/tools/fc_sort/Android.bp
deleted file mode 100644
index d0a391b..0000000
--- a/tools/fc_sort/Android.bp
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-cc_binary_host {
- name: "fc_sort",
- srcs: ["fc_sort.c"],
- stl: "none",
- cflags: [
- "-Wall",
- "-Werror",
- ],
-}
diff --git a/tools/fc_sort/MODULE_LICENSE_GPL b/tools/fc_sort/MODULE_LICENSE_GPL
deleted file mode 100644
index e69de29..0000000
--- a/tools/fc_sort/MODULE_LICENSE_GPL
+++ /dev/null
diff --git a/tools/fc_sort/NOTICE b/tools/fc_sort/NOTICE
deleted file mode 100644
index 5b6e7c6..0000000
--- a/tools/fc_sort/NOTICE
+++ /dev/null
@@ -1,340 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-�
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-�
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-�
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-�
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-�
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
- Gnomovision version 69, Copyright (C) year name of author
- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
- `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
- <signature of Ty Coon>, 1 April 1989
- Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Library General
-Public License instead of this License.
diff --git a/tools/fc_sort/README b/tools/fc_sort/README
deleted file mode 100644
index 0210dc7..0000000
--- a/tools/fc_sort/README
+++ /dev/null
@@ -1,9 +0,0 @@
-fc_sort is a tool used for sorting the file_contexts entries based on a heuristic that is
- covered by a Fedora document. That document can be found here:
- * https://fedoraproject.org/wiki/SELinux/ManagingFileContext
-
-The tool itself originates from:
- * https://github.com/TresysTechnology/refpolicy
-
-It can be updated to the current tip of master branch with the below command:
-$ wget https://raw.githubusercontent.com/TresysTechnology/refpolicy/master/support/fc_sort.c
diff --git a/tools/fc_sort/fc_sort.c b/tools/fc_sort/fc_sort.c
deleted file mode 100644
index c7a4c90..0000000
--- a/tools/fc_sort/fc_sort.c
+++ /dev/null
@@ -1,625 +0,0 @@
-/* Copyright 2005,2013 Tresys Technology
- *
- * Some parts of this came from matchpathcon.c in libselinux
- */
-
-/* PURPOSE OF THIS PROGRAM
- * The original setfiles sorting algorithm did not take into
- * account regular expression specificity. With the current
- * strict and targeted policies this is not an issue because
- * the file contexts are partially hand sorted and concatenated
- * in the right order so that the matches are generally correct.
- * The way reference policy and loadable policy modules handle
- * file contexts makes them come out in an unpredictable order
- * and therefore setfiles (or this standalone tool) need to sort
- * the regular expressions in a deterministic and stable way.
- */
-
-#define BUF_SIZE 4096;
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-typedef unsigned char bool_t;
-
-/* file_context_node
- * A node used in a linked list of file contexts.c
- * Each node contains the regular expression, the type and
- * the context, as well as information about the regular
- * expression. The regular expression data (meta, stem_len
- * and str_len) can be filled in by using the fc_fill_data
- * function after the regular expression has been loaded.
- * next points to the next node in the linked list.
- */
-typedef struct file_context_node {
- char *path;
- char *file_type;
- char *context;
- char *extra;
- bool_t meta;
- int stem_len;
- int str_len;
- struct file_context_node *next;
-} file_context_node_t;
-
-void file_context_node_destroy(file_context_node_t *x)
-{
- if (!x)
- return;
-
- free(x->path);
- free(x->file_type);
- free(x->context);
-}
-
-
-
-/* file_context_bucket
- * A node used in a linked list of buckets that contain
- * file_context_node's.
- * Each node contains a pointer to a file_context_node which
- * is the header of its linked list. This linked list is the
- * content of this bucket.
- * next points to the next bucket in the linked list.
- */
-typedef struct file_context_bucket {
- file_context_node_t *data;
- struct file_context_bucket *next;
-} file_context_bucket_t;
-
-
-
-/* fc_compare
- * Compares two file contexts' regular expressions and returns:
- * -1 if a is less specific than b
- * 0 if a and be are equally specific
- * 1 if a is more specific than b
- * The comparison is based on the following statements,
- * in order from most important to least important, given a and b:
- * If a is a regular expression and b is not,
- * -> a is less specific than b.
- * If a's stem length is shorter than b's stem length,
- * -> a is less specific than b.
- * If a's string length is shorter than b's string length,
- * -> a is less specific than b.
- * If a does not have a specified type and b does,
- * -> a is less specific than b.
- */
-int fc_compare(file_context_node_t *a, file_context_node_t *b)
-{
- /* Check to see if either a or b have meta characters
- * and the other doesn't. */
- if (a->meta && !b->meta)
- return -1;
- if (b->meta && !a->meta)
- return 1;
-
- /* Check to see if either a or b have a shorter stem
- * length than the other. */
- if (a->stem_len < b->stem_len)
- return -1;
- if (b->stem_len < a->stem_len)
- return 1;
-
- /* Check to see if either a or b have a shorter string
- * length than the other. */
- if (a->str_len < b->str_len)
- return -1;
- if (b->str_len < a->str_len)
- return 1;
-
- /* Check to see if either a or b has a specified type
- * and the other doesn't. */
- if (!a->file_type && b->file_type)
- return -1;
- if (!b->file_type && a->file_type)
- return 1;
-
- /* If none of the above conditions were satisfied,
- * then a and b are equally specific. */
- return 0;
-}
-
-
-
-/* fc_merge
- * Merges two sorted file context linked lists into one
- * sorted one.
