[automerger skipped] [RESTRICT AUTOMERGE] Update prebuilt sepolicy am: 3807664293 -s ours
am skip reason: subject contains skip directive
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1561715
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ifb66e3b22cad171f16d91b27c67b4f134518b5cc
diff --git a/Android.bp b/Android.bp
index 256262b..8705622 100644
--- a/Android.bp
+++ b/Android.bp
@@ -36,6 +36,13 @@
}
se_filegroup {
+ name: "29.0.board.compat.map",
+ srcs: [
+ "compat/29.0/29.0.cil",
+ ],
+}
+
+se_filegroup {
name: "26.0.board.ignore.map",
srcs: [
"compat/26.0/26.0.ignore.cil",
@@ -56,22 +63,103 @@
],
}
+se_filegroup {
+ name: "29.0.board.ignore.map",
+ srcs: [
+ "compat/29.0/29.0.ignore.cil",
+ ],
+}
+
se_cil_compat_map {
- name: "26.0.cil",
+ name: "plat_26.0.cil",
+ stem: "26.0.cil",
bottom_half: [":26.0.board.compat.map"],
- top_half: "27.0.cil",
+ top_half: "plat_27.0.cil",
}
se_cil_compat_map {
- name: "27.0.cil",
+ name: "plat_27.0.cil",
+ stem: "27.0.cil",
bottom_half: [":27.0.board.compat.map"],
- top_half: "28.0.cil",
+ top_half: "plat_28.0.cil",
}
se_cil_compat_map {
- name: "28.0.cil",
+ name: "plat_28.0.cil",
+ stem: "28.0.cil",
bottom_half: [":28.0.board.compat.map"],
- // top_half: "29.0.cil",
+ top_half: "plat_29.0.cil",
+}
+
+se_cil_compat_map {
+ name: "plat_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "plat_30.0.cil",
+}
+
+se_cil_compat_map {
+ name: "system_ext_26.0.cil",
+ stem: "26.0.cil",
+ bottom_half: [":26.0.board.compat.map"],
+ top_half: "system_ext_27.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_27.0.cil",
+ stem: "27.0.cil",
+ bottom_half: [":27.0.board.compat.map"],
+ top_half: "system_ext_28.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_28.0.cil",
+ stem: "28.0.cil",
+ bottom_half: [":28.0.board.compat.map"],
+ top_half: "system_ext_29.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "system_ext_30.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_26.0.cil",
+ stem: "26.0.cil",
+ bottom_half: [":26.0.board.compat.map"],
+ top_half: "product_27.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_27.0.cil",
+ stem: "27.0.cil",
+ bottom_half: [":27.0.board.compat.map"],
+ top_half: "product_28.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_28.0.cil",
+ stem: "28.0.cil",
+ bottom_half: [":28.0.board.compat.map"],
+ top_half: "product_29.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_29.0.cil",
+ stem: "29.0.cil",
+ bottom_half: [":29.0.board.compat.map"],
+ // top_half: "product_30.0.cil",
+ product_specific: true,
}
se_cil_compat_map {
@@ -89,5 +177,210 @@
se_cil_compat_map {
name: "28.0.ignore.cil",
bottom_half: [":28.0.board.ignore.map"],
- // top_half: "29.0.ignore.cil",
+ top_half: "29.0.ignore.cil",
+}
+
+se_cil_compat_map {
+ name: "29.0.ignore.cil",
+ bottom_half: [":29.0.board.ignore.map"],
+ // top_half: "30.0.ignore.cil",
+}
+
+prebuilt_etc {
+ name: "26.0.compat.cil",
+ src: "private/compat/26.0/26.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "27.0.compat.cil",
+ src: "private/compat/27.0/27.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "28.0.compat.cil",
+ src: "private/compat/28.0/28.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+prebuilt_etc {
+ name: "29.0.compat.cil",
+ src: "private/compat/29.0/29.0.compat.cil",
+ sub_dir: "selinux/mapping",
+}
+
+se_filegroup {
+ name: "file_contexts_files",
+ srcs: ["file_contexts"],
+}
+
+se_filegroup {
+ name: "file_contexts_asan_files",
+ srcs: ["file_contexts_asan"],
+}
+
+se_filegroup {
+ name: "file_contexts_overlayfs_files",
+ srcs: ["file_contexts_overlayfs"],
+}
+
+se_filegroup {
+ name: "hwservice_contexts_files",
+ srcs: ["hwservice_contexts"],
+}
+
+se_filegroup {
+ name: "property_contexts_files",
+ srcs: ["property_contexts"],
+}
+
+se_filegroup {
+ name: "service_contexts_files",
+ srcs: ["service_contexts"],
+}
+
+file_contexts {
+ name: "plat_file_contexts",
+ srcs: [":file_contexts_files"],
+ product_variables: {
+ address_sanitize: {
+ srcs: [":file_contexts_asan_files"],
+ },
+ debuggable: {
+ srcs: [":file_contexts_overlayfs_files"],
+ },
+ },
+
+ flatten_apex: {
+ srcs: ["apex/*-file_contexts"],
+ },
+
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "vendor_file_contexts",
+ srcs: [":file_contexts_files"],
+ soc_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "system_ext_file_contexts",
+ srcs: [":file_contexts_files"],
+ system_ext_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "product_file_contexts",
+ srcs: [":file_contexts_files"],
+ product_specific: true,
+ recovery_available: true,
+}
+
+file_contexts {
+ name: "odm_file_contexts",
+ srcs: [":file_contexts_files"],
+ device_specific: true,
+ recovery_available: true,
+}
+
+hwservice_contexts {
+ name: "plat_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+}
+
+hwservice_contexts {
+ name: "system_ext_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ system_ext_specific: true,
+}
+
+hwservice_contexts {
+ name: "product_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ product_specific: true,
+}
+
+hwservice_contexts {
+ name: "vendor_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+}
+
+hwservice_contexts {
+ name: "odm_hwservice_contexts",
+ srcs: [":hwservice_contexts_files"],
+ device_specific: true,
+}
+
+property_contexts {
+ name: "plat_property_contexts",
+ srcs: [":property_contexts_files"],
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "system_ext_property_contexts",
+ srcs: [":property_contexts_files"],
+ system_ext_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "product_property_contexts",
+ srcs: [":property_contexts_files"],
+ product_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "vendor_property_contexts",
+ srcs: [":property_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+ recovery_available: true,
+}
+
+property_contexts {
+ name: "odm_property_contexts",
+ srcs: [":property_contexts_files"],
+ device_specific: true,
+ recovery_available: true,
+}
+
+service_contexts {
+ name: "plat_service_contexts",
+ srcs: [":service_contexts_files"],
+}
+
+service_contexts {
+ name: "system_ext_service_contexts",
+ srcs: [":service_contexts_files"],
+ system_ext_specific: true,
+}
+
+service_contexts {
+ name: "product_service_contexts",
+ srcs: [":service_contexts_files"],
+ product_specific: true,
+}
+
+service_contexts {
+ name: "vendor_service_contexts",
+ srcs: [":service_contexts_files"],
+ reqd_mask: true,
+ soc_specific: true,
+}
+
+// For vts_treble_sys_prop_test
+filegroup {
+ name: "public_property_contexts",
+ srcs: ["public/property_contexts"],
+ visibility: [
+ "//test/vts-testcase/security/system_property",
+ ],
}
diff --git a/Android.mk b/Android.mk
index dadd7b0..f545b41 100644
--- a/Android.mk
+++ b/Android.mk
@@ -49,18 +49,18 @@
# - compile output binary policy file
PLAT_PUBLIC_POLICY := $(LOCAL_PATH)/public
-ifneq ( ,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
-PLAT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
-endif
PLAT_PRIVATE_POLICY := $(LOCAL_PATH)/private
-ifneq ( ,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
-PLAT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
-endif
PLAT_VENDOR_POLICY := $(LOCAL_PATH)/vendor
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
+SYSTEM_EXT_PUBLIC_POLICY := $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
+SYSTEM_EXT_PRIVATE_POLICY := $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
+ifneq (,$(SYSTEM_EXT_PUBLIC_POLICY)$(SYSTEM_EXT_PRIVATE_POLICY))
+HAS_SYSTEM_EXT_SEPOLICY_DIR := true
+endif
+
# TODO(b/119305624): Currently if the device doesn't have a product partition,
# we install product sepolicy into /system/product. We do that because bits of
# product sepolicy that's still in /system might depend on bits that have moved
@@ -68,7 +68,7 @@
# it so that if no product partition is present, product sepolicy artifacts are
# not built and installed at all.
ifneq (,$(PRODUCT_PUBLIC_POLICY)$(PRODUCT_PRIVATE_POLICY))
-HAS_PRODUCT_SEPOLICY := true
+HAS_PRODUCT_SEPOLICY_DIR := true
endif
# TODO: move to README when doing the README update and finalizing versioning.
@@ -123,13 +123,6 @@
# Builds paths for all policy files found in BOARD_ODM_SEPOLICY_DIRS.
build_odm_policy = $(call build_policy, $(1), $(BOARD_ODM_SEPOLICY_DIRS))
-# Add a file containing only a newline in-between each policy configuration
-# 'contexts' file. This will allow OEM policy configuration files without a
-# final newline (0x0A) to be built correctly by the m4(1) macro processor.
-# $(1): the set of contexts file names.
-# $(2): the file containing only 0x0A.
-add_nl = $(foreach entry, $(1), $(subst $(entry), $(entry) $(2), $(entry)))
-
sepolicy_build_files := security_classes \
initial_sids \
access_vectors \
@@ -152,6 +145,42 @@
genfs_contexts \
port_contexts
+# Security classes and permissions defined outside of system/sepolicy.
+security_class_extension_files := $(call build_policy, security_classes access_vectors, \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+
+ifneq (,$(strip $(security_class_extension_files)))
+ $(error Only platform SELinux policy may define classes and permissions: $(strip $(security_class_extension_files)))
+endif
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+ # Checks if there are public system_ext policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(SYSTEM_EXT_PUBLIC_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_SYSTEM_EXT_PUBLIC_SEPOLICY := true
+ endif
+ # Checks if there are public/private system_ext policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_SYSTEM_EXT_SEPOLICY := true
+ endif
+endif # ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+ # Checks if there are public product policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(PRODUCT_PUBLIC_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_PRODUCT_PUBLIC_SEPOLICY := true
+ endif
+ # Checks if there are public/private product policy files.
+ policy_files := $(call build_policy, $(sepolicy_build_files), $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+ ifneq (,$(strip $(policy_files)))
+ HAS_PRODUCT_SEPOLICY := true
+ endif
+endif # ifdef HAS_PRODUCT_SEPOLICY_DIR
+
# CIL files which contain workarounds for current limitation of human-readable
# module policy language. These files are appended to the CIL files produced
# from module language files.
@@ -173,6 +202,22 @@
ifeq ($(NATIVE_COVERAGE),true)
with_native_coverage := true
endif
+ifeq ($(CLANG_COVERAGE),true)
+ with_native_coverage := true
+endif
+
+treble_sysprop_neverallow := true
+ifeq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),true)
+ treble_sysprop_neverallow := false
+endif
+
+ifeq ($(PRODUCT_SHIPPING_API_LEVEL),)
+ #$(warning no product shipping level defined)
+else ifneq ($(call math_lt,29,$(PRODUCT_SHIPPING_API_LEVEL)),)
+ ifneq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),)
+ $(error BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW cannot be set on a device shipping with R or later, and this is tested by CTS.)
+ endif
+endif
# Library extension for host-side tests
ifeq ($(HOST_OS),darwin)
@@ -184,12 +229,12 @@
# Convert a file_context file for a non-flattened APEX into a file for
# flattened APEX. /system/apex/<apex_name> path is prepended to the original paths
# $(1): path to the input file_contexts file for non-flattened APEX
-# $(2): name of the APEX
-# $(3): path to the generated file_contexs file for flattened APEX
+# $(2): path to the flattened APEX
+# $(3): path to the generated file_contexts file for flattened APEX
# $(4): variable where $(3) is added to
define build_flattened_apex_file_contexts
$(4) += $(3)
-$(3): PRIVATE_APEX_PATH := /system/apex/$(subst .,\\.,$(2))
+$(3): PRIVATE_APEX_PATH := $(subst .,\\.,$(2))
$(3): $(1)
$(hide) awk '/object_r/{printf("$$(PRIVATE_APEX_PATH)%s\n",$$$$0)}' $$< > $$@
endef
@@ -206,6 +251,10 @@
include $(BUILD_PHONY_PACKAGE)
+# selinux_policy is a main goal and triggers lots of tests.
+# Most tests are FAKE modules, so aren'triggered on normal builds. (e.g. 'm')
+# By setting as droidcore's dependency, tests will run on normal builds.
+droidcore: selinux_policy
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_policy_system
@@ -213,7 +262,8 @@
# divergence between Treble and non-Treble devices.
LOCAL_REQUIRED_MODULES += \
plat_mapping_file \
- $(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+ $(addprefix plat_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+ $(addsuffix .compat.cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
plat_sepolicy.cil \
plat_sepolicy_and_mapping.sha256 \
secilc \
@@ -221,11 +271,15 @@
LOCAL_REQUIRED_MODULES += \
build_sepolicy \
plat_file_contexts \
+ plat_file_contexts_test \
plat_mac_permissions.xml \
plat_property_contexts \
+ plat_property_contexts_test \
plat_seapp_contexts \
plat_service_contexts \
+ plat_service_contexts_test \
plat_hwservice_contexts \
+ plat_hwservice_contexts_test \
searchpolicy \
# This conditional inclusion closely mimics the conditional logic
@@ -242,10 +296,15 @@
ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)
LOCAL_REQUIRED_MODULES += \
sepolicy_tests \
+ $(addsuffix _compat_test,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
+
+ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
+LOCAL_REQUIRED_MODULES += \
$(addprefix treble_sepolicy_tests_,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS)) \
-endif
-endif
+endif # PRODUCT_SEPOLICY_SPLIT
+endif # SELINUX_IGNORE_NEVERALLOWS
+endif # with_asan
ifneq ($(PLATFORM_SEPOLICY_VERSION),$(TOT_SEPOLICY_VERSION))
LOCAL_REQUIRED_MODULES += \
@@ -265,6 +324,8 @@
LOCAL_REQUIRED_MODULES += \
precompiled_sepolicy \
precompiled_sepolicy.plat_sepolicy_and_mapping.sha256 \
+ precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256 \
+ system_ext_sepolicy_and_mapping.sha256 \
precompiled_sepolicy.product_sepolicy_and_mapping.sha256 \
product_sepolicy_and_mapping.sha256 \
@@ -280,41 +341,84 @@
LOCAL_REQUIRED_MODULES += \
vendor_file_contexts \
+ vendor_file_contexts_test \
vendor_mac_permissions.xml \
vendor_property_contexts \
+ vendor_property_contexts_test \
vendor_seapp_contexts \
+ vendor_service_contexts \
vendor_hwservice_contexts \
+ vendor_hwservice_contexts_test \
vndservice_contexts \
ifdef BOARD_ODM_SEPOLICY_DIRS
LOCAL_REQUIRED_MODULES += \
odm_sepolicy.cil \
odm_file_contexts \
+ odm_file_contexts_test \
odm_seapp_contexts \
odm_property_contexts \
+ odm_property_contexts_test \
odm_hwservice_contexts \
+ odm_hwservice_contexts_test \
odm_mac_permissions.xml
endif
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+LOCAL_REQUIRED_MODULES += system_ext_sepolicy.cil
+endif
+
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
LOCAL_REQUIRED_MODULES += \
- product_sepolicy.cil \
+ system_ext_mapping_file \
+ $(addprefix system_ext_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+
+endif
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+LOCAL_REQUIRED_MODULES += \
+ system_ext_file_contexts \
+ system_ext_file_contexts_test \
+ system_ext_hwservice_contexts \
+ system_ext_hwservice_contexts_test \
+ system_ext_property_contexts \
+ system_ext_property_contexts_test \
+ system_ext_seapp_contexts \
+ system_ext_service_contexts \
+ system_ext_service_contexts_test \
+ system_ext_mac_permissions.xml \
+
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+LOCAL_REQUIRED_MODULES += product_sepolicy.cil
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+LOCAL_REQUIRED_MODULES += \
+ product_mapping_file \
+ $(addprefix product_,$(addsuffix .cil,$(PLATFORM_SEPOLICY_COMPAT_VERSIONS))) \
+
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+LOCAL_REQUIRED_MODULES += \
product_file_contexts \
+ product_file_contexts_test \
product_hwservice_contexts \
+ product_hwservice_contexts_test \
product_property_contexts \
+ product_property_contexts_test \
product_seapp_contexts \
product_service_contexts \
+ product_service_contexts_test \
product_mac_permissions.xml \
- product_mapping_file \
endif
-ifneq ($(TARGET_BUILD_VARIANT), user)
LOCAL_REQUIRED_MODULES += \
selinux_denial_metadata \
-endif
-
# Builds an addtional userdebug sepolicy into the debug ramdisk.
LOCAL_REQUIRED_MODULES += \
userdebug_plat_sepolicy.cil \
@@ -325,14 +429,18 @@
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_neverallows
-LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_CLASS := FAKE
LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
# sepolicy_policy.conf - All of the policy for the device. This is only used to
# check neverallow rules.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy_policy.conf := $(intermediates)/policy.conf
$(sepolicy_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -342,15 +450,18 @@
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
# sepolicy_policy_2.conf - All of the policy for the device. This is only used to
# check neverallow rules using sepolicy-analyze, similar to CTS.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy_policy_2.conf := $(intermediates)/policy_2.conf
$(sepolicy_policy_2.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy_policy_2.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -361,10 +472,8 @@
$(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy_policy_2.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy_policy_2.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(sepolicy_policy_2.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy_policy_2.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy_policy_2.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -397,6 +506,7 @@
# the compilation of public policy and subsequent removal of CIL policy that
# should not be exported.
+policy_files := $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
reqd_policy_mask.conf := $(intermediates)/reqd_policy_mask.conf
$(reqd_policy_mask.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -407,7 +517,9 @@
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(reqd_policy_mask.conf): $(call build_policy, $(sepolicy_build_files), $(REQD_MASK_POLICY))
+$(reqd_policy_mask.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(reqd_policy_mask.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(reqd_policy_mask.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
# b/37755687
CHECKPOLICY_ASAN_OPTIONS := ASAN_OPTIONS=detect_leaks=0
@@ -426,6 +538,21 @@
# policy that would not compile in checkpolicy on its own. To get around this
# limitation, add only the required files from private policy, which will
# generate CIL policy that will then be filtered out by the reqd_policy_mask.
+#
+# There are three pub_policy.cil files below:
+# - pub_policy.cil: exported 'product', 'system_ext' and 'system' policy.
+# - system_ext_pub_policy.cil: exported 'system_ext' and 'system' policy.
+# - plat_pub_policy.cil: exported 'system' policy.
+#
+# Those above files will in turn be used to generate the following versioned cil files:
+# - product_mapping_file: the versioned, exported 'product' policy in product partition.
+# - system_ext_mapping_file: the versioned, exported 'system_ext' policy in system_ext partition.
+# - plat_mapping_file: the versioned, exported 'system' policy in system partition.
+# - plat_pub_versioned.cil: the versioned, exported 'product', 'system_ext' and 'system'
+# policy in vendor partition.
+#
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
pub_policy.conf := $(intermediates)/pub_policy.conf
$(pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -436,8 +563,9 @@
$(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
pub_policy.cil := $(intermediates)/pub_policy.cil
$(pub_policy.cil): PRIVATE_POL_CONF := $(pub_policy.conf)
@@ -452,6 +580,38 @@
pub_policy.conf :=
##################################
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+system_ext_pub_policy.conf := $(intermediates)/system_ext_pub_policy.conf
+$(system_ext_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(system_ext_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(system_ext_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(system_ext_pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(system_ext_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(system_ext_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(system_ext_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(system_ext_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(system_ext_pub_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+
+system_ext_pub_policy.cil := $(intermediates)/system_ext_pub_policy.cil
+$(system_ext_pub_policy.cil): PRIVATE_POL_CONF := $(system_ext_pub_policy.conf)
+$(system_ext_pub_policy.cil): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
+$(system_ext_pub_policy.cil): $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(system_ext_pub_policy.conf) $(reqd_policy_mask.cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $< -C -M -c $(POLICYVERS) -o $@ $(PRIVATE_POL_CONF)
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_REQD_MASK) -t $@
+
+system_ext_pub_policy.conf :=
+
+##################################
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
plat_pub_policy.conf := $(intermediates)/plat_pub_policy.conf
$(plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -462,8 +622,9 @@
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(plat_pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
plat_pub_policy.cil := $(intermediates)/plat_pub_policy.cil
@@ -478,21 +639,6 @@
plat_pub_policy.conf :=
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := sectxfile_nl
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-
-# Create a file containing newline only to add between context config files
-include $(BUILD_SYSTEM)/base_rules.mk
-$(LOCAL_BUILT_MODULE):
- @mkdir -p $(dir $@)
- $(hide) echo > $@
-
-built_nl := $(LOCAL_BUILT_MODULE)
-
#################################
include $(CLEAR_VARS)
@@ -506,6 +652,8 @@
# plat_policy.conf - A combination of the private and public platform policy
# which will ship with the device. The platform will always reflect the most
# recent platform version and is not currently being attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
plat_policy.conf := $(intermediates)/plat_policy.conf
$(plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -516,8 +664,9 @@
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -549,6 +698,8 @@
include $(BUILD_SYSTEM)/base_rules.mk
# userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
userdebug_plat_policy.conf := $(intermediates)/userdebug_plat_policy.conf
$(userdebug_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -559,8 +710,9 @@
$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(userdebug_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(userdebug_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(userdebug_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(userdebug_plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -583,35 +735,38 @@
#################################
include $(CLEAR_VARS)
-ifdef HAS_PRODUCT_SEPOLICY
-LOCAL_MODULE := product_sepolicy.cil
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+LOCAL_MODULE := system_ext_sepolicy.cil
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
include $(BUILD_SYSTEM)/base_rules.mk
-# product_policy.conf - A combination of the private and public product policy
-# which will ship with the device. Product policy is not attributized.
-product_policy.conf := $(intermediates)/product_policy.conf
-$(product_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
-$(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
-$(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
-$(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
-$(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
-$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
-$(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
-$(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(product_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
-$(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+# system_ext_policy.conf - A combination of the private and public system_ext policy
+# which will ship with the device. System_ext policy is not attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY))
+system_ext_policy.conf := $(intermediates)/system_ext_policy.conf
+$(system_ext_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(system_ext_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(system_ext_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(system_ext_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(system_ext_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(system_ext_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(system_ext_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(system_ext_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(system_ext_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(system_ext_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(system_ext_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_CIL := $(built_plat_cil)
-$(LOCAL_BUILT_MODULE): $(product_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(LOCAL_BUILT_MODULE): $(system_ext_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil)
@mkdir -p $(dir $@)
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
@@ -622,12 +777,69 @@
# used for debugging, so we remove them.
$(hide) grep -v ';;' $@ > $@.tmp
$(hide) mv $@.tmp $@
- # Combine plat_sepolicy.cil and product_sepolicy.cil to make sure that the
+ # Combine plat_sepolicy.cil and system_ext_sepolicy.cil to make sure that the
# latter doesn't accidentally depend on vendor/odm policies.
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
$(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL) $@ -o /dev/null -f /dev/null
+built_system_ext_cil := $(LOCAL_BUILT_MODULE)
+system_ext_policy.conf :=
+endif # ifdef HAS_SYSTEM_EXT_SEPOLICY
+
+#################################
+include $(CLEAR_VARS)
+
+ifdef HAS_PRODUCT_SEPOLICY
+LOCAL_MODULE := product_sepolicy.cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+# product_policy.conf - A combination of the private and public product policy
+# which will ship with the device. Product policy is not attributized.
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY))
+product_policy.conf := $(intermediates)/product_policy.conf
+$(product_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
+$(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
+$(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
+$(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
+$(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
+$(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
+$(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
+$(product_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(product_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(product_policy.conf): $(policy_files) $(M4)
+ $(transform-policy-to-conf)
+ $(hide) sed '/dontaudit/d' $@ > $@.dontaudit
+
+$(LOCAL_BUILT_MODULE): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
+$(LOCAL_BUILT_MODULE): PRIVATE_PLAT_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil)
+$(LOCAL_BUILT_MODULE): $(product_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
+$(HOST_OUT_EXECUTABLES)/build_sepolicy $(HOST_OUT_EXECUTABLES)/secilc \
+$(built_plat_cil) $(built_system_ext_cil)
+ @mkdir -p $(dir $@)
+ $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
+ $(POLICYVERS) -o $@ $<
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_PLAT_CIL_FILES) -t $@
+ # Line markers (denoted by ;;) are malformed after above cmd. They are only
+ # used for debugging, so we remove them.
+ $(hide) grep -v ';;' $@ > $@.tmp
+ $(hide) mv $@.tmp $@
+ # Combine plat_sepolicy.cil, system_ext_sepolicy.cil and product_sepolicy.cil to
+ # make sure that the latter doesn't accidentally depend on vendor/odm policies.
+ $(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) \
+ $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_PLAT_CIL_FILES) $@ -o /dev/null -f /dev/null
+
+
built_product_cil := $(LOCAL_BUILT_MODULE)
product_policy.conf :=
endif # ifdef HAS_PRODUCT_SEPOLICY
@@ -671,7 +883,33 @@
#################################
include $(CLEAR_VARS)
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+LOCAL_MODULE := system_ext_mapping_file
+LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux/mapping
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
+$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil)
+$(LOCAL_BUILT_MODULE) : $(system_ext_pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
+$(built_plat_mapping_cil)
+ @mkdir -p $(dir $@)
+ # Generate system_ext mapping file as mapping file of 'system' (plat) and 'system_ext'
+ # sepolicy minus plat_mapping_file.
+ $(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
+ -f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
+
+built_system_ext_mapping_cil := $(LOCAL_BUILT_MODULE)
+endif # ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+
+#################################
+include $(CLEAR_VARS)
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
LOCAL_MODULE := product_mapping_file
LOCAL_MODULE_STEM := $(PLATFORM_SEPOLICY_VERSION).cil
LOCAL_MODULE_CLASS := ETC
@@ -681,18 +919,18 @@
include $(BUILD_SYSTEM)/base_rules.mk
$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(PLATFORM_SEPOLICY_VERSION)
-$(LOCAL_BUILT_MODULE) : PRIVATE_PLAT_MAPPING_CIL := $(built_plat_mapping_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_plat_mapping_cil) $(built_system_ext_mapping_cil)
$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
-$(built_plat_mapping_cil)
+$(built_plat_mapping_cil) $(built_system_ext_mapping_cil)
@mkdir -p $(dir $@)
# Generate product mapping file as mapping file of all public sepolicy minus
- # plat_mapping_file.
+ # plat_mapping_file and system_ext_mapping_file.
$(hide) $(HOST_OUT_EXECUTABLES)/version_policy -b $< -m -n $(PRIVATE_VERS) -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
- -f $(PRIVATE_PLAT_MAPPING_CIL) -t $@
+ -f $(PRIVATE_FILTER_CIL_FILES) -t $@
built_product_mapping_cil := $(LOCAL_BUILT_MODULE)
-endif # HAS_PRODUCT_SEPOLICY
+endif # ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
#################################
include $(CLEAR_VARS)
@@ -709,11 +947,12 @@
$(LOCAL_BUILT_MODULE) : PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
$(LOCAL_BUILT_MODULE) : PRIVATE_TGT_POL := $(pub_policy.cil)
-$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
-$(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE) : PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+$(built_product_cil) $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) \
+$(built_product_mapping_cil)
$(LOCAL_BUILT_MODULE) : $(pub_policy.cil) $(HOST_OUT_EXECUTABLES)/version_policy \
- $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_product_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil)
+ $(HOST_OUT_EXECUTABLES)/secilc $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) \
+ $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(HOST_OUT_EXECUTABLES)/version_policy -b $< -t $(PRIVATE_TGT_POL) -n $(PRIVATE_VERS) -o $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -N -c $(POLICYVERS) \
@@ -735,6 +974,9 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) \
+ $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS))
vendor_policy.conf := $(intermediates)/vendor_policy.conf
$(vendor_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -745,9 +987,9 @@
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(vendor_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(vendor_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(vendor_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
-$(BOARD_VENDOR_SEPOLICY_DIRS))
+$(vendor_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(vendor_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(vendor_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -755,13 +997,15 @@
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil)\
-$(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+$(built_product_cil) $(built_pub_vers_cil) $(built_plat_mapping_cil) \
+$(built_system_ext_mapping_cil) $(built_product_mapping_cil)
$(LOCAL_BUILT_MODULE): PRIVATE_FILTER_CIL := $(built_pub_vers_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
$(vendor_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
- $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil)
+ $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) \
+ $(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) \
+ $(built_product_mapping_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -786,6 +1030,9 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(SYSTEM_EXT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) \
+ $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
odm_policy.conf := $(intermediates)/odm_policy.conf
$(odm_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -796,9 +1043,9 @@
$(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
$(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(odm_policy.conf): $(call build_policy, $(sepolicy_build_files), \
- $(PLAT_PUBLIC_POLICY) $(PRODUCT_PUBLIC_POLICY) $(REQD_MASK_POLICY) $(PLAT_VENDOR_POLICY) \
- $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_ODM_SEPOLICY_DIRS))
+$(odm_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(odm_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(odm_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -806,14 +1053,15 @@
$(LOCAL_BUILT_MODULE): PRIVATE_REQD_MASK := $(reqd_policy_mask.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_BASE_CIL := $(pub_policy.cil)
$(LOCAL_BUILT_MODULE): PRIVATE_VERS := $(BOARD_SEPOLICY_VERS)
-$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_product_cil) \
- $(built_pub_vers_cil) $(built_plat_mapping_cil) $(built_product_mapping_cil)\
- $(built_vendor_cil)
+$(LOCAL_BUILT_MODULE): PRIVATE_DEP_CIL_FILES := $(built_plat_cil) $(built_system_ext_cil) \
+ $(built_product_cil) $(built_pub_vers_cil) $(built_plat_mapping_cil) \
+ $(built_system_ext_mapping_cil) $(built_product_mapping_cil) $(built_vendor_cil)
$(LOCAL_BUILT_MODULE) : PRIVATE_FILTER_CIL_FILES := $(built_pub_vers_cil) $(built_vendor_cil)
$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/build_sepolicy \
$(odm_policy.conf) $(reqd_policy_mask.cil) $(pub_policy.cil) \
- $(built_plat_cil) $(built_product_cil) $(built_pub_vers_cil) \
- $(built_plat_mapping_cil) $(built_product_mapping_cil) $(built_vendor_cil)
+ $(built_plat_cil) $(built_system_ext_cil) $(built_product_cil) $(built_pub_vers_cil) \
+ $(built_plat_mapping_cil) $(built_system_ext_mapping_cil) $(built_product_mapping_cil) \
+ $(built_vendor_cil)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) build_cil \
-i $(PRIVATE_POL_CONF) -m $(PRIVATE_REQD_MASK) -c $(CHECKPOLICY_ASAN_OPTIONS) \
@@ -847,11 +1095,20 @@
$(built_pub_vers_cil) \
$(built_vendor_cil)
-ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += \
- $(built_product_cil) \
- $(built_product_mapping_cil) \
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -872,6 +1129,9 @@
# - plat_sepolicy_and_mapping.sha256 equals
# precompiled_sepolicy.plat_sepolicy_and_mapping.sha256
# AND
+# - system_ext_sepolicy_and_mapping.sha256 equals
+# precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
+# AND
# - product_sepolicy_and_mapping.sha256 equals
# precompiled_sepolicy.product_sepolicy_and_mapping.sha256
# See system/core/init/selinux.cpp for details.
@@ -891,6 +1151,19 @@
#################################
include $(CLEAR_VARS)
+LOCAL_MODULE := system_ext_sepolicy_and_mapping.sha256
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH = $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+ cat $^ | sha256sum | cut -d' ' -f1 > $@
+
+#################################
+include $(CLEAR_VARS)
+
LOCAL_MODULE := product_sepolicy_and_mapping.sha256
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -923,6 +1196,27 @@
cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
#################################
+# SHA-256 digest of the system_ext_sepolicy.cil and system_ext_mapping_file against
+# which precompiled_policy was built.