- * Pass two lists a and b, and after the completion of fc_merge,
- * the final list is contained in a, and b is empty.
- */
-file_context_node_t *fc_merge(file_context_node_t *a,
- file_context_node_t *b)
-{
- file_context_node_t *a_current;
- file_context_node_t *b_current;
- file_context_node_t *temp;
- file_context_node_t *jumpto;
-
- /* If a is a empty list, and b is not,
- * set a as b and proceed to the end. */
- if (!a && b)
- a = b;
- /* If b is an empty list, leave a as it is. */
- else if (!b) {
- } else {
- /* Make it so the list a has the lesser
- * first element always. */
- if (fc_compare(a, b) == 1) {
- temp = a;
- a = b;
- b = temp;
- }
- a_current = a;
- b_current = b;
-
- /* Merge by inserting b's nodes in between a's nodes. */
- while (a_current->next && b_current) {
- jumpto = a_current->next;
-
- /* Insert b's nodes in between the current a node
- * and the next a node.*/
- while (b_current && a_current->next &&
- fc_compare(a_current->next,
- b_current) != -1) {
-
- temp = a_current->next;
- a_current->next = b_current;
- b_current = b_current->next;
- a_current->next->next = temp;
- a_current = a_current->next;
- }
-
- /* Skip all the inserted node from b to the
- * next node in the original a. */
- a_current = jumpto;
- }
-
- /* if there is anything left in b to be inserted,
- put it on the end */
- if (b_current) {
- a_current->next = b_current;
- }
- }
-
- return a;
-}
-
-
-
-/* fc_merge_sort
- * Sorts file contexts from least specific to more specific.
- * The bucket linked list is passed and after the completion
- * of the fc_merge_sort function, there is only one bucket
- * (pointed to by master) that contains a linked list
- * of all the file contexts, in sorted order.
- * Explanation of the algorithm:
- * The algorithm implemented in fc_merge_sort is an iterative
- * implementation of merge sort.
- * At first, each bucket has a linked list of file contexts
- * that are 1 element each.
- * Each pass, each odd numbered bucket is merged into the bucket
- * before it. This halves the number of buckets each pass.
- * It will continue passing over the buckets (as described above)
- * until there is only one bucket left, containing the list of
- * file contexts, sorted.
- */
-void fc_merge_sort(file_context_bucket_t *master)
-{
- file_context_bucket_t *current;
- file_context_bucket_t *temp;
-
- if (!master)
- return;
-
- /* Loop until master is the only bucket left
- * so that this will stop when master contains
- * the sorted list. */
- while (master->next) {
- current = master;
-
- /* This loop merges buckets two-by-two. */
- while (current) {
- if (current->next) {
- current->data =
- fc_merge(current->data,
- current->next->data);
-
- temp = current->next;
- current->next = current->next->next;
-
- free(temp);
- }
-
- current = current->next;
- }
- }
-}
-
-
-
-/* fc_fill_data
- * This processes a regular expression in a file context
- * and sets the data held in file_context_node, namely
- * meta, str_len and stem_len.
- * The following changes are made to fc_node after the
- * the completion of the function:
- * fc_node->meta = 1 if path has a meta character, 0 if not.
- * fc_node->str_len = The string length of the entire path
- * fc_node->stem_len = The number of characters up until
- * the first meta character.
- */
-void fc_fill_data(file_context_node_t *fc_node)
-{
- int c = 0;
-
- fc_node->meta = 0;
- fc_node->stem_len = 0;
- fc_node->str_len = 0;
-
- /* Process until the string termination character
- * has been reached.
- * Note: this while loop has been adapted from
- * spec_hasMetaChars in matchpathcon.c from
- * libselinux-1.22. */
- while (fc_node->path[c] != '\0') {
- switch (fc_node->path[c]) {
- case '.':
- case '^':
- case '$':
- case '?':
- case '*':
- case '+':
- case '|':
- case '[':
- case '(':
- case '{':
- /* If a meta character is found,
- * set meta to one */
- fc_node->meta = 1;
- break;
- case '\\':
- /* If a escape character is found,
- * skip the next character. */
- c++;
- break;
- default:
- break;
- }
-
- /* If no meta character has been found yet,
- * add one to the stem length. */
- if (!fc_node->meta)
- fc_node->stem_len++;
-
- fc_node->str_len++;
- c++;
- }
-}
-
-
-
-/* fc_free_file_context_node_list
- * Free the memory allocated to the linked list and its elements.
- */
-void fc_free_file_context_node_list(struct file_context_node *node)
-{
- struct file_context_node *next;
-
- while (node) {
- next = node->next;
- file_context_node_destroy(node);
- free(node);
- node = next;
- }
-}
-
-
-
-/* main
- * This program takes in two arguments, the input filename and the
- * output filename. The input file should be syntactically correct.