+#################################
+include $(CLEAR_VARS)
+LOCAL_MODULE := precompiled_sepolicy.system_ext_sepolicy_and_mapping.sha256
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+
+ifeq ($(BOARD_USES_ODMIMAGE),true)
+LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
+else
+LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
+endif
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+$(LOCAL_BUILT_MODULE): $(built_precompiled_sepolicy) $(built_system_ext_cil) $(built_system_ext_mapping_cil)
+ cat $(PRIVATE_CIL_FILES) | sha256sum | cut -d' ' -f1 > $@
+
+#################################
# SHA-256 digest of the product_sepolicy.cil and product_mapping_file against
# which precompiled_policy was built.
#################################
@@ -960,11 +1254,20 @@
$(built_pub_vers_cil) \
$(built_vendor_cil)
-ifdef HAS_PRODUCT_SEPOLICY
-all_cil_files += \
- $(built_product_cil) \
- $(built_product_mapping_cil) \
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
@@ -1004,6 +1307,12 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
+ $(SYSTEM_EXT_PUBLIC_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) \
+ $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
+ $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
+ $(BOARD_ODM_SEPOLICY_DIRS))
sepolicy.recovery.conf := $(intermediates)/sepolicy.recovery.conf
$(sepolicy.recovery.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1013,11 +1322,8 @@
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
-$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
- $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) \
- $(PRODUCT_PUBLIC_POLICY) $(PRODUCT_PRIVATE_POLICY) \
- $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) \
- $(BOARD_ODM_SEPOLICY_DIRS))
+$(sepolicy.recovery.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(sepolicy.recovery.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -1055,6 +1361,8 @@
include $(BUILD_SYSTEM)/base_rules.mk
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_SENS := $(MLS_SENS)
$(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
$(LOCAL_BUILT_MODULE): PRIVATE_TARGET_BUILD_VARIANT := user
@@ -1062,9 +1370,10 @@
$(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
$(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts
+$(LOCAL_BUILT_MODULE): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := cts
$(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true
-$(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
-$(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
+$(LOCAL_BUILT_MODULE): PRIVATE_POLICY_FILES := $(policy_files)
+$(LOCAL_BUILT_MODULE): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
@@ -1097,7 +1406,11 @@
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
-ifdef HAS_PRODUCT_SEPOLICY
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+local_fc_files += $(call build_policy, file_contexts, $(SYSTEM_EXT_PRIVATE_POLICY))
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
local_fc_files += $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
endif
@@ -1107,20 +1420,22 @@
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
-ifeq ($(TARGET_FLATTEN_APEX),true)
- apex_fc_files := $(wildcard $(LOCAL_PATH)/apex/*-file_contexts)
- $(foreach _input,$(apex_fc_files),\
- $(eval _output := $(intermediates)/$(notdir $(_input))-flattened)\
- $(eval _apex_name := $(patsubst %-file_contexts,%,$(notdir $(_input))))\
- $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_name),$(_output),local_fc_files))\
- )
-endif
-local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
+
+# Even if TARGET_FLATTEN_APEX is not turned on, "flattened" APEXes are installed
+$(foreach _tuple,$(APEX_FILE_CONTEXTS_INFOS),\
+ $(eval _apex_name := $(call word-colon,1,$(_tuple)))\
+ $(eval _apex_path := $(call word-colon,2,$(_tuple)))\
+ $(eval _fc_path := $(call word-colon,3,$(_tuple)))\
+ $(eval _input := $(_fc_path))\
+ $(eval _output := $(intermediates)/$(_apex_name)-flattened)\
+ $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_path),$(_output),local_fc_files))\
+ )
file_contexts.local.tmp := $(intermediates)/file_contexts.local.tmp
-$(file_contexts.local.tmp): $(local_fcfiles_with_nl)
+$(file_contexts.local.tmp): PRIVATE_FC_FILES := $(local_fc_files)
+$(file_contexts.local.tmp): $(local_fc_files) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_FC_FILES) > $@
device_fc_files := $(call build_vendor_policy, file_contexts)
@@ -1128,13 +1443,12 @@
device_fc_files += $(call build_odm_policy, file_contexts)
endif
-device_fcfiles_with_nl := $(call add_nl, $(device_fc_files), $(built_nl))
-
file_contexts.device.tmp := $(intermediates)/file_contexts.device.tmp
$(file_contexts.device.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(file_contexts.device.tmp): $(device_fcfiles_with_nl)
+$(file_contexts.device.tmp): PRIVATE_DEVICE_FC_FILES := $(device_fc_files)
+$(file_contexts.device.tmp): $(device_fc_files) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_DEVICE_FC_FILES) > $@
file_contexts.device.sorted.tmp := $(intermediates)/file_contexts.device.sorted.tmp
$(file_contexts.device.sorted.tmp): PRIVATE_SEPOLICY := $(built_sepolicy)
@@ -1142,12 +1456,13 @@
$(HOST_OUT_EXECUTABLES)/fc_sort $(HOST_OUT_EXECUTABLES)/checkfc
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e $(PRIVATE_SEPOLICY) $<
- $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort $< $@
+ $(hide) $(HOST_OUT_EXECUTABLES)/fc_sort -i $< -o $@
file_contexts.concat.tmp := $(intermediates)/file_contexts.concat.tmp
-$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
+$(file_contexts.concat.tmp): PRIVATE_CONTEXTS := $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp)
+$(file_contexts.concat.tmp): $(file_contexts.local.tmp) $(file_contexts.device.sorted.tmp) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $^ > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_CONTEXTS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(file_contexts.concat.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/sefcontext_compile $(HOST_OUT_EXECUTABLES)/checkfc
@@ -1166,7 +1481,6 @@
file_contexts.local.tmp :=
##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_denial_metadata
@@ -1175,29 +1489,19 @@
include $(BUILD_SYSTEM)/base_rules.mk
-bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
+bug_files := $(call build_policy, bug_map, $(LOCAL_PATH) $(PLAT_PRIVATE_POLICY) $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(PLAT_PUBLIC_POLICY))
$(LOCAL_BUILT_MODULE) : $(bug_files)
@mkdir -p $(dir $@)
cat $^ > $@
bug_files :=
-endif
-
-##################################
-include $(LOCAL_PATH)/file_contexts.mk
##################################
include $(LOCAL_PATH)/seapp_contexts.mk
##################################
-include $(LOCAL_PATH)/property_contexts.mk
-
-##################################
-include $(LOCAL_PATH)/service_contexts.mk
-
-##################################
-include $(LOCAL_PATH)/hwservice_contexts.mk
+include $(LOCAL_PATH)/contexts_tests.mk
##################################
include $(CLEAR_VARS)
@@ -1214,9 +1518,9 @@
vndservice_contexts.tmp := $(intermediates)/vndservice_contexts.tmp
$(vndservice_contexts.tmp): PRIVATE_SVC_FILES := $(vnd_svcfiles)
$(vndservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vndservice_contexts.tmp): $(vnd_svcfiles)
+$(vndservice_contexts.tmp): $(vnd_svcfiles) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
$(LOCAL_BUILT_MODULE): $(vndservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
@@ -1233,24 +1537,27 @@
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_tests
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
include $(BUILD_SYSTEM)/base_rules.mk
-all_fc_files := $(built_plat_fc) $(built_vendor_fc)
-ifdef HAS_PRODUCT_SEPOLICY
-all_fc_args += $(built_product_fc)
+all_fc_files := $(TARGET_OUT)/etc/selinux/plat_file_contexts
+all_fc_files += $(TARGET_OUT_VENDOR)/etc/selinux/vendor_file_contexts
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+all_fc_files += $(TARGET_OUT_SYSTEM_EXT)/etc/selinux/system_ext_file_contexts
+endif
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+all_fc_files += $(TARGET_OUT_PRODUCT)/etc/selinux/product_file_contexts
endif
ifdef BOARD_ODM_SEPOLICY_DIRS
-all_fc_files += $(built_odm_fc)
+all_fc_files += $(TARGET_OUT_ODM)/etc/selinux/odm_file_contexts
endif
all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
-sepolicy_tests := $(intermediates)/sepolicy_tests
-$(sepolicy_tests): ALL_FC_ARGS := $(all_fc_args)
-$(sepolicy_tests): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(sepolicy_tests): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): ALL_FC_ARGS := $(all_fc_args)
+$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/sepolicy_tests $(all_fc_files) $(built_sepolicy)
@mkdir -p $(dir $@)
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy_tests -l $(HOST_OUT)/lib64/libsepolwrap.$(SHAREDLIB_EXT) \
$(ALL_FC_ARGS) -p $(PRIVATE_SEPOLICY)
@@ -1262,8 +1569,8 @@
# plat_sepolicy - the current platform policy only, built into a policy binary.
# TODO - this currently excludes partner extensions, but support should be added
# to enable partners to add their own compatibility mapping
-BASE_PLAT_PUBLIC_POLICY := $(filter-out $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR), $(PLAT_PUBLIC_POLICY))
-BASE_PLAT_PRIVATE_POLICY := $(filter-out $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR), $(PLAT_PRIVATE_POLICY))
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
base_plat_policy.conf := $(intermediates)/base_plat_policy.conf
$(base_plat_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(base_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1273,18 +1580,19 @@
$(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(base_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
$(base_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(base_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(BASE_PLAT_PUBLIC_POLICY) $(BASE_PLAT_PRIVATE_POLICY))
+$(base_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_plat_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
$(hide) sed '/^\s*dontaudit.*;/d' $@ | sed '/^\s*dontaudit/,/;/d' > $@.dontaudit
built_plat_sepolicy := $(intermediates)/built_plat_sepolicy
$(built_plat_sepolicy): PRIVATE_ADDITIONAL_CIL_FILES := \
- $(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY))
+ $(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY))
$(built_plat_sepolicy): PRIVATE_NEVERALLOW_ARG := $(NEVERALLOW_ARG)
$(built_plat_sepolicy): $(base_plat_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy \
$(HOST_OUT_EXECUTABLES)/secilc \
-$(call build_policy, $(sepolicy_build_cil_workaround_files), $(BASE_PLAT_PRIVATE_POLICY)) \
+$(call build_policy, $(sepolicy_build_cil_workaround_files), $(PLAT_PRIVATE_POLICY)) \
$(built_sepolicy_neverallows)
@mkdir -p $(dir $@)
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -C -c \
@@ -1292,6 +1600,8 @@
$(hide) cat $(PRIVATE_ADDITIONAL_CIL_FILES) >> $@
$(hide) $(HOST_OUT_EXECUTABLES)/secilc -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $@ -o $@ -f /dev/null
+policy_files := $(call build_policy, $(sepolicy_build_files), \
+ $(PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
base_plat_pub_policy.conf := $(intermediates)/base_plat_pub_policy.conf
$(base_plat_pub_policy.conf): PRIVATE_MLS_SENS := $(MLS_SENS)
$(base_plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
@@ -1301,8 +1611,9 @@
$(base_plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
$(base_plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
$(base_plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
-$(base_plat_pub_policy.conf): $(call build_policy, $(sepolicy_build_files), \
-$(BASE_PLAT_PUBLIC_POLICY) $(REQD_MASK_POLICY))
+$(base_plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow)
+$(base_plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files)
+$(base_plat_pub_policy.conf): $(policy_files) $(M4)
$(transform-policy-to-conf)
base_plat_pub_policy.cil := $(intermediates)/base_plat_pub_policy.cil
@@ -1315,37 +1626,39 @@
$(hide) $(HOST_OUT_EXECUTABLES)/build_sepolicy -a $(HOST_OUT_EXECUTABLES) filter_out \
-f $(PRIVATE_REQD_MASK) -t $@
-all_fc_files := $(built_plat_fc) $(built_vendor_fc)
-ifdef HAS_PRODUCT_SEPOLICY
-all_fc_files += $(built_product_fc)
-endif
-ifdef BOARD_ODM_SEPOLICY_DIRS
-all_fc_files += $(built_odm_fc)
-endif
-all_fc_args := $(foreach file, $(all_fc_files), -f $(file))
-
+ifeq ($(PRODUCT_SEPOLICY_SPLIT),true)
# Tests for Treble compatibility of current platform policy and vendor policy of
# given release version.
version_under_treble_tests := 26.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
-
version_under_treble_tests := 27.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
-
version_under_treble_tests := 28.0
include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+version_under_treble_tests := 29.0
+include $(LOCAL_PATH)/treble_sepolicy_tests_for_release.mk
+endif # PRODUCT_SEPOLICY_SPLIT
-BASE_PLAT_PUBLIC_POLICY :=
-BASE_PLAT_PRIVATE_POLICY :=
+version_under_treble_tests := 26.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 27.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 28.0
+include $(LOCAL_PATH)/compat.mk
+version_under_treble_tests := 29.0
+include $(LOCAL_PATH)/compat.mk
+
base_plat_policy.conf :=
base_plat_pub_policy.conf :=
plat_sepolicy :=
+all_fc_files :=
+all_fc_args :=
#################################
include $(CLEAR_VARS)
LOCAL_MODULE := sepolicy_freeze_test
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := tests
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
include $(BUILD_SYSTEM)/base_rules.mk
@@ -1379,37 +1692,30 @@
#################################
-add_nl :=
build_vendor_policy :=
build_odm_policy :=
build_policy :=
-built_plat_fc :=
-built_product_fc :=
-built_vendor_fc :=
-built_odm_fc :=
-built_nl :=
built_plat_cil :=
+built_system_ext_cil :=
+built_product_cil :=
built_pub_vers_cil :=
built_plat_mapping_cil :=
+built_system_ext_mapping_cil :=
built_product_mapping_cil :=
-built_plat_pc :=
-built_product_pc :=
built_vendor_cil :=
-built_vendor_pc :=
-built_vendor_sc :=
built_odm_cil :=
-built_odm_pc :=
-built_odm_sc :=
-built_plat_sc :=
built_precompiled_sepolicy :=
built_sepolicy :=
built_sepolicy_neverallows :=
built_plat_svc :=
built_vendor_svc :=
built_plat_sepolicy :=
+treble_sysprop_neverallow :=
mapping_policy :=
my_target_arch :=
pub_policy.cil :=
+system_ext_pub_policy.cil :=
+plat_pub_policy.cil :=
reqd_policy_mask.cil :=
sepolicy_build_files :=
sepolicy_build_cil_workaround_files :=
diff --git a/OWNERS b/OWNERS
index 194acf3..55f7f00 100644
--- a/OWNERS
+++ b/OWNERS
@@ -5,6 +5,7 @@
jbires@google.com
jeffv@google.com
jgalenson@google.com
+jiyong@google.com
nnk@google.com
smoreland@google.com
sspatil@google.com
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index ccb3a50..b2b38ea 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -2,3 +2,6 @@
whitespace = tools/whitespace.sh ${PREUPLOAD_FILES}
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
policy_version_check = tools/policy_version_check.sh
+
+[Builtin Hooks]
+gofmt = true
diff --git a/README b/README
index 0cc8e30..43d9bbc 100644
--- a/README
+++ b/README
@@ -18,13 +18,13 @@
points.
These device policy files can be configured through the use of
-the BOARD_SEPOLICY_DIRS variable. This variable should be set
+the BOARD_VENDOR_SEPOLICY_DIRS variable. This variable should be set
in the BoardConfig.mk file in the device or vendor directories.
-BOARD_SEPOLICY_DIRS contains a list of directories to search
+BOARD_VENDOR_SEPOLICY_DIRS contains a list of directories to search
for additional policy files. Order matters in this list.
For example, if you have 2 instances of widget.te files in the
-BOARD_SEPOLICY_DIRS search path, then the first one found (at the
+BOARD_VENDOR_SEPOLICY_DIRS search path, then the first one found (at the
first search dir containing the file) will be concatenated first.
Reviewing out/target/product/<device>/obj/ETC/sepolicy_intermediates/policy.conf
will help sort out ordering issues.
@@ -32,7 +32,7 @@
Example BoardConfig.mk Usage:
From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
-BOARD_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
Additionally, OEMs can specify BOARD_SEPOLICY_M4DEFS to pass arbitrary m4
definitions during the build. A definition consists of a string in the form
diff --git a/TEST_MAPPING b/TEST_MAPPING
new file mode 100644
index 0000000..db12ffe
--- /dev/null
+++ b/TEST_MAPPING
@@ -0,0 +1,19 @@
+{
+ "presubmit": [
+ {
+ "name": "CtsSecurityHostTestCases",
+ "options": [
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testPermissionControllerDomain"
+ },
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testVzwOmaTriggerDomain"
+ },
+ {
+ "include-filter": "android.security.cts.SELinuxHostTest#testGMSCoreDomain"
+ }
+
+ ]
+ }
+ ]
+}
diff --git a/apex/Android.bp b/apex/Android.bp
new file mode 100644
index 0000000..d3acfdb
--- /dev/null
+++ b/apex/Android.bp
@@ -0,0 +1,189 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+filegroup {
+ name: "apex.test-file_contexts",
+ srcs: [
+ "apex.test-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.adbd-file_contexts",
+ srcs: [
+ "com.android.adbd-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.sdkext-file_contexts",
+ srcs: [
+ "com.android.sdkext-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.art.debug-file_contexts",
+ srcs: [
+ "com.android.art.debug-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.art.release-file_contexts",
+ srcs: [
+ "com.android.art.release-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.bootanimation-file_contexts",
+ srcs: [
+ "com.android.bootanimation-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.cellbroadcast-file_contexts",
+ srcs: [
+ "com.android.cellbroadcast-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.conscrypt-file_contexts",
+ srcs: [
+ "com.android.conscrypt-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.cronet-file_contexts",
+ srcs: [
+ "com.android.cronet-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.ipsec-file_contexts",
+ srcs: [
+ "com.android.ipsec-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.i18n-file_contexts",
+ srcs: [
+ "com.android.i18n-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.media-file_contexts",
+ srcs: [
+ "com.android.media-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.mediaprovider-file_contexts",
+ srcs: [
+ "com.android.mediaprovider-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.media.swcodec-file_contexts",
+ srcs: [
+ "com.android.media.swcodec-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.neuralnetworks-file_contexts",
+ srcs: [
+ "com.android.neuralnetworks-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.os.statsd-file_contexts",
+ srcs: [
+ "com.android.os.statsd-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.permission-file_contexts",
+ srcs: [
+ "com.android.permission-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.resolv-file_contexts",
+ srcs: [
+ "com.android.resolv-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.runtime-file_contexts",
+ srcs: [
+ "com.android.runtime-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.telephony-file_contexts",
+ srcs: [
+ "com.android.telephony-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.tzdata-file_contexts",
+ srcs: [
+ "com.android.tzdata-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.vndk-file_contexts",
+ srcs: [
+ "com.android.vndk-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.wifi-file_contexts",
+ srcs: [
+ "com.android.wifi-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.tethering-file_contexts",
+ srcs: [
+ "com.android.tethering-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.extservices-file_contexts",
+ srcs: [
+ "com.android.extservices-file_contexts",
+ ],
+}
diff --git a/apex/com.android.adbd-file_contexts b/apex/com.android.adbd-file_contexts
new file mode 100644
index 0000000..3488de2
--- /dev/null
+++ b/apex/com.android.adbd-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/adbd u:object_r:adbd_exec:s0
diff --git a/apex/com.android.appsearch-file_contexts b/apex/com.android.appsearch-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.appsearch-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
new file mode 100644
index 0000000..8007efd
--- /dev/null
+++ b/apex/com.android.art.debug-file_contexts
@@ -0,0 +1,10 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/dex2oat(d)?(32|64)? u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
+/bin/profman(d)? u:object_r:profman_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
+/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0
diff --git a/apex/com.android.art.release-file_contexts b/apex/com.android.art.release-file_contexts
new file mode 100644
index 0000000..1598afd
--- /dev/null
+++ b/apex/com.android.art.release-file_contexts
@@ -0,0 +1,8 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
+/bin/profman u:object_r:profman_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.bluetooth.updatable-file_contexts b/apex/com.android.bluetooth.updatable-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.bluetooth.updatable-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.bootanimation-file_contexts b/apex/com.android.bootanimation-file_contexts
new file mode 100644
index 0000000..83b4b58
--- /dev/null
+++ b/apex/com.android.bootanimation-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.cellbroadcast-file_contexts b/apex/com.android.cellbroadcast-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.cellbroadcast-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.conscrypt-file_contexts b/apex/com.android.conscrypt-file_contexts
index ffc3109..abf0085 100644
--- a/apex/com.android.conscrypt-file_contexts
+++ b/apex/com.android.conscrypt-file_contexts
@@ -1,5 +1,6 @@
#############################
# System files
#
-(/.*)? u:object_r:system_file:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
diff --git a/apex/com.android.cronet-file_contexts b/apex/com.android.cronet-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.cronet-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.extservices-file_contexts b/apex/com.android.extservices-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.extservices-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.i18n-file_contexts b/apex/com.android.i18n-file_contexts
new file mode 100644
index 0000000..c8b6ba1
--- /dev/null
+++ b/apex/com.android.i18n-file_contexts
@@ -0,0 +1,4 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.ipsec-file_contexts b/apex/com.android.ipsec-file_contexts
new file mode 100644
index 0000000..270f0e1
--- /dev/null
+++ b/apex/com.android.ipsec-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.mediaprovider-file_contexts b/apex/com.android.mediaprovider-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.mediaprovider-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.neuralnetworks-file_contexts b/apex/com.android.neuralnetworks-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.neuralnetworks-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.os.statsd-file_contexts b/apex/com.android.os.statsd-file_contexts
new file mode 100644
index 0000000..040441a
--- /dev/null
+++ b/apex/com.android.os.statsd-file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
+/bin/statsd u:object_r:statsd_exec:s0
diff --git a/apex/com.android.permission-file_contexts b/apex/com.android.permission-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.permission-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.runtime-file_contexts b/apex/com.android.runtime-file_contexts
new file mode 100644
index 0000000..7878b20
--- /dev/null
+++ b/apex/com.android.runtime-file_contexts
@@ -0,0 +1,6 @@
+#############################
+# System files
+#
+(/.*)? u:object_r:system_file:s0
+/bin/linker(64)? u:object_r:system_linker_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.runtime.debug-file_contexts b/apex/com.android.runtime.debug-file_contexts
deleted file mode 100644
index 592975d..0000000
--- a/apex/com.android.runtime.debug-file_contexts
+++ /dev/null
@@ -1,12 +0,0 @@
-#############################
-# System files
-#
-(/.*)? u:object_r:system_file:s0
-/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
-/bin/profman(d)? u:object_r:profman_exec:s0
-/bin/linker(64)? u:object_r:system_linker_exec:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
-/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
-/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
-/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0
diff --git a/apex/com.android.runtime.release-file_contexts b/apex/com.android.runtime.release-file_contexts
deleted file mode 100644
index 286d698..0000000
--- a/apex/com.android.runtime.release-file_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-#############################
-# System files
-#
-(/.*)? u:object_r:system_file:s0
-/bin/dex2oat u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
-/bin/profman u:object_r:profman_exec:s0
-/bin/linker(64)? u:object_r:system_linker_exec:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
-/etc/tz(/.*)? u:object_r:system_zoneinfo_file:s0
diff --git a/apex/com.android.sdkext-file_contexts b/apex/com.android.sdkext-file_contexts
new file mode 100644
index 0000000..2d59dda
--- /dev/null
+++ b/apex/com.android.sdkext-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/derive_sdk u:object_r:derive_sdk_exec:s0
diff --git a/apex/com.android.telephony-file_contexts b/apex/com.android.telephony-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.telephony-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.tethering-file_contexts b/apex/com.android.tethering-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.tethering-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.vndk-file_contexts b/apex/com.android.vndk-file_contexts
new file mode 100644
index 0000000..f6b21da
--- /dev/null
+++ b/apex/com.android.vndk-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
diff --git a/apex/com.android.wifi-file_contexts b/apex/com.android.wifi-file_contexts
new file mode 100644
index 0000000..f3a65d4
--- /dev/null
+++ b/apex/com.android.wifi-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
index bcd33b3..ae2bdd6 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -23,7 +23,9 @@
],
srcs: [
"cil_compat_map.go",
- "filegroup.go"
+ "filegroup.go",
+ "selinux.go",
+ "selinux_contexts.go",
],
pluginFor: ["soong_build"],
}
diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go
index 9d01d93..f304e62 100644
--- a/build/soong/cil_compat_map.go
+++ b/build/soong/cil_compat_map.go
@@ -27,8 +27,6 @@
)
var (
- pctx = android.NewPackageContext("android/soong/selinux")
-
combine_maps = pctx.HostBinToolVariable("combine_maps", "combine_maps")
combineMapsCmd = "${combine_maps} -t ${topHalf} -b ${bottomHalf} -o $out"
combineMapsRule = pctx.StaticRule(
@@ -53,7 +51,7 @@
func cilCompatMapFactory() android.Module {
c := &cilCompatMap{}
c.AddProperties(&c.properties)
- android.InitAndroidModule(c)
+ android.InitAndroidArchModule(c, android.DeviceSupported, android.MultilibCommon)
return c
}
@@ -67,6 +65,8 @@
// other modules that produce source files like genrule or filegroup using
// the syntax ":module". srcs has to be non-empty.
Bottom_half []string
+ // name of the output
+ Stem *string
}
type cilCompatMap struct {
@@ -74,17 +74,13 @@
properties cilCompatMapProperties
// (.intermediate) module output path as installation source.
installSource android.Path
+ installPath android.InstallPath
}
type CilCompatMapGenerator interface {
GeneratedMapFile() android.Path
}
-type dependencyTag struct {
- blueprint.BaseDependencyTag
- name string
-}
-
func expandTopHalf(ctx android.ModuleContext) android.OptionalPath {
var topHalf android.OptionalPath
ctx.VisitDirectDeps(func(dep android.Module) {
@@ -107,11 +103,13 @@
continue
}
if fg, ok := module.(*fileGroup); ok {
- // Core compatibility mapping files are under system/sepolicy/private.
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
- // Partner extensions to the compatibility mapping in must be located in
- // BOARD_PLAT_PRIVATE_SEPOLICY_DIR
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+ if ctx.ProductSpecific() {
+ expandedSrcFiles = append(expandedSrcFiles, fg.ProductPrivateSrcs()...)
+ } else if ctx.SystemExtSpecific() {
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
+ } else {
+ expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
+ }
} else {
ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup", m)
}
@@ -124,6 +122,8 @@
}
func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ c.installPath = android.PathForModuleInstall(ctx, "etc", "selinux", "mapping")
+
srcFiles := expandSeSources(ctx, c.properties.Bottom_half)
for _, src := range srcFiles {
@@ -173,7 +173,10 @@
Class: "ETC",
}
ret.Extra = append(ret.Extra, func(w io.Writer, outputFile android.Path) {
- fmt.Fprintln(w, "LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux/mapping")
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", c.installPath.ToMakePath().String())
+ if c.properties.Stem != nil {
+ fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", String(c.properties.Stem))
+ }
})
return ret
}
diff --git a/build/soong/filegroup.go b/build/soong/filegroup.go
index 7f75e48..a45b427 100644
--- a/build/soong/filegroup.go
+++ b/build/soong/filegroup.go
@@ -52,6 +52,9 @@
systemExtPublicSrcs android.Paths
systemExtPrivateSrcs android.Paths
+ productPublicSrcs android.Paths
+ productPrivateSrcs android.Paths
+
vendorSrcs android.Paths
odmSrcs android.Paths
}
@@ -86,7 +89,17 @@
return fg.systemExtPrivateSrcs
}
-// Source files from BOARD_SEPOLICY_DIRS
+// Source files from PRODUCT_PUBLIC_SEPOLICY_DIRS
+func (fg *fileGroup) ProductPublicSrcs() android.Paths {
+ return fg.productPublicSrcs
+}
+
+// Source files from PRODUCT_PRIVATE_SEPOLICY_DIRS
+func (fg *fileGroup) ProductPrivateSrcs() android.Paths {
+ return fg.productPrivateSrcs
+}
+
+// Source files from BOARD_VENDOR_SEPOLICY_DIRS
func (fg *fileGroup) VendorSrcs() android.Paths {
return fg.vendorSrcs
}
@@ -125,6 +138,9 @@
fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPublicSepolicyDirs())
fg.systemExtPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().PlatPrivateSepolicyDirs())
+ fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs())
+ fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs())
+
fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
}
diff --git a/build/soong/selinux.go b/build/soong/selinux.go
new file mode 100644
index 0000000..7ad4776
--- /dev/null
+++ b/build/soong/selinux.go
@@ -0,0 +1,30 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "github.com/google/blueprint"
+
+ "android/soong/android"
+)
+
+type dependencyTag struct {
+ blueprint.BaseDependencyTag
+ name string
+}
+
+var (
+ pctx = android.NewPackageContext("android/soong/selinux")
+)
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
new file mode 100644
index 0000000..03f8f19
--- /dev/null
+++ b/build/soong/selinux_contexts.go
@@ -0,0 +1,374 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "fmt"
+ "io"
+ "strings"
+
+ "github.com/google/blueprint/proptools"
+
+ "android/soong/android"
+)
+
+const (
+ coreMode = "core"
+ recoveryMode = "recovery"
+)
+
+type selinuxContextsProperties struct {
+ // Filenames under sepolicy directories, which will be used to generate contexts file.
+ Srcs []string `android:"path"`
+
+ Product_variables struct {
+ Debuggable struct {
+ Srcs []string
+ }
+
+ Address_sanitize struct {
+ Srcs []string
+ }
+ }
+
+ // Whether reqd_mask directory is included to sepolicy directories or not.
+ Reqd_mask *bool
+
+ // Whether the comments in generated contexts file will be removed or not.
+ Remove_comment *bool
+
+ // Whether the result context file is sorted with fc_sort or not.
+ Fc_sort *bool
+
+ // Make this module available when building for recovery
+ Recovery_available *bool
+
+ InRecovery bool `blueprint:"mutated"`
+}
+
+type fileContextsProperties struct {
+ // flatten_apex can be used to specify additional sources of file_contexts.
+ // Apex paths, /system/apex/{apex_name}, will be amended to the paths of file_contexts
+ // entries.
+ Flatten_apex struct {
+ Srcs []string
+ }
+}
+
+type selinuxContextsModule struct {
+ android.ModuleBase
+
+ properties selinuxContextsProperties
+ fileContextsProperties fileContextsProperties
+ build func(ctx android.ModuleContext, inputs android.Paths)
+ outputPath android.ModuleGenPath
+ installPath android.InstallPath
+}
+
+var (
+ reuseContextsDepTag = dependencyTag{name: "reuseContexts"}
+)
+
+func init() {
+ pctx.HostBinToolVariable("fc_sort", "fc_sort")
+
+ android.RegisterModuleType("file_contexts", fileFactory)
+ android.RegisterModuleType("hwservice_contexts", hwServiceFactory)
+ android.RegisterModuleType("property_contexts", propertyFactory)
+ android.RegisterModuleType("service_contexts", serviceFactory)
+
+ android.PreDepsMutators(func(ctx android.RegisterMutatorsContext) {
+ ctx.BottomUp("selinux_contexts", selinuxContextsMutator).Parallel()
+ })
+}
+
+func (m *selinuxContextsModule) inRecovery() bool {
+ return m.properties.InRecovery || m.ModuleBase.InstallInRecovery()
+}
+
+func (m *selinuxContextsModule) onlyInRecovery() bool {
+ return m.ModuleBase.InstallInRecovery()
+}
+
+func (m *selinuxContextsModule) InstallInRecovery() bool {
+ return m.inRecovery()
+}
+
+func (m *selinuxContextsModule) InstallInRoot() bool {
+ return m.inRecovery()
+}
+
+func (m *selinuxContextsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ if m.inRecovery() {
+ // Installing context files at the root of the recovery partition
+ m.installPath = android.PathForModuleInstall(ctx)
+ } else {
+ m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+ }
+
+ if m.inRecovery() && !m.onlyInRecovery() {
+ dep := ctx.GetDirectDepWithTag(m.Name(), reuseContextsDepTag)
+
+ if reuseDeps, ok := dep.(*selinuxContextsModule); ok {
+ m.outputPath = reuseDeps.outputPath
+ ctx.InstallFile(m.installPath, m.Name(), m.outputPath)
+ return
+ }
+ }
+
+ var inputs android.Paths
+
+ ctx.VisitDirectDepsWithTag(android.SourceDepTag, func(dep android.Module) {
+ segroup, ok := dep.(*fileGroup)
+ if !ok {
+ ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup",
+ ctx.OtherModuleName(dep))
+ return
+ }
+
+ if ctx.ProductSpecific() {
+ inputs = append(inputs, segroup.ProductPrivateSrcs()...)
+ } else if ctx.SocSpecific() {
+ inputs = append(inputs, segroup.SystemVendorSrcs()...)
+ inputs = append(inputs, segroup.VendorSrcs()...)
+ } else if ctx.DeviceSpecific() {
+ inputs = append(inputs, segroup.OdmSrcs()...)
+ } else if ctx.SystemExtSpecific() {
+ inputs = append(inputs, segroup.SystemExtPrivateSrcs()...)
+ } else {
+ inputs = append(inputs, segroup.SystemPrivateSrcs()...)
+
+ if ctx.Config().ProductCompatibleProperty() {
+ inputs = append(inputs, segroup.SystemPublicSrcs()...)
+ }
+ }
+
+ if proptools.Bool(m.properties.Reqd_mask) {
+ inputs = append(inputs, segroup.SystemReqdMaskSrcs()...)
+ }
+ })
+
+ for _, src := range m.properties.Srcs {
+ // Module sources are handled above with VisitDirectDepsWithTag
+ if android.SrcIsModule(src) == "" {
+ inputs = append(inputs, android.PathForModuleSrc(ctx, src))
+ }
+ }
+
+ m.build(ctx, inputs)
+}
+
+func newModule() *selinuxContextsModule {
+ m := &selinuxContextsModule{}
+ m.AddProperties(
+ &m.properties,
+ )
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ android.AddLoadHook(m, func(ctx android.LoadHookContext) {
+ m.selinuxContextsHook(ctx)
+ })
+ return m
+}
+
+func (m *selinuxContextsModule) selinuxContextsHook(ctx android.LoadHookContext) {
+ // TODO: clean this up to use build/soong/android/variable.go after b/79249983
+ var srcs []string
+
+ if ctx.Config().Debuggable() {
+ srcs = append(srcs, m.properties.Product_variables.Debuggable.Srcs...)
+ }
+
+ for _, sanitize := range ctx.Config().SanitizeDevice() {
+ if sanitize == "address" {
+ srcs = append(srcs, m.properties.Product_variables.Address_sanitize.Srcs...)
+ break
+ }
+ }
+
+ m.properties.Srcs = append(m.properties.Srcs, srcs...)
+}
+
+func (m *selinuxContextsModule) AndroidMk() android.AndroidMkData {
+ return android.AndroidMkData{
+ Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
+ nameSuffix := ""
+ if m.inRecovery() && !m.onlyInRecovery() {
+ nameSuffix = ".recovery"
+ }
+ fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)")
+ fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
+ fmt.Fprintln(w, "LOCAL_MODULE :=", name+nameSuffix)
+ fmt.Fprintln(w, "LOCAL_MODULE_CLASS := ETC")
+ if m.Owner() != "" {
+ fmt.Fprintln(w, "LOCAL_MODULE_OWNER :=", m.Owner())
+ }
+ fmt.Fprintln(w, "LOCAL_MODULE_TAGS := optional")
+ fmt.Fprintln(w, "LOCAL_PREBUILT_MODULE_FILE :=", m.outputPath.String())
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.ToMakePath().String())
+ fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", name)
+ fmt.Fprintln(w, "include $(BUILD_PREBUILT)")
+ },
+ }
+}
+
+func selinuxContextsMutator(ctx android.BottomUpMutatorContext) {
+ m, ok := ctx.Module().(*selinuxContextsModule)
+ if !ok {
+ return
+ }
+
+ var coreVariantNeeded bool = true
+ var recoveryVariantNeeded bool = false
+ if proptools.Bool(m.properties.Recovery_available) {
+ recoveryVariantNeeded = true
+ }
+
+ if m.ModuleBase.InstallInRecovery() {
+ recoveryVariantNeeded = true
+ coreVariantNeeded = false
+ }
+
+ var variants []string
+ if coreVariantNeeded {
+ variants = append(variants, coreMode)
+ }
+ if recoveryVariantNeeded {
+ variants = append(variants, recoveryMode)
+ }
+ mod := ctx.CreateVariations(variants...)
+
+ for i, v := range variants {
+ if v == recoveryMode {
+ m := mod[i].(*selinuxContextsModule)
+ m.properties.InRecovery = true
+
+ if coreVariantNeeded {
+ ctx.AddInterVariantDependency(reuseContextsDepTag, m, mod[i-1])
+ }
+ }
+ }
+}
+
+func (m *selinuxContextsModule) buildGeneralContexts(ctx android.ModuleContext, inputs android.Paths) {
+ m.outputPath = android.PathForModuleGen(ctx, ctx.ModuleName()+"_m4out")
+
+ rule := android.NewRuleBuilder()
+
+ rule.Command().
+ Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
+ Text("--fatal-warnings -s").
+ FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
+ Inputs(inputs).
+ FlagWithOutput("> ", m.outputPath)
+
+ if proptools.Bool(m.properties.Remove_comment) {
+ rule.Temporary(m.outputPath)
+
+ remove_comment_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_remove_comment")
+
+ rule.Command().
+ Text("sed -e 's/#.*$//' -e '/^$/d'").
+ Input(m.outputPath).
+ FlagWithOutput("> ", remove_comment_output)
+
+ m.outputPath = remove_comment_output
+ }
+
+ if proptools.Bool(m.properties.Fc_sort) {
+ rule.Temporary(m.outputPath)
+
+ sorted_output := android.PathForModuleGen(ctx, ctx.ModuleName()+"_sorted")
+
+ rule.Command().
+ Tool(ctx.Config().HostToolPath(ctx, "fc_sort")).
+ FlagWithInput("-i ", m.outputPath).
+ FlagWithOutput("-o ", sorted_output)
+
+ m.outputPath = sorted_output
+ }
+
+ rule.Build(pctx, ctx, "selinux_contexts", m.Name())
+
+ rule.DeleteTemporaryFiles()
+
+ ctx.InstallFile(m.installPath, ctx.ModuleName(), m.outputPath)
+}
+
+func (m *selinuxContextsModule) buildFileContexts(ctx android.ModuleContext, inputs android.Paths) {
+ if m.properties.Fc_sort == nil {
+ m.properties.Fc_sort = proptools.BoolPtr(true)
+ }
+
+ rule := android.NewRuleBuilder()
+
+ if ctx.Config().FlattenApex() {
+ for _, src := range m.fileContextsProperties.Flatten_apex.Srcs {
+ if m := android.SrcIsModule(src); m != "" {
+ ctx.ModuleErrorf(
+ "Module srcs dependency %q is not supported for flatten_apex.srcs", m)
+ return
+ }
+ for _, path := range android.PathsForModuleSrcExcludes(ctx, []string{src}, nil) {
+ out := android.PathForModuleGen(ctx, "flattened_apex", path.Rel())
+ apex_path := "/system/apex/" + strings.Replace(
+ strings.TrimSuffix(path.Base(), "-file_contexts"),
+ ".", "\\\\.", -1)
+
+ rule.Command().
+ Text("awk '/object_r/{printf(\""+apex_path+"%s\\n\",$0)}'").
+ Input(path).
+ FlagWithOutput("> ", out)
+
+ inputs = append(inputs, out)
+ }
+ }
+ }
+
+ rule.Build(pctx, ctx, m.Name(), "flattened_apex_file_contexts")
+ m.buildGeneralContexts(ctx, inputs)
+}
+
+func fileFactory() android.Module {
+ m := newModule()
+ m.AddProperties(&m.fileContextsProperties)
+ m.build = m.buildFileContexts
+ return m
+}
+
+func (m *selinuxContextsModule) buildHwServiceContexts(ctx android.ModuleContext, inputs android.Paths) {
+ if m.properties.Remove_comment == nil {
+ m.properties.Remove_comment = proptools.BoolPtr(true)
+ }
+
+ m.buildGeneralContexts(ctx, inputs)
+}
+
+func hwServiceFactory() android.Module {
+ m := newModule()
+ m.build = m.buildHwServiceContexts
+ return m
+}
+
+func propertyFactory() android.Module {
+ m := newModule()
+ m.build = m.buildGeneralContexts
+ return m
+}
+
+func serviceFactory() android.Module {
+ m := newModule()
+ m.build = m.buildGeneralContexts
+ return m
+}
diff --git a/compat.mk b/compat.mk
new file mode 100644
index 0000000..5e6dc41
--- /dev/null
+++ b/compat.mk
@@ -0,0 +1,48 @@
+version := $(version_under_treble_tests)
+
+include $(CLEAR_VARS)
+#################################
+# build this target to ensure the compat permissions files all build against the current policy
+#
+LOCAL_MODULE := $(version)_compat_test
+LOCAL_REQUIRED_MODULES := $(version).compat.cil
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+all_cil_files := \
+ $(built_plat_cil) \
+ $(built_plat_mapping_cil) \
+ $(built_pub_vers_cil) \
+ $(built_vendor_cil) \
+ $(ALL_MODULES.$(version).compat.cil.BUILT) \
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY
+all_cil_files += $(built_system_ext_cil)
+endif
+
+ifdef HAS_SYSTEM_EXT_PUBLIC_SEPOLICY
+all_cil_files += $(built_system_ext_mapping_cil)
+endif
+
+ifdef HAS_PRODUCT_SEPOLICY
+all_cil_files += $(built_product_cil)
+endif
+
+ifdef HAS_PRODUCT_PUBLIC_SEPOLICY
+all_cil_files += $(built_product_mapping_cil)
+endif
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+all_cil_files += $(built_odm_cil)
+endif
+
+$(LOCAL_BUILT_MODULE): PRIVATE_CIL_FILES := $(all_cil_files)
+$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/secilc $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $(all_cil_files)
+ @mkdir -p $(dir $@)
+ $(hide) $< -m -N -M true -G -c $(POLICYVERS) $(PRIVATE_CIL_FILES) -o $@ -f /dev/null
+
+all_cil_files :=
+version :=
+version_under_treble_tests :=
diff --git a/contexts_tests.mk b/contexts_tests.mk
new file mode 100644
index 0000000..da5dd83
--- /dev/null
+++ b/contexts_tests.mk
@@ -0,0 +1,289 @@
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include $(CLEAR_VARS)
+
+# TODO: move tests into Soong after refactoring sepolicy module (b/130693869)
+
+# Run host-side test with contexts files and the sepolicy file.
+# $(1): paths to contexts files
+# $(2): path to the host tool
+# $(3): additional argument to be passed to the tool
+define run_contexts_test
+$$(LOCAL_BUILT_MODULE): PRIVATE_CONTEXTS := $(1)
+$$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $$(built_sepolicy)
+$$(LOCAL_BUILT_MODULE): $(2) $(1) $$(built_sepolicy)
+ $$(hide) $$< $(3) $$(PRIVATE_SEPOLICY) $$(PRIVATE_CONTEXTS)
+ $$(hide) mkdir -p $$(dir $$@)
+ $$(hide) touch $$@
+endef
+
+system_out := $(TARGET_OUT)/etc/selinux
+system_ext_out := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+product_out := $(TARGET_OUT_PRODUCT)/etc/selinux
+vendor_out := $(TARGET_OUT_VENDOR)/etc/selinux
+odm_out := $(TARGET_OUT_ODM)/etc/selinux
+
+checkfc := $(HOST_OUT_EXECUTABLES)/checkfc
+property_info_checker := $(HOST_OUT_EXECUTABLES)/property_info_checker
+
+##################################
+LOCAL_MODULE := plat_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_file_contexts, $(checkfc),))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_file_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(odm_out)/odm_file_contexts, $(checkfc),))
+
+##################################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_hwservice_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(odm_out)/odm_hwservice_contexts, $(checkfc), -e -l))
+
+##################################
+
+pc_files := $(system_out)/plat_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+##################################
+
+ifdef HAS_SYSTEM_EXT_SEPOLICY_DIR
+
+pc_files += $(system_ext_out)/system_ext_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+##################################
+
+pc_files += $(vendor_out)/vendor_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+##################################
+
+ifdef BOARD_ODM_SEPOLICY_DIRS
+
+pc_files += $(odm_out)/odm_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := odm_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+##################################
+
+ifdef HAS_PRODUCT_SEPOLICY_DIR
+
+pc_files += $(product_out)/product_property_contexts
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_property_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(pc_files), $(property_info_checker),))
+
+endif
+
+pc_files :=
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := plat_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_out)/plat_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := system_ext_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(system_ext_out)/system_ext_service_contexts, $(checkfc), -s))
+
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := product_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(product_out)/product_service_contexts, $(checkfc), -s))
+
+##################################
+# nonplat_service_contexts is only allowed on non-full-treble devices
+ifneq ($(PRODUCT_SEPOLICY_SPLIT),true)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := vendor_service_contexts_test
+LOCAL_MODULE_CLASS := FAKE
+LOCAL_MODULE_TAGS := optional
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+$(eval $(call run_contexts_test, $(vendor_out)/vendor_service_contexts, $(checkfc), -s))
+
+endif
+
+system_out :=
+product_out :=
+vendor_out :=
+odm_out :=
+checkfc :=
+property_info_checker :=
+run_contexts_test :=
diff --git a/definitions.mk b/definitions.mk
index 16c8bd6..2ecdbdc 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -2,7 +2,7 @@
# processed by checkpolicy
define transform-policy-to-conf
@mkdir -p $(dir $@)
-$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
+$(hide) $(M4) --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
@@ -11,8 +11,10 @@
-D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
+ -D target_treble_sysprop_neverallow=$(PRIVATE_TREBLE_SYSPROP_NEVERALLOW) \
-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
+ -D target_requires_insecure_execmem_for_swiftshader=$(PRODUCT_REQUIRES_INSECURE_EXECMEM_FOR_SWIFTSHADER) \
$(PRIVATE_TGT_RECOVERY) \
- -s $^ > $@
+ -s $(PRIVATE_POLICY_FILES) > $@
endef
.KATI_READONLY := transform-policy-to-conf
diff --git a/file_contexts.mk b/file_contexts.mk
deleted file mode 100644
index 267b68f..0000000
--- a/file_contexts.mk
+++ /dev/null
@@ -1,177 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
-ifneq ($(filter address,$(SANITIZE_TARGET)),)
- local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
-endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
- local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
-endif
-ifeq ($(TARGET_FLATTEN_APEX),true)
- apex_fc_files := $(wildcard $(LOCAL_PATH)/apex/*-file_contexts)
- $(foreach _input,$(apex_fc_files),\
- $(eval _output := $(intermediates)/$(notdir $(_input))-flattened)\
- $(eval _apex_name := $(patsubst %-file_contexts,%,$(notdir $(_input))))\
- $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_name),$(_output),local_fc_files))\
- )
-endif
-local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(local_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_plat_fc := $(LOCAL_BUILT_MODULE)
-local_fc_files :=
-local_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_fc_files := $(call build_policy, file_contexts, $(PRODUCT_PRIVATE_POLICY))
-product_fcfiles_with_nl := $(call add_nl, $(product_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(product_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(product_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_product_fc := $(LOCAL_BUILT_MODULE)
-product_fc_files :=
-product_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_fc_files := $(call build_vendor_policy, file_contexts)
-vendor_fcfiles_with_nl := $(call add_nl, $(vendor_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(vendor_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(vendor_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_vendor_fc := $(LOCAL_BUILT_MODULE)
-vendor_fc_files :=
-vendor_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := odm_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-odm_fc_files := $(call build_odm_policy, file_contexts)
-odm_fcfiles_with_nl := $(call add_nl, $(odm_fc_files), $(built_nl))
-
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(odm_fcfiles_with_nl)
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(LOCAL_BUILT_MODULE): PRIVATE_FC_SORT := $(HOST_OUT_EXECUTABLES)/fc_sort
-$(LOCAL_BUILT_MODULE): $(HOST_OUT_EXECUTABLES)/checkfc $(HOST_OUT_EXECUTABLES)/fc_sort \
-$(odm_fcfiles_with_nl) $(built_sepolicy)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_FC_FILES) > $@.tmp
- $(hide) $< $(PRIVATE_SEPOLICY) $@.tmp
- $(hide) $(PRIVATE_FC_SORT) $@.tmp $@
-
-built_odm_fc := $(LOCAL_BUILT_MODULE)
-odm_fc_files :=
-odm_fcfiles_with_nl :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_file_contexts.recovery
-LOCAL_MODULE_STEM := plat_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_plat_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_file_contexts.recovery
-LOCAL_MODULE_STEM := product_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_product_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := vendor_file_contexts.recovery
-LOCAL_MODULE_STEM := vendor_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_vendor_fc)
- $(hide) cp -f $< $@
-
-##################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := odm_file_contexts.recovery
-LOCAL_MODULE_STEM := odm_file_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-$(LOCAL_BUILT_MODULE): $(built_odm_fc)
- $(hide) cp -f $< $@
diff --git a/hwservice_contexts.mk b/hwservice_contexts.mk
deleted file mode 100644
index 15f404d..0000000
--- a/hwservice_contexts.mk
+++ /dev/null
@@ -1,110 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-plat_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_PRIVATE_POLICY))
-
-plat_hwservice_contexts.tmp := $(intermediates)/plat_hwservice_contexts.tmp
-$(plat_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(plat_hwsvcfiles)
-$(plat_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_hwservice_contexts.tmp): $(plat_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(plat_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-plat_hwsvcfiles :=
-plat_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-product_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PRODUCT_PRIVATE_POLICY))
-
-product_hwservice_contexts.tmp := $(intermediates)/product_hwservice_contexts.tmp
-$(product_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(product_hwsvcfiles)
-$(product_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_hwservice_contexts.tmp): $(product_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(product_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-product_hwsvcfiles :=
-product_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-vendor_hwsvcfiles := $(call build_policy, hwservice_contexts, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-
-vendor_hwservice_contexts.tmp := $(intermediates)/vendor_hwservice_contexts.tmp
-$(vendor_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(vendor_hwsvcfiles)
-$(vendor_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_hwservice_contexts.tmp): $(vendor_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(vendor_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-vendor_hwsvcfiles :=
-vendor_hwservice_contexts.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := odm_hwservice_contexts
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-odm_hwsvcfiles := $(call build_policy, hwservice_contexts, $(BOARD_ODM_SEPOLICY_DIRS))
-
-odm_hwservice_contexts.tmp := $(intermediates)/odm_hwservice_contexts.tmp
-$(odm_hwservice_contexts.tmp): PRIVATE_SVC_FILES := $(odm_hwsvcfiles)
-$(odm_hwservice_contexts.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_hwservice_contexts.tmp): $(odm_hwsvcfiles)
- @mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_SVC_FILES) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY := $(built_sepolicy)
-$(LOCAL_BUILT_MODULE): $(odm_hwservice_contexts.tmp) $(built_sepolicy) $(HOST_OUT_EXECUTABLES)/checkfc $(ACP)
- @mkdir -p $(dir $@)
- sed -e 's/#.*$$//' -e '/^$$/d' $< > $@
- $(hide) $(HOST_OUT_EXECUTABLES)/checkfc -e -l $(PRIVATE_SEPOLICY) $@
-
-odm_hwsvcfiles :=
-odm_hwservice_contexts.tmp :=
diff --git a/mac_permissions.mk b/mac_permissions.mk
index 889795c..3cc0151 100644
--- a/mac_permissions.mk
+++ b/mac_permissions.mk
@@ -7,33 +7,68 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_plat_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
+
# Build keys.conf
plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp
$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
+$(plat_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_plat_mac_perms_keys)
+$(plat_mac_perms_keys.tmp): $(all_plat_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
# Should be synced with keys.conf.
-all_plat_keys := platform media shared testkey
-all_plat_keys := $(all_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
+all_plat_keys := platform media networkstack shared testkey
+all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_plat_mac_perms_files) $(all_plat_keys)
@mkdir -p $(dir $@)
$(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \
$(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-all_mac_perms_files :=
all_plat_keys :=
+all_plat_mac_perms_files :=
+all_plat_mac_perms_keys :=
plat_mac_perms_keys.tmp :=
##################################
include $(CLEAR_VARS)
+LOCAL_MODULE := system_ext_mac_permissions.xml
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
+
+include $(BUILD_SYSTEM)/base_rules.mk
+
+all_system_ext_mac_perms_keys := $(call build_policy, keys.conf, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+all_system_ext_mac_perms_files := $(call build_policy, mac_permissions.xml, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+
+# Build keys.conf
+system_ext_mac_perms_keys.tmp := $(intermediates)/system_ext_keys.tmp
+$(system_ext_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
+$(system_ext_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_system_ext_mac_perms_keys)
+$(system_ext_mac_perms_keys.tmp): $(all_system_ext_mac_perms_keys)
+ @mkdir -p $(dir $@)
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
+
+$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_system_ext_mac_perms_files)
+$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
+$(all_system_ext_mac_perms_files)
+ @mkdir -p $(dir $@)
+ $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+
+system_ext_mac_perms_keys.tmp :=
+all_system_ext_mac_perms_files :=
+all_system_ext_mac_perms_keys :=
+
+##################################
+include $(CLEAR_VARS)
+
LOCAL_MODULE := product_mac_permissions.xml
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_TAGS := optional
@@ -41,14 +76,16 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_product_mac_perms_keys := $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+
# Build keys.conf
product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+$(product_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_product_mac_perms_keys)
+$(product_mac_perms_keys.tmp): $(all_product_mac_perms_keys)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
@@ -58,6 +95,7 @@
product_mac_perms_keys.tmp :=
all_product_mac_perms_files :=
+all_product_mac_perms_keys :=
##################################
include $(CLEAR_VARS)
@@ -69,23 +107,27 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
# Build keys.conf
vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+$(vendor_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_vendor_mac_perms_keys)
+$(vendor_mac_perms_keys.tmp): $(all_vendor_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
$(all_vendor_mac_perms_files)
@mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
+ $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
+ $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
vendor_mac_perms_keys.tmp :=
all_vendor_mac_perms_files :=
+all_vendor_mac_perms_keys :=
##################################
include $(CLEAR_VARS)
@@ -97,14 +139,16 @@
include $(BUILD_SYSTEM)/base_rules.mk
+all_odm_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+
# Build keys.conf
odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_mac_perms_keys.tmp): $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+$(odm_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_odm_mac_perms_keys)
+$(odm_mac_perms_keys.tmp): $(all_odm_mac_perms_keys) $(M4)
@mkdir -p $(dir $@)
- $(hide) m4 --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $^ > $@
-
-all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
+ $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \
diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te
index d6fa868..232872c 100644
--- a/prebuilts/api/26.0/public/property.te
+++ b/prebuilts/api/26.0/public/property.te
@@ -1,6 +1,7 @@
type asan_reboot_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te
index 95efcaa..2c716c5 100644
--- a/prebuilts/api/27.0/public/property.te
+++ b/prebuilts/api/27.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index b0397e9..a4f0d87 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_prop, property_type;
type bootloader_boot_reason_prop, property_type;
diff --git a/prebuilts/api/29.0/plat_pub_versioned.cil b/prebuilts/api/29.0/plat_pub_versioned.cil
new file mode 100644
index 0000000..b80abeb
--- /dev/null
+++ b/prebuilts/api/29.0/plat_pub_versioned.cil
@@ -0,0 +1,2208 @@
+(type DockObserver_service)
+(type IProxyService_service)
+(type accessibility_service)
+(type account_service)
+(type activity_service)
+(type activity_task_service)
+(type adb_data_file)
+(type adb_keys_file)
+(type adb_service)
+(type adbd)
+(type adbd_exec)
+(type adbd_socket)
+(type alarm_service)
+(type anr_data_file)
+(type apex_data_file)
+(type apex_metadata_file)
+(type apex_mnt_dir)
+(type apex_service)
+(type apexd)
+(type apexd_exec)
+(type apexd_prop)
+(type apk_data_file)
+(type apk_private_data_file)
+(type apk_private_tmp_file)
+(type apk_tmp_file)
+(type app_binding_service)
+(type app_data_file)
+(type app_fuse_file)
+(type app_fusefs)
+(type app_prediction_service)
+(type app_zygote)
+(type app_zygote_tmpfs)
+(type appdomain_tmpfs)
+(type appops_service)
+(type appwidget_service)
+(type asec_apk_file)
+(type asec_image_file)
+(type asec_public_file)
+(type ashmem_device)
+(type ashmemd)
+(type assetatlas_service)
+(type audio_data_file)
+(type audio_device)
+(type audio_prop)
+(type audio_service)
+(type audiohal_data_file)
+(type audioserver)
+(type audioserver_data_file)
+(type audioserver_service)
+(type audioserver_tmpfs)
+(type autofill_service)
+(type backup_data_file)
+(type backup_service)
+(type battery_service)
+(type batteryproperties_service)
+(type batterystats_service)
+(type binder_calls_stats_service)
+(type binder_device)
+(type binfmt_miscfs)
+(type biometric_service)
+(type blkid)
+(type blkid_untrusted)
+(type block_device)
+(type bluetooth)
+(type bluetooth_a2dp_offload_prop)
+(type bluetooth_audio_hal_prop)
+(type bluetooth_data_file)
+(type bluetooth_efs_file)
+(type bluetooth_logs_data_file)
+(type bluetooth_manager_service)
+(type bluetooth_prop)
+(type bluetooth_service)
+(type bluetooth_socket)
+(type boot_block_device)
+(type bootanim)
+(type bootanim_exec)
+(type bootchart_data_file)
+(type bootloader_boot_reason_prop)
+(type bootstat)
+(type bootstat_data_file)
+(type bootstat_exec)
+(type boottime_prop)
+(type boottrace_data_file)
+(type bpf_progs_loaded_prop)
+(type broadcastradio_service)
+(type bufferhubd)
+(type bufferhubd_exec)
+(type bugreport_service)
+(type cache_backup_file)
+(type cache_block_device)
+(type cache_file)
+(type cache_private_backup_file)
+(type cache_recovery_file)
+(type camera_data_file)
+(type camera_device)
+(type cameraproxy_service)
+(type cameraserver)
+(type cameraserver_exec)
+(type cameraserver_service)
+(type cameraserver_tmpfs)
+(type cgroup)
+(type cgroup_bpf)
+(type cgroup_desc_file)
+(type cgroup_rc_file)
+(type charger)
+(type charger_exec)
+(type clatd)
+(type clatd_exec)
+(type clipboard_service)
+(type color_display_service)
+(type companion_device_service)
+(type config_prop)
+(type configfs)
+(type connectivity_service)
+(type connmetrics_service)
+(type console_device)
+(type consumer_ir_service)
+(type content_capture_service)
+(type content_service)
+(type content_suggestions_service)
+(type contexthub_service)
+(type coredump_file)
+(type country_detector_service)
+(type coverage_service)
+(type cppreopt_prop)
+(type cpu_variant_prop)
+(type cpuinfo_service)
+(type crash_dump)
+(type crash_dump_exec)
+(type crossprofileapps_service)
+(type ctl_adbd_prop)
+(type ctl_bootanim_prop)
+(type ctl_bugreport_prop)
+(type ctl_console_prop)
+(type ctl_default_prop)
+(type ctl_dumpstate_prop)
+(type ctl_fuse_prop)
+(type ctl_gsid_prop)
+(type ctl_interface_restart_prop)
+(type ctl_interface_start_prop)
+(type ctl_interface_stop_prop)
+(type ctl_mdnsd_prop)
+(type ctl_restart_prop)
+(type ctl_rildaemon_prop)
+(type ctl_sigstop_prop)
+(type ctl_start_prop)
+(type ctl_stop_prop)
+(type dalvik_prop)
+(type dalvikcache_data_file)
+(type dbinfo_service)
+(type debug_prop)
+(type debugfs)
+(type debugfs_mmc)
+(type debugfs_trace_marker)
+(type debugfs_tracing)
+(type debugfs_tracing_debug)
+(type debugfs_tracing_instances)
+(type debugfs_wakeup_sources)
+(type debugfs_wifi_tracing)
+(type debuggerd_prop)
+(type default_android_hwservice)
+(type default_android_service)
+(type default_android_vndservice)
+(type default_prop)
+(type dev_cpu_variant)
+(type device)
+(type device_config_activity_manager_native_boot_prop)
+(type device_config_boot_count_prop)
+(type device_config_input_native_boot_prop)
+(type device_config_media_native_prop)
+(type device_config_netd_native_prop)
+(type device_config_reset_performed_prop)
+(type device_config_runtime_native_boot_prop)
+(type device_config_runtime_native_prop)
+(type device_config_service)
+(type device_identifiers_service)
+(type device_logging_prop)
+(type device_policy_service)
+(type deviceidle_service)
+(type devicestoragemonitor_service)
+(type devpts)
+(type dhcp)
+(type dhcp_data_file)
+(type dhcp_exec)
+(type dhcp_prop)
+(type diskstats_service)
+(type display_service)
+(type dm_device)
+(type dnsmasq)
+(type dnsmasq_exec)
+(type dnsproxyd_socket)
+(type dnsresolver_service)
+(type dreams_service)
+(type drm_data_file)
+(type drmserver)
+(type drmserver_exec)
+(type drmserver_service)
+(type drmserver_socket)
+(type dropbox_data_file)
+(type dropbox_service)
+(type dumpstate)
+(type dumpstate_exec)
+(type dumpstate_options_prop)
+(type dumpstate_prop)
+(type dumpstate_service)
+(type dumpstate_socket)
+(type dynamic_system_prop)
+(type e2fs)
+(type e2fs_exec)
+(type efs_file)
+(type ephemeral_app)
+(type ethernet_service)
+(type exfat)
+(type exported2_config_prop)
+(type exported2_default_prop)
+(type exported2_radio_prop)
+(type exported2_system_prop)
+(type exported2_vold_prop)
+(type exported3_default_prop)
+(type exported3_radio_prop)
+(type exported3_system_prop)
+(type exported_audio_prop)
+(type exported_bluetooth_prop)
+(type exported_config_prop)
+(type exported_dalvik_prop)
+(type exported_default_prop)
+(type exported_dumpstate_prop)
+(type exported_ffs_prop)
+(type exported_fingerprint_prop)
+(type exported_overlay_prop)
+(type exported_pm_prop)
+(type exported_radio_prop)
+(type exported_secure_prop)
+(type exported_system_prop)
+(type exported_system_radio_prop)
+(type exported_vold_prop)
+(type exported_wifi_prop)
+(type external_vibrator_service)
+(type face_service)
+(type face_vendor_data_file)
+(type fastbootd)
+(type ffs_prop)
+(type file_contexts_file)
+(type fingerprint_prop)
+(type fingerprint_service)
+(type fingerprint_vendor_data_file)
+(type fingerprintd)
+(type fingerprintd_data_file)
+(type fingerprintd_exec)
+(type fingerprintd_service)
+(type firstboot_prop)
+(type flags_health_check)
+(type flags_health_check_exec)
+(type font_service)
+(type frp_block_device)
+(type fs_bpf)
+(type fsck)
+(type fsck_exec)
+(type fsck_untrusted)
+(type fscklogs)
+(type functionfs)
+(type fuse)
+(type fuse_device)
+(type fwk_bufferhub_hwservice)
+(type fwk_camera_hwservice)
+(type fwk_display_hwservice)
+(type fwk_scheduler_hwservice)
+(type fwk_sensor_hwservice)
+(type fwk_stats_hwservice)
+(type fwmarkd_socket)
+(type gatekeeper_data_file)
+(type gatekeeper_service)
+(type gatekeeperd)
+(type gatekeeperd_exec)
+(type gfxinfo_service)
+(type gps_control)
+(type gpu_device)
+(type gpu_service)
+(type gpuservice)
+(type graphics_device)
+(type graphicsstats_service)
+(type gsi_data_file)
+(type gsi_metadata_file)
+(type gsid_prop)
+(type hal_atrace_hwservice)
+(type hal_audio_hwservice)
+(type hal_audiocontrol_hwservice)
+(type hal_authsecret_hwservice)
+(type hal_bluetooth_hwservice)
+(type hal_bootctl_hwservice)
+(type hal_broadcastradio_hwservice)
+(type hal_camera_hwservice)
+(type hal_cas_hwservice)
+(type hal_codec2_hwservice)
+(type hal_configstore_ISurfaceFlingerConfigs)
+(type hal_confirmationui_hwservice)
+(type hal_contexthub_hwservice)
+(type hal_drm_hwservice)
+(type hal_dumpstate_hwservice)
+(type hal_evs_hwservice)
+(type hal_face_hwservice)
+(type hal_fingerprint_hwservice)
+(type hal_fingerprint_service)
+(type hal_gatekeeper_hwservice)
+(type hal_gnss_hwservice)
+(type hal_graphics_allocator_hwservice)
+(type hal_graphics_composer_hwservice)
+(type hal_graphics_composer_server_tmpfs)
+(type hal_graphics_mapper_hwservice)
+(type hal_health_hwservice)
+(type hal_health_storage_hwservice)
+(type hal_input_classifier_hwservice)
+(type hal_ir_hwservice)
+(type hal_keymaster_hwservice)
+(type hal_light_hwservice)
+(type hal_lowpan_hwservice)
+(type hal_memtrack_hwservice)
+(type hal_neuralnetworks_hwservice)
+(type hal_nfc_hwservice)
+(type hal_oemlock_hwservice)
+(type hal_omx_hwservice)
+(type hal_power_hwservice)
+(type hal_power_stats_hwservice)
+(type hal_renderscript_hwservice)
+(type hal_secure_element_hwservice)
+(type hal_sensors_hwservice)
+(type hal_telephony_hwservice)
+(type hal_tetheroffload_hwservice)
+(type hal_thermal_hwservice)
+(type hal_tv_cec_hwservice)
+(type hal_tv_input_hwservice)
+(type hal_usb_gadget_hwservice)
+(type hal_usb_hwservice)
+(type hal_vehicle_hwservice)
+(type hal_vibrator_hwservice)
+(type hal_vr_hwservice)
+(type hal_weaver_hwservice)
+(type hal_wifi_hostapd_hwservice)
+(type hal_wifi_hwservice)
+(type hal_wifi_offload_hwservice)
+(type hal_wifi_supplicant_hwservice)
+(type hardware_properties_service)
+(type hardware_service)
+(type hci_attach_dev)
+(type hdmi_control_service)
+(type healthd)
+(type healthd_exec)
+(type heapdump_data_file)
+(type heapprofd)
+(type heapprofd_enabled_prop)
+(type heapprofd_prop)
+(type heapprofd_socket)
+(type hidl_allocator_hwservice)
+(type hidl_base_hwservice)
+(type hidl_manager_hwservice)
+(type hidl_memory_hwservice)
+(type hidl_token_hwservice)
+(type hw_random_device)
+(type hwbinder_device)
+(type hwservice_contexts_file)
+(type hwservicemanager)
+(type hwservicemanager_exec)
+(type hwservicemanager_prop)
+(type icon_file)
+(type idmap)
+(type idmap_exec)
+(type idmap_service)
+(type iio_device)
+(type imms_service)
+(type incident)
+(type incident_data_file)
+(type incident_helper)
+(type incident_service)
+(type incidentd)
+(type init)
+(type init_exec)
+(type init_tmpfs)
+(type inotify)
+(type input_device)
+(type input_method_service)
+(type input_service)
+(type inputflinger)
+(type inputflinger_exec)
+(type inputflinger_service)
+(type install_data_file)
+(type install_recovery)
+(type install_recovery_exec)
+(type installd)
+(type installd_exec)
+(type installd_service)
+(type ion_device)
+(type iorapd)
+(type iorapd_data_file)
+(type iorapd_exec)
+(type iorapd_service)
+(type iorapd_tmpfs)
+(type ipsec_service)
+(type iris_service)
+(type iris_vendor_data_file)
+(type isolated_app)
+(type jobscheduler_service)
+(type kernel)
+(type keychain_data_file)
+(type keychord_device)
+(type keystore)
+(type keystore_data_file)
+(type keystore_exec)
+(type keystore_service)
+(type kmsg_debug_device)
+(type kmsg_device)
+(type labeledfs)
+(type last_boot_reason_prop)
+(type launcherapps_service)
+(type llkd)
+(type llkd_exec)
+(type llkd_prop)
+(type lmkd)
+(type lmkd_exec)
+(type lmkd_socket)
+(type location_service)
+(type lock_settings_service)
+(type log_prop)
+(type log_tag_prop)
+(type logcat_exec)
+(type logd)
+(type logd_exec)
+(type logd_prop)
+(type logd_socket)
+(type logdr_socket)
+(type logdw_socket)