- * Overall what is done in the main is read in the file and store each
- * line of code, sort it, then output it to the output file.
- */
-int main(int argc, char *argv[])
-{
- int lines;
- size_t start, finish, regex_len, context_len;
- size_t line_len, buf_len, i;
- char *input_name, *output_name, *line_buf;
-
- file_context_node_t *temp;
- file_context_node_t *head;
- file_context_node_t *current;
- file_context_bucket_t *master;
- file_context_bucket_t *bcurrent;
-
- FILE *in_file, *out_file;
-
- /* Check for the correct number of command line arguments. */
- if (argc < 2 || argc > 3) {
- fprintf(stderr, "Usage: %s <infile> [<outfile>]\n",argv[0]);
- return 1;
- }
-
- input_name = argv[1];
- output_name = (argc >= 3) ? argv[2] : NULL;
-
- lines = 0;
-
- /* Open the input file. */
- if (!(in_file = fopen(input_name, "r"))) {
- fprintf(stderr, "Error: failure opening input file for read.\n");
- return 1;
- }
-
- /* Initialize the head of the linked list. */
- head = current = (file_context_node_t*)calloc(1, sizeof(file_context_node_t));
- if (!head) {
- fprintf(stderr, "Error: failure allocating memory.\n");
- return 1;
- }
-
- /* Parse the file into a file_context linked list. */
- line_buf = NULL;
-
- while ( getline(&line_buf, &buf_len, in_file) != -1 ){
- line_len = strlen(line_buf);
-
- if( line_len == 0 || line_len == 1)
- continue;
-
- /* Get rid of whitespace from the front of the line. */
- for (i = 0; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i >= line_len)
- continue;
-
- /* Check if the line isn't empty and isn't a comment */
- if (line_buf[i] == '#')
- continue;
-
- /* We have a valid line - allocate a new node. */
- temp = (file_context_node_t *)calloc(1, sizeof(file_context_node_t));
- if (!temp) {
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Parse out the regular expression from the line. */
- start = i;
-
- while (i < line_len && (!isspace(line_buf[i])))
- i++;
- finish = i;
-
- regex_len = finish - start;
-
- if (regex_len == 0) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- temp->path = (char*)strndup(&line_buf[start], regex_len);
- if (!temp->path) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Get rid of whitespace after the regular expression. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i == line_len) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- /* Parse out the type from the line (if it
- * is there). */
- if (line_buf[i] == '-') {
- temp->file_type = (char *)malloc(sizeof(char) * 3);
- if (!(temp->file_type)) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- if( i + 2 >= line_len ) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
-
- /* Fill the type into the array. */
- temp->file_type[0] = line_buf[i];
- temp->file_type[1] = line_buf[i + 1];
- i += 2;
- temp->file_type[2] = 0;
-
- /* Get rid of whitespace after the type. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- if (i == line_len) {
- file_context_node_destroy(temp);
- free(temp);
- continue;
- }
- }
-
- /* Parse out the context from the line. */
- start = i;
- while (i < line_len && (!isspace(line_buf[i])))
- i++;
- finish = i;
-
- context_len = finish - start;
-
- temp->context = (char*)strndup(&line_buf[start], context_len);
- if (!temp->context) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
-
- /* Get rid of whitespace after the context. */
- for (; i < line_len; i++) {
- if (!isspace(line_buf[i]))
- break;
- }
-
- /* Parse out the extra from the line. */
- start = i;
- finish = line_len;
- while (start < finish && (!isspace(line_buf[i - 1])))
- finish--;
-
- if (start < finish && line_buf[start] != '#') {
- temp->extra = (char*)strndup(&line_buf[start], finish - start);
- if (!(temp->extra)) {
- file_context_node_destroy(temp);
- free(temp);
- free(line_buf);
- fprintf(stderr, "Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return 1;
- }
- }
-
- /* Set all the data about the regular
- * expression. */
- fc_fill_data(temp);
-
- /* Link this line of code at the end of
- * the linked list. */
- current->next = temp;
- current = current->next;
- lines++;
- }
- free(line_buf);
- fclose(in_file);
-
- /* Create the bucket linked list from the earlier linked list. */
- current = head->next;
- bcurrent = master =
- (file_context_bucket_t *)
- malloc(sizeof(file_context_bucket_t));
- if (!bcurrent) {
- printf
- ("Error: failure allocating memory.\n");
- fc_free_file_context_node_list(head);
- return -1;
- }
- bcurrent->next = NULL;
- bcurrent->data = NULL;
-
- /* Go until all the nodes have been put in individual buckets. */
- while (current) {
- /* Copy over the file context line into the bucket. */
- bcurrent->data = current;
- current = current->next;
-
- /* Detach the node in the bucket from the old list. */