+(type logpersist)
+(type logpersistd_logging_prop)
+(type loop_control_device)
+(type loop_device)
+(type looper_stats_service)
+(type lowpan_device)
+(type lowpan_prop)
+(type lowpan_service)
+(type lpdump_service)
+(type lpdumpd_prop)
+(type mac_perms_file)
+(type mdns_socket)
+(type mdnsd)
+(type mdnsd_socket)
+(type media_data_file)
+(type media_projection_service)
+(type media_router_service)
+(type media_rw_data_file)
+(type media_session_service)
+(type mediacodec_service)
+(type mediadrmserver)
+(type mediadrmserver_exec)
+(type mediadrmserver_service)
+(type mediaextractor)
+(type mediaextractor_exec)
+(type mediaextractor_service)
+(type mediaextractor_tmpfs)
+(type mediametrics)
+(type mediametrics_exec)
+(type mediametrics_service)
+(type mediaprovider)
+(type mediaserver)
+(type mediaserver_exec)
+(type mediaserver_service)
+(type mediaserver_tmpfs)
+(type mediaswcodec)
+(type mediaswcodec_exec)
+(type meminfo_service)
+(type metadata_block_device)
+(type metadata_file)
+(type method_trace_data_file)
+(type midi_service)
+(type misc_block_device)
+(type misc_logd_file)
+(type misc_user_data_file)
+(type mmc_prop)
+(type mnt_expand_file)
+(type mnt_media_rw_file)
+(type mnt_media_rw_stub_file)
+(type mnt_product_file)
+(type mnt_user_file)
+(type mnt_vendor_file)
+(type modprobe)
+(type mount_service)
+(type mqueue)
+(type mtp)
+(type mtp_device)
+(type mtp_exec)
+(type mtpd_socket)
+(type nativetest_data_file)
+(type net_data_file)
+(type net_dns_prop)
+(type net_radio_prop)
+(type netd)
+(type netd_exec)
+(type netd_listener_service)
+(type netd_service)
+(type netd_stable_secret_prop)
+(type netif)
+(type netpolicy_service)
+(type netstats_service)
+(type netutils_wrapper)
+(type netutils_wrapper_exec)
+(type network_management_service)
+(type network_score_service)
+(type network_stack)
+(type network_stack_service)
+(type network_time_update_service)
+(type network_watchlist_data_file)
+(type network_watchlist_service)
+(type nfc)
+(type nfc_data_file)
+(type nfc_device)
+(type nfc_prop)
+(type nfc_service)
+(type nnapi_ext_deny_product_prop)
+(type node)
+(type nonplat_service_contexts_file)
+(type notification_service)
+(type null_device)
+(type oem_lock_service)
+(type oemfs)
+(type ota_data_file)
+(type ota_package_file)
+(type otadexopt_service)
+(type overlay_prop)
+(type overlay_service)
+(type overlayfs_file)
+(type owntty_device)
+(type package_native_service)
+(type package_service)
+(type packages_list_file)
+(type pan_result_prop)
+(type password_slot_metadata_file)
+(type pdx_bufferhub_client_channel_socket)
+(type pdx_bufferhub_client_endpoint_socket)
+(type pdx_bufferhub_dir)
+(type pdx_display_client_channel_socket)
+(type pdx_display_client_endpoint_socket)
+(type pdx_display_dir)
+(type pdx_display_manager_channel_socket)
+(type pdx_display_manager_endpoint_socket)
+(type pdx_display_screenshot_channel_socket)
+(type pdx_display_screenshot_endpoint_socket)
+(type pdx_display_vsync_channel_socket)
+(type pdx_display_vsync_endpoint_socket)
+(type pdx_performance_client_channel_socket)
+(type pdx_performance_client_endpoint_socket)
+(type pdx_performance_dir)
+(type perfetto)
+(type performanced)
+(type performanced_exec)
+(type perfprofd)
+(type perfprofd_data_file)
+(type perfprofd_exec)
+(type perfprofd_service)
+(type permission_service)
+(type permissionmgr_service)
+(type persist_debug_prop)
+(type persistent_data_block_service)
+(type persistent_properties_ready_prop)
+(type pinner_service)
+(type pipefs)
+(type platform_app)
+(type pm_prop)
+(type pmsg_device)
+(type port)
+(type port_device)
+(type postinstall)
+(type postinstall_apex_mnt_dir)
+(type postinstall_file)
+(type postinstall_mnt_dir)
+(type power_service)
+(type powerctl_prop)
+(type ppp)
+(type ppp_device)
+(type ppp_exec)
+(type preloads_data_file)
+(type preloads_media_file)
+(type print_service)
+(type priv_app)
+(type privapp_data_file)
+(type proc)
+(type proc_abi)
+(type proc_asound)
+(type proc_bluetooth_writable)
+(type proc_buddyinfo)
+(type proc_cmdline)
+(type proc_cpuinfo)
+(type proc_dirty)
+(type proc_diskstats)
+(type proc_drop_caches)
+(type proc_extra_free_kbytes)
+(type proc_filesystems)
+(type proc_fs_verity)
+(type proc_hostname)
+(type proc_hung_task)
+(type proc_interrupts)
+(type proc_iomem)
+(type proc_keys)
+(type proc_kmsg)
+(type proc_loadavg)
+(type proc_max_map_count)
+(type proc_meminfo)
+(type proc_min_free_order_shift)
+(type proc_misc)
+(type proc_modules)
+(type proc_mounts)
+(type proc_net)
+(type proc_net_tcp_udp)
+(type proc_overcommit_memory)
+(type proc_page_cluster)
+(type proc_pagetypeinfo)
+(type proc_panic)
+(type proc_perf)
+(type proc_pid_max)
+(type proc_pipe_conf)
+(type proc_pressure_cpu)
+(type proc_pressure_io)
+(type proc_pressure_mem)
+(type proc_qtaguid_ctrl)
+(type proc_qtaguid_stat)
+(type proc_random)
+(type proc_sched)
+(type proc_security)
+(type proc_slabinfo)
+(type proc_stat)
+(type proc_swaps)
+(type proc_sysrq)
+(type proc_timer)
+(type proc_tty_drivers)
+(type proc_uid_concurrent_active_time)
+(type proc_uid_concurrent_policy_time)
+(type proc_uid_cpupower)
+(type proc_uid_cputime_removeuid)
+(type proc_uid_cputime_showstat)
+(type proc_uid_io_stats)
+(type proc_uid_procstat_set)
+(type proc_uid_time_in_state)
+(type proc_uptime)
+(type proc_version)
+(type proc_vmallocinfo)
+(type proc_vmstat)
+(type proc_zoneinfo)
+(type processinfo_service)
+(type procstats_service)
+(type profman)
+(type profman_dump_data_file)
+(type profman_exec)
+(type properties_device)
+(type properties_serial)
+(type property_contexts_file)
+(type property_data_file)
+(type property_info)
+(type property_socket)
+(type pstorefs)
+(type ptmx_device)
+(type qtaguid_device)
+(type racoon)
+(type racoon_exec)
+(type racoon_socket)
+(type radio)
+(type radio_data_file)
+(type radio_device)
+(type radio_prop)
+(type radio_service)
+(type ram_device)
+(type random_device)
+(type recovery)
+(type recovery_block_device)
+(type recovery_data_file)
+(type recovery_persist)
+(type recovery_persist_exec)
+(type recovery_refresh)
+(type recovery_refresh_exec)
+(type recovery_service)
+(type recovery_socket)
+(type registry_service)
+(type resourcecache_data_file)
+(type restorecon_prop)
+(type restrictions_service)
+(type rild_debug_socket)
+(type rild_socket)
+(type ringtone_file)
+(type role_service)
+(type rollback_service)
+(type root_block_device)
+(type rootfs)
+(type rpmsg_device)
+(type rs)
+(type rs_exec)
+(type rss_hwm_reset)
+(type rtc_device)
+(type rttmanager_service)
+(type runas)
+(type runas_app)
+(type runas_exec)
+(type runtime_event_log_tags_file)
+(type runtime_service)
+(type safemode_prop)
+(type same_process_hal_file)
+(type samplingprofiler_service)
+(type scheduling_policy_service)
+(type sdcard_block_device)
+(type sdcardd)
+(type sdcardd_exec)
+(type sdcardfs)
+(type seapp_contexts_file)
+(type search_service)
+(type sec_key_att_app_id_provider_service)
+(type secure_element)
+(type secure_element_device)
+(type secure_element_service)
+(type selinuxfs)
+(type sensor_privacy_service)
+(type sensors_device)
+(type sensorservice_service)
+(type sepolicy_file)
+(type serial_device)
+(type serial_service)
+(type serialno_prop)
+(type server_configurable_flags_data_file)
+(type service_contexts_file)
+(type servicediscovery_service)
+(type servicemanager)
+(type servicemanager_exec)
+(type settings_service)
+(type sgdisk)
+(type sgdisk_exec)
+(type shared_relro)
+(type shared_relro_file)
+(type shell)
+(type shell_data_file)
+(type shell_exec)
+(type shell_prop)
+(type shm)
+(type shortcut_manager_icons)
+(type shortcut_service)
+(type simpleperf_app_runner)
+(type simpleperf_app_runner_exec)
+(type slice_service)
+(type slideshow)
+(type socket_device)
+(type sockfs)
+(type staging_data_file)
+(type stats_data_file)
+(type statsd)
+(type statsd_exec)
+(type statsdw_socket)
+(type statusbar_service)
+(type storage_file)
+(type storage_stub_file)
+(type storaged_service)
+(type storagestats_service)
+(type su)
+(type su_exec)
+(type super_block_device)
+(type surfaceflinger)
+(type surfaceflinger_service)
+(type surfaceflinger_tmpfs)
+(type swap_block_device)
+(type sysfs)
+(type sysfs_android_usb)
+(type sysfs_batteryinfo)
+(type sysfs_bluetooth_writable)
+(type sysfs_devices_block)
+(type sysfs_devices_system_cpu)
+(type sysfs_dm)
+(type sysfs_dt_firmware_android)
+(type sysfs_extcon)
+(type sysfs_fs_ext4_features)
+(type sysfs_fs_f2fs)
+(type sysfs_hwrandom)
+(type sysfs_ipv4)
+(type sysfs_kernel_notes)
+(type sysfs_leds)
+(type sysfs_loop)
+(type sysfs_lowmemorykiller)
+(type sysfs_mac_address)
+(type sysfs_net)
+(type sysfs_nfc_power_writable)
+(type sysfs_power)
+(type sysfs_rtc)
+(type sysfs_switch)
+(type sysfs_thermal)
+(type sysfs_transparent_hugepage)
+(type sysfs_uio)
+(type sysfs_usb)
+(type sysfs_usermodehelper)
+(type sysfs_vibrator)
+(type sysfs_wake_lock)
+(type sysfs_wakeup_reasons)
+(type sysfs_wlan_fwpath)
+(type sysfs_zram)
+(type sysfs_zram_uevent)
+(type system_app)
+(type system_app_data_file)
+(type system_app_service)
+(type system_asan_options_file)
+(type system_block_device)
+(type system_boot_reason_prop)
+(type system_bootstrap_lib_file)
+(type system_data_file)
+(type system_event_log_tags_file)
+(type system_file)
+(type system_lib_file)
+(type system_linker_config_file)
+(type system_linker_exec)
+(type system_lmk_prop)
+(type system_ndebug_socket)
+(type system_net_netd_hwservice)
+(type system_prop)
+(type system_radio_prop)
+(type system_seccomp_policy_file)
+(type system_security_cacerts_file)
+(type system_server)
+(type system_server_tmpfs)
+(type system_suspend_control_service)
+(type system_suspend_hwservice)
+(type system_trace_prop)
+(type system_update_service)
+(type system_wifi_keystore_hwservice)
+(type system_wpa_socket)
+(type system_zoneinfo_file)
+(type systemkeys_data_file)
+(type task_profiles_file)
+(type task_service)
+(type tcpdump_exec)
+(type tee)
+(type tee_data_file)
+(type tee_device)
+(type telecom_service)
+(type test_boot_reason_prop)
+(type test_harness_prop)
+(type testharness_service)
+(type textclassification_service)
+(type textclassifier_data_file)
+(type textservices_service)
+(type thermal_service)
+(type thermalcallback_hwservice)
+(type time_prop)
+(type timedetector_service)
+(type timezone_service)
+(type tmpfs)
+(type tombstone_data_file)
+(type tombstone_wifi_data_file)
+(type tombstoned)
+(type tombstoned_crash_socket)
+(type tombstoned_exec)
+(type tombstoned_intercept_socket)
+(type tombstoned_java_trace_socket)
+(type toolbox)
+(type toolbox_exec)
+(type trace_data_file)
+(type traced)
+(type traced_consumer_socket)
+(type traced_enabled_prop)
+(type traced_lazy_prop)
+(type traced_probes)
+(type traced_producer_socket)
+(type traceur_app)
+(type trust_service)
+(type tty_device)
+(type tun_device)
+(type tv_input_service)
+(type tzdatacheck)
+(type tzdatacheck_exec)
+(type ueventd)
+(type ueventd_tmpfs)
+(type uhid_device)
+(type uimode_service)
+(type uio_device)
+(type uncrypt)
+(type uncrypt_exec)
+(type uncrypt_socket)
+(type unencrypted_data_file)
+(type unlabeled)
+(type untrusted_app)
+(type untrusted_app_25)
+(type untrusted_app_27)
+(type update_engine)
+(type update_engine_data_file)
+(type update_engine_exec)
+(type update_engine_log_data_file)
+(type update_engine_service)
+(type update_verifier)
+(type update_verifier_exec)
+(type updatelock_service)
+(type uri_grants_service)
+(type usagestats_service)
+(type usb_device)
+(type usb_service)
+(type usbaccessory_device)
+(type usbd)
+(type usbd_exec)
+(type usbfs)
+(type use_memfd_prop)
+(type user_profile_data_file)
+(type user_service)
+(type userdata_block_device)
+(type usermodehelper)
+(type vdc)
+(type vdc_exec)
+(type vendor_app_file)
+(type vendor_cgroup_desc_file)
+(type vendor_configs_file)
+(type vendor_data_file)
+(type vendor_default_prop)
+(type vendor_file)
+(type vendor_framework_file)
+(type vendor_hal_file)
+(type vendor_idc_file)
+(type vendor_init)
+(type vendor_keychars_file)
+(type vendor_keylayout_file)
+(type vendor_overlay_file)
+(type vendor_public_lib_file)
+(type vendor_security_patch_level_prop)
+(type vendor_shell)
+(type vendor_shell_exec)
+(type vendor_task_profiles_file)
+(type vendor_toolbox_exec)
+(type vfat)
+(type vibrator_service)
+(type video_device)
+(type virtual_touchpad)
+(type virtual_touchpad_exec)
+(type virtual_touchpad_service)
+(type vndbinder_device)
+(type vndk_sp_file)
+(type vndservice_contexts_file)
+(type vndservicemanager)
+(type voiceinteraction_service)
+(type vold)
+(type vold_data_file)
+(type vold_device)
+(type vold_exec)
+(type vold_metadata_file)
+(type vold_prepare_subdirs)
+(type vold_prepare_subdirs_exec)
+(type vold_prop)
+(type vold_service)
+(type vpn_data_file)
+(type vr_hwc)
+(type vr_hwc_exec)
+(type vr_hwc_service)
+(type vr_manager_service)
+(type vrflinger_vsync_service)
+(type wallpaper_file)
+(type wallpaper_service)
+(type watchdog_device)
+(type watchdogd)
+(type watchdogd_exec)
+(type webview_zygote)
+(type webview_zygote_exec)
+(type webview_zygote_tmpfs)
+(type webviewupdate_service)
+(type wifi_data_file)
+(type wifi_log_prop)
+(type wifi_prop)
+(type wifi_service)
+(type wifiaware_service)
+(type wificond)
+(type wificond_exec)
+(type wificond_service)
+(type wifip2p_service)
+(type wifiscanner_service)
+(type window_service)
+(type wpa_socket)
+(type wpantund)
+(type wpantund_exec)
+(type wpantund_service)
+(type zero_device)
+(type zoneinfo_data_file)
+(type zygote)
+(type zygote_exec)
+(type zygote_socket)
+(type zygote_tmpfs)
+(typeattribute DockObserver_service_29_0)
+(typeattribute IProxyService_service_29_0)
+(typeattribute accessibility_service_29_0)
+(typeattribute account_service_29_0)
+(typeattribute activity_service_29_0)
+(typeattribute activity_task_service_29_0)
+(typeattribute adb_data_file_29_0)
+(typeattribute adb_keys_file_29_0)
+(typeattribute adb_service_29_0)
+(typeattribute adbd_29_0)
+(typeattribute adbd_exec_29_0)
+(typeattribute adbd_socket_29_0)
+(typeattribute alarm_service_29_0)
+(typeattribute anr_data_file_29_0)
+(typeattribute apex_data_file_29_0)
+(typeattribute apex_metadata_file_29_0)
+(typeattribute apex_mnt_dir_29_0)
+(typeattribute apex_service_29_0)
+(typeattribute apexd_29_0)
+(typeattribute apexd_exec_29_0)
+(typeattribute apexd_prop_29_0)
+(typeattribute apk_data_file_29_0)
+(typeattribute apk_private_data_file_29_0)
+(typeattribute apk_private_tmp_file_29_0)
+(typeattribute apk_tmp_file_29_0)
+(typeattribute app_api_service)
+(typeattribute app_binding_service_29_0)
+(typeattribute app_data_file_29_0)
+(typeattribute app_fuse_file_29_0)
+(typeattribute app_fusefs_29_0)
+(typeattribute app_prediction_service_29_0)
+(typeattribute app_zygote_29_0)
+(typeattribute app_zygote_tmpfs_29_0)
+(typeattribute appdomain)
+(typeattribute appdomain_tmpfs_29_0)
+(typeattribute appops_service_29_0)
+(typeattribute appwidget_service_29_0)
+(typeattribute asec_apk_file_29_0)
+(typeattribute asec_image_file_29_0)
+(typeattribute asec_public_file_29_0)
+(typeattribute ashmem_device_29_0)
+(typeattribute ashmemd_29_0)
+(typeattribute assetatlas_service_29_0)
+(typeattribute audio_data_file_29_0)
+(typeattribute audio_device_29_0)
+(typeattribute audio_prop_29_0)
+(typeattribute audio_service_29_0)
+(typeattribute audiohal_data_file_29_0)
+(typeattribute audioserver_29_0)
+(typeattribute audioserver_data_file_29_0)
+(typeattribute audioserver_service_29_0)
+(typeattribute audioserver_tmpfs_29_0)
+(typeattribute autofill_service_29_0)
+(typeattribute backup_data_file_29_0)
+(typeattribute backup_service_29_0)
+(typeattribute battery_service_29_0)
+(typeattribute batteryproperties_service_29_0)
+(typeattribute batterystats_service_29_0)
+(typeattribute binder_calls_stats_service_29_0)
+(typeattribute binder_device_29_0)
+(typeattribute binder_in_vendor_violators)
+(typeattribute binderservicedomain)
+(typeattribute binfmt_miscfs_29_0)
+(typeattribute biometric_service_29_0)
+(typeattribute blkid_29_0)
+(typeattribute blkid_untrusted_29_0)
+(typeattribute block_device_29_0)
+(typeattribute bluetooth_29_0)
+(typeattribute bluetooth_a2dp_offload_prop_29_0)
+(typeattribute bluetooth_audio_hal_prop_29_0)
+(typeattribute bluetooth_data_file_29_0)
+(typeattribute bluetooth_efs_file_29_0)
+(typeattribute bluetooth_logs_data_file_29_0)
+(typeattribute bluetooth_manager_service_29_0)
+(typeattribute bluetooth_prop_29_0)
+(typeattribute bluetooth_service_29_0)
+(typeattribute bluetooth_socket_29_0)
+(typeattribute bluetoothdomain)
+(typeattribute boot_block_device_29_0)
+(typeattribute bootanim_29_0)
+(typeattribute bootanim_exec_29_0)
+(typeattribute bootchart_data_file_29_0)
+(typeattribute bootloader_boot_reason_prop_29_0)
+(typeattribute bootstat_29_0)
+(typeattribute bootstat_data_file_29_0)
+(typeattribute bootstat_exec_29_0)
+(typeattribute boottime_prop_29_0)
+(typeattribute boottrace_data_file_29_0)
+(typeattribute bpf_progs_loaded_prop_29_0)
+(typeattribute broadcastradio_service_29_0)
+(typeattribute bufferhubd_29_0)
+(typeattribute bufferhubd_exec_29_0)
+(typeattribute bugreport_service_29_0)
+(typeattribute cache_backup_file_29_0)
+(typeattribute cache_block_device_29_0)
+(typeattribute cache_file_29_0)
+(typeattribute cache_private_backup_file_29_0)
+(typeattribute cache_recovery_file_29_0)
+(typeattribute camera_data_file_29_0)
+(typeattribute camera_device_29_0)
+(typeattribute camera_service_server)
+(typeattribute cameraproxy_service_29_0)
+(typeattribute cameraserver_29_0)
+(typeattribute cameraserver_exec_29_0)
+(typeattribute cameraserver_service_29_0)
+(typeattribute cameraserver_tmpfs_29_0)
+(typeattribute cgroup_29_0)
+(typeattribute cgroup_bpf_29_0)
+(typeattribute cgroup_desc_file_29_0)
+(typeattribute cgroup_rc_file_29_0)
+(typeattribute charger_29_0)
+(typeattribute charger_exec_29_0)
+(typeattribute clatd_29_0)
+(typeattribute clatd_exec_29_0)
+(typeattribute clipboard_service_29_0)
+(typeattribute color_display_service_29_0)
+(typeattribute companion_device_service_29_0)
+(typeattribute config_prop_29_0)
+(typeattribute configfs_29_0)
+(typeattribute connectivity_service_29_0)
+(typeattribute connmetrics_service_29_0)
+(typeattribute console_device_29_0)
+(typeattribute consumer_ir_service_29_0)
+(typeattribute content_capture_service_29_0)
+(typeattribute content_service_29_0)
+(typeattribute content_suggestions_service_29_0)
+(typeattribute contexthub_service_29_0)
+(typeattribute contextmount_type)
+(typeattribute core_data_file_type)
+(typeattribute core_property_type)
+(typeattribute coredomain)
+(typeattribute coredomain_hwservice)
+(typeattribute coredomain_socket)
+(typeattribute coredump_file_29_0)
+(typeattribute country_detector_service_29_0)
+(typeattribute coverage_service_29_0)
+(typeattribute cppreopt_prop_29_0)
+(typeattribute cpu_variant_prop_29_0)
+(typeattribute cpuinfo_service_29_0)
+(typeattribute crash_dump_29_0)
+(typeattribute crash_dump_exec_29_0)
+(typeattribute crossprofileapps_service_29_0)
+(typeattribute ctl_adbd_prop_29_0)
+(typeattribute ctl_bootanim_prop_29_0)
+(typeattribute ctl_bugreport_prop_29_0)
+(typeattribute ctl_console_prop_29_0)
+(typeattribute ctl_default_prop_29_0)
+(typeattribute ctl_dumpstate_prop_29_0)
+(typeattribute ctl_fuse_prop_29_0)
+(typeattribute ctl_gsid_prop_29_0)
+(typeattribute ctl_interface_restart_prop_29_0)
+(typeattribute ctl_interface_start_prop_29_0)
+(typeattribute ctl_interface_stop_prop_29_0)
+(typeattribute ctl_mdnsd_prop_29_0)
+(typeattribute ctl_restart_prop_29_0)
+(typeattribute ctl_rildaemon_prop_29_0)
+(typeattribute ctl_sigstop_prop_29_0)
+(typeattribute ctl_start_prop_29_0)
+(typeattribute ctl_stop_prop_29_0)
+(typeattribute dalvik_prop_29_0)
+(typeattribute dalvikcache_data_file_29_0)
+(typeattribute data_between_core_and_vendor_violators)
+(typeattribute data_file_type)
+(typeattribute dbinfo_service_29_0)
+(typeattribute debug_prop_29_0)
+(typeattribute debugfs_29_0)
+(typeattribute debugfs_mmc_29_0)
+(typeattribute debugfs_trace_marker_29_0)
+(typeattribute debugfs_tracing_29_0)
+(typeattribute debugfs_tracing_debug_29_0)
+(typeattribute debugfs_tracing_instances_29_0)
+(typeattribute debugfs_type)
+(typeattribute debugfs_wakeup_sources_29_0)
+(typeattribute debugfs_wifi_tracing_29_0)
+(typeattribute debuggerd_prop_29_0)
+(typeattribute default_android_hwservice_29_0)
+(typeattribute default_android_service_29_0)
+(typeattribute default_android_vndservice_29_0)
+(typeattribute default_prop_29_0)
+(typeattribute dev_cpu_variant_29_0)
+(typeattribute dev_type)
+(typeattribute device_29_0)
+(typeattribute device_config_activity_manager_native_boot_prop_29_0)
+(typeattribute device_config_boot_count_prop_29_0)
+(typeattribute device_config_input_native_boot_prop_29_0)
+(typeattribute device_config_media_native_prop_29_0)
+(typeattribute device_config_netd_native_prop_29_0)
+(typeattribute device_config_reset_performed_prop_29_0)
+(typeattribute device_config_runtime_native_boot_prop_29_0)
+(typeattribute device_config_runtime_native_prop_29_0)
+(typeattribute device_config_service_29_0)
+(typeattribute device_identifiers_service_29_0)
+(typeattribute device_logging_prop_29_0)
+(typeattribute device_policy_service_29_0)
+(typeattribute deviceidle_service_29_0)
+(typeattribute devicestoragemonitor_service_29_0)
+(typeattribute devpts_29_0)
+(typeattribute dhcp_29_0)
+(typeattribute dhcp_data_file_29_0)
+(typeattribute dhcp_exec_29_0)
+(typeattribute dhcp_prop_29_0)
+(typeattribute diskstats_service_29_0)
+(typeattribute display_service_29_0)
+(typeattribute display_service_server)
+(typeattribute dm_device_29_0)
+(typeattribute dnsmasq_29_0)
+(typeattribute dnsmasq_exec_29_0)
+(typeattribute dnsproxyd_socket_29_0)
+(typeattribute dnsresolver_service_29_0)
+(typeattribute domain)
+(typeattribute dreams_service_29_0)
+(typeattribute drm_data_file_29_0)
+(typeattribute drmserver_29_0)
+(typeattribute drmserver_exec_29_0)
+(typeattribute drmserver_service_29_0)
+(typeattribute drmserver_socket_29_0)
+(typeattribute dropbox_data_file_29_0)
+(typeattribute dropbox_service_29_0)
+(typeattribute dumpstate_29_0)
+(typeattribute dumpstate_exec_29_0)
+(typeattribute dumpstate_options_prop_29_0)
+(typeattribute dumpstate_prop_29_0)
+(typeattribute dumpstate_service_29_0)
+(typeattribute dumpstate_socket_29_0)
+(typeattribute dynamic_system_prop_29_0)
+(typeattribute e2fs_29_0)
+(typeattribute e2fs_exec_29_0)
+(typeattribute efs_file_29_0)
+(typeattribute ephemeral_app_29_0)
+(typeattribute ephemeral_app_api_service)
+(typeattribute ethernet_service_29_0)
+(typeattribute exec_type)
+(typeattribute exfat_29_0)
+(typeattribute exported2_config_prop_29_0)
+(typeattribute exported2_default_prop_29_0)
+(typeattribute exported2_radio_prop_29_0)
+(typeattribute exported2_system_prop_29_0)
+(typeattribute exported2_vold_prop_29_0)
+(typeattribute exported3_default_prop_29_0)
+(typeattribute exported3_radio_prop_29_0)
+(typeattribute exported3_system_prop_29_0)
+(typeattribute exported_audio_prop_29_0)
+(typeattribute exported_bluetooth_prop_29_0)
+(typeattribute exported_config_prop_29_0)
+(typeattribute exported_dalvik_prop_29_0)
+(typeattribute exported_default_prop_29_0)
+(typeattribute exported_dumpstate_prop_29_0)
+(typeattribute exported_ffs_prop_29_0)
+(typeattribute exported_fingerprint_prop_29_0)
+(typeattribute exported_overlay_prop_29_0)
+(typeattribute exported_pm_prop_29_0)
+(typeattribute exported_radio_prop_29_0)
+(typeattribute exported_secure_prop_29_0)
+(typeattribute exported_system_prop_29_0)
+(typeattribute exported_system_radio_prop_29_0)
+(typeattribute exported_vold_prop_29_0)
+(typeattribute exported_wifi_prop_29_0)
+(typeattribute extended_core_property_type)
+(typeattribute external_vibrator_service_29_0)
+(typeattribute face_service_29_0)
+(typeattribute face_vendor_data_file_29_0)
+(typeattribute fastbootd_29_0)
+(typeattribute ffs_prop_29_0)
+(typeattribute file_contexts_file_29_0)
+(typeattribute file_type)
+(typeattribute fingerprint_prop_29_0)
+(typeattribute fingerprint_service_29_0)
+(typeattribute fingerprint_vendor_data_file_29_0)
+(typeattribute fingerprintd_29_0)
+(typeattribute fingerprintd_data_file_29_0)
+(typeattribute fingerprintd_exec_29_0)
+(typeattribute fingerprintd_service_29_0)
+(typeattribute firstboot_prop_29_0)
+(typeattribute flags_health_check_29_0)
+(typeattribute flags_health_check_exec_29_0)
+(typeattribute font_service_29_0)
+(typeattribute frp_block_device_29_0)
+(typeattribute fs_bpf_29_0)
+(typeattribute fs_type)
+(typeattribute fsck_29_0)
+(typeattribute fsck_exec_29_0)
+(typeattribute fsck_untrusted_29_0)
+(typeattribute fscklogs_29_0)
+(typeattribute functionfs_29_0)
+(typeattribute fuse_29_0)
+(typeattribute fuse_device_29_0)
+(typeattribute fwk_bufferhub_hwservice_29_0)
+(typeattribute fwk_camera_hwservice_29_0)
+(typeattribute fwk_display_hwservice_29_0)
+(typeattribute fwk_scheduler_hwservice_29_0)
+(typeattribute fwk_sensor_hwservice_29_0)
+(typeattribute fwk_stats_hwservice_29_0)
+(typeattribute fwmarkd_socket_29_0)
+(typeattribute gatekeeper_data_file_29_0)
+(typeattribute gatekeeper_service_29_0)
+(typeattribute gatekeeperd_29_0)
+(typeattribute gatekeeperd_exec_29_0)
+(typeattribute gfxinfo_service_29_0)
+(typeattribute gps_control_29_0)
+(typeattribute gpu_device_29_0)
+(typeattribute gpu_service_29_0)
+(typeattribute gpuservice_29_0)
+(typeattribute graphics_device_29_0)
+(typeattribute graphicsstats_service_29_0)
+(typeattribute gsi_data_file_29_0)
+(typeattribute gsi_metadata_file_29_0)
+(typeattribute gsid_prop_29_0)
+(typeattribute hal_allocator)
+(typeattribute hal_allocator_client)
+(typeattribute hal_allocator_server)
+(typeattribute hal_atrace)
+(typeattribute hal_atrace_client)
+(typeattribute hal_atrace_hwservice_29_0)
+(typeattribute hal_atrace_server)
+(typeattribute hal_audio)
+(typeattribute hal_audio_client)
+(typeattribute hal_audio_hwservice_29_0)
+(typeattribute hal_audio_server)
+(typeattribute hal_audiocontrol)
+(typeattribute hal_audiocontrol_client)
+(typeattribute hal_audiocontrol_hwservice_29_0)
+(typeattribute hal_audiocontrol_server)
+(typeattribute hal_authsecret)
+(typeattribute hal_authsecret_client)
+(typeattribute hal_authsecret_hwservice_29_0)
+(typeattribute hal_authsecret_server)
+(typeattribute hal_automotive_socket_exemption)
+(typeattribute hal_bluetooth)
+(typeattribute hal_bluetooth_client)
+(typeattribute hal_bluetooth_hwservice_29_0)
+(typeattribute hal_bluetooth_server)
+(typeattribute hal_bootctl)
+(typeattribute hal_bootctl_client)
+(typeattribute hal_bootctl_hwservice_29_0)
+(typeattribute hal_bootctl_server)
+(typeattribute hal_broadcastradio)
+(typeattribute hal_broadcastradio_client)
+(typeattribute hal_broadcastradio_hwservice_29_0)
+(typeattribute hal_broadcastradio_server)
+(typeattribute hal_bufferhub)
+(typeattribute hal_bufferhub_client)
+(typeattribute hal_bufferhub_server)
+(typeattribute hal_camera)
+(typeattribute hal_camera_client)
+(typeattribute hal_camera_hwservice_29_0)
+(typeattribute hal_camera_server)
+(typeattribute hal_cas)
+(typeattribute hal_cas_client)
+(typeattribute hal_cas_hwservice_29_0)
+(typeattribute hal_cas_server)
+(typeattribute hal_codec2_hwservice_29_0)
+(typeattribute hal_configstore)
+(typeattribute hal_configstore_ISurfaceFlingerConfigs_29_0)
+(typeattribute hal_configstore_client)
+(typeattribute hal_configstore_server)
+(typeattribute hal_confirmationui)
+(typeattribute hal_confirmationui_client)
+(typeattribute hal_confirmationui_hwservice_29_0)
+(typeattribute hal_confirmationui_server)
+(typeattribute hal_contexthub)
+(typeattribute hal_contexthub_client)
+(typeattribute hal_contexthub_hwservice_29_0)
+(typeattribute hal_contexthub_server)
+(typeattribute hal_drm)
+(typeattribute hal_drm_client)
+(typeattribute hal_drm_hwservice_29_0)
+(typeattribute hal_drm_server)
+(typeattribute hal_dumpstate)
+(typeattribute hal_dumpstate_client)
+(typeattribute hal_dumpstate_hwservice_29_0)
+(typeattribute hal_dumpstate_server)
+(typeattribute hal_evs)
+(typeattribute hal_evs_client)
+(typeattribute hal_evs_hwservice_29_0)
+(typeattribute hal_evs_server)
+(typeattribute hal_face)
+(typeattribute hal_face_client)
+(typeattribute hal_face_hwservice_29_0)
+(typeattribute hal_face_server)
+(typeattribute hal_fingerprint)
+(typeattribute hal_fingerprint_client)
+(typeattribute hal_fingerprint_hwservice_29_0)
+(typeattribute hal_fingerprint_server)
+(typeattribute hal_fingerprint_service_29_0)
+(typeattribute hal_gatekeeper)
+(typeattribute hal_gatekeeper_client)
+(typeattribute hal_gatekeeper_hwservice_29_0)
+(typeattribute hal_gatekeeper_server)
+(typeattribute hal_gnss)
+(typeattribute hal_gnss_client)
+(typeattribute hal_gnss_hwservice_29_0)
+(typeattribute hal_gnss_server)
+(typeattribute hal_graphics_allocator)
+(typeattribute hal_graphics_allocator_client)
+(typeattribute hal_graphics_allocator_hwservice_29_0)
+(typeattribute hal_graphics_allocator_server)
+(typeattribute hal_graphics_composer)
+(typeattribute hal_graphics_composer_client)
+(typeattribute hal_graphics_composer_client_tmpfs)
+(typeattribute hal_graphics_composer_hwservice_29_0)
+(typeattribute hal_graphics_composer_server)
+(typeattribute hal_graphics_composer_server_tmpfs_29_0)
+(typeattribute hal_graphics_mapper_hwservice_29_0)
+(typeattribute hal_health)
+(typeattribute hal_health_client)
+(typeattribute hal_health_hwservice_29_0)
+(typeattribute hal_health_server)
+(typeattribute hal_health_storage)
+(typeattribute hal_health_storage_client)
+(typeattribute hal_health_storage_hwservice_29_0)
+(typeattribute hal_health_storage_server)
+(typeattribute hal_input_classifier)
+(typeattribute hal_input_classifier_client)
+(typeattribute hal_input_classifier_hwservice_29_0)
+(typeattribute hal_input_classifier_server)
+(typeattribute hal_ir)
+(typeattribute hal_ir_client)
+(typeattribute hal_ir_hwservice_29_0)
+(typeattribute hal_ir_server)
+(typeattribute hal_keymaster)
+(typeattribute hal_keymaster_client)
+(typeattribute hal_keymaster_hwservice_29_0)
+(typeattribute hal_keymaster_server)
+(typeattribute hal_light)
+(typeattribute hal_light_client)
+(typeattribute hal_light_hwservice_29_0)
+(typeattribute hal_light_server)
+(typeattribute hal_lowpan)
+(typeattribute hal_lowpan_client)
+(typeattribute hal_lowpan_hwservice_29_0)
+(typeattribute hal_lowpan_server)
+(typeattribute hal_memtrack)
+(typeattribute hal_memtrack_client)
+(typeattribute hal_memtrack_hwservice_29_0)
+(typeattribute hal_memtrack_server)
+(typeattribute hal_neuralnetworks)
+(typeattribute hal_neuralnetworks_client)
+(typeattribute hal_neuralnetworks_hwservice_29_0)
+(typeattribute hal_neuralnetworks_server)
+(typeattribute hal_nfc)
+(typeattribute hal_nfc_client)
+(typeattribute hal_nfc_hwservice_29_0)
+(typeattribute hal_nfc_server)
+(typeattribute hal_oemlock)
+(typeattribute hal_oemlock_client)
+(typeattribute hal_oemlock_hwservice_29_0)
+(typeattribute hal_oemlock_server)
+(typeattribute hal_omx)
+(typeattribute hal_omx_client)
+(typeattribute hal_omx_hwservice_29_0)
+(typeattribute hal_omx_server)