- bcurrent->data->next = NULL;
-
- /* If there should be another bucket, put one at the end. */
- if (current) {
- bcurrent->next =
- (file_context_bucket_t *)
- malloc(sizeof(file_context_bucket_t));
- if (!(bcurrent->next)) {
- printf
- ("Error: failure allocating memory.\n");
- free(head);
- fc_free_file_context_node_list(current);
- fc_merge_sort(master);
- fc_free_file_context_node_list(master->data);
- free(master);
- return -1;
- }
-
- /* Make sure the new bucket thinks it's the end of the
- * list. */
- bcurrent->next->next = NULL;
-
- bcurrent = bcurrent->next;
- }
- }
-
- /* Sort the bucket list. */
- fc_merge_sort(master);
-
- free(head);
-
- /* Open the output file. */
- if (output_name) {
- if (!(out_file = fopen(output_name, "w"))) {
- printf("Error: failure opening output file for write.\n");
- fc_free_file_context_node_list(master->data);
- free(master);
- return -1;
- }
- } else {
- out_file = stdout;
- }
-
- /* Output the sorted file_context linked list to the output file. */
- current = master->data;
-
- while (current) {
- /* Output the path. */
- fprintf(out_file, "%s\t\t", current->path);
-
- /* Output the type, if there is one. */
- if (current->file_type) {
- fprintf(out_file, "%s\t", current->file_type);
- }
-
- /* Output the context. */
- fprintf(out_file, "%s", current->context);
-
- /* Output the extra, if there is one. */
- if (current->extra) {
- fprintf(out_file, "\t%s", current->extra);
- }
-
- fprintf(out_file, "\n");
-
- current = current->next;
- }
-
- fc_free_file_context_node_list(master->data);
- free(master);
-
- if (output_name) {
- fclose(out_file);
- }
-
- return 0;
-}
diff --git a/tools/sepolicy-analyze/Android.bp b/tools/sepolicy-analyze/Android.bp
new file mode 100644
index 0000000..ff40c16
--- /dev/null
+++ b/tools/sepolicy-analyze/Android.bp
@@ -0,0 +1,15 @@
+cc_binary_host {
+ name: "sepolicy-analyze",
+ defaults: ["sepolicy_tools_defaults"],
+
+ srcs: [
+ "sepolicy-analyze.c",
+ "dups.c",
+ "neverallow.c",
+ "perm.c",
+ "typecmp.c",
+ "booleans.c",
+ "attribute.c",
+ "utils.c",
+ ],
+}
diff --git a/tools/sepolicy-analyze/Android.mk b/tools/sepolicy-analyze/Android.mk
deleted file mode 100644
index 56204a5..0000000
--- a/tools/sepolicy-analyze/Android.mk
+++ /dev/null
@@ -1,15 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-###################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := sepolicy-analyze
-LOCAL_MODULE_TAGS := optional
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := sepolicy-analyze.c dups.c neverallow.c perm.c typecmp.c booleans.c attribute.c utils.c
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_CXX_STL := none
-
-LOCAL_COMPATIBILITY_SUITE := ats cts gts vts sts
-
-include $(BUILD_HOST_EXECUTABLE)
diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index 0209678..a55a921 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -378,7 +378,7 @@
{
const char *keyword = "neverallow";
size_t keyword_size = strlen(keyword), len;
- struct avrule *neverallows = NULL, *avrule;
+ struct avrule *neverallows = NULL, *avrule = NULL;
char *p, *start;
int result;
diff --git a/tools/sepolicy-analyze/sepolicy-analyze.c b/tools/sepolicy-analyze/sepolicy-analyze.c
index b4571a6..1b7bcdb 100644
--- a/tools/sepolicy-analyze/sepolicy-analyze.c
+++ b/tools/sepolicy-analyze/sepolicy-analyze.c
@@ -50,7 +50,7 @@
if (argc < 3)
usage(argv[0]);
policy = argv[1];
- if(load_policy(policy, &policydb, &pf))
+ if(!load_policy(policy, &policydb, &pf))
exit(1);
for(i = 0; i < NUM_COMPONENTS; i++) {
if (!strcmp(analyze_components[i].key, argv[2])) {
diff --git a/tools/sepolicy-analyze/utils.c b/tools/sepolicy-analyze/utils.c
index 5e52f59..af93f71 100644
--- a/tools/sepolicy-analyze/utils.c
+++ b/tools/sepolicy-analyze/utils.c
@@ -22,28 +22,26 @@
(policydb, key->target_class, perms));
}
-int load_policy(char *filename, policydb_t * policydb, struct policy_file *pf)
+bool load_policy(char *filename, policydb_t * policydb, struct policy_file *pf)
{
- int fd;
+ int fd = -1;
struct stat sb;
- void *map;
- int ret;
+ void *map = MAP_FAILED;
+ bool ret = false;
fd = open(filename, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can't open '%s': %s\n", filename, strerror(errno));
- return 1;
+ goto cleanup;
}
if (fstat(fd, &sb) < 0) {
fprintf(stderr, "Can't stat '%s': %s\n", filename, strerror(errno));
- close(fd);
- return 1;
+ goto cleanup;
}
map = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
if (map == MAP_FAILED) {
fprintf(stderr, "Can't mmap '%s': %s\n", filename, strerror(errno));
- close(fd);
- return 1;
+ goto cleanup;
}
policy_file_init(pf);
@@ -52,17 +50,21 @@
pf->len = sb.st_size;
if (policydb_init(policydb)) {
fprintf(stderr, "Could not initialize policydb!\n");
- close(fd);
- munmap(map, sb.st_size);
- return 1;
+ goto cleanup;
}
- ret = policydb_read(policydb, pf, 0);
- if (ret) {
+ if (policydb_read(policydb, pf, 0)) {
fprintf(stderr, "error(s) encountered while parsing configuration\n");
- close(fd);
- munmap(map, sb.st_size);
- return 1;
+ goto cleanup;
}
- return 0;
+ ret = true;
+
+cleanup:
+ if (map != MAP_FAILED) {
+ munmap(map, sb.st_size);
+ }
+ if (fd >= 0) {
+ close(fd);
+ }
+ return ret;
}
diff --git a/tools/sepolicy-analyze/utils.h b/tools/sepolicy-analyze/utils.h
index 83f5a78..cef6ca3 100644
--- a/tools/sepolicy-analyze/utils.h
+++ b/tools/sepolicy-analyze/utils.h
@@ -11,6 +11,6 @@
void display_allow(policydb_t *policydb, avtab_key_t *key, int idx, uint32_t perms);
-int load_policy(char *filename, policydb_t * policydb, struct policy_file *pf);
+bool load_policy(char *filename, policydb_t * policydb, struct policy_file *pf);
#endif /* UTILS_H */
diff --git a/tools/version_policy.c b/tools/version_policy.c
index 8848190..8bb422a 100644
--- a/tools/version_policy.c
+++ b/tools/version_policy.c
@@ -65,14 +65,15 @@
rc = cil_add_file(*db, path, buff, file_size);
if (rc != SEPOL_OK) {
fprintf(stderr, "Failure adding %s to parse tree\n", path);
- goto err;
+ goto parse_err;
}
free(buff);
return SEPOL_OK;
err:
- free(buff);
fclose(file);
+parse_err:
+ free(buff);
file_err:
cil_db_destroy(db);
return rc;
diff --git a/treble_sepolicy_tests_for_release.mk b/treble_sepolicy_tests_for_release.mk
index e32b8f4..0195e5f 100644
--- a/treble_sepolicy_tests_for_release.mk
+++ b/treble_sepolicy_tests_for_release.mk
@@ -5,8 +5,8 @@
# permissions granted do not violate the treble model. Also ensure that treble
# compatibility guarantees are upheld between SELinux version bumps.
LOCAL_MODULE := treble_sepolicy_tests_$(version)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
include $(BUILD_SYSTEM)/base_rules.mk
@@ -16,6 +16,7 @@
# been maintained by our mapping files.
$(version)_PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/public
$(version)_PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/prebuilts/api/$(version)/private
+policy_files := $(call build_policy, $(sepolicy_build_files), $($(version)_PLAT_PUBLIC_POLICY) $($(version)_PLAT_PRIVATE_POLICY))
$(version)_plat_policy.conf := $(intermediates)/$(version)_plat_policy.conf
$($(version)_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -25,11 +26,12 @@
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$($(version)_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
-$($(version)_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$($(version)_PLAT_PUBLIC_POLICY) $($(version)_PLAT_PRIVATE_POLICY))
+$($(version)_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$($(version)_plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+policy_files :=
built_$(version)_plat_sepolicy := $(intermediates)/built_$(version)_plat_sepolicy
$(built_$(version)_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
@@ -52,7 +54,7 @@
# targeting the $(version) SELinux release. This ensures that our policy will build
# when used on a device that has non-platform policy targetting the $(version) release.
$(version)_compat := $(intermediates)/$(version)_compat
-$(version)_mapping.cil := $(call intermediates-dir-for,ETC,$(version).cil)/$(version).cil
+$(version)_mapping.cil := $(call intermediates-dir-for,ETC,plat_$(version).cil)/plat_$(version).cil
$(version)_mapping.ignore.cil := \
$(call intermediates-dir-for,ETC,$(version).ignore.cil)/$(version).ignore.cil
$(version)_prebuilts_dir := $(LOCAL_PATH)/prebuilts/api/$(version)
@@ -81,29 +83,18 @@
mkdir -p $(dir $@)
cat $^ > $@
-treble_sepolicy_tests_$(version) := $(intermediates)/treble_sepolicy_tests_$(version)
-$(treble_sepolicy_tests_$(version)): ALL_FC_ARGS := $(all_fc_args)
-$(treble_sepolicy_tests_$(version)): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
-$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
-$(treble_sepolicy_tests_$(version)): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
-$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE :=
+$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_OLD := $(built_$(version)_plat_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_COMBINED_MAPPING := $($(version)_mapping.combined.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_SEPOLICY := $(built_plat_sepolicy)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_PUB_SEPOLICY := $(base_plat_pub_policy.cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE :=
ifeq ($(PRODUCT_FULL_TREBLE_OVERRIDE),true)
-# TODO(b/113124961): account for PRODUCT_SHIPPING_API_LEVEL when determining
-# fake treble status once emulator is no longer fake treble.