+(typeattribute hal_power)
+(typeattribute hal_power_client)
+(typeattribute hal_power_hwservice_29_0)
+(typeattribute hal_power_server)
+(typeattribute hal_power_stats)
+(typeattribute hal_power_stats_client)
+(typeattribute hal_power_stats_hwservice_29_0)
+(typeattribute hal_power_stats_server)
+(typeattribute hal_renderscript_hwservice_29_0)
+(typeattribute hal_secure_element)
+(typeattribute hal_secure_element_client)
+(typeattribute hal_secure_element_hwservice_29_0)
+(typeattribute hal_secure_element_server)
+(typeattribute hal_sensors)
+(typeattribute hal_sensors_client)
+(typeattribute hal_sensors_hwservice_29_0)
+(typeattribute hal_sensors_server)
+(typeattribute hal_telephony)
+(typeattribute hal_telephony_client)
+(typeattribute hal_telephony_hwservice_29_0)
+(typeattribute hal_telephony_server)
+(typeattribute hal_tetheroffload)
+(typeattribute hal_tetheroffload_client)
+(typeattribute hal_tetheroffload_hwservice_29_0)
+(typeattribute hal_tetheroffload_server)
+(typeattribute hal_thermal)
+(typeattribute hal_thermal_client)
+(typeattribute hal_thermal_hwservice_29_0)
+(typeattribute hal_thermal_server)
+(typeattribute hal_tv_cec)
+(typeattribute hal_tv_cec_client)
+(typeattribute hal_tv_cec_hwservice_29_0)
+(typeattribute hal_tv_cec_server)
+(typeattribute hal_tv_input)
+(typeattribute hal_tv_input_client)
+(typeattribute hal_tv_input_hwservice_29_0)
+(typeattribute hal_tv_input_server)
+(typeattribute hal_usb)
+(typeattribute hal_usb_client)
+(typeattribute hal_usb_gadget)
+(typeattribute hal_usb_gadget_client)
+(typeattribute hal_usb_gadget_hwservice_29_0)
+(typeattribute hal_usb_gadget_server)
+(typeattribute hal_usb_hwservice_29_0)
+(typeattribute hal_usb_server)
+(typeattribute hal_vehicle)
+(typeattribute hal_vehicle_client)
+(typeattribute hal_vehicle_hwservice_29_0)
+(typeattribute hal_vehicle_server)
+(typeattribute hal_vibrator)
+(typeattribute hal_vibrator_client)
+(typeattribute hal_vibrator_hwservice_29_0)
+(typeattribute hal_vibrator_server)
+(typeattribute hal_vr)
+(typeattribute hal_vr_client)
+(typeattribute hal_vr_hwservice_29_0)
+(typeattribute hal_vr_server)
+(typeattribute hal_weaver)
+(typeattribute hal_weaver_client)
+(typeattribute hal_weaver_hwservice_29_0)
+(typeattribute hal_weaver_server)
+(typeattribute hal_wifi)
+(typeattribute hal_wifi_client)
+(typeattribute hal_wifi_hostapd)
+(typeattribute hal_wifi_hostapd_client)
+(typeattribute hal_wifi_hostapd_hwservice_29_0)
+(typeattribute hal_wifi_hostapd_server)
+(typeattribute hal_wifi_hwservice_29_0)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_hwservice_29_0)
+(typeattribute hal_wifi_offload_server)
+(typeattribute hal_wifi_server)
+(typeattribute hal_wifi_supplicant)
+(typeattribute hal_wifi_supplicant_client)
+(typeattribute hal_wifi_supplicant_hwservice_29_0)
+(typeattribute hal_wifi_supplicant_server)
+(typeattribute halclientdomain)
+(typeattribute halserverdomain)
+(typeattribute hardware_properties_service_29_0)
+(typeattribute hardware_service_29_0)
+(typeattribute hci_attach_dev_29_0)
+(typeattribute hdmi_control_service_29_0)
+(typeattribute healthd_29_0)
+(typeattribute healthd_exec_29_0)
+(typeattribute heapdump_data_file_29_0)
+(typeattribute heapprofd_29_0)
+(typeattribute heapprofd_enabled_prop_29_0)
+(typeattribute heapprofd_prop_29_0)
+(typeattribute heapprofd_socket_29_0)
+(typeattribute hidl_allocator_hwservice_29_0)
+(typeattribute hidl_base_hwservice_29_0)
+(typeattribute hidl_manager_hwservice_29_0)
+(typeattribute hidl_memory_hwservice_29_0)
+(typeattribute hidl_token_hwservice_29_0)
+(typeattribute hw_random_device_29_0)
+(typeattribute hwbinder_device_29_0)
+(typeattribute hwservice_contexts_file_29_0)
+(typeattribute hwservice_manager_type)
+(typeattribute hwservicemanager_29_0)
+(typeattribute hwservicemanager_exec_29_0)
+(typeattribute hwservicemanager_prop_29_0)
+(typeattribute icon_file_29_0)
+(typeattribute idmap_29_0)
+(typeattribute idmap_exec_29_0)
+(typeattribute idmap_service_29_0)
+(typeattribute iio_device_29_0)
+(typeattribute imms_service_29_0)
+(typeattribute incident_29_0)
+(typeattribute incident_data_file_29_0)
+(typeattribute incident_helper_29_0)
+(typeattribute incident_service_29_0)
+(typeattribute incidentd_29_0)
+(typeattribute init_29_0)
+(typeattribute init_exec_29_0)
+(typeattribute init_tmpfs_29_0)
+(typeattribute inotify_29_0)
+(typeattribute input_device_29_0)
+(typeattribute input_method_service_29_0)
+(typeattribute input_service_29_0)
+(typeattribute inputflinger_29_0)
+(typeattribute inputflinger_exec_29_0)
+(typeattribute inputflinger_service_29_0)
+(typeattribute install_data_file_29_0)
+(typeattribute install_recovery_29_0)
+(typeattribute install_recovery_exec_29_0)
+(typeattribute installd_29_0)
+(typeattribute installd_exec_29_0)
+(typeattribute installd_service_29_0)
+(typeattribute ion_device_29_0)
+(typeattribute iorapd_29_0)
+(typeattribute iorapd_data_file_29_0)
+(typeattribute iorapd_exec_29_0)
+(typeattribute iorapd_service_29_0)
+(typeattribute iorapd_tmpfs_29_0)
+(typeattribute ipsec_service_29_0)
+(typeattribute iris_service_29_0)
+(typeattribute iris_vendor_data_file_29_0)
+(typeattribute isolated_app_29_0)
+(typeattribute jobscheduler_service_29_0)
+(typeattribute kernel_29_0)
+(typeattribute keychain_data_file_29_0)
+(typeattribute keychord_device_29_0)
+(typeattribute keystore_29_0)
+(typeattribute keystore_data_file_29_0)
+(typeattribute keystore_exec_29_0)
+(typeattribute keystore_service_29_0)
+(typeattribute kmsg_debug_device_29_0)
+(typeattribute kmsg_device_29_0)
+(typeattribute labeledfs_29_0)
+(typeattribute last_boot_reason_prop_29_0)
+(typeattribute launcherapps_service_29_0)
+(typeattribute llkd_29_0)
+(typeattribute llkd_exec_29_0)
+(typeattribute llkd_prop_29_0)
+(typeattribute lmkd_29_0)
+(typeattribute lmkd_exec_29_0)
+(typeattribute lmkd_socket_29_0)
+(typeattribute location_service_29_0)
+(typeattribute lock_settings_service_29_0)
+(typeattribute log_prop_29_0)
+(typeattribute log_property_type)
+(typeattribute log_tag_prop_29_0)
+(typeattribute logcat_exec_29_0)
+(typeattribute logd_29_0)
+(typeattribute logd_exec_29_0)
+(typeattribute logd_prop_29_0)
+(typeattribute logd_socket_29_0)
+(typeattribute logdr_socket_29_0)
+(typeattribute logdw_socket_29_0)
+(typeattribute logpersist_29_0)
+(typeattribute logpersistd_logging_prop_29_0)
+(typeattribute loop_control_device_29_0)
+(typeattribute loop_device_29_0)
+(typeattribute looper_stats_service_29_0)
+(typeattribute lowpan_device_29_0)
+(typeattribute lowpan_prop_29_0)
+(typeattribute lowpan_service_29_0)
+(typeattribute lpdump_service_29_0)
+(typeattribute lpdumpd_prop_29_0)
+(typeattribute mac_perms_file_29_0)
+(typeattribute mdns_socket_29_0)
+(typeattribute mdnsd_29_0)
+(typeattribute mdnsd_socket_29_0)
+(typeattribute media_data_file_29_0)
+(typeattribute media_projection_service_29_0)
+(typeattribute media_router_service_29_0)
+(typeattribute media_rw_data_file_29_0)
+(typeattribute media_session_service_29_0)
+(typeattribute mediacodec_service_29_0)
+(typeattribute mediadrmserver_29_0)
+(typeattribute mediadrmserver_exec_29_0)
+(typeattribute mediadrmserver_service_29_0)
+(typeattribute mediaextractor_29_0)
+(typeattribute mediaextractor_exec_29_0)
+(typeattribute mediaextractor_service_29_0)
+(typeattribute mediaextractor_tmpfs_29_0)
+(typeattribute mediametrics_29_0)
+(typeattribute mediametrics_exec_29_0)
+(typeattribute mediametrics_service_29_0)
+(typeattribute mediaprovider_29_0)
+(typeattribute mediaserver_29_0)
+(typeattribute mediaserver_exec_29_0)
+(typeattribute mediaserver_service_29_0)
+(typeattribute mediaserver_tmpfs_29_0)
+(typeattribute mediaswcodec_29_0)
+(typeattribute mediaswcodec_exec_29_0)
+(typeattribute mediaswcodec_server)
+(typeattribute meminfo_service_29_0)
+(typeattribute metadata_block_device_29_0)
+(typeattribute metadata_file_29_0)
+(typeattribute method_trace_data_file_29_0)
+(typeattribute midi_service_29_0)
+(typeattribute misc_block_device_29_0)
+(typeattribute misc_logd_file_29_0)
+(typeattribute misc_user_data_file_29_0)
+(typeattribute mlstrustedobject)
+(typeattribute mlstrustedsubject)
+(typeattribute mmc_prop_29_0)
+(typeattribute mnt_expand_file_29_0)
+(typeattribute mnt_media_rw_file_29_0)
+(typeattribute mnt_media_rw_stub_file_29_0)
+(typeattribute mnt_product_file_29_0)
+(typeattribute mnt_user_file_29_0)
+(typeattribute mnt_vendor_file_29_0)
+(typeattribute modprobe_29_0)
+(typeattribute mount_service_29_0)
+(typeattribute mqueue_29_0)
+(typeattribute mtp_29_0)
+(typeattribute mtp_device_29_0)
+(typeattribute mtp_exec_29_0)
+(typeattribute mtpd_socket_29_0)
+(typeattribute nativetest_data_file_29_0)
+(typeattribute net_data_file_29_0)
+(typeattribute net_dns_prop_29_0)
+(typeattribute net_radio_prop_29_0)
+(typeattribute netd_29_0)
+(typeattribute netd_exec_29_0)
+(typeattribute netd_listener_service_29_0)
+(typeattribute netd_service_29_0)
+(typeattribute netd_stable_secret_prop_29_0)
+(typeattribute netdomain)
+(typeattribute netif_29_0)
+(typeattribute netif_type)
+(typeattribute netpolicy_service_29_0)
+(typeattribute netstats_service_29_0)
+(typeattribute netutils_wrapper_29_0)
+(typeattribute netutils_wrapper_exec_29_0)
+(typeattribute network_management_service_29_0)
+(typeattribute network_score_service_29_0)
+(typeattribute network_stack_29_0)
+(typeattribute network_stack_service_29_0)
+(typeattribute network_time_update_service_29_0)
+(typeattribute network_watchlist_data_file_29_0)
+(typeattribute network_watchlist_service_29_0)
+(typeattribute nfc_29_0)
+(typeattribute nfc_data_file_29_0)
+(typeattribute nfc_device_29_0)
+(typeattribute nfc_prop_29_0)
+(typeattribute nfc_service_29_0)
+(typeattribute nnapi_ext_deny_product_prop_29_0)
+(typeattribute node_29_0)
+(typeattribute node_type)
+(typeattribute nonplat_service_contexts_file_29_0)
+(typeattribute notification_service_29_0)
+(typeattribute null_device_29_0)
+(typeattribute oem_lock_service_29_0)
+(typeattribute oemfs_29_0)
+(typeattribute ota_data_file_29_0)
+(typeattribute ota_package_file_29_0)
+(typeattribute otadexopt_service_29_0)
+(typeattribute overlay_prop_29_0)
+(typeattribute overlay_service_29_0)
+(typeattribute overlayfs_file_29_0)
+(typeattribute owntty_device_29_0)
+(typeattribute package_native_service_29_0)
+(typeattribute package_service_29_0)
+(typeattribute packages_list_file_29_0)
+(typeattribute pan_result_prop_29_0)
+(typeattribute password_slot_metadata_file_29_0)
+(typeattribute pdx_bufferhub_client_channel_socket_29_0)
+(typeattribute pdx_bufferhub_client_channel_socket_type)
+(typeattribute pdx_bufferhub_client_endpoint_dir_type)
+(typeattribute pdx_bufferhub_client_endpoint_socket_29_0)
+(typeattribute pdx_bufferhub_client_endpoint_socket_type)
+(typeattribute pdx_bufferhub_client_server_type)
+(typeattribute pdx_bufferhub_dir_29_0)
+(typeattribute pdx_channel_socket_type)
+(typeattribute pdx_display_client_channel_socket_29_0)
+(typeattribute pdx_display_client_channel_socket_type)
+(typeattribute pdx_display_client_endpoint_dir_type)
+(typeattribute pdx_display_client_endpoint_socket_29_0)
+(typeattribute pdx_display_client_endpoint_socket_type)
+(typeattribute pdx_display_client_server_type)
+(typeattribute pdx_display_dir_29_0)
+(typeattribute pdx_display_manager_channel_socket_29_0)
+(typeattribute pdx_display_manager_channel_socket_type)
+(typeattribute pdx_display_manager_endpoint_dir_type)
+(typeattribute pdx_display_manager_endpoint_socket_29_0)
+(typeattribute pdx_display_manager_endpoint_socket_type)
+(typeattribute pdx_display_manager_server_type)
+(typeattribute pdx_display_screenshot_channel_socket_29_0)
+(typeattribute pdx_display_screenshot_channel_socket_type)
+(typeattribute pdx_display_screenshot_endpoint_dir_type)
+(typeattribute pdx_display_screenshot_endpoint_socket_29_0)
+(typeattribute pdx_display_screenshot_endpoint_socket_type)
+(typeattribute pdx_display_screenshot_server_type)
+(typeattribute pdx_display_vsync_channel_socket_29_0)
+(typeattribute pdx_display_vsync_channel_socket_type)
+(typeattribute pdx_display_vsync_endpoint_dir_type)
+(typeattribute pdx_display_vsync_endpoint_socket_29_0)
+(typeattribute pdx_display_vsync_endpoint_socket_type)
+(typeattribute pdx_display_vsync_server_type)
+(typeattribute pdx_endpoint_dir_type)
+(typeattribute pdx_endpoint_socket_type)
+(typeattribute pdx_performance_client_channel_socket_29_0)
+(typeattribute pdx_performance_client_channel_socket_type)
+(typeattribute pdx_performance_client_endpoint_dir_type)
+(typeattribute pdx_performance_client_endpoint_socket_29_0)
+(typeattribute pdx_performance_client_endpoint_socket_type)
+(typeattribute pdx_performance_client_server_type)
+(typeattribute pdx_performance_dir_29_0)
+(typeattribute perfetto_29_0)
+(typeattribute performanced_29_0)
+(typeattribute performanced_exec_29_0)
+(typeattribute perfprofd_29_0)
+(typeattribute perfprofd_data_file_29_0)
+(typeattribute perfprofd_exec_29_0)
+(typeattribute perfprofd_service_29_0)
+(typeattribute permission_service_29_0)
+(typeattribute permissionmgr_service_29_0)
+(typeattribute persist_debug_prop_29_0)
+(typeattribute persistent_data_block_service_29_0)
+(typeattribute persistent_properties_ready_prop_29_0)
+(typeattribute pinner_service_29_0)
+(typeattribute pipefs_29_0)
+(typeattribute platform_app_29_0)
+(typeattribute pm_prop_29_0)
+(typeattribute pmsg_device_29_0)
+(typeattribute port_29_0)
+(typeattribute port_device_29_0)
+(typeattribute port_type)
+(typeattribute postinstall_29_0)
+(typeattribute postinstall_apex_mnt_dir_29_0)
+(typeattribute postinstall_file_29_0)
+(typeattribute postinstall_mnt_dir_29_0)
+(typeattribute power_service_29_0)
+(typeattribute powerctl_prop_29_0)
+(typeattribute ppp_29_0)
+(typeattribute ppp_device_29_0)
+(typeattribute ppp_exec_29_0)
+(typeattribute preloads_data_file_29_0)
+(typeattribute preloads_media_file_29_0)
+(typeattribute print_service_29_0)
+(typeattribute priv_app_29_0)
+(typeattribute privapp_data_file_29_0)
+(typeattribute proc_29_0)
+(typeattribute proc_abi_29_0)
+(typeattribute proc_asound_29_0)
+(typeattribute proc_bluetooth_writable_29_0)
+(typeattribute proc_buddyinfo_29_0)
+(typeattribute proc_cmdline_29_0)
+(typeattribute proc_cpuinfo_29_0)
+(typeattribute proc_dirty_29_0)
+(typeattribute proc_diskstats_29_0)
+(typeattribute proc_drop_caches_29_0)
+(typeattribute proc_extra_free_kbytes_29_0)
+(typeattribute proc_filesystems_29_0)
+(typeattribute proc_fs_verity_29_0)
+(typeattribute proc_hostname_29_0)
+(typeattribute proc_hung_task_29_0)
+(typeattribute proc_interrupts_29_0)
+(typeattribute proc_iomem_29_0)
+(typeattribute proc_keys_29_0)
+(typeattribute proc_kmsg_29_0)
+(typeattribute proc_loadavg_29_0)
+(typeattribute proc_max_map_count_29_0)
+(typeattribute proc_meminfo_29_0)
+(typeattribute proc_min_free_order_shift_29_0)
+(typeattribute proc_misc_29_0)
+(typeattribute proc_modules_29_0)
+(typeattribute proc_mounts_29_0)
+(typeattribute proc_net_29_0)
+(typeattribute proc_net_tcp_udp_29_0)
+(typeattribute proc_net_type)
+(typeattribute proc_overcommit_memory_29_0)
+(typeattribute proc_page_cluster_29_0)
+(typeattribute proc_pagetypeinfo_29_0)
+(typeattribute proc_panic_29_0)
+(typeattribute proc_perf_29_0)
+(typeattribute proc_pid_max_29_0)
+(typeattribute proc_pipe_conf_29_0)
+(typeattribute proc_pressure_cpu_29_0)
+(typeattribute proc_pressure_io_29_0)
+(typeattribute proc_pressure_mem_29_0)
+(typeattribute proc_qtaguid_ctrl_29_0)
+(typeattribute proc_qtaguid_stat_29_0)
+(typeattribute proc_random_29_0)
+(typeattribute proc_sched_29_0)
+(typeattribute proc_security_29_0)
+(typeattribute proc_slabinfo_29_0)
+(typeattribute proc_stat_29_0)
+(typeattribute proc_swaps_29_0)
+(typeattribute proc_sysrq_29_0)
+(typeattribute proc_timer_29_0)
+(typeattribute proc_tty_drivers_29_0)
+(typeattribute proc_type)
+(typeattribute proc_uid_concurrent_active_time_29_0)
+(typeattribute proc_uid_concurrent_policy_time_29_0)
+(typeattribute proc_uid_cpupower_29_0)
+(typeattribute proc_uid_cputime_removeuid_29_0)
+(typeattribute proc_uid_cputime_showstat_29_0)
+(typeattribute proc_uid_io_stats_29_0)
+(typeattribute proc_uid_procstat_set_29_0)
+(typeattribute proc_uid_time_in_state_29_0)
+(typeattribute proc_uptime_29_0)
+(typeattribute proc_version_29_0)
+(typeattribute proc_vmallocinfo_29_0)
+(typeattribute proc_vmstat_29_0)
+(typeattribute proc_zoneinfo_29_0)
+(typeattribute processinfo_service_29_0)
+(typeattribute procstats_service_29_0)
+(typeattribute profman_29_0)
+(typeattribute profman_dump_data_file_29_0)
+(typeattribute profman_exec_29_0)
+(typeattribute properties_device_29_0)
+(typeattribute properties_serial_29_0)
+(typeattribute property_contexts_file_29_0)
+(typeattribute property_data_file_29_0)
+(typeattribute property_info_29_0)
+(typeattribute property_socket_29_0)
+(typeattribute property_type)
+(typeattribute pstorefs_29_0)
+(typeattribute ptmx_device_29_0)
+(typeattribute qtaguid_device_29_0)
+(typeattribute racoon_29_0)
+(typeattribute racoon_exec_29_0)
+(typeattribute racoon_socket_29_0)
+(typeattribute radio_29_0)
+(typeattribute radio_data_file_29_0)
+(typeattribute radio_device_29_0)
+(typeattribute radio_prop_29_0)
+(typeattribute radio_service_29_0)
+(typeattribute ram_device_29_0)
+(typeattribute random_device_29_0)
+(typeattribute recovery_29_0)
+(typeattribute recovery_block_device_29_0)
+(typeattribute recovery_data_file_29_0)
+(typeattribute recovery_persist_29_0)
+(typeattribute recovery_persist_exec_29_0)
+(typeattribute recovery_refresh_29_0)
+(typeattribute recovery_refresh_exec_29_0)
+(typeattribute recovery_service_29_0)
+(typeattribute recovery_socket_29_0)
+(typeattribute registry_service_29_0)
+(typeattribute resourcecache_data_file_29_0)
+(typeattribute restorecon_prop_29_0)
+(typeattribute restrictions_service_29_0)
+(typeattribute rild_debug_socket_29_0)
+(typeattribute rild_socket_29_0)
+(typeattribute ringtone_file_29_0)
+(typeattribute role_service_29_0)
+(typeattribute rollback_service_29_0)
+(typeattribute root_block_device_29_0)
+(typeattribute rootfs_29_0)
+(typeattribute rpmsg_device_29_0)
+(typeattribute rs_29_0)
+(typeattribute rs_exec_29_0)
+(typeattribute rss_hwm_reset_29_0)
+(typeattribute rtc_device_29_0)
+(typeattribute rttmanager_service_29_0)
+(typeattribute runas_29_0)
+(typeattribute runas_app_29_0)
+(typeattribute runas_exec_29_0)
+(typeattribute runtime_event_log_tags_file_29_0)
+(typeattribute runtime_service_29_0)
+(typeattribute safemode_prop_29_0)
+(typeattribute same_process_hal_file_29_0)
+(typeattribute same_process_hwservice)
+(typeattribute samplingprofiler_service_29_0)
+(typeattribute scheduler_service_server)
+(typeattribute scheduling_policy_service_29_0)
+(typeattribute sdcard_block_device_29_0)
+(typeattribute sdcard_type)
+(typeattribute sdcardd_29_0)
+(typeattribute sdcardd_exec_29_0)
+(typeattribute sdcardfs_29_0)
+(typeattribute seapp_contexts_file_29_0)
+(typeattribute search_service_29_0)
+(typeattribute sec_key_att_app_id_provider_service_29_0)
+(typeattribute secure_element_29_0)
+(typeattribute secure_element_device_29_0)
+(typeattribute secure_element_service_29_0)
+(typeattribute selinuxfs_29_0)
+(typeattribute sensor_privacy_service_29_0)
+(typeattribute sensor_service_server)
+(typeattribute sensors_device_29_0)
+(typeattribute sensorservice_service_29_0)
+(typeattribute sepolicy_file_29_0)
+(typeattribute serial_device_29_0)
+(typeattribute serial_service_29_0)
+(typeattribute serialno_prop_29_0)
+(typeattribute server_configurable_flags_data_file_29_0)
+(typeattribute service_contexts_file_29_0)
+(typeattribute service_manager_type)
+(typeattribute servicediscovery_service_29_0)
+(typeattribute servicemanager_29_0)
+(typeattribute servicemanager_exec_29_0)
+(typeattribute settings_service_29_0)
+(typeattribute sgdisk_29_0)
+(typeattribute sgdisk_exec_29_0)
+(typeattribute shared_relro_29_0)
+(typeattribute shared_relro_file_29_0)
+(typeattribute shell_29_0)
+(typeattribute shell_data_file_29_0)
+(typeattribute shell_exec_29_0)
+(typeattribute shell_prop_29_0)
+(typeattribute shm_29_0)
+(typeattribute shortcut_manager_icons_29_0)
+(typeattribute shortcut_service_29_0)
+(typeattribute simpleperf_app_runner_29_0)
+(typeattribute simpleperf_app_runner_exec_29_0)
+(typeattribute slice_service_29_0)
+(typeattribute slideshow_29_0)
+(typeattribute socket_between_core_and_vendor_violators)
+(typeattribute socket_device_29_0)
+(typeattribute sockfs_29_0)
+(typeattribute staging_data_file_29_0)
+(typeattribute stats_data_file_29_0)
+(typeattribute stats_service_server)
+(typeattribute statsd_29_0)
+(typeattribute statsd_exec_29_0)
+(typeattribute statsdw_socket_29_0)
+(typeattribute statusbar_service_29_0)
+(typeattribute storage_file_29_0)
+(typeattribute storage_stub_file_29_0)
+(typeattribute storaged_service_29_0)
+(typeattribute storagestats_service_29_0)
+(typeattribute su_29_0)
+(typeattribute su_exec_29_0)
+(typeattribute super_block_device_29_0)
+(typeattribute super_block_device_type)
+(typeattribute surfaceflinger_29_0)
+(typeattribute surfaceflinger_service_29_0)
+(typeattribute surfaceflinger_tmpfs_29_0)
+(typeattribute swap_block_device_29_0)
+(typeattribute sysfs_29_0)
+(typeattribute sysfs_android_usb_29_0)
+(typeattribute sysfs_batteryinfo_29_0)
+(typeattribute sysfs_bluetooth_writable_29_0)
+(typeattribute sysfs_devices_block_29_0)
+(typeattribute sysfs_devices_system_cpu_29_0)
+(typeattribute sysfs_dm_29_0)
+(typeattribute sysfs_dt_firmware_android_29_0)
+(typeattribute sysfs_extcon_29_0)
+(typeattribute sysfs_fs_ext4_features_29_0)
+(typeattribute sysfs_fs_f2fs_29_0)
+(typeattribute sysfs_hwrandom_29_0)
+(typeattribute sysfs_ipv4_29_0)
+(typeattribute sysfs_kernel_notes_29_0)
+(typeattribute sysfs_leds_29_0)
+(typeattribute sysfs_loop_29_0)
+(typeattribute sysfs_lowmemorykiller_29_0)
+(typeattribute sysfs_mac_address_29_0)
+(typeattribute sysfs_net_29_0)
+(typeattribute sysfs_nfc_power_writable_29_0)
+(typeattribute sysfs_power_29_0)
+(typeattribute sysfs_rtc_29_0)
+(typeattribute sysfs_switch_29_0)
+(typeattribute sysfs_thermal_29_0)
+(typeattribute sysfs_transparent_hugepage_29_0)
+(typeattribute sysfs_type)
+(typeattribute sysfs_uio_29_0)
+(typeattribute sysfs_usb_29_0)
+(typeattribute sysfs_usermodehelper_29_0)
+(typeattribute sysfs_vibrator_29_0)
+(typeattribute sysfs_wake_lock_29_0)
+(typeattribute sysfs_wakeup_reasons_29_0)
+(typeattribute sysfs_wlan_fwpath_29_0)
+(typeattribute sysfs_zram_29_0)
+(typeattribute sysfs_zram_uevent_29_0)
+(typeattribute system_api_service)
+(typeattribute system_app_29_0)
+(typeattribute system_app_data_file_29_0)
+(typeattribute system_app_service_29_0)
+(typeattribute system_asan_options_file_29_0)
+(typeattribute system_block_device_29_0)
+(typeattribute system_boot_reason_prop_29_0)
+(typeattribute system_bootstrap_lib_file_29_0)
+(typeattribute system_data_file_29_0)
+(typeattribute system_event_log_tags_file_29_0)
+(typeattribute system_executes_vendor_violators)
+(typeattribute system_file_29_0)
+(typeattribute system_file_type)
+(typeattribute system_lib_file_29_0)
+(typeattribute system_linker_config_file_29_0)
+(typeattribute system_linker_exec_29_0)
+(typeattribute system_lmk_prop_29_0)
+(typeattribute system_ndebug_socket_29_0)
+(typeattribute system_net_netd_hwservice_29_0)
+(typeattribute system_prop_29_0)
+(typeattribute system_radio_prop_29_0)
+(typeattribute system_seccomp_policy_file_29_0)
+(typeattribute system_security_cacerts_file_29_0)
+(typeattribute system_server_29_0)
+(typeattribute system_server_service)
+(typeattribute system_server_tmpfs_29_0)
+(typeattribute system_suspend_control_service_29_0)
+(typeattribute system_suspend_hwservice_29_0)
+(typeattribute system_suspend_server)
+(typeattribute system_trace_prop_29_0)
+(typeattribute system_update_service_29_0)
+(typeattribute system_wifi_keystore_hwservice_29_0)
+(typeattribute system_wpa_socket_29_0)
+(typeattribute system_writes_mnt_vendor_violators)
+(typeattribute system_writes_vendor_properties_violators)
+(typeattribute system_zoneinfo_file_29_0)
+(typeattribute systemkeys_data_file_29_0)
+(typeattribute task_profiles_file_29_0)
+(typeattribute task_service_29_0)
+(typeattribute tcpdump_exec_29_0)
+(typeattribute tee_29_0)
+(typeattribute tee_data_file_29_0)
+(typeattribute tee_device_29_0)
+(typeattribute telecom_service_29_0)
+(typeattribute test_boot_reason_prop_29_0)
+(typeattribute test_harness_prop_29_0)
+(typeattribute testharness_service_29_0)
+(typeattribute textclassification_service_29_0)
+(typeattribute textclassifier_data_file_29_0)
+(typeattribute textservices_service_29_0)
+(typeattribute thermal_service_29_0)
+(typeattribute thermalcallback_hwservice_29_0)
+(typeattribute time_prop_29_0)
+(typeattribute timedetector_service_29_0)
+(typeattribute timezone_service_29_0)
+(typeattribute tmpfs_29_0)
+(typeattribute tombstone_data_file_29_0)
+(typeattribute tombstone_wifi_data_file_29_0)
+(typeattribute tombstoned_29_0)
+(typeattribute tombstoned_crash_socket_29_0)
+(typeattribute tombstoned_exec_29_0)
+(typeattribute tombstoned_intercept_socket_29_0)
+(typeattribute tombstoned_java_trace_socket_29_0)
+(typeattribute toolbox_29_0)
+(typeattribute toolbox_exec_29_0)
+(typeattribute trace_data_file_29_0)
+(typeattribute traced_29_0)
+(typeattribute traced_consumer_socket_29_0)
+(typeattribute traced_enabled_prop_29_0)
+(typeattribute traced_lazy_prop_29_0)
+(typeattribute traced_probes_29_0)
+(typeattribute traced_producer_socket_29_0)
+(typeattribute traceur_app_29_0)
+(typeattribute trust_service_29_0)
+(typeattribute tty_device_29_0)
+(typeattribute tun_device_29_0)
+(typeattribute tv_input_service_29_0)
+(typeattribute tzdatacheck_29_0)
+(typeattribute tzdatacheck_exec_29_0)
+(typeattribute ueventd_29_0)
+(typeattribute ueventd_tmpfs_29_0)
+(typeattribute uhid_device_29_0)
+(typeattribute uimode_service_29_0)
+(typeattribute uio_device_29_0)
+(typeattribute uncrypt_29_0)
+(typeattribute uncrypt_exec_29_0)
+(typeattribute uncrypt_socket_29_0)
+(typeattribute unencrypted_data_file_29_0)
+(typeattribute unlabeled_29_0)
+(typeattribute untrusted_app_25_29_0)
+(typeattribute untrusted_app_27_29_0)
+(typeattribute untrusted_app_29_0)
+(typeattribute untrusted_app_all)
+(typeattribute untrusted_app_visible_halserver_violators)
+(typeattribute untrusted_app_visible_hwservice_violators)
+(typeattribute update_engine_29_0)
+(typeattribute update_engine_common)
+(typeattribute update_engine_data_file_29_0)
+(typeattribute update_engine_exec_29_0)
+(typeattribute update_engine_log_data_file_29_0)
+(typeattribute update_engine_service_29_0)
+(typeattribute update_verifier_29_0)
+(typeattribute update_verifier_exec_29_0)
+(typeattribute updatelock_service_29_0)
+(typeattribute uri_grants_service_29_0)
+(typeattribute usagestats_service_29_0)
+(typeattribute usb_device_29_0)
+(typeattribute usb_service_29_0)
+(typeattribute usbaccessory_device_29_0)
+(typeattribute usbd_29_0)
+(typeattribute usbd_exec_29_0)
+(typeattribute usbfs_29_0)
+(typeattribute use_memfd_prop_29_0)
+(typeattribute user_profile_data_file_29_0)
+(typeattribute user_service_29_0)
+(typeattribute userdata_block_device_29_0)
+(typeattribute usermodehelper_29_0)
+(typeattribute vdc_29_0)
+(typeattribute vdc_exec_29_0)
+(typeattribute vendor_app_file_29_0)
+(typeattribute vendor_cgroup_desc_file_29_0)
+(typeattribute vendor_configs_file_29_0)
+(typeattribute vendor_data_file_29_0)
+(typeattribute vendor_default_prop_29_0)
+(typeattribute vendor_executes_system_violators)
+(typeattribute vendor_file_29_0)
+(typeattribute vendor_file_type)
+(typeattribute vendor_framework_file_29_0)
+(typeattribute vendor_hal_file_29_0)
+(typeattribute vendor_idc_file_29_0)
+(typeattribute vendor_init_29_0)
+(typeattribute vendor_keychars_file_29_0)
+(typeattribute vendor_keylayout_file_29_0)
+(typeattribute vendor_overlay_file_29_0)
+(typeattribute vendor_public_lib_file_29_0)
+(typeattribute vendor_security_patch_level_prop_29_0)
+(typeattribute vendor_shell_29_0)
+(typeattribute vendor_shell_exec_29_0)
+(typeattribute vendor_task_profiles_file_29_0)
+(typeattribute vendor_toolbox_exec_29_0)
+(typeattribute vfat_29_0)
+(typeattribute vibrator_service_29_0)
+(typeattribute video_device_29_0)
+(typeattribute virtual_touchpad_29_0)
+(typeattribute virtual_touchpad_exec_29_0)
+(typeattribute virtual_touchpad_service_29_0)
+(typeattribute vndbinder_device_29_0)
+(typeattribute vndk_sp_file_29_0)
+(typeattribute vndservice_contexts_file_29_0)
+(typeattribute vndservice_manager_type)
+(typeattribute vndservicemanager_29_0)
+(typeattribute voiceinteraction_service_29_0)
+(typeattribute vold_29_0)
+(typeattribute vold_data_file_29_0)
+(typeattribute vold_device_29_0)
+(typeattribute vold_exec_29_0)
+(typeattribute vold_metadata_file_29_0)
+(typeattribute vold_prepare_subdirs_29_0)
+(typeattribute vold_prepare_subdirs_exec_29_0)
+(typeattribute vold_prop_29_0)
+(typeattribute vold_service_29_0)
+(typeattribute vpn_data_file_29_0)
+(typeattribute vr_hwc_29_0)
+(typeattribute vr_hwc_exec_29_0)
+(typeattribute vr_hwc_service_29_0)
+(typeattribute vr_manager_service_29_0)
+(typeattribute vrflinger_vsync_service_29_0)
+(typeattribute wallpaper_file_29_0)
+(typeattribute wallpaper_service_29_0)
+(typeattribute watchdog_device_29_0)
+(typeattribute watchdogd_29_0)
+(typeattribute watchdogd_exec_29_0)
+(typeattribute webview_zygote_29_0)
+(typeattribute webview_zygote_exec_29_0)
+(typeattribute webview_zygote_tmpfs_29_0)
+(typeattribute webviewupdate_service_29_0)
+(typeattribute wifi_data_file_29_0)
+(typeattribute wifi_keystore_service_server)
+(typeattribute wifi_log_prop_29_0)
+(typeattribute wifi_prop_29_0)
+(typeattribute wifi_service_29_0)
+(typeattribute wifiaware_service_29_0)
+(typeattribute wificond_29_0)
+(typeattribute wificond_exec_29_0)
+(typeattribute wificond_service_29_0)
+(typeattribute wifip2p_service_29_0)
+(typeattribute wifiscanner_service_29_0)
+(typeattribute window_service_29_0)
+(typeattribute wpa_socket_29_0)
+(typeattribute wpantund_29_0)
+(typeattribute wpantund_exec_29_0)
+(typeattribute wpantund_service_29_0)
+(typeattribute zero_device_29_0)
+(typeattribute zoneinfo_data_file_29_0)
+(typeattribute zygote_29_0)
+(typeattribute zygote_exec_29_0)
+(typeattribute zygote_socket_29_0)
+(typeattribute zygote_tmpfs_29_0)
diff --git a/prebuilts/api/29.0/private/adbd.te b/prebuilts/api/29.0/private/adbd.te
index 2fa4af6..ec5c57e 100644
--- a/prebuilts/api/29.0/private/adbd.te
+++ b/prebuilts/api/29.0/private/adbd.te
@@ -23,6 +23,10 @@
unix_socket_connect(adbd, recovery, recovery)
')
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
allow adbd shell:process { noatsecure signal };
diff --git a/prebuilts/api/29.0/private/atrace.te b/prebuilts/api/29.0/private/atrace.te
index 75be787..0cdd35a 100644
--- a/prebuilts/api/29.0/private/atrace.te
+++ b/prebuilts/api/29.0/private/atrace.te
@@ -24,7 +24,16 @@
# atrace pokes all the binder-enabled processes at startup with a
# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
-# Allow discovery of binder services.
+binder_use(atrace)
+allow atrace healthd:binder call;
+allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+
+get_prop(atrace, hwservicemanager_prop)
+
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
allow atrace {
service_manager_type
-apex_service
@@ -40,33 +49,6 @@
}:service_manager { find };
allow atrace servicemanager:service_manager list;
-# Allow notifying the processes hosting specific binder services that
-# trace-related system properties have changed.
-binder_use(atrace)
-allow atrace healthd:binder call;
-allow atrace surfaceflinger:binder call;
-allow atrace system_server:binder call;
-allow atrace cameraserver:binder call;
-
-# Similarly, on debug builds, allow specific HALs to be notified that
-# trace-related system properties have changed.
-userdebug_or_eng(`
- # List HAL interfaces.
- allow atrace hwservicemanager:hwservice_manager list;
- # Notify the camera HAL.
- hal_client_domain(atrace, hal_camera)
-')
-
-# Remove logspam from notification attempts to non-whitelisted services.
-dontaudit atrace hwservice_manager_type:hwservice_manager find;
-dontaudit atrace service_manager_type:service_manager find;
-dontaudit atrace domain:binder call;
-
-# atrace can call atrace HAL
-hal_client_domain(atrace, hal_atrace)
-
-get_prop(atrace, hwservicemanager_prop)
-
userdebug_or_eng(`
# atrace is generally invoked as a standalone binary from shell or perf
# daemons like Perfetto traced_probes. However, in userdebug builds, there is
diff --git a/prebuilts/api/29.0/private/compat/26.0/26.0.cil b/prebuilts/api/29.0/private/compat/26.0/26.0.cil
index 3b3dae1..60f42b9 100644
--- a/prebuilts/api/29.0/private/compat/26.0/26.0.cil
+++ b/prebuilts/api/29.0/private/compat/26.0/26.0.cil
@@ -336,6 +336,7 @@
(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
(typeattributeset mdns_socket_26_0 (mdns_socket))
(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset hal_omx_server (mediacodec_26_0))
(typeattributeset mediacodec_26_0 (mediacodec))
(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
(typeattributeset mediacodec_service_26_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/27.0/27.0.cil b/prebuilts/api/29.0/private/compat/27.0/27.0.cil
index 365d791..8c8f82f 100644
--- a/prebuilts/api/29.0/private/compat/27.0/27.0.cil
+++ b/prebuilts/api/29.0/private/compat/27.0/27.0.cil
@@ -1047,6 +1047,7 @@
(typeattributeset mdnsd_27_0 (mdnsd))
(typeattributeset mdnsd_socket_27_0 (mdnsd_socket))
(typeattributeset mdns_socket_27_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_27_0))
(typeattributeset mediacodec_27_0 (mediacodec))
(typeattributeset mediacodec_exec_27_0 (mediacodec_exec))
(typeattributeset mediacodec_service_27_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.cil
index 305cb3a..338cbd0 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.cil
@@ -1242,6 +1242,7 @@
(typeattributeset mdnsd_28_0 (mdnsd))
(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_28_0))
(typeattributeset mediacodec_28_0 (mediacodec))
(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
(typeattributeset mediacodec_service_28_0 (mediacodec_service))
diff --git a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
index 98c4b9c..ed3671f 100644
--- a/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
+++ b/prebuilts/api/29.0/private/compat/28.0/28.0.ignore.cil
@@ -49,6 +49,7 @@
dynamic_system_prop
face_service
face_vendor_data_file
+ sota_prop
fastbootd
flags_health_check
flags_health_check_exec
diff --git a/prebuilts/api/29.0/private/coredomain.te b/prebuilts/api/29.0/private/coredomain.te
index 705483b..169f6b2 100644
--- a/prebuilts/api/29.0/private/coredomain.te
+++ b/prebuilts/api/29.0/private/coredomain.te
@@ -82,7 +82,7 @@
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
- } vendor_overlay_file:file open;
+ } vendor_overlay_file:file r_file_perms;
')
# Core domains are not permitted to use kernel interfaces which are not
diff --git a/prebuilts/api/29.0/private/dexoptanalyzer.te b/prebuilts/api/29.0/private/dexoptanalyzer.te
index 59554c8..2c0e1a4 100644
--- a/prebuilts/api/29.0/private/dexoptanalyzer.te
+++ b/prebuilts/api/29.0/private/dexoptanalyzer.te
@@ -22,7 +22,7 @@
# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
-allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read };
+allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
index 202d1b3..380d4a0 100644
--- a/prebuilts/api/29.0/private/genfs_contexts
+++ b/prebuilts/api/29.0/private/genfs_contexts
@@ -213,6 +213,7 @@
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -233,6 +234,8 @@
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
@@ -255,6 +258,7 @@
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
@@ -275,6 +279,8 @@
genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0
diff --git a/prebuilts/api/29.0/private/gpuservice.te b/prebuilts/api/29.0/private/gpuservice.te
index ebfff76..9e17d06 100644
--- a/prebuilts/api/29.0/private/gpuservice.te
+++ b/prebuilts/api/29.0/private/gpuservice.te
@@ -31,6 +31,10 @@
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
+# Needed for dumpstate to dumpsys gpu.
+allow gpuservice dumpstate:fd use;
+allow gpuservice dumpstate:fifo_file write;
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/prebuilts/api/29.0/private/gsid.te b/prebuilts/api/29.0/private/gsid.te
index 1a35a4b..5dcf746 100644
--- a/prebuilts/api/29.0/private/gsid.te
+++ b/prebuilts/api/29.0/private/gsid.te
@@ -118,7 +118,6 @@
neverallow {
domain
-gsid
- -init
} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
neverallow {
diff --git a/prebuilts/api/29.0/private/incidentd.te b/prebuilts/api/29.0/private/incidentd.te
index 0c57f0f..b93f1b2 100644
--- a/prebuilts/api/29.0/private/incidentd.te
+++ b/prebuilts/api/29.0/private/incidentd.te
@@ -49,13 +49,6 @@
allow incidentd stats_service:service_manager find;
binder_call(incidentd, statsd)
-# section id 3026, allow reading /data/misc/perfetto-traces.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow incidentd perfetto_traces_data_file:dir r_dir_perms;
- allow incidentd perfetto_traces_data_file:file r_file_perms;
-');
-
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
@@ -154,14 +147,12 @@
### neverallow rules
###
-# only specific domains can find the incident service
-# TODO(b/134706389): remove "perfetto" when no longer used.
+# only dumpstate, system_server, system_app and incident command can find the incident service
neverallow {
domain
-dumpstate
-incident
-incidentd
- userdebug_or_eng(`-perfetto')
-priv_app
-statsd
-system_app
diff --git a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
index 4bc1e2c..b2a1fb1 100644
--- a/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
+++ b/prebuilts/api/29.0/private/migrate_legacy_obb_data.te
@@ -10,6 +10,14 @@
allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid };
+allow migrate_legacy_obb_data mnt_user_file:dir search;
+allow migrate_legacy_obb_data mnt_user_file:lnk_file read;
+allow migrate_legacy_obb_data storage_file:dir search;
+allow migrate_legacy_obb_data storage_file:lnk_file read;
+
+allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms;
+allow migrate_legacy_obb_data sdcard_type:file create_file_perms;
+
# TODO: This should not be necessary. We don't deliberately hand over
# any open file descriptors to this domain, so anything that triggers this
# should be a candidate for O_CLOEXEC.
diff --git a/prebuilts/api/29.0/private/perfetto.te b/prebuilts/api/29.0/private/perfetto.te
index 419c4b9..60a6250 100644
--- a/prebuilts/api/29.0/private/perfetto.te
+++ b/prebuilts/api/29.0/private/perfetto.te
@@ -37,19 +37,12 @@
allow perfetto adbd:fd use;
allow perfetto adbd:unix_stream_socket { read write };
-# Allow adbd to reap perfetto
+# allow adbd to reap perfetto
allow perfetto adbd:process { sigchld };
# Allow to access /dev/pts when launched in an adb shell.
allow perfetto devpts:chr_file rw_file_perms;
-# Allow perfetto to ask incidentd to start a report.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow perfetto incident_service:service_manager find;
- binder_call(perfetto, incidentd)
-');
-
###
### Neverallow rules
###
diff --git a/prebuilts/api/29.0/private/property_contexts b/prebuilts/api/29.0/private/property_contexts
index 8456fdb..cb81ba6 100644
--- a/prebuilts/api/29.0/private/property_contexts
+++ b/prebuilts/api/29.0/private/property_contexts
@@ -107,7 +107,6 @@
# ctl properties
ctl.bootanim u:object_r:ctl_bootanim_prop:s0
-ctl.android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.fuse_ u:object_r:ctl_fuse_prop:s0
ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0
@@ -136,6 +135,9 @@
ctl.stop$gsid u:object_r:ctl_gsid_prop:s0
ctl.restart$gsid u:object_r:ctl_gsid_prop:s0
+# Restrict access to restart dumpstate
+ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0
+
# NFC properties
nfc. u:object_r:nfc_prop:s0
diff --git a/prebuilts/api/29.0/private/statsd.te b/prebuilts/api/29.0/private/statsd.te
index 9d250bd..99548a0 100644
--- a/prebuilts/api/29.0/private/statsd.te
+++ b/prebuilts/api/29.0/private/statsd.te
@@ -18,6 +18,3 @@
# Allow incidentd to obtain the statsd incident section.
allow statsd incidentd:fifo_file write;
-
-# Allow StatsCompanionService to pipe data to statsd.
-allow statsd system_server:fifo_file { read getattr };
diff --git a/prebuilts/api/29.0/private/system_server.te b/prebuilts/api/29.0/private/system_server.te
index 5bec849..73891c9 100644
--- a/prebuilts/api/29.0/private/system_server.te
+++ b/prebuilts/api/29.0/private/system_server.te
@@ -283,6 +283,7 @@
hal_graphics_composer_server
hal_health_server
hal_omx_server
+ hal_power_stats_server
hal_sensors_server
hal_vr_server
}:process { signal };
@@ -846,6 +847,7 @@
r_dir_file(system_server, proc_net_type)
r_dir_file(system_server, proc_qtaguid_stat)
allow system_server {
+ proc_cmdline
proc_loadavg
proc_meminfo
proc_pagetypeinfo
diff --git a/prebuilts/api/29.0/public/adbd.te b/prebuilts/api/29.0/public/adbd.te
index 68a176c..4a1f633 100644
--- a/prebuilts/api/29.0/public/adbd.te
+++ b/prebuilts/api/29.0/public/adbd.te
@@ -6,3 +6,6 @@
# Only init is allowed to enter the adbd domain via exec()
neverallow { domain -init } adbd:process transition;
neverallow * adbd:process dyntransition;
+
+# Allow adbd start/stop mdnsd via ctl.start
+set_prop(adbd, ctl_mdnsd_prop)
diff --git a/prebuilts/api/29.0/public/domain.te b/prebuilts/api/29.0/public/domain.te
index f348701..987bb9f 100644
--- a/prebuilts/api/29.0/public/domain.te
+++ b/prebuilts/api/29.0/public/domain.te
@@ -1154,7 +1154,6 @@
-system_server
-system_app
-init
- -toolbox # TODO(b/141108496) We want to remove toolbox
-installd # for relabelfrom and unlink, check for this in explicit neverallow
-vold_prepare_subdirs # For unlink
with_asan(`-asan_extract')
@@ -1408,3 +1407,4 @@
-hal_codec2_server
-hal_omx_server
} hal_codec2_hwservice:hwservice_manager add;
+
diff --git a/prebuilts/api/29.0/public/drmserver.te b/prebuilts/api/29.0/public/drmserver.te
index b7d4057..b7b641c 100644
--- a/prebuilts/api/29.0/public/drmserver.te
+++ b/prebuilts/api/29.0/public/drmserver.te
@@ -48,9 +48,6 @@
allow drmserver oemfs:dir search;
allow drmserver oemfs:file r_file_perms;
-# overlay package access
-allow drmserver vendor_overlay_file:file { read map };
-
add_service(drmserver, drmserver_service)
allow drmserver permission_service:service_manager find;
diff --git a/prebuilts/api/29.0/public/init.te b/prebuilts/api/29.0/public/init.te
index 6857ff9..2d52f59 100644
--- a/prebuilts/api/29.0/public/init.te
+++ b/prebuilts/api/29.0/public/init.te
@@ -46,8 +46,6 @@
userdata_block_device
}:{ blk_file lnk_file } relabelto;
-allow init super_block_device:lnk_file relabelto;
-
# setrlimit
allow init self:global_capability_class_set sys_resource;
@@ -167,6 +165,7 @@
file_type
-app_data_file
-exec_type
+ -gsi_data_file
-iorapd_data_file
-keystore_data_file
-misc_logd_file
@@ -364,6 +363,7 @@
sysfs_leds
sysfs_power
sysfs_fs_f2fs
+ sysfs_dm
}:file w_file_perms;
allow init {
diff --git a/prebuilts/api/29.0/public/mediaextractor.te b/prebuilts/api/29.0/public/mediaextractor.te
index 859ec9c..4bedb0f 100644
--- a/prebuilts/api/29.0/public/mediaextractor.te
+++ b/prebuilts/api/29.0/public/mediaextractor.te
@@ -34,9 +34,6 @@
allow mediaextractor asec_apk_file:file { read getattr };
allow mediaextractor ringtone_file:file { read getattr };
-# overlay package access
-allow mediaextractor vendor_overlay_file:file { read map };
-
# scan extractor library directory to dynamically load extractors
allow mediaextractor system_file:dir { read open };
diff --git a/prebuilts/api/29.0/public/mediaserver.te b/prebuilts/api/29.0/public/mediaserver.te
index 8672eac..70d0a55 100644
--- a/prebuilts/api/29.0/public/mediaserver.te
+++ b/prebuilts/api/29.0/public/mediaserver.te
@@ -131,9 +131,6 @@
# b/120491318 allow mediaserver to access void:fd
allow mediaserver vold:fd use;
-# overlay package access
-allow mediaserver vendor_overlay_file:file { read getattr map };
-
hal_client_domain(mediaserver, hal_allocator)
###
diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te
index e166c00..4ccd8ac 100644
--- a/prebuilts/api/29.0/public/property.te
+++ b/prebuilts/api/29.0/public/property.te
@@ -1,6 +1,7 @@
type apexd_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type boottime_public_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_audio_hal_prop, property_type;
type bluetooth_prop, property_type;
@@ -44,6 +45,7 @@
type dumpstate_prop, property_type, core_property_type;
type dynamic_system_prop, property_type;
type exported_secure_prop, property_type;
+type sota_prop, property_type;
type ffs_prop, property_type, core_property_type;
type fingerprint_prop, property_type, core_property_type;
type firstboot_prop, property_type;
@@ -360,6 +362,7 @@
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
+ -boottime_public_prop
-bpf_progs_loaded_prop
-config_prop
-cppreopt_prop
@@ -412,6 +415,7 @@
-exported_vold_prop
-exported_wifi_prop
-extended_core_property_type
+ -sota_prop
-ffs_prop
-fingerprint_prop
-firstboot_prop
diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts
index 803a959..865502e 100644
--- a/prebuilts/api/29.0/public/property_contexts
+++ b/prebuilts/api/29.0/public/property_contexts
@@ -11,11 +11,13 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -89,6 +92,7 @@
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
@@ -111,7 +115,11 @@
ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string
ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int
ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int
ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
+ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
@@ -207,6 +215,8 @@
ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string
ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string
ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string
+ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string
+ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string
ro.boot.console u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string
ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string
@@ -392,5 +402,7 @@
ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int
+ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int
ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool
ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
+ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
diff --git a/prebuilts/api/29.0/public/recovery.te b/prebuilts/api/29.0/public/recovery.te
index 2b77bc3..35964ef 100644
--- a/prebuilts/api/29.0/public/recovery.te
+++ b/prebuilts/api/29.0/public/recovery.te
@@ -138,10 +138,6 @@
# This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched;
-
- # These are needed to update dynamic partitions in recovery.
- r_dir_file(recovery, sysfs_dm)
- allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
')
###
diff --git a/prebuilts/api/29.0/public/service.te b/prebuilts/api/29.0/public/service.te
index 92f8a09..a2193d0 100644
--- a/prebuilts/api/29.0/public/service.te
+++ b/prebuilts/api/29.0/public/service.te
@@ -10,7 +10,7 @@
type fingerprintd_service, service_manager_type;
type hal_fingerprint_service, service_manager_type;
type gatekeeper_service, app_api_service, service_manager_type;
-type gpu_service, service_manager_type;
+type gpu_service, app_api_service, service_manager_type;
type idmap_service, service_manager_type;
type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
diff --git a/prebuilts/api/29.0/public/toolbox.te b/prebuilts/api/29.0/public/toolbox.te
index fcf0ec3..19cc3b6 100644
--- a/prebuilts/api/29.0/public/toolbox.te
+++ b/prebuilts/api/29.0/public/toolbox.te
@@ -22,7 +22,3 @@
neverallow { domain -init } toolbox:process transition;
neverallow * toolbox:process dyntransition;
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
-
-# rm -rf directories in /data
-allow toolbox system_data_file:dir { rmdir rw_dir_perms };
-allow toolbox system_data_file:file { getattr unlink };
diff --git a/prebuilts/api/29.0/public/vendor_misc_writer.te b/prebuilts/api/29.0/public/vendor_misc_writer.te
index 7093fec..dee9941 100644
--- a/prebuilts/api/29.0/public/vendor_misc_writer.te
+++ b/prebuilts/api/29.0/public/vendor_misc_writer.te
@@ -6,6 +6,8 @@
allow vendor_misc_writer misc_block_device:blk_file w_file_perms;
allow vendor_misc_writer block_device:dir r_dir_perms;
-# Silence the denial when calling libfstab's ReadDefaultFstab.
+# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to
+# load DT fstab.
dontaudit vendor_misc_writer proc_cmdline:file read;
dontaudit vendor_misc_writer metadata_file:dir search;
+dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search;
diff --git a/prebuilts/api/29.0/vendor_sepolicy.cil b/prebuilts/api/29.0/vendor_sepolicy.cil
new file mode 100644
index 0000000..4a3aac3
--- /dev/null
+++ b/prebuilts/api/29.0/vendor_sepolicy.cil
@@ -0,0 +1 @@
+;; empty stub
diff --git a/prebuilts/api/30.0/private/access_vectors b/prebuilts/api/30.0/private/access_vectors
new file mode 100644
index 0000000..4144be8
--- /dev/null
+++ b/prebuilts/api/30.0/private/access_vectors
@@ -0,0 +1,741 @@
+#
+# Define common prefixes for access vectors
+#
+# common common_name { permission_name ... }
+
+
+#
+# Define a common prefix for file access vectors.
+#
+
+common file
+{
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ map
+ unlink
+ link
+ rename
+ execute
+ quotaon
+ mounton
+ audit_access
+ open
+ execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
+}
+
+
+#
+# Define a common prefix for socket access vectors.
+#
+
+common socket
+{
+# inherited from file
+ ioctl
+ read
+ write
+ create
+ getattr
+ setattr
+ lock
+ relabelfrom
+ relabelto
+ append
+ map
+# socket-specific
+ bind
+ connect
+ listen
+ accept
+ getopt
+ setopt
+ shutdown
+ recvfrom
+ sendto
+ name_bind
+}
+
+#
+# Define a common prefix for ipc access vectors.
+#
+
+common ipc
+{
+ create
+ destroy
+ getattr
+ setattr
+ read
+ write
+ associate
+ unix_read
+ unix_write
+}
+
+#
+# Define a common for capability access vectors.
+#
+common cap
+{
+ # The capabilities are defined in include/linux/capability.h
+ # Capabilities >= 32 are defined in the cap2 common.
+ # Care should be taken to ensure that these are consistent with
+ # those definitions. (Order matters)
+
+ chown
+ dac_override
+ dac_read_search
+ fowner
+ fsetid
+ kill
+ setgid
+ setuid
+ setpcap
+ linux_immutable
+ net_bind_service
+ net_broadcast
+ net_admin
+ net_raw
+ ipc_lock
+ ipc_owner
+ sys_module
+ sys_rawio
+ sys_chroot
+ sys_ptrace
+ sys_pacct
+ sys_admin
+ sys_boot
+ sys_nice
+ sys_resource
+ sys_time
+ sys_tty_config
+ mknod
+ lease
+ audit_write
+ audit_control
+ setfcap
+}
+
+common cap2
+{
+ mac_override # unused by SELinux
+ mac_admin
+ syslog
+ wake_alarm
+ block_suspend
+ audit_read
+}
+
+#
+# Define the access vectors.
+#
+# class class_name [ inherits common_name ] { permission_name ... }
+
+
+#
+# Define the access vector interpretation for file-related objects.
+#
+
+class filesystem
+{
+ mount
+ remount
+ unmount
+ getattr
+ relabelfrom
+ relabelto
+ associate
+ quotamod
+ quotaget
+ watch
+}
+
+class dir
+inherits file
+{
+ add_name
+ remove_name
+ reparent
+ search
+ rmdir
+}
+
+class file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class lnk_file
+inherits file
+
+class chr_file
+inherits file
+{
+ execute_no_trans
+ entrypoint
+}
+
+class blk_file
+inherits file
+
+class sock_file
+inherits file
+
+class fifo_file
+inherits file
+
+class fd
+{
+ use
+}
+
+
+#
+# Define the access vector interpretation for network-related objects.
+#
+
+class socket
+inherits socket
+
+class tcp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+}
+
+class udp_socket
+inherits socket
+{
+ node_bind
+}
+
+class rawip_socket
+inherits socket
+{
+ node_bind
+}
+
+class node
+{
+ recvfrom
+ sendto
+}
+
+class netif
+{
+ ingress
+ egress
+}
+
+class netlink_socket
+inherits socket
+
+class packet_socket
+inherits socket
+
+class key_socket
+inherits socket
+
+class unix_stream_socket
+inherits socket
+{
+ connectto
+}
+
+class unix_dgram_socket
+inherits socket
+
+#
+# Define the access vector interpretation for process-related objects
+#
+
+class process
+{
+ fork
+ transition
+ sigchld # commonly granted from child to parent
+ sigkill # cannot be caught or ignored
+ sigstop # cannot be caught or ignored
+ signull # for kill(pid, 0)
+ signal # all other signals
+ ptrace
+ getsched
+ setsched
+ getsession
+ getpgid
+ setpgid
+ getcap
+ setcap
+ share
+ getattr
+ setexec
+ setfscreate
+ noatsecure
+ siginh
+ setrlimit
+ rlimitinh
+ dyntransition
+ setcurrent
+ execmem
+ execstack
+ execheap
+ setkeycreate
+ setsockcreate
+ getrlimit
+}
+
+class process2
+{
+ nnp_transition
+ nosuid_transition
+}
+
+#
+# Define the access vector interpretation for ipc-related objects
+#
+
+class ipc
+inherits ipc
+
+class sem
+inherits ipc
+
+class msgq
+inherits ipc
+{
+ enqueue
+}
+
+class msg
+{
+ send
+ receive
+}
+
+class shm
+inherits ipc
+{
+ lock
+}
+
+
+#
+# Define the access vector interpretation for the security server.
+#
+
+class security
+{
+ compute_av
+ compute_create
+ compute_member
+ check_context
+ load_policy
+ compute_relabel
+ compute_user
+ setenforce # was avc_toggle in system class
+ setbool
+ setsecparam
+ setcheckreqprot
+ read_policy
+ validate_trans
+}
+
+
+#
+# Define the access vector interpretation for system operations.
+#
+
+class system
+{
+ ipc_info
+ syslog_read
+ syslog_mod
+ syslog_console
+ module_request
+ module_load
+}
+
+#
+# Define the access vector interpretation for controlling capabilities
+#
+
+class capability
+inherits cap
+
+class capability2
+inherits cap2
+
+#
+# Extended Netlink classes
+#
+class netlink_route_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+ nlmsg_readpriv
+}
+
+class netlink_tcpdiag_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+
+class netlink_nflog_socket
+inherits socket
+
+class netlink_xfrm_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+}
+
+class netlink_selinux_socket
+inherits socket
+
+class netlink_audit_socket
+inherits socket
+{
+ nlmsg_read
+ nlmsg_write
+ nlmsg_relay
+ nlmsg_readpriv
+ nlmsg_tty_audit
+}
+
+class netlink_dnrt_socket
+inherits socket
+
+# Define the access vector interpretation for controlling
+# access to IPSec network data by association
+#
+class association
+{
+ sendto
+ recvfrom
+ setcontext
+ polmatch
+}
+
+# Updated Netlink class for KOBJECT_UEVENT family.
+class netlink_kobject_uevent_socket
+inherits socket
+
+class appletalk_socket
+inherits socket
+
+class packet
+{
+ send
+ recv
+ relabelto
+ forward_in
+ forward_out
+}
+
+class key
+{
+ view
+ read
+ write
+ search
+ link
+ setattr
+ create
+}
+
+class dccp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+}
+
+class memprotect
+{
+ mmap_zero
+}
+
+# network peer labels
+class peer
+{
+ recv
+}
+
+class kernel_service
+{
+ use_as_override
+ create_files_as
+}
+
+class tun_socket
+inherits socket
+{
+ attach_queue
+}
+
+class binder
+{
+ impersonate
+ call
+ set_context_mgr
+ transfer
+}
+
+class netlink_iscsi_socket
+inherits socket
+
+class netlink_fib_lookup_socket
+inherits socket
+
+class netlink_connector_socket
+inherits socket
+
+class netlink_netfilter_socket
+inherits socket
+
+class netlink_generic_socket
+inherits socket
+
+class netlink_scsitransport_socket
+inherits socket
+
+class netlink_rdma_socket
+inherits socket
+
+class netlink_crypto_socket
+inherits socket
+
+class infiniband_pkey
+{
+ access
+}
+
+class infiniband_endport
+{
+ manage_subnet
+}
+
+#
+# Define the access vector interpretation for controlling capabilities
+# in user namespaces
+#
+
+class cap_userns
+inherits cap
+
+class cap2_userns
+inherits cap2
+
+
+#
+# Define the access vector interpretation for the new socket classes
+# enabled by the extended_socket_class policy capability.
+#
+
+#
+# The next two classes were previously mapped to rawip_socket and therefore
+# have the same definition as rawip_socket (until further permissions
+# are defined).
+#
+class sctp_socket
+inherits socket
+{
+ node_bind
+ name_connect
+ association
+}
+
+class icmp_socket
+inherits socket
+{
+ node_bind
+}
+
+#
+# The remaining network socket classes were previously
+# mapped to the socket class and therefore have the
+# same definition as socket.
+#
+
+class ax25_socket
+inherits socket
+
+class ipx_socket
+inherits socket
+
+class netrom_socket
+inherits socket
+
+class atmpvc_socket
+inherits socket
+
+class x25_socket
+inherits socket
+
+class rose_socket
+inherits socket
+
+class decnet_socket
+inherits socket
+
+class atmsvc_socket
+inherits socket
+
+class rds_socket
+inherits socket
+
+class irda_socket
+inherits socket
+
+class pppox_socket
+inherits socket
+
+class llc_socket
+inherits socket
+
+class can_socket
+inherits socket
+
+class tipc_socket
+inherits socket
+
+class bluetooth_socket
+inherits socket
+
+class iucv_socket
+inherits socket
+
+class rxrpc_socket
+inherits socket
+
+class isdn_socket
+inherits socket
+
+class phonet_socket
+inherits socket
+
+class ieee802154_socket
+inherits socket
+
+class caif_socket
+inherits socket
+
+class alg_socket
+inherits socket
+
+class nfc_socket
+inherits socket
+
+class vsock_socket
+inherits socket
+
+class kcm_socket
+inherits socket
+
+class qipcrtr_socket
+inherits socket
+
+class smc_socket
+inherits socket
+
+class bpf
+{
+ map_create
+ map_read
+ map_write
+ prog_load
+ prog_run
+}
+
+class property_service
+{
+ set
+}
+
+class service_manager
+{
+ add
+ find
+ list
+}
+
+class hwservice_manager
+{
+ add
+ find
+ list
+}
+
+class keystore_key
+{
+ get_state
+ get
+ insert
+ delete
+ exist
+ list
+ reset
+ password
+ lock
+ unlock
+ is_empty
+ sign
+ verify
+ grant
+ duplicate
+ clear_uid
+ add_auth
+ user_changed
+ gen_unique_id
+}
+
+class drmservice {
+ consumeRights
+ setPlaybackStatus
+ openDecryptSession
+ closeDecryptSession
+ initializeDecryptUnit
+ decrypt
+ finalizeDecryptUnit
+ pread
+}
+
+class xdp_socket
+inherits socket
+
+class perf_event
+{
+ open
+ cpu
+ kernel
+ tracepoint
+ read
+ write
+}
+
+class lockdown
+{
+ integrity
+ confidentiality
+}
diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te
new file mode 100644
index 0000000..be4f0f7
--- /dev/null
+++ b/prebuilts/api/30.0/private/adbd.te
@@ -0,0 +1,205 @@
+### ADB daemon
+
+typeattribute adbd coredomain;
+typeattribute adbd mlstrustedsubject;
+
+init_daemon_domain(adbd)
+
+domain_auto_trans(adbd, shell_exec, shell)
+
+userdebug_or_eng(`
+ allow adbd self:process setcurrent;
+ allow adbd su:process dyntransition;
+')
+
+# When 'adb shell' is executed in recovery mode, adbd explicitly
+# switches into shell domain using setcon() because the shell executable
+# is not labeled as shell but as rootfs.
+recovery_only(`
+ domain_trans(adbd, rootfs, shell)
+ allow adbd shell:process dyntransition;
+
+ # Allows reboot fastboot to enter fastboot directly
+ unix_socket_connect(adbd, recovery, recovery)
+')
+
+# Control Perfetto traced and obtain traces from it.
+# Needed to allow port forwarding directly to traced.
+unix_socket_connect(adbd, traced_consumer, traced)
+
+# Do not sanitize the environment or open fds of the shell. Allow signaling
+# created processes.
+allow adbd shell:process { noatsecure signal };
+
+# Set UID and GID to shell. Set supplementary groups.
+allow adbd self:global_capability_class_set { setuid setgid };
+
+# Drop capabilities from bounding set on user builds.
+allow adbd self:global_capability_class_set setpcap;
+
+# ignore spurious denials for adbd when disk space is low.
+dontaudit adbd self:global_capability_class_set sys_resource;
+
+# adbd probes for vsock support. Do not generate denials when
+# this occurs. (b/123569840)
+dontaudit adbd self:{ socket vsock_socket } create;
+
+# Create and use network sockets.
+net_domain(adbd)
+
+# Access /dev/usb-ffs/adb/ep0
+allow adbd functionfs:dir search;
+allow adbd functionfs:file rw_file_perms;
+allowxperm adbd functionfs:file ioctl {
+ FUNCTIONFS_ENDPOINT_DESC
+ FUNCTIONFS_CLEAR_HALT
+};
+
+# Use a pseudo tty.
+allow adbd devpts:chr_file rw_file_perms;
+
+# adb push/pull /data/local/tmp.
+allow adbd shell_data_file:dir create_dir_perms;
+allow adbd shell_data_file:file create_file_perms;
+
+# adb pull /data/local/traces/*
+allow adbd trace_data_file:dir r_dir_perms;
+allow adbd trace_data_file:file r_file_perms;
+
+# adb pull /data/misc/profman.
+allow adbd profman_dump_data_file:dir r_dir_perms;
+allow adbd profman_dump_data_file:file r_file_perms;
+
+# adb push/pull sdcard.