-#ifdef PRODUCT_SHIPPING_API_LEVEL
-# These requirements were originally added in Android Oreo. Devices
-# launching after this should not distinguish between
-# PRODUCT_FULL_TREBLE and PRODUCT_FULL_TREBLE_OVERRIDE since this could
-# lead to release problems where they think they pass this test but
-# fail it when it actually gets runned for compliance.
-#ifeq ($(call math_gt_or_eq,$(PRODUCT_SHIPPING_API_LEVEL),26),)
-$(treble_sepolicy_tests_$(version)): PRIVATE_FAKE_TREBLE := --fake-treble
-#endif # if PRODUCT_SHIPPING_API_LEVEL < 26 (Android Oreo)
-#endif # PRODUCT_SHIPPING_API_LEVEL defined
+# TODO(b/113124961): remove fake-treble
+$(LOCAL_BUILT_MODULE): PRIVATE_FAKE_TREBLE := --fake-treble
endif # PRODUCT_FULL_TREBLE_OVERRIDE = true
-$(treble_sepolicy_tests_$(version)): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/treble_sepolicy_tests \
$(all_fc_files) $(built_sepolicy) $(built_plat_sepolicy) \
$(base_plat_pub_policy.cil) \
$(built_$(version)_plat_sepolicy) $($(version)_compat) $($(version)_mapping.combined.cil)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 9da79f4..1b2bc23 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -2,14 +2,17 @@
# Default HALs
#
/(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.audio(@2\.0-|\.)service u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service u:object_r:hal_evs_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service u:object_r:hal_vehicle_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service u:object_r:hal_bluetooth_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service u:object_r:hal_evs_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.0-service u:object_r:hal_bootctl_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service u:object_r:hal_camera_default_exec:s0
@@ -18,26 +21,31 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-external-service u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.0-service u:object_r:hal_contexthub_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[01]-service u:object_r:hal_cas_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[01]-service-lazy u:object_r:hal_cas_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service u:object_r:hal_cas_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service-lazy u:object_r:hal_cas_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.[0-1]-service\.example u:object_r:hal_dumpstate_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@3\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@[0-9]\.[0-9]-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.0-service u:object_r:hal_health_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health\.storage@1\.0-service u:object_r:hal_health_storage_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.identity-service.example u:object_r:hal_identity_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.input\.classifier@1\.0-service u:object_r:hal_input_classifier_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service u:object_r:hal_ir_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service u:object_r:hal_keymaster_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service-lazy u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.example u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0
@@ -45,20 +53,24 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service u:object_r:mediacodec_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service.example u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service u:object_r:hal_power_stats_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service u:object_r:hal_radio_config_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service u:object_r:hal_radio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service u:object_r:hal_radio_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service u:object_r:hal_sensors_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.rebootescrow-service\.default u:object_r:hal_rebootescrow_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.0-service u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator-service.example u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/hostapd u:object_r:hal_wifi_hostapd_default_exec:s0
@@ -69,11 +81,19 @@
# Same process HALs installed by platform into /vendor
#
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@2\.0-impl-2\.1\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@3\.0-impl\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.graphics\.mapper@4\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/android\.hardware\.renderscript@1\.0-impl\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/hw/gralloc\.default\.so u:object_r:same_process_hal_file:s0
#############################
+# Libraries removed from vndk-sp (must still be accessible by passthrough HALs using them)
+#
+/(vendor|system/vendor)/lib(64)?/libhwbinder.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/libhidltransport.so u:object_r:same_process_hal_file:s0
+
+#############################
# Data files
#
/data/vendor/wifi/hostapd(/.*)? u:object_r:hostapd_data_file:s0
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index ca30e58..ac30370 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -4,3 +4,16 @@
type hal_bootctl_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_bootctl_default)
+
+# Needed for ReadDefaultFstab.
+allow hal_bootctl_default proc_cmdline:file r_file_perms;
+allow hal_bootctl_default sysfs_dt_firmware_android:dir search;
+allow hal_bootctl_default sysfs_dt_firmware_android:file r_file_perms;
+
+# ReadDefaultFstab looks for /metadata/gsi/booted. We don't care about getting
+# a GSI-corrected fstab.
+dontaudit hal_bootctl_default metadata_file:dir search;
+
+# Needed for reading/writing misc partition.
+allow hal_bootctl_default block_device:dir search;
+allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;
diff --git a/vendor/hal_can_socketcan.te b/vendor/hal_can_socketcan.te
new file mode 100644
index 0000000..afa1311
--- /dev/null
+++ b/vendor/hal_can_socketcan.te
@@ -0,0 +1,36 @@
+type hal_can_socketcan, domain;
+hal_server_domain(hal_can_socketcan, hal_can_controller)
+hal_server_domain(hal_can_socketcan, hal_can_bus)
+
+type hal_can_socketcan_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_can_socketcan)
+
+# Managing SocketCAN interfaces
+allow hal_can_socketcan self:capability net_admin;
+allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read };
+
+# Calling if_nametoindex(3) to open CAN sockets
+allow hal_can_socketcan self:udp_socket { create ioctl };
+allowxperm hal_can_socketcan self:udp_socket ioctl {
+ SIOCGIFINDEX
+};
+
+# Communicating with SocketCAN interfaces and bringing them up/down
+allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt };
+allowxperm hal_can_socketcan self:can_socket ioctl {
+ SIOCGIFFLAGS
+ SIOCSIFFLAGS
+};
+
+# Un-publishing ICanBus interfaces
+allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find;
+
+allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open };
+allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl {
+ TCGETS
+ TCSETSW
+ TIOCGSERIAL
+ TIOCSSERIAL
+ TIOCSETD
+ SIOCGIFNAME
+};
diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te
index f81f398..e534762 100644
--- a/vendor/hal_drm_default.te
+++ b/vendor/hal_drm_default.te
@@ -6,6 +6,3 @@
allow hal_drm_default hal_codec2_server:fd use;
allow hal_drm_default hal_omx_server:fd use;
-allow hal_drm_default { appdomain -isolated_app }:fd use;
-
-allow hal_drm_default hal_allocator_server:fd use;
diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te
index b927f1e..57a0299 100644
--- a/vendor/hal_evs_default.te
+++ b/vendor/hal_evs_default.te
@@ -6,5 +6,10 @@
type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_evs_default)
-allow hal_evs_default hal_graphics_allocator_default:fd use;
+allow hal_evs_default hal_graphics_allocator_server:fd use;
+# allow to use surface flinger
+allow hal_evs_default automotive_display_service_server:fd use;
+
+# allow to use automotive display service
+allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;
diff --git a/vendor/hal_identity_default.te b/vendor/hal_identity_default.te
new file mode 100644
index 0000000..7f84687
--- /dev/null
+++ b/vendor/hal_identity_default.te
@@ -0,0 +1,5 @@
+type hal_identity_default, domain;
+hal_server_domain(hal_identity_default, hal_identity)
+
+type hal_identity_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_identity_default)
diff --git a/vendor/hal_rebootescrow_default.te b/vendor/hal_rebootescrow_default.te
new file mode 100644
index 0000000..2625693
--- /dev/null
+++ b/vendor/hal_rebootescrow_default.te
@@ -0,0 +1,10 @@
+type hal_rebootescrow_default, domain;
+hal_server_domain(hal_rebootescrow_default, hal_rebootescrow)
+get_prop(hal_rebootescrow_default, rebootescrow_hal_prop);
+
+type hal_rebootescrow_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_rebootescrow_default)
+
+type rebootescrow_device, dev_type;
+allow hal_rebootescrow_default rebootescrow_device:{ chr_file blk_file } rw_file_perms;
+allow hal_rebootescrow_default block_device:dir search;
diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te
index 172e686..f00b25a 100644
--- a/vendor/hal_sensors_default.te
+++ b/vendor/hal_sensors_default.te
@@ -17,3 +17,6 @@
# allow sensor hal to use lock for keeping system awake for wake up
# events delivery.
wakelock_use(hal_sensors_default);
+
+# allow sensor hal to use ashmem fd from system_server.
+allow hal_sensors_default system_server:fd use;
diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te
new file mode 100644
index 0000000..abe1e77
--- /dev/null
+++ b/vendor/hal_tv_tuner_default.te
@@ -0,0 +1,7 @@
+type hal_tv_tuner_default, domain;
+hal_server_domain(hal_tv_tuner_default, hal_tv_tuner)
+
+type hal_tv_tuner_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_tv_tuner_default)
+
+allow hal_tv_tuner_default ion_device:chr_file r_file_perms;
diff --git a/vendor/hal_usb_gadget_default.te b/vendor/hal_usb_gadget_default.te
new file mode 100644
index 0000000..f1486b9
--- /dev/null
+++ b/vendor/hal_usb_gadget_default.te
@@ -0,0 +1,5 @@
+type hal_usb_gadget_default, domain;
+hal_server_domain(hal_usb_gadget_default, hal_usb_gadget)
+
+type hal_usb_gadget_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_usb_gadget_default)
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index e605ecb..dcb03a8 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -5,3 +5,8 @@
# may be started by init
type hal_vehicle_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_vehicle_default)
+
+# communication with CAN bus HAL
+allow hal_vehicle_default hal_can_bus_hwservice:hwservice_manager find;
+allow hal_vehicle_default hal_can_socketcan:binder { call transfer };
+allow hal_can_socketcan hal_vehicle_default:binder { call transfer };
diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te
deleted file mode 100644
index 44bd306..0000000
--- a/vendor/hal_wifi_offload_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_wifi_offload_default, domain;
-hal_server_domain(hal_wifi_offload_default, hal_wifi_offload)
-
-type hal_wifi_offload_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_wifi_offload_default)
diff --git a/vendor/keys.conf b/vendor/keys.conf
new file mode 100644
index 0000000..71ad2c9
--- /dev/null
+++ b/vendor/keys.conf
@@ -0,0 +1,19 @@
+#
+# Maps an arbitrary tag [TAGNAME] with the string contents found in
+# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and
+# name it after the base file name of the pem file.
+#
+# Each tag (section) then allows one to specify any string found in
+# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another
+# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string.
+#
+
+# Some vendor apps are using platform key for signing.
+# This moves them to untrusted_app domain when the system partition is
+# switched to a Generic System Image (GSI), because the value of platform's
+# seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed.