+allow adbd tmpfs:dir search;
+allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
+allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
+allow adbd sdcard_type:dir create_dir_perms;
+allow adbd sdcard_type:file create_file_perms;
+
+# adb pull /data/anr/traces.txt
+allow adbd anr_data_file:dir r_dir_perms;
+allow adbd anr_data_file:file r_file_perms;
+
+# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties.
+set_prop(adbd, shell_prop)
+set_prop(adbd, powerctl_prop)
+set_prop(adbd, ffs_prop)
+set_prop(adbd, exported_ffs_prop)
+
+# Set service.adb.tls.port, persist.adb.wifi. properties
+set_prop(adbd, adbd_prop)
+
+# Access device logging gating property
+get_prop(adbd, device_logging_prop)
+
+# Read device's serial number from system properties
+get_prop(adbd, serialno_prop)
+
+# Read whether or not Test Harness Mode is enabled
+get_prop(adbd, test_harness_prop)
+
+# Read persist.adb.tls_server.enable property
+get_prop(adbd, system_adbd_prop)
+
+# Read device's overlayfs related properties and files
+userdebug_or_eng(`
+ get_prop(adbd, persistent_properties_ready_prop)
+ r_dir_file(adbd, sysfs_dt_firmware_android)
+')
+
+# Run /system/bin/bu
+allow adbd system_file:file rx_file_perms;
+
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+binder_call(adbd, gpuservice)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
+
+# Needed for various screenshots
+hal_client_domain(adbd, hal_graphics_allocator)
+
+# Read /data/misc/adb/adb_keys.
+allow adbd adb_keys_file:dir search;
+allow adbd adb_keys_file:file r_file_perms;
+
+userdebug_or_eng(`
+ # Write debugging information to /data/adb
+ # when persist.adb.trace_mask is set
+ # https://code.google.com/p/android/issues/detail?id=72895
+ allow adbd adb_data_file:dir rw_dir_perms;
+ allow adbd adb_data_file:file create_file_perms;
+')
+
+# ndk-gdb invokes adb forward to forward the gdbserver socket.
+allow adbd app_data_file:dir search;
+allow adbd app_data_file:sock_file write;
+allow adbd appdomain:unix_stream_socket connectto;
+
+# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
+allow adbd zygote_exec:file r_file_perms;
+allow adbd system_file:file r_file_perms;
+
+# Allow pulling the SELinux policy for CTS purposes
+allow adbd selinuxfs:dir r_dir_perms;
+allow adbd selinuxfs:file r_file_perms;
+allow adbd kernel:security read_policy;
+allow adbd service_contexts_file:file r_file_perms;
+allow adbd file_contexts_file:file r_file_perms;
+allow adbd seapp_contexts_file:file r_file_perms;
+allow adbd property_contexts_file:file r_file_perms;
+allow adbd sepolicy_file:file r_file_perms;
+
+# Allow pulling config.gz for CTS purposes
+allow adbd config_gz:file r_file_perms;
+
+allow adbd gpu_service:service_manager find;
+allow adbd surfaceflinger_service:service_manager find;
+allow adbd bootchart_data_file:dir search;
+allow adbd bootchart_data_file:file r_file_perms;
+
+# Allow access to external storage; we have several visible mount points under /storage
+# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
+allow adbd storage_file:dir r_dir_perms;
+allow adbd storage_file:lnk_file r_file_perms;
+allow adbd mnt_user_file:dir r_dir_perms;
+allow adbd mnt_user_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow adbd media_rw_data_file:dir create_dir_perms;
+allow adbd media_rw_data_file:file create_file_perms;
+
+r_dir_file(adbd, apk_data_file)
+
+allow adbd rootfs:dir r_dir_perms;
+
+# Allow killing child "perfetto" binary processes, which auto-transition to
+# their own domain. Allows propagating termination of "adb shell perfetto ..."
+# invocations.
+allow adbd perfetto:process signal;
+
+# Allow to pull Perfetto traces.
+allow adbd perfetto_traces_data_file:file r_file_perms;
+allow adbd perfetto_traces_data_file:dir r_dir_perms;
+
+# Connect to shell and use a socket transferred from it.
+# Used for e.g. abb.
+allow adbd shell:unix_stream_socket { read write shutdown };
+allow adbd shell:fd use;
+
+###
+### Neverallow rules
+###
+
+# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever
+# transitions to the shell domain (except when it crashes). In particular, we
+# never want to see a transition from adbd to su (aka "adb root")
+neverallow adbd { domain -crash_dump -shell }:process transition;
+neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition;
diff --git a/prebuilts/api/30.0/private/aidl_lazy_test_server.te b/prebuilts/api/30.0/private/aidl_lazy_test_server.te
new file mode 100644
index 0000000..33efde0
--- /dev/null
+++ b/prebuilts/api/30.0/private/aidl_lazy_test_server.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+ typeattribute aidl_lazy_test_server coredomain;
+
+ init_daemon_domain(aidl_lazy_test_server)
+')
diff --git a/prebuilts/api/30.0/private/apex_test_prepostinstall.te b/prebuilts/api/30.0/private/apex_test_prepostinstall.te
new file mode 100644
index 0000000..f1bc214
--- /dev/null
+++ b/prebuilts/api/30.0/private/apex_test_prepostinstall.te
@@ -0,0 +1,20 @@
+# APEX pre- & post-install test.
+#
+# Allow to run pre- and post-install hooks for APEX test modules
+# in debuggable builds.
+
+type apex_test_prepostinstall, domain, coredomain;
+type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ # /dev/zero
+ allow apex_test_prepostinstall apexd:fd use;
+ # Logwrapper.
+ create_pty(apex_test_prepostinstall)
+ # Logwrapper executing sh.
+ allow apex_test_prepostinstall shell_exec:file rx_file_perms;
+ # Logwrapper exec.
+ allow apex_test_prepostinstall system_file:file execute_no_trans;
+ # Ls.
+ allow apex_test_prepostinstall toolbox_exec:file rx_file_perms;
+')
diff --git a/prebuilts/api/30.0/private/apexd.te b/prebuilts/api/30.0/private/apexd.te
new file mode 100644
index 0000000..9e702dd
--- /dev/null
+++ b/prebuilts/api/30.0/private/apexd.te
@@ -0,0 +1,157 @@
+typeattribute apexd coredomain;
+
+init_daemon_domain(apexd)
+
+# Allow creating, reading and writing of APEX files/dirs in the APEX data dir
+allow apexd apex_data_file:dir create_dir_perms;
+allow apexd apex_data_file:file create_file_perms;
+
+# Allow creating, reading and writing of APEX files/dirs in the APEX metadata dir
+allow apexd metadata_file:dir search;
+allow apexd apex_metadata_file:dir create_dir_perms;
+allow apexd apex_metadata_file:file create_file_perms;
+
+# Allow apexd to create files and directories for snapshots of apex data
+allow apexd apex_permission_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_permission_data_file:file { create_file_perms relabelto };
+allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom };
+allow apexd apex_module_data_file:file { create_file_perms relabelfrom };
+allow apexd apex_rollback_data_file:dir create_dir_perms;
+allow apexd apex_rollback_data_file:file create_file_perms;
+allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_wifi_data_file:file { create_file_perms relabelto };
+
+# Allow apexd to read directories under /data/misc_de in order to snapshot and
+# restore apex data for all users.
+allow apexd system_data_file:dir r_dir_perms;
+
+# allow apexd to create loop devices with /dev/loop-control
+allow apexd loop_control_device:chr_file rw_file_perms;
+# allow apexd to access loop devices
+allow apexd loop_device:blk_file rw_file_perms;
+allowxperm apexd loop_device:blk_file ioctl {
+ LOOP_GET_STATUS64
+ LOOP_SET_STATUS64
+ LOOP_SET_FD
+ LOOP_SET_BLOCK_SIZE
+ LOOP_SET_DIRECT_IO
+ LOOP_CLR_FD
+ BLKFLSBUF
+};
+# allow apexd to access /dev/block
+allow apexd block_device:dir r_dir_perms;
+
+# allow apexd to access /dev/block/dm-* (device-mapper entries)
+allow apexd dm_device:chr_file rw_file_perms;
+allow apexd dm_device:blk_file rw_file_perms;
+
+# sys_admin is required to access the device-mapper and mount
+# dac_override, chown, and fowner are needed for snapshot and restore
+allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner };
+
+# Note: fsetid is deliberately not included above. fsetid checks are
+# triggered by chmod on a directory or file owned by a group other
+# than one of the groups assigned to the current process to see if
+# the setgid bit should be cleared, regardless of whether the setgid
+# bit was even set. We do not appear to truly need this capability
+# for apexd to operate.
+dontaudit apexd self:global_capability_class_set fsetid;
+
+# allow apexd to create a mount point in /apex
+allow apexd apex_mnt_dir:dir create_dir_perms;
+# allow apexd to mount in /apex
+allow apexd apex_mnt_dir:filesystem { mount unmount };
+allow apexd apex_mnt_dir:dir mounton;
+# allow apexd to create symlinks in /apex
+allow apexd apex_mnt_dir:lnk_file create_file_perms;
+# allow apexd to unlink apex files in /data/apex/active
+# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
+# because it doesn't have write permission for staging_data_file object.
+allow apexd staging_data_file:file unlink;
+
+# allow apexd to read files from /data/app-staging and hardlink them to /data/apex.
+allow apexd staging_data_file:dir r_dir_perms;
+allow apexd staging_data_file:file { r_file_perms link };
+
+# allow apexd to read files from /vendor/apex
+allow apexd vendor_apex_file:dir r_dir_perms;
+allow apexd vendor_apex_file:file r_file_perms;
+
+# Unmount and mount filesystems
+allow apexd labeledfs:filesystem { mount unmount };
+
+# /sys directory tree traversal
+allow apexd sysfs_type:dir search;
+# Configure read-ahead of dm-verity and loop devices
+# for dm-X
+allow apexd sysfs_dm:dir r_dir_perms;
+allow apexd sysfs_dm:file rw_file_perms;
+# for loopX
+allow apexd sysfs_loop:dir r_dir_perms;
+allow apexd sysfs_loop:file rw_file_perms;
+
+# Allow apexd to log to the kernel.
+allow apexd kmsg_device:chr_file w_file_perms;
+
+# Allow apexd to reboot device. Required for rollbacks of apexes that are
+# not covered by rollback manager.
+set_prop(apexd, powerctl_prop)
+
+# Allow apexd to stop itself
+set_prop(apexd, ctl_apexd_prop)
+
+# Find the vold service, and call into vold to manage FS checkpoints
+allow apexd vold_service:service_manager find;
+binder_call(apexd, vold)
+
+# Apex pre- & post-install permission.
+
+# Allow self-execute for the fork mount helper.
+allow apexd apexd_exec:file execute_no_trans;
+
+# Unshare and make / private so that hooks cannot influence the
+# running system.
+allow apexd rootfs:dir mounton;
+
+# Allow to execute shell for pre- and postinstall scripts. A transition
+# rule is required, thus restricted to execute and not execute_no_trans.
+allow apexd shell_exec:file { r_file_perms execute };
+
+# apexd is using bootstrap bionic
+allow apexd system_bootstrap_lib_file:dir r_dir_perms;
+allow apexd system_bootstrap_lib_file:file { execute read open getattr map };
+
+# Allow transition to ART APEX preinstall domain.
+domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall)
+# Allow transition to ART APEX postinstall domain.
+domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall)
+
+# Allow transition to test APEX preinstall domain.
+userdebug_or_eng(`
+ domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall)
+')
+
+# Allow apexd to be invoked with logwrapper from init during userspace reboot.
+allow apexd devpts:chr_file { read write };
+
+# Allow apexd to create pts files via logwrap_fork_exec for its own use, to pass to
+# other processes
+create_pty(apexd)
+
+# Allow apexd to read file contexts when performing restorecon of snapshots.
+allow apexd file_contexts_file:file r_file_perms;
+
+# Allow apexd to execute toybox for snapshot & restore
+allow apexd toolbox_exec:file rx_file_perms;
+
+neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
+neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
+neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
+
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
+neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms;
diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te
new file mode 100644
index 0000000..9882d8f
--- /dev/null
+++ b/prebuilts/api/30.0/private/app.te
@@ -0,0 +1,43 @@
+# Allow apps to read the Test Harness Mode property. This property is used in
+# the implementation of ActivityManager.isDeviceInTestHarnessMode()
+get_prop(appdomain, test_harness_prop)
+
+userdebug_or_eng(`perfetto_producer({ appdomain })')
+
+# Prevent apps from causing presubmit failures.
+# Apps can cause selinux denials by accessing CE storage
+# and/or external storage. In either case, the selinux denial is
+# not the cause of the failure, but just a symptom that
+# storage isn't ready. Many apps handle the failure appropriately.
+#
+# Apps cannot access external storage before it becomes available.
+dontaudit appdomain storage_stub_file:dir getattr;
+# Attempts to write to system_data_file is generally a sign
+# that apps are attempting to access encrypted storage before
+# the ACTION_USER_UNLOCKED intent is delivered. Apps are not
+# allowed to write to CE storage before it's available.
+# Attempting to do so will be blocked by both selinux and unix
+# permissions.
+dontaudit appdomain system_data_file:dir write;
+# Apps should not be reading vendor-defined properties.
+dontaudit appdomain vendor_default_prop:file read;
+
+neverallow appdomain system_server:udp_socket {
+ accept append bind create ioctl listen lock name_bind
+ relabelfrom relabelto setattr shutdown };
+
+# Transition to a non-app domain.
+# Exception for the shell and su domains, can transition to runas, etc.
+# Exception for crash_dump to allow for app crash reporting.
+# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
+# to allow renderscript to create privileged executable files.
+neverallow { appdomain -shell userdebug_or_eng(`-su') }
+ { domain -appdomain -crash_dump -rs }:process { transition };
+neverallow { appdomain -shell userdebug_or_eng(`-su') }
+ { domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
+
+# Allow to read graphics related properties.
+get_prop(appdomain, graphics_config_prop)
diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te
new file mode 100644
index 0000000..1157187
--- /dev/null
+++ b/prebuilts/api/30.0/private/app_neverallows.te
@@ -0,0 +1,262 @@
+###
+### neverallow rules for untrusted app domains
+###
+
+define(`all_untrusted_apps',`{
+ ephemeral_app
+ isolated_app
+ mediaprovider
+ mediaprovider_app
+ untrusted_app
+ untrusted_app_25
+ untrusted_app_27
+ untrusted_app_29
+ untrusted_app_all
+}')
+# Receive or send uevent messages.
+neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow all_untrusted_apps domain:netlink_socket *;
+
+# Too much leaky information in debugfs. It's a security
+# best practice to ensure these files aren't readable.
+neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
+neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:{ file lnk_file } read;
+
+# Do not allow untrusted apps to register services.
+# Only trusted components of Android should be registering
+# services.
+neverallow all_untrusted_apps service_manager_type:service_manager add;
+
+# Do not allow untrusted apps to use VendorBinder
+neverallow all_untrusted_apps vndbinder_device:chr_file *;
+neverallow all_untrusted_apps vndservice_manager_type:service_manager *;
+
+# Do not allow untrusted apps to connect to the property service
+# or set properties. b/10243159
+neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write;
+neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto;
+neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set;
+
+# net.dns properties are not a public API. Disallow untrusted apps from reading this property.
+neverallow { all_untrusted_apps } net_dns_prop:file read;
+
+# Shared libraries created by trusted components within an app home
+# directory can be dlopen()ed. To maintain the W^X property, these files
+# must never be writable to the app.
+neverallow all_untrusted_apps app_exec_data_file:file
+ { append create link relabelfrom relabelto rename setattr write };
+
+# Block calling execve() on files in an apps home directory.
+# This is a W^X violation (loading executable code from a writable
+# home directory). For compatibility, allow for targetApi <= 28.
+# b/112357170
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -runas_app
+} { app_data_file privapp_data_file }:file execute_no_trans;
+
+# Do not allow untrusted apps to invoke dex2oat. This was historically required
+# by ART for compiling secondary dex files but has been removed in Q.
+# Exempt legacy apps (targetApi<=28) for compatibility.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} dex2oat_exec:file no_x_file_perms;
+
+# Do not allow untrusted apps to be assigned mlstrustedsubject.
+# This would undermine the per-user isolation model being
+# enforced via levelFrom=user in seapp_contexts and the mls
+# constraints. As there is no direct way to specify a neverallow
+# on attribute assignment, this relies on the fact that fork
+# permission only makes sense within a domain (hence should
+# never be granted to any other domain within mlstrustedsubject)
+# and an untrusted app is allowed fork permission to itself.
+neverallow all_untrusted_apps mlstrustedsubject:process fork;
+
+# Do not allow untrusted apps to hard link to any files.
+# In particular, if an untrusted app links to other app data
+# files, installd will not be able to guarantee the deletion
+# of the linked to file. Hard links also contribute to security
+# bugs, so we want to ensure untrusted apps never have this
+# capability.
+neverallow all_untrusted_apps file_type:file link;
+
+# Do not allow untrusted apps to access network MAC address file
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
+
+# Do not allow any write access to files in /sys
+neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
+
+# Apps may never access the default sysfs label.
+neverallow all_untrusted_apps sysfs:file no_rw_file_perms;
+
+# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the
+# ioctl permission, or 3. disallow the socket class.
+neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+neverallow all_untrusted_apps *:{
+ socket netlink_socket packet_socket key_socket appletalk_socket
+ netlink_tcpdiag_socket netlink_nflog_socket
+ netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket
+ netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket
+ netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
+ netlink_rdma_socket netlink_crypto_socket sctp_socket
+ ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
+ atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
+} *;
+
+# Disallow sending RTM_GETLINK messages on netlink sockets.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -untrusted_app_29
+} domain:netlink_route_socket { bind nlmsg_readpriv };
+
+# Do not allow untrusted apps access to /cache
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
+neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr };
+
+# Do not allow untrusted apps to create/unlink files outside of its sandbox,
+# internal storage or sdcard.
+# World accessible data locations allow application to fill the device
+# with unaccounted for data. This data will not get removed during
+# application un-installation.
+neverallow { all_untrusted_apps -mediaprovider } {
+ fs_type
+ -sdcard_type
+ file_type
+ -app_data_file # The apps sandbox itself
+ -privapp_data_file
+ -app_exec_data_file # stored within the app sandbox directory
+ -media_rw_data_file # Internal storage. Known that apps can
+ # leave artfacts here after uninstall.
+ -user_profile_data_file # Access to profile files
+ userdebug_or_eng(`
+ -method_trace_data_file # only on ro.debuggable=1
+ -coredump_file # userdebug/eng only
+ ')
+}:dir_file_class_set { create unlink };
+
+# No untrusted component except mediaprovider_app should be touching /dev/fuse
+neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *;
+
+# Do not allow untrusted apps to directly open the tun_device
+neverallow all_untrusted_apps tun_device:chr_file open;
+# The tun_device ioctls below are not allowed, to prove equivalence
+# to the kernel patch at
+# https://android.googlesource.com/kernel/common/+/11cee2be0c2062ba88f04eb51196506f870a3b5d%5E%21
+neverallowxperm all_untrusted_apps tun_device:chr_file ioctl {
+ SIOCGIFHWADDR
+ SIOCSIFHWADDR
+ TUNATTACHFILTER
+ TUNDETACHFILTER
+ TUNGETFEATURES
+ TUNGETFILTER
+ TUNGETSNDBUF
+ TUNGETVNETHDRSZ
+ TUNSETDEBUG
+ TUNSETGROUP
+ TUNSETIFF
+ TUNSETLINK
+ TUNSETNOCSUM
+ TUNSETOFFLOAD
+ TUNSETOWNER
+ TUNSETPERSIST
+ TUNSETQUEUE
+ TUNSETSNDBUF
+ TUNSETTXFILTER
+ TUNSETVNETHDRSZ
+};
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+neverallow all_untrusted_apps anr_data_file:file ~{ open append };
+neverallow all_untrusted_apps anr_data_file:dir ~search;
+
+# Avoid reads from generically labeled /proc files
+# Create a more specific label if needed
+neverallow all_untrusted_apps {
+ proc
+ proc_asound
+ proc_kmsg
+ proc_loadavg
+ proc_mounts
+ proc_pagetypeinfo
+ proc_slabinfo
+ proc_stat
+ proc_swaps
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat
+}:file { no_rw_file_perms no_x_file_perms };
+
+# /proc/filesystems is accessible to mediaprovider_app only since it handles
+# external storage
+neverallow { all_untrusted_apps - mediaprovider_app } proc_filesystems:file { no_rw_file_perms no_x_file_perms };
+
+# Avoid all access to kernel configuration
+neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms };
+
+# Do not allow untrusted apps access to preloads data files
+neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms;
+
+# Locking of files on /system could lead to denial of service attacks
+# against privileged system components
+neverallow all_untrusted_apps system_file:file lock;
+
+# Do not permit untrusted apps to perform actions on HwBinder service_manager
+# other than find actions for services listed below
+neverallow all_untrusted_apps *:hwservice_manager ~find;
+
+# Do not permit access from apps which host arbitrary code to the protected HwBinder
+# services.
+# The two main reasons for this are:
+# 1. Protected HwBinder servers do not perform client authentication because HIDL
+# currently does not expose caller UID information and, even if it did, those
+# HwBinder services either operate at a level below that of apps (e.g., HALs)
+# or must not rely on app identity for authorization. Thus, to be safe, the
+# default assumption is that every HwBinder service treats all its clients as
+# equally authorized to perform operations offered by the service.
+# 2. HAL servers (a subset of HwBinder services) contain code with higher
+# incidence rate of security issues than system/core components and have
+# access to lower layes of the stack (all the way down to hardware) thus
+# increasing opportunities for bypassing the Android security model.
+neverallow all_untrusted_apps protected_hwservice:hwservice_manager find;
+
+neverallow all_untrusted_apps {
+ vendor_service
+}:service_manager find;
+
+# SELinux is not an API for untrusted apps to use
+neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms;
+
+# Access to /proc/tty/drivers, to allow apps to determine if they
+# are running in an emulated environment.
+# b/33214085 b/33814662 b/33791054 b/33211769
+# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java
+# This will go away in a future Android release
+neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms;
+neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms;
+
+# Untrusted apps are not allowed to use cgroups.
+neverallow all_untrusted_apps cgroup:file *;
+
+# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps
+# must not use it.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+} mnt_sdcard_file:lnk_file *;
+
+# Only privileged apps may find the incident service
+neverallow all_untrusted_apps incident_service:service_manager find;
diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te
new file mode 100644
index 0000000..9285323
--- /dev/null
+++ b/prebuilts/api/30.0/private/app_zygote.te
@@ -0,0 +1,166 @@
+typeattribute app_zygote coredomain;
+
+######
+###### Policy below is different from regular zygote-spawned apps
+######
+
+# Allow access to temporary files, which is normally permitted through
+# a domain macro.
+tmpfs_domain(app_zygote);
+
+# Set the UID/GID of the process.
+# This will be further limited to a range of isolated UIDs with seccomp.
+allow app_zygote self:global_capability_class_set { setgid setuid };
+# Drop capabilities from bounding set.
+allow app_zygote self:global_capability_class_set setpcap;
+# Switch SELinux context to isolated app domain.
+allow app_zygote self:process setcurrent;
+allow app_zygote isolated_app:process dyntransition;
+
+# For JIT
+allow app_zygote self:process execmem;
+
+# Allow app_zygote to stat the files that it opens. It must
+# be able to inspect them so that it can reopen them on fork
+# if necessary: b/30963384.
+allow app_zygote debugfs_trace_marker:file getattr;
+
+# get system_server process group
+allow app_zygote system_server:process getpgid;
+
+# Interaction between the app_zygote and its children.
+allow app_zygote isolated_app:process setpgid;
+
+# TODO (b/63631799) fix this access
+dontaudit app_zygote mnt_expand_file:dir getattr;
+
+# Get seapp_contexts
+allow app_zygote seapp_contexts_file:file r_file_perms;
+# Check validity of SELinux context before use.
+selinux_check_context(app_zygote)
+# Check SELinux permissions.
+selinux_check_access(app_zygote)
+
+######
+###### Policy below is shared with regular zygote-spawned apps
+######
+
+# Child of zygote.
+allow app_zygote zygote:fd use;
+allow app_zygote zygote:process sigchld;
+
+# For ART (read /data/dalvik-cache).
+r_dir_file(app_zygote, dalvikcache_data_file);
+allow app_zygote dalvikcache_data_file:file execute;
+
+# Allow reading/executing installed binaries to enable preloading
+# application data
+allow app_zygote apk_data_file:dir r_dir_perms;
+allow app_zygote apk_data_file:file { r_file_perms execute };
+
+# /oem accesses.
+allow app_zygote oemfs:dir search;
+
+# Allow app_zygote access to /vendor/overlay
+r_dir_file(app_zygote, vendor_overlay_file)
+
+allow app_zygote system_data_file:lnk_file r_file_perms;
+allow app_zygote system_data_file:file { getattr read map };
+
+# Send unsolicited message to system_server
+unix_socket_send(app_zygote, system_unsolzygote, system_server)
+
+#####
+##### Neverallow
+#####
+
+# Only permit transition to isolated_app.
+neverallow app_zygote { domain -isolated_app }:process dyntransition;
+
+# Only setcon() transitions, no exec() based transitions, except for crash_dump.
+neverallow app_zygote { domain -crash_dump }:process transition;
+
+# Must not exec() a program without changing domains.
+# Having said that, exec() above is not allowed.
+neverallow app_zygote *:file execute_no_trans;
+
+# The only way to enter this domain is for the zygote to fork a new
+# app_zygote child.
+neverallow { domain -zygote } app_zygote:process dyntransition;
+
+# Disallow write access to properties.
+neverallow app_zygote property_socket:sock_file write;
+neverallow app_zygote property_type:property_service set;
+
+# Should not have any access to data files.
+neverallow app_zygote {
+ bluetooth_data_file
+ nfc_data_file
+ radio_data_file
+ shell_data_file
+ app_data_file
+ privapp_data_file
+}:file { rwx_file_perms };
+
+neverallow app_zygote {
+ service_manager_type
+ -activity_service
+ -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps should not be able to access the driver directly.
+neverallow app_zygote gpu_device:chr_file { rwx_file_perms };
+
+# Do not allow app_zygote access to /cache.
+neverallow app_zygote cache_file:dir ~{ r_dir_perms };
+neverallow app_zygote cache_file:file ~{ read getattr };
+
+# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket,
+# unix_stream_socket, and netlink_selinux_socket.
+neverallow app_zygote domain:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket
+ appletalk_socket netlink_route_socket netlink_tcpdiag_socket
+ netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket
+ netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket
+ sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket
+ x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket
+ pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
+ rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
+ alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+} *;
+
+# Only allow app_zygote to talk to the logd socket, and
+# su/heapprofd/traced_perf on eng/userdebug. This is because
+# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
+# Think twice before changing.
+neverallow app_zygote {
+ domain
+ -app_zygote
+ -logd
+ -system_server
+ userdebug_or_eng(`-su')
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+}:unix_dgram_socket *;
+
+neverallow app_zygote {
+ domain
+ -app_zygote
+ userdebug_or_eng(`-su')
+ userdebug_or_eng(`-heapprofd')
+ userdebug_or_eng(`-traced_perf')
+}:unix_stream_socket *;
+
+# Never allow ptrace
+neverallow app_zygote *:process ptrace;
+
+# Do not allow access to Bluetooth-related system properties.
+# neverallow rules for Bluetooth-related data files are listed above.
+neverallow app_zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/prebuilts/api/30.0/private/art_apex_boot_integrity.te b/prebuilts/api/30.0/private/art_apex_boot_integrity.te
new file mode 100644
index 0000000..ba02083
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_boot_integrity.te
@@ -0,0 +1,28 @@
+# This command set checks the integrity of boot classpath ART
+# artifacts in /data, potentially removing them.
+
+type art_apex_boot_integrity, domain, coredomain;
+type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type;
+
+# Technically not a daemon but we do want the transition from init domain to
+# art_apex_boot_integrity to occur.
+init_daemon_domain(art_apex_boot_integrity)
+
+# Read dalvik cache directories, remove entries.
+allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name };
+# Read and possibly delete dalvik cache files.
+allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink };
+
+# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh
+allow art_apex_boot_integrity shell_exec:file rx_file_perms;
+
+# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity
+# permissions.
+allow art_apex_boot_integrity toolbox_exec:file rx_file_perms;
+
+# Fsverity in the same domain.
+allow art_apex_boot_integrity system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/art_apex_postinstall.te b/prebuilts/api/30.0/private/art_apex_postinstall.te
new file mode 100644
index 0000000..576ed20
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_postinstall.te
@@ -0,0 +1,31 @@
+# ART APEX postinstall.
+#
+
+type art_apex_postinstall, domain, coredomain;
+type art_apex_postinstall_exec, system_file_type, exec_type, file_type;
+
+# /system/bin/sh (see b/126787589).
+allow art_apex_postinstall apexd:fd use;
+
+# Read temp dirs and files. Move directories.
+allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent };
+allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom };
+# We're deleting the old /data/dalvik-cache/* and move the new ones
+# over.
+allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto };
+allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto };
+
+# Required for relabel.
+allow art_apex_postinstall file_contexts_file:file r_file_perms;
+allow art_apex_postinstall self:global_capability_class_set sys_admin;
+
+# Script helpers.
+allow art_apex_postinstall shell_exec:file rx_file_perms;
+allow art_apex_postinstall toolbox_exec:file rx_file_perms;
+
+# Fsverity in the same domain.
+allow art_apex_postinstall system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_postinstall ota_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/art_apex_preinstall.te b/prebuilts/api/30.0/private/art_apex_preinstall.te
new file mode 100644
index 0000000..12b1020
--- /dev/null
+++ b/prebuilts/api/30.0/private/art_apex_preinstall.te
@@ -0,0 +1,33 @@
+# ART APEX preinstall.
+#
+
+type art_apex_preinstall, domain, coredomain;
+type art_apex_preinstall_exec, system_file_type, exec_type, file_type;
+
+# /system/bin/sh (see b/126787589).
+allow art_apex_preinstall apexd:fd use;
+
+# Create temp dirs and files under /data/ota.
+allow art_apex_preinstall ota_data_file:dir create_dir_perms;
+allow art_apex_preinstall ota_data_file:file create_file_perms;
+# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our
+# mount namespace.
+allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton };
+allow art_apex_preinstall self:capability sys_admin;
+
+# Script helpers.
+allow art_apex_preinstall shell_exec:file rx_file_perms;
+allow art_apex_preinstall toolbox_exec:file rx_file_perms;
+
+# Execute subscripts in the same domain.
+allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans;
+
+# Run dex2oat.
+domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat)
+
+# Fsverity in the same domain.
+allow art_apex_preinstall system_file:file execute_no_trans;
+# Fsverity work.
+allowxperm art_apex_preinstall ota_data_file:file ioctl {
+ FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
+};
diff --git a/prebuilts/api/30.0/private/asan_extract.te b/prebuilts/api/30.0/private/asan_extract.te
new file mode 100644
index 0000000..1c20d78
--- /dev/null
+++ b/prebuilts/api/30.0/private/asan_extract.te
@@ -0,0 +1,8 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+# Technically not a daemon but we do want the transition from init domain to
+# asan_extract to occur.
+with_asan(`
+typeattribute asan_extract coredomain;
+init_daemon_domain(asan_extract)
+')
diff --git a/prebuilts/api/30.0/private/atrace.te b/prebuilts/api/30.0/private/atrace.te
new file mode 100644
index 0000000..ad7d177
--- /dev/null
+++ b/prebuilts/api/30.0/private/atrace.te
@@ -0,0 +1,80 @@
+# Domain for atrace process.
+# It is spawned either by traced_probes or by init for the boottrace service.
+
+type atrace, domain, coredomain;
+type atrace_exec, exec_type, file_type, system_file_type;
+
+# boottrace services uses /data/misc/boottrace/categories
+allow atrace boottrace_data_file:dir search;
+allow atrace boottrace_data_file:file r_file_perms;
+
+# Allow atrace to access tracefs.
+allow atrace debugfs_tracing:dir r_dir_perms;
+allow atrace debugfs_tracing:file rw_file_perms;
+allow atrace debugfs_trace_marker:file getattr;
+
+# Allow atrace to write data when a pipe is used for stdout/stderr
+# This is used by Perfetto to capture the output on error in atrace.
+allow atrace traced_probes:fd use;
+allow atrace traced_probes:fifo_file write;
+
+# atrace sets debug.atrace.* properties
+set_prop(atrace, debug_prop)
+
+# atrace pokes all the binder-enabled processes at startup with a
+# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
+
+# Allow discovery of binder services.
+allow atrace {
+ service_manager_type
+ -apex_service
+ -incident_service
+ -iorapd_service
+ -netd_service
+ -dnsresolver_service
+ -stats_service
+ -dumpstate_service
+ -installd_service
+ -vold_service
+ -lpdump_service
+ -default_android_service
+}:service_manager { find };
+allow atrace servicemanager:service_manager list;
+
+# Allow notifying the processes hosting specific binder services that
+# trace-related system properties have changed.
+binder_use(atrace)
+allow atrace healthd:binder call;
+allow atrace surfaceflinger:binder call;
+allow atrace system_server:binder call;
+allow atrace cameraserver:binder call;
+
+# Similarly, on debug builds, allow specific HALs to be notified that
+# trace-related system properties have changed.
+userdebug_or_eng(`
+ # List HAL interfaces.
+ allow atrace hwservicemanager:hwservice_manager list;
+ # Notify the camera HAL.
+ hal_client_domain(atrace, hal_camera)
+ hal_client_domain(atrace, hal_vibrator)
+')
+
+# Remove logspam from notification attempts to non-whitelisted services.
+dontaudit atrace hwservice_manager_type:hwservice_manager find;
+dontaudit atrace service_manager_type:service_manager find;
+dontaudit atrace domain:binder call;
+
+# atrace can call atrace HAL
+hal_client_domain(atrace, hal_atrace)
+
+get_prop(atrace, hwservicemanager_prop)
+
+userdebug_or_eng(`
+ # atrace is generally invoked as a standalone binary from shell or perf
+ # daemons like Perfetto traced_probes. However, in userdebug builds, there is
+ # a further option to run atrace as an init daemon for boot tracing.