+# Duplicating the device-specific platform seinfo into
+# /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained
+# within the vendor partition.
+[@PLATFORM]
+ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml
new file mode 100644
index 0000000..2d6fab0
--- /dev/null
+++ b/vendor/mac_permissions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+<!--
+
+ * A signature is a hex encoded X.509 certificate or a tag defined in
+ keys.conf and is required for each signer tag. The signature can
+ either appear as a set of attached cert child tags or as an attribute.
+ * A signer tag must contain a seinfo tag XOR multiple package stanzas.
+ * Each signer/package tag is allowed to contain one seinfo tag. This tag
+ represents additional info that each app can use in setting a SELinux security
+ context on the eventual process as well as the apps data directory.
+ * seinfo assignments are made according to the following rules:
+ - Stanzas with package name refinements will be checked first.
+ - Stanzas w/o package name refinements will be checked second.
+ - The "default" seinfo label is automatically applied.
+
+ * valid stanzas can take one of the following forms:
+
+ // single cert protecting seinfo
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+
+ // multiple certs protecting seinfo (all contained certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <seinfo value="platform" />
+ </signer>
+
+ // single cert protecting explicitly named app
+ <signer signature="@PLATFORM" >
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+
+ // multiple certs protecting explicitly named app (all certs must match)
+ <signer>
+ <cert signature="@PLATFORM1"/>
+ <cert signature="@PLATFORM2"/>
+ <package name="com.android.foo">
+ <seinfo value="bar" />
+ </package>
+ </signer>
+-->
+
+ <!-- Vendor dev key in AOSP -->
+ <signer signature="@PLATFORM" >
+ <seinfo value="platform" />
+ </signer>
+</policy>
diff --git a/vendor/mediacodec.te b/vendor/mediacodec.te
index 40a5489..d6d0de1 100644
--- a/vendor/mediacodec.te
+++ b/vendor/mediacodec.te
@@ -3,15 +3,6 @@
init_daemon_domain(mediacodec)
-not_full_treble(`
- # on legacy devices, continue to allow /dev/binder traffic
- binder_use(mediacodec)
- binder_service(mediacodec)
- add_service(mediacodec, mediacodec_service)
- allow mediacodec mediametrics_service:service_manager find;
- allow mediacodec surfaceflinger_service:service_manager find;
-')
-
# can route /dev/binder traffic to /dev/vndbinder
vndbinder_use(mediacodec)
diff --git a/vendor/vendor_install_recovery.te b/vendor/vendor_install_recovery.te
new file mode 100644
index 0000000..ff63f75
--- /dev/null
+++ b/vendor/vendor_install_recovery.te
@@ -0,0 +1,24 @@
+init_daemon_domain(vendor_install_recovery)
+
+# service vendor_flash_recovery in
+# bootable/recovery/applypatch/vendor_flash_recovery.rc
+type vendor_install_recovery, domain;
+type vendor_install_recovery_exec, vendor_file_type, exec_type, file_type;
+
+# /vendor/bin/install-recovery.sh is a shell script.
+# Needs to execute /vendor/bin/sh
+allow vendor_install_recovery vendor_shell_exec:file rx_file_perms;
+
+# Execute /vendor/bin/applypatch
+allow vendor_install_recovery vendor_file:file rx_file_perms;
+not_full_treble(`allow vendor_install_recovery vendor_file:file rx_file_perms;')
+
+allow vendor_install_recovery vendor_toolbox_exec:file rx_file_perms;
+
+# Update the recovery block device based off a diff of the boot block device
+allow vendor_install_recovery block_device:dir search;
+allow vendor_install_recovery boot_block_device:blk_file r_file_perms;
+allow vendor_install_recovery recovery_block_device:blk_file rw_file_perms;
+
+# Write to /proc/sys/vm/drop_caches
+allow vendor_install_recovery proc_drop_caches:file w_file_perms;
diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te
index 7689ca5..61df9e0 100644
--- a/vendor/vendor_modprobe.te
+++ b/vendor/vendor_modprobe.te
@@ -4,6 +4,7 @@
domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
allow vendor_modprobe proc_modules:file r_file_perms;
+allow vendor_modprobe proc_cmdline:file r_file_perms;
allow vendor_modprobe self:global_capability_class_set sys_module;
allow vendor_modprobe kernel:key search;
diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts
index 4cca2fb..068056f 100644
--- a/vendor/vndservice_contexts
+++ b/vendor/vndservice_contexts
@@ -1 +1,2 @@
+manager u:object_r:service_manager_vndservice:s0
* u:object_r:default_android_vndservice:s0
diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te
index dbc88fa..497e027 100644
--- a/vendor/vndservicemanager.te
+++ b/vendor/vndservicemanager.te
@@ -13,5 +13,10 @@
# Read vndservice_contexts
allow vndservicemanager vndservice_contexts_file:file r_file_perms;
+add_service(vndservicemanager, service_manager_vndservice)
+
+# Start lazy services
+set_prop(vndservicemanager, ctl_interface_start_prop)
+
# Check SELinux permissions.
selinux_check_access(vndservicemanager)