+ init_daemon_domain(atrace)
+
+ allow atrace debugfs_tracing_debug:dir r_dir_perms;
+ allow atrace debugfs_tracing_debug:file rw_file_perms;
+')
diff --git a/prebuilts/api/30.0/private/attributes b/prebuilts/api/30.0/private/attributes
new file mode 100644
index 0000000..e01b212
--- /dev/null
+++ b/prebuilts/api/30.0/private/attributes
@@ -0,0 +1 @@
+hal_attribute(lazy_test);
diff --git a/prebuilts/api/30.0/private/audioserver.te b/prebuilts/api/30.0/private/audioserver.te
new file mode 100644
index 0000000..067152f
--- /dev/null
+++ b/prebuilts/api/30.0/private/audioserver.te
@@ -0,0 +1,100 @@
+# audioserver - audio services daemon
+
+typeattribute audioserver coredomain;
+
+type audioserver_exec, exec_type, file_type, system_file_type;
+init_daemon_domain(audioserver)
+tmpfs_domain(audioserver)
+
+r_dir_file(audioserver, sdcard_type)
+
+binder_use(audioserver)
+binder_call(audioserver, binderservicedomain)
+binder_call(audioserver, appdomain)
+binder_service(audioserver)
+
+hal_client_domain(audioserver, hal_allocator)
+# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so
+r_dir_file(audioserver, system_file)
+
+hal_client_domain(audioserver, hal_audio)
+
+userdebug_or_eng(`
+ # used for TEE sink - pcm capture for debug.
+ allow audioserver media_data_file:dir create_dir_perms;
+ allow audioserver audioserver_data_file:dir create_dir_perms;
+ allow audioserver audioserver_data_file:file create_file_perms;
+
+ # ptrace to processes in the same domain for memory leak detection
+ allow audioserver self:process ptrace;
+')
+
+add_service(audioserver, audioserver_service)
+allow audioserver activity_service:service_manager find;
+allow audioserver appops_service:service_manager find;
+allow audioserver batterystats_service:service_manager find;
+allow audioserver external_vibrator_service:service_manager find;
+allow audioserver package_native_service:service_manager find;
+allow audioserver permission_service:service_manager find;
+allow audioserver power_service:service_manager find;
+allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
+allow audioserver sensor_privacy_service:service_manager find;
+allow audioserver soundtrigger_middleware_service:service_manager find;
+
+# Allow read/write access to bluetooth-specific properties
+set_prop(audioserver, bluetooth_a2dp_offload_prop)
+set_prop(audioserver, bluetooth_audio_hal_prop)
+set_prop(audioserver, bluetooth_prop)
+set_prop(audioserver, exported_bluetooth_prop)
+
+# Grant access to audio files to audioserver
+allow audioserver audio_data_file:dir ra_dir_perms;
+allow audioserver audio_data_file:file create_file_perms;
+
+# allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_device:chr_file { read write };
+
+not_full_treble(`allow audioserver audio_device:dir r_dir_perms;')
+not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;')
+
+# For A2DP bridge which is loaded directly into audioserver
+unix_socket_connect(audioserver, bluetooth, bluetooth)
+
+# Allow shell commands from ADB and shell for CTS testing/dumping
+allow audioserver adbd:fd use;
+allow audioserver adbd:unix_stream_socket { read write };
+allow audioserver shell:fifo_file { read write };
+
+# Allow shell commands from ADB for CTS testing/dumping
+userdebug_or_eng(`
+ allow audioserver su:fd use;
+ allow audioserver su:fifo_file { read write };
+ allow audioserver su:unix_stream_socket { read write };
+')
+
+# Allow write access to log tag property
+set_prop(audioserver, log_tag_prop);
+
+###
+### neverallow rules
+###
+
+# audioserver should never execute any executable without a
+# domain transition
+neverallow audioserver { file_type fs_type }:file execute_no_trans;
+
+# The goal of the mediaserver split is to place media processing code into
+# restrictive sandboxes with limited responsibilities and thus limited
+# permissions. Example: Audioserver is only responsible for controlling audio
+# hardware and processing audio content. Cameraserver does the same for camera
+# hardware/content. Etc.
+#
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# Allow using wake locks
+wakelock_use(audioserver)
diff --git a/prebuilts/api/30.0/private/auditctl.te b/prebuilts/api/30.0/private/auditctl.te
new file mode 100644
index 0000000..f634d3d
--- /dev/null
+++ b/prebuilts/api/30.0/private/auditctl.te
@@ -0,0 +1,18 @@
+#
+# /system/bin/auditctl executed for logd
+#
+# Performs maintenance of the kernel auditing system, including
+# setting rate limits on SELinux denials.
+#
+
+type auditctl, domain, coredomain;
+type auditctl_exec, file_type, system_file_type, exec_type;
+
+# Uncomment the line below to put this domain into permissive
+# mode. This helps speed SELinux policy development.
+# userdebug_or_eng(`permissive auditctl;')
+
+init_daemon_domain(auditctl)
+
+allow auditctl self:global_capability_class_set audit_control;
+allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
diff --git a/prebuilts/api/30.0/private/automotive_display_service.te b/prebuilts/api/30.0/private/automotive_display_service.te
new file mode 100644
index 0000000..fa11ca4
--- /dev/null
+++ b/prebuilts/api/30.0/private/automotive_display_service.te
@@ -0,0 +1,33 @@
+# Display proxy service for Automotive
+type automotive_display_service, domain, coredomain;
+type automotive_display_service_exec, system_file_type, exec_type, file_type;
+
+typeattribute automotive_display_service automotive_display_service_server;
+
+# Allow to add a display service to the manager
+add_hwservice(automotive_display_service, fwk_automotive_display_hwservice);
+
+# Allow init to launch automotive display service
+init_daemon_domain(automotive_display_service)
+
+# Allow to use Binder IPC for SurfaceFlinger.
+binder_use(automotive_display_service)
+
+# Allow to use HwBinder IPC for HAL implementations.
+hwbinder_use(automotive_display_service)
+hal_client_domain(automotive_display_service, hal_graphics_composer)
+
+# Allow to read the target property.
+get_prop(automotive_display_service, hwservicemanager_prop)
+
+# Allow to find SurfaceFlinger.
+allow automotive_display_service surfaceflinger_service:service_manager find;
+
+# Allow client domain to do binder IPC to serverdomain.
+binder_call(automotive_display_service, surfaceflinger)
+
+# Allow to use a graphics mapper
+allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# Allow to use hidl token service
+allow automotive_display_service hidl_token_hwservice:hwservice_manager find;
diff --git a/prebuilts/api/30.0/private/binder_in_vendor_violators.te b/prebuilts/api/30.0/private/binder_in_vendor_violators.te
new file mode 100644
index 0000000..4a1218e
--- /dev/null
+++ b/prebuilts/api/30.0/private/binder_in_vendor_violators.te
@@ -0,0 +1 @@
+allow binder_in_vendor_violators binder_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/private/binderservicedomain.te b/prebuilts/api/30.0/private/binderservicedomain.te
new file mode 100644
index 0000000..0891ee5
--- /dev/null
+++ b/prebuilts/api/30.0/private/binderservicedomain.te
@@ -0,0 +1,22 @@
+# Rules common to all binder service domains
+
+# Allow dumpstate and incidentd to collect information from binder services
+allow binderservicedomain { dumpstate incidentd }:fd use;
+allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr };
+allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write };
+allow binderservicedomain shell_data_file:file { getattr write };
+
+# Allow dumpsys to work from adb shell or the serial console
+allow binderservicedomain devpts:chr_file rw_file_perms;
+allow binderservicedomain console_device:chr_file rw_file_perms;
+
+# Receive and write to a pipe received over Binder from an app.
+allow binderservicedomain appdomain:fd use;
+allow binderservicedomain appdomain:fifo_file write;
+
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
+allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
+
+use_keystore(binderservicedomain)
diff --git a/prebuilts/api/30.0/private/blank_screen.te b/prebuilts/api/30.0/private/blank_screen.te
new file mode 100644
index 0000000..51310d1
--- /dev/null
+++ b/prebuilts/api/30.0/private/blank_screen.te
@@ -0,0 +1,6 @@
+type blank_screen, domain, coredomain;
+type blank_screen_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(blank_screen)
+
+hal_client_domain(blank_screen, hal_light)
diff --git a/prebuilts/api/30.0/private/blkid.te b/prebuilts/api/30.0/private/blkid.te
new file mode 100644
index 0000000..4e972ab
--- /dev/null
+++ b/prebuilts/api/30.0/private/blkid.te
@@ -0,0 +1,22 @@
+# blkid called from vold
+
+typeattribute blkid coredomain;
+
+type blkid_exec, system_file_type, exec_type, file_type;
+
+# Allowed read-only access to encrypted devices to extract UUID/label
+allow blkid block_device:dir search;
+allow blkid userdata_block_device:blk_file r_file_perms;
+allow blkid dm_device:blk_file r_file_perms;
+
+# Allow stdin/out back to vold
+allow blkid vold:fd use;
+allow blkid vold:fifo_file { read write getattr };
+
+# For blkid launched through popen()
+allow blkid blkid_exec:file rx_file_perms;
+
+# Only allow entry from vold
+neverallow { domain -vold } blkid:process transition;
+neverallow * blkid:process dyntransition;
+neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/private/blkid_untrusted.te b/prebuilts/api/30.0/private/blkid_untrusted.te
new file mode 100644
index 0000000..1256771
--- /dev/null
+++ b/prebuilts/api/30.0/private/blkid_untrusted.te
@@ -0,0 +1,37 @@
+# blkid for untrusted block devices
+
+typeattribute blkid_untrusted coredomain;
+
+# Allowed read-only access to vold block devices to extract UUID/label
+allow blkid_untrusted block_device:dir search;
+allow blkid_untrusted vold_device:blk_file r_file_perms;
+
+# Allow stdin/out back to vold
+allow blkid_untrusted vold:fd use;
+allow blkid_untrusted vold:fifo_file { read write getattr };
+
+# For blkid launched through popen()
+allow blkid_untrusted blkid_exec:file rx_file_perms;
+
+###
+### neverallow rules
+###
+
+# Untrusted blkid should never be run on block devices holding sensitive data
+neverallow blkid_untrusted {
+ boot_block_device
+ frp_block_device
+ metadata_block_device
+ recovery_block_device
+ root_block_device
+ swap_block_device
+ system_block_device
+ userdata_block_device
+ cache_block_device
+ dm_device
+}:blk_file no_rw_file_perms;
+
+# Only allow entry from vold via blkid binary
+neverallow { domain -vold } blkid_untrusted:process transition;
+neverallow * blkid_untrusted:process dyntransition;
+neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
diff --git a/prebuilts/api/30.0/private/bluetooth.te b/prebuilts/api/30.0/private/bluetooth.te
new file mode 100644
index 0000000..1680361
--- /dev/null
+++ b/prebuilts/api/30.0/private/bluetooth.te
@@ -0,0 +1,86 @@
+# bluetooth app
+
+typeattribute bluetooth coredomain;
+
+app_domain(bluetooth)
+net_domain(bluetooth)
+
+# Socket creation under /data/misc/bluedroid.
+type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
+
+# Allow access to net_admin ioctls
+allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
+
+wakelock_use(bluetooth);
+
+# Data file accesses.
+allow bluetooth bluetooth_data_file:dir create_dir_perms;
+allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
+allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
+allow bluetooth bluetooth_logs_data_file:file create_file_perms;
+
+# Socket creation under /data/misc/bluedroid.
+allow bluetooth bluetooth_socket:sock_file create_file_perms;
+
+allow bluetooth self:global_capability_class_set net_admin;
+allow bluetooth self:global_capability2_class_set wake_alarm;
+
+# tethering
+allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
+allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service };
+allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
+allow bluetooth tun_device:chr_file rw_file_perms;
+allowxperm bluetooth tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
+allow bluetooth efs_file:dir search;
+
+# allow Bluetooth to access uhid device for HID profile
+allow bluetooth uhid_device:chr_file rw_file_perms;
+
+# proc access.
+allow bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# Allow write access to bluetooth specific properties
+set_prop(bluetooth, binder_cache_bluetooth_server_prop);
+neverallow { domain -bluetooth -init }
+ binder_cache_bluetooth_server_prop:property_service set;
+set_prop(bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(bluetooth, bluetooth_audio_hal_prop)
+set_prop(bluetooth, bluetooth_prop)
+set_prop(bluetooth, exported_bluetooth_prop)
+set_prop(bluetooth, pan_result_prop)
+
+allow bluetooth audioserver_service:service_manager find;
+allow bluetooth bluetooth_service:service_manager find;
+allow bluetooth drmserver_service:service_manager find;
+allow bluetooth mediaserver_service:service_manager find;
+allow bluetooth radio_service:service_manager find;
+allow bluetooth app_api_service:service_manager find;
+allow bluetooth system_api_service:service_manager find;
+allow bluetooth network_stack_service:service_manager find;
+
+# already open bugreport file descriptors may be shared with
+# the bluetooth process, from a file in
+# /data/data/com.android.shell/files/bugreports/bugreport-*.
+allow bluetooth shell_data_file:file read;
+
+# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
+allow bluetooth self:global_capability_class_set sys_nice;
+
+hal_client_domain(bluetooth, hal_bluetooth)
+hal_client_domain(bluetooth, hal_telephony)
+
+# Bluetooth A2DP offload requires binding with audio HAL
+hal_client_domain(bluetooth, hal_audio)
+
+read_runtime_log_tags(bluetooth)
+
+###
+### Neverallow rules
+###
+### These are things that the bluetooth app should NEVER be able to do
+###
+
+# Superuser capabilities.
+# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
+neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice};
+neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend };
diff --git a/prebuilts/api/30.0/private/bluetoothdomain.te b/prebuilts/api/30.0/private/bluetoothdomain.te
new file mode 100644
index 0000000..fe4f0e6
--- /dev/null
+++ b/prebuilts/api/30.0/private/bluetoothdomain.te
@@ -0,0 +1,2 @@
+# Allow clients to use a socket provided by the bluetooth app.
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
diff --git a/prebuilts/api/30.0/private/bootanim.te b/prebuilts/api/30.0/private/bootanim.te
new file mode 100644
index 0000000..4740560
--- /dev/null
+++ b/prebuilts/api/30.0/private/bootanim.te
@@ -0,0 +1,9 @@
+typeattribute bootanim coredomain;
+
+init_daemon_domain(bootanim)
+
+# b/68864350
+dontaudit bootanim unlabeled:dir search;
+
+# Bootanim should not be reading default vendor-defined properties.
+dontaudit bootanim vendor_default_prop:file read;
diff --git a/prebuilts/api/30.0/private/bootstat.te b/prebuilts/api/30.0/private/bootstat.te
new file mode 100644
index 0000000..806144c
--- /dev/null
+++ b/prebuilts/api/30.0/private/bootstat.te
@@ -0,0 +1,3 @@
+typeattribute bootstat coredomain;
+
+init_daemon_domain(bootstat)
diff --git a/prebuilts/api/30.0/private/boringssl_self_test.te b/prebuilts/api/30.0/private/boringssl_self_test.te
new file mode 100644
index 0000000..50fc1fc
--- /dev/null
+++ b/prebuilts/api/30.0/private/boringssl_self_test.te
@@ -0,0 +1,74 @@
+# System and vendor domains for BoringSSL self test binaries.
+#
+# For FIPS compliance, all processes linked against libcrypto perform a startup
+# self test which computes a hash of the BoringSSL Crypto Module (BCM) and, at least once
+# per device boot, also run a series of Known Answer Tests (KAT) to verify functionality.
+#
+# The KATs are expensive, and to ensure they are run as few times as possible, they
+# are skipped if a marker file exists in /dev/boringssl/selftest whose name is
+# the hash of the BCM that was computed earlier. The files are zero length and their contents
+# should never be read or written. To avoid giving arbitrary processes access to /dev/boringssl
+# to create these marker files, there are dedicated self test binaries which this policy
+# gives access to and which are run during early-init.
+#
+# Due to build skew, the version of libcrypto in /vendor may have a different hash than
+# the system one. To cater for this there are vendor variants of the self test binaries
+# which also have permission to write to the same files in /dev/boringssl. In the case where
+# vendor and system libcrypto have the same hash, there will be a race to create the file,
+# but this is harmless.
+#
+# If the self tests fail, then the device should reboot into firmware and for this reason
+# the system boringssl_self_test domain needs to be in coredomain. As vendor domains
+# are not allowed in coredomain, this means that the vendor self tests cannot trigger a
+# reboot. However every binary linked against the vendor libcrypto will abort on startup,
+# so in practice the device will crash anyway in this unlikely scenario.
+
+# System boringssl_self_test domain
+type boringssl_self_test, domain, coredomain;
+type boringssl_self_test_exec, system_file_type, exec_type, file_type;
+
+# Vendor boringssl_self_test domain
+type vendor_boringssl_self_test, domain;
+type vendor_boringssl_self_test_exec, vendor_file_type, exec_type, file_type;
+
+# Switch to boringssl_self_test security domain when running boringssl_self_test_exec
+init_daemon_domain(boringssl_self_test)
+
+# Switch to vendor_boringssl_self_test security domain when running vendor_boringssl_self_test_exec
+init_daemon_domain(vendor_boringssl_self_test)
+
+# Marker files, common to both domains, indicating KAT have been performed on a particular libcrypto
+#
+# The files are zero length so there is no issue if both vendor and system code
+# try to create the same file simultaneously. One will succeed and the other will fail
+# silently, i.e. still indicate success. Similar harmless naming collisions will happen in the
+# system domain e.g. when system and APEX copies of libcrypto are identical.
+type boringssl_self_test_marker, file_type;
+
+# Allow self test binaries to create/check for the existence of boringssl_self_test_marker files
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:file create_file_perms;
+allow { boringssl_self_test vendor_boringssl_self_test }
+ boringssl_self_test_marker:dir ra_dir_perms;
+
+# Allow self test binaries to write their stdout/stderr messages to kmsg_debug
+allow { boringssl_self_test vendor_boringssl_self_test }
+ kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
+
+# No other process should be able to create marker files because their existence causes the
+# boringssl KAT to be skipped.
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -vendor_boringssl_self_test
+ -boringssl_self_test
+ -init
+ -vendor_init
+} boringssl_self_test_marker:dir write;
diff --git a/prebuilts/api/30.0/private/bpfloader.te b/prebuilts/api/30.0/private/bpfloader.te
new file mode 100644
index 0000000..74a8e25
--- /dev/null
+++ b/prebuilts/api/30.0/private/bpfloader.te
@@ -0,0 +1,40 @@
+# bpf program loader
+type bpfloader, domain;
+type bpfloader_exec, system_file_type, exec_type, file_type;
+typeattribute bpfloader coredomain;
+
+# These permissions are required to pin ebpf maps & programs.
+allow bpfloader fs_bpf:dir { search write add_name };
+allow bpfloader fs_bpf:file { create setattr read };
+
+# Allow bpfloader to create bpf maps and programs.
+allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run };
+
+allow bpfloader self:capability { chown sys_admin };
+
+###
+### Neverallow rules
+###
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -init -vendor_init } fs_bpf:dir setattr;
+neverallow { domain -bpfloader } fs_bpf:dir { write add_name };
+neverallow domain fs_bpf:dir { reparent rename rmdir };
+
+# TODO: get rid of init & vendor_init
+neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr;
+neverallow { domain -bpfloader } fs_bpf:file create;
+neverallow domain fs_bpf:file { rename unlink };
+
+neverallow { domain -bpfloader } *:bpf { map_create prog_load };
+neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
+neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
+
+neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
+
+neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# No domain should be allowed to ptrace bpfloader
+neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
+
+set_prop(bpfloader, bpf_progs_loaded_prop)
diff --git a/prebuilts/api/30.0/private/bufferhubd.te b/prebuilts/api/30.0/private/bufferhubd.te
new file mode 100644
index 0000000..012eb20
--- /dev/null
+++ b/prebuilts/api/30.0/private/bufferhubd.te
@@ -0,0 +1,3 @@
+typeattribute bufferhubd coredomain;
+
+init_daemon_domain(bufferhubd)
diff --git a/prebuilts/api/30.0/private/bug_map b/prebuilts/api/30.0/private/bug_map
new file mode 100644
index 0000000..60c2f15
--- /dev/null
+++ b/prebuilts/api/30.0/private/bug_map
@@ -0,0 +1,33 @@
+dnsmasq netd fifo_file b/77868789
+dnsmasq netd unix_stream_socket b/77868789
+gmscore_app system_data_file dir b/146166941
+init app_data_file file b/77873135
+init cache_file blk_file b/77873135
+init logpersist file b/77873135
+init nativetest_data_file dir b/77873135
+init pstorefs dir b/77873135
+init shell_data_file dir b/77873135
+init shell_data_file file b/77873135
+init shell_data_file lnk_file b/77873135
+init shell_data_file sock_file b/77873135
+init system_data_file chr_file b/77873135
+isolated_app privapp_data_file dir b/119596573
+isolated_app app_data_file dir b/120394782
+mediaextractor app_data_file file b/77923736
+mediaextractor radio_data_file file b/77923736
+mediaprovider cache_file blk_file b/77925342
+mediaprovider mnt_media_rw_file dir b/77925342
+mediaprovider shell_data_file dir b/77925342
+mediaswcodec ashmem_device chr_file b/142679232
+netd priv_app unix_stream_socket b/77870037
+netd untrusted_app unix_stream_socket b/77870037
+netd untrusted_app_25 unix_stream_socket b/77870037
+netd untrusted_app_27 unix_stream_socket b/77870037
+platform_app nfc_data_file dir b/74331887
+system_server crash_dump process b/73128755
+system_server overlayfs_file file b/142390309
+system_server sdcardfs file b/77856826
+system_server storage_stub_file dir b/145267097
+system_server zygote process b/77856826
+vold system_data_file file b/124108085
+zygote untrusted_app_25 process b/77925912
diff --git a/prebuilts/api/30.0/private/cameraserver.te b/prebuilts/api/30.0/private/cameraserver.te
new file mode 100644
index 0000000..2be3c9e
--- /dev/null
+++ b/prebuilts/api/30.0/private/cameraserver.te
@@ -0,0 +1,6 @@
+typeattribute cameraserver coredomain;
+
+typeattribute cameraserver camera_service_server;
+
+init_daemon_domain(cameraserver)
+tmpfs_domain(cameraserver)
diff --git a/prebuilts/api/30.0/private/charger.te b/prebuilts/api/30.0/private/charger.te
new file mode 100644
index 0000000..65109de
--- /dev/null
+++ b/prebuilts/api/30.0/private/charger.te
@@ -0,0 +1 @@
+typeattribute charger coredomain;
diff --git a/prebuilts/api/30.0/private/clatd.te b/prebuilts/api/30.0/private/clatd.te
new file mode 100644
index 0000000..0fa774a
--- /dev/null
+++ b/prebuilts/api/30.0/private/clatd.te
@@ -0,0 +1,36 @@
+# 464xlat daemon
+type clatd, domain, coredomain;
+type clatd_exec, system_file_type, exec_type, file_type;
+
+net_domain(clatd)
+
+r_dir_file(clatd, proc_net_type)
+userdebug_or_eng(`
+ auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read };
+')
+
+# Access objects inherited from netd.
+allow clatd netd:fd use;
+allow clatd netd:fifo_file { read write };
+# TODO: Check whether some or all of these sockets should be close-on-exec.
+allow clatd netd:netlink_kobject_uevent_socket { read write };
+allow clatd netd:netlink_nflog_socket { read write };
+allow clatd netd:netlink_route_socket { read write };
+allow clatd netd:udp_socket { read write };
+allow clatd netd:unix_stream_socket { read write };
+allow clatd netd:unix_dgram_socket { read write };
+
+allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid };
+
+# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
+# capable(CAP_IPC_LOCK), and then checks to see the requested amount is
+# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have
+# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices
+# so we permit any requests we see from clatd asking for this capability.
+# See https://android-review.googlesource.com/127940 and
+# https://b.corp.google.com/issues/21736319
+allow clatd self:global_capability_class_set ipc_lock;
+
+allow clatd self:netlink_route_socket nlmsg_write;
+allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
+allow clatd tun_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.cil
new file mode 100644
index 0000000..498bca5
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.cil
@@ -0,0 +1,786 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_keystore)
+(typeattribute hal_wifi_keystore_client)
+(typeattribute hal_wifi_keystore_server)
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type untrusted_v2_app)
+(type asan_reboot_prop)
+(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
+(type log_device)
+(type mediacasserver_service)
+(type mediacodec)
+(type mediacodec_exec)
+(type qtaguid_proc)
+(type reboot_data_file)
+(type tracing_shell_writable)
+(type tracing_shell_writable_debug)
+(type vold_socket)
+(type webview_zygote_socket)
+(type rild)
+(type netd_socket)
+
+(typeattributeset accessibility_service_26_0 (accessibility_service))
+(typeattributeset account_service_26_0 (account_service))
+(typeattributeset activity_service_26_0 (activity_service))
+(typeattributeset adbd_26_0 (adbd))
+(typeattributeset adb_data_file_26_0 (adb_data_file))
+(typeattributeset adbd_socket_26_0 (adbd_socket))
+(typeattributeset adb_keys_file_26_0 (adb_keys_file))
+(typeattributeset alarm_device_26_0 (alarm_device))
+(typeattributeset alarm_service_26_0 (alarm_service))
+(typeattributeset anr_data_file_26_0 (anr_data_file))
+(typeattributeset apk_data_file_26_0 (apk_data_file))
+(typeattributeset apk_private_data_file_26_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_26_0 (apk_tmp_file))
+(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_26_0 (app_fuse_file))
+(typeattributeset app_fusefs_26_0 (app_fusefs))
+(typeattributeset appops_service_26_0 (appops_service))
+(typeattributeset appwidget_service_26_0 (appwidget_service))
+(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop))
+(typeattributeset asec_apk_file_26_0 (asec_apk_file))
+(typeattributeset asec_image_file_26_0 (asec_image_file))
+(typeattributeset asec_public_file_26_0 (asec_public_file))
+(typeattributeset ashmem_device_26_0 (ashmem_device))
+(typeattributeset assetatlas_service_26_0 (assetatlas_service))
+(typeattributeset audio_data_file_26_0 (audio_data_file))
+(typeattributeset audio_device_26_0 (audio_device))
+(typeattributeset audiohal_data_file_26_0 (audiohal_data_file))
+(typeattributeset audio_prop_26_0 (audio_prop))
+(typeattributeset audio_seq_device_26_0 (audio_seq_device))
+(typeattributeset audioserver_26_0 (audioserver))
+(typeattributeset audioserver_data_file_26_0 (audioserver_data_file))
+(typeattributeset audioserver_service_26_0 (audioserver_service))
+(typeattributeset audio_service_26_0 (audio_service))
+(typeattributeset audio_timer_device_26_0 (audio_timer_device))
+(typeattributeset autofill_service_26_0 (autofill_service))
+(typeattributeset backup_data_file_26_0 (backup_data_file))
+(typeattributeset backup_service_26_0 (backup_service))
+(typeattributeset batteryproperties_service_26_0 (batteryproperties_service))
+(typeattributeset battery_service_26_0 (battery_service))
+(typeattributeset batterystats_service_26_0 (batterystats_service))
+(typeattributeset binder_device_26_0 (binder_device))
+(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs))
+(typeattributeset blkid_26_0 (blkid))
+(typeattributeset blkid_untrusted_26_0 (blkid_untrusted))
+(typeattributeset block_device_26_0 (block_device))
+(typeattributeset bluetooth_26_0 (bluetooth))
+(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_26_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_26_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_26_0 (bluetooth_socket))
+(typeattributeset bootanim_26_0 (bootanim))
+(typeattributeset bootanim_exec_26_0 (bootanim_exec))
+(typeattributeset boot_block_device_26_0 (boot_block_device))
+(typeattributeset bootchart_data_file_26_0 (bootchart_data_file))
+(typeattributeset bootstat_26_0 (bootstat))
+(typeattributeset bootstat_data_file_26_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_26_0 (bootstat_exec))
+(typeattributeset boottime_prop_26_0 (boottime_prop))
+(typeattributeset boottrace_data_file_26_0 (boottrace_data_file))
+(typeattributeset bufferhubd_26_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_26_0 (cache_backup_file))
+(typeattributeset cache_block_device_26_0 (cache_block_device))
+(typeattributeset cache_file_26_0 (cache_file))
+(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_26_0 (cache_recovery_file))
+(typeattributeset camera_data_file_26_0 (camera_data_file))
+(typeattributeset camera_device_26_0 (camera_device))
+(typeattributeset cameraproxy_service_26_0 (cameraproxy_service))
+(typeattributeset cameraserver_26_0 (cameraserver))
+(typeattributeset cameraserver_exec_26_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_26_0 (cameraserver_service))
+(typeattributeset cgroup_26_0 (cgroup))
+(typeattributeset charger_26_0 (charger))
+(typeattributeset clatd_26_0 (clatd))
+(typeattributeset clatd_exec_26_0 (clatd_exec))
+(typeattributeset clipboard_service_26_0 (clipboard_service))
+(typeattributeset commontime_management_service_26_0 (commontime_management_service))
+(typeattributeset companion_device_service_26_0 (companion_device_service))
+(typeattributeset configfs_26_0 (configfs))
+(typeattributeset config_prop_26_0 (config_prop))
+(typeattributeset connectivity_service_26_0 (connectivity_service))
+(typeattributeset connmetrics_service_26_0 (connmetrics_service))
+(typeattributeset console_device_26_0 (console_device))
+(typeattributeset consumer_ir_service_26_0 (consumer_ir_service))
+(typeattributeset content_service_26_0 (content_service))
+(typeattributeset contexthub_service_26_0 (contexthub_service))
+(typeattributeset coredump_file_26_0 (coredump_file))
+(typeattributeset country_detector_service_26_0 (country_detector_service))
+(typeattributeset coverage_service_26_0 (coverage_service))
+(typeattributeset cppreopt_prop_26_0 (cppreopt_prop))
+(typeattributeset cppreopts_26_0 (cppreopts))
+(typeattributeset cppreopts_exec_26_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_26_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_26_0 (cpuinfo_service))
+(typeattributeset crash_dump_26_0 (crash_dump))
+(typeattributeset crash_dump_exec_26_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_26_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_26_0 (dalvik_prop))
+(typeattributeset dbinfo_service_26_0 (dbinfo_service))
+(typeattributeset debugfs_26_0
+ ( debugfs
+ debugfs_wakeup_sources
+ ))
+(typeattributeset debugfs_mmc_26_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_26_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_26_0 (debuggerd_prop))
+(typeattributeset debug_prop_26_0 (debug_prop))
+(typeattributeset default_android_hwservice_26_0 (default_android_hwservice))
+(typeattributeset default_android_service_26_0 (default_android_service))
+(typeattributeset default_android_vndservice_26_0 (default_android_vndservice))
+(typeattributeset default_prop_26_0
+ ( default_prop pm_prop))
+(typeattributeset device_26_0 (device))
+(typeattributeset device_identifiers_service_26_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_26_0 (deviceidle_service))
+(typeattributeset device_logging_prop_26_0 (device_logging_prop))
+(typeattributeset device_policy_service_26_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service))
+(typeattributeset devpts_26_0 (devpts))
+(typeattributeset dex2oat_26_0 (dex2oat))
+(typeattributeset dex2oat_exec_26_0 (dex2oat_exec))
+(typeattributeset dhcp_26_0 (dhcp))
+(typeattributeset dhcp_data_file_26_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_26_0 (dhcp_exec))
+(typeattributeset dhcp_prop_26_0 (dhcp_prop))
+(typeattributeset diskstats_service_26_0 (diskstats_service))
+(typeattributeset display_service_26_0 (display_service))
+(typeattributeset dm_device_26_0 (dm_device))
+(typeattributeset dnsmasq_26_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_26_0 (DockObserver_service))
+(typeattributeset dreams_service_26_0 (dreams_service))
+(typeattributeset drm_data_file_26_0 (drm_data_file))
+(typeattributeset drmserver_26_0 (drmserver))
+(typeattributeset drmserver_exec_26_0 (drmserver_exec))
+(typeattributeset drmserver_service_26_0 (drmserver_service))
+(typeattributeset drmserver_socket_26_0 (drmserver_socket))
+(typeattributeset dropbox_service_26_0 (dropbox_service))
+(typeattributeset dumpstate_26_0 (dumpstate))
+(typeattributeset dumpstate_exec_26_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_26_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_26_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_26_0 (dumpstate_socket))
+(typeattributeset efs_file_26_0 (efs_file))
+(typeattributeset ephemeral_app_26_0 (ephemeral_app))
+(typeattributeset ethernet_service_26_0 (ethernet_service))
+(typeattributeset ffs_prop_26_0 (ffs_prop))
+(typeattributeset file_contexts_file_26_0 (file_contexts_file))
+(typeattributeset fingerprintd_26_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_26_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_26_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_26_0 (fingerprint_service))
+(typeattributeset firstboot_prop_26_0 (firstboot_prop))
+(typeattributeset font_service_26_0 (font_service))
+(typeattributeset frp_block_device_26_0 (frp_block_device))
+(typeattributeset fsck_26_0 (fsck))
+(typeattributeset fsck_exec_26_0 (fsck_exec))
+(typeattributeset fscklogs_26_0 (fscklogs))
+(typeattributeset fsck_untrusted_26_0 (fsck_untrusted))
+(typeattributeset full_device_26_0 (full_device))
+(typeattributeset functionfs_26_0 (functionfs))
+(typeattributeset fuse_26_0 (fuse))
+(typeattributeset fuse_device_26_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_26_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_26_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_26_0 (gfxinfo_service))
+(typeattributeset gps_control_26_0 (gps_control))
+(typeattributeset gpu_device_26_0 (gpu_device))
+(typeattributeset gpu_service_26_0 (gpu_service))
+(typeattributeset graphics_device_26_0 (graphics_device))
+(typeattributeset graphicsstats_service_26_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice))
+(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice))
+(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice))
+(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_26_0 (hardware_properties_service))
+(typeattributeset hardware_service_26_0 (hardware_service))
+(typeattributeset hci_attach_dev_26_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_26_0 (hdmi_control_service))
+(typeattributeset healthd_26_0 (healthd))
+(typeattributeset healthd_exec_26_0 (healthd_exec))
+(typeattributeset heapdump_data_file_26_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_26_0 (hwbinder_device))
+(typeattributeset hw_random_device_26_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_26_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_26_0 (i2c_device))
+(typeattributeset icon_file_26_0 (icon_file))
+(typeattributeset idmap_26_0 (idmap))
+(typeattributeset idmap_exec_26_0 (idmap_exec))
+(typeattributeset iio_device_26_0 (iio_device))
+(typeattributeset imms_service_26_0 (imms_service))
+(typeattributeset incident_26_0 (incident))
+(typeattributeset incidentd_26_0 (incidentd))
+(typeattributeset incident_data_file_26_0 (incident_data_file))
+(typeattributeset incident_service_26_0 (incident_service))
+(typeattributeset init_26_0 (init))
+(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_26_0 (inotify))
+(typeattributeset input_device_26_0 (input_device))
+(typeattributeset inputflinger_26_0 (inputflinger))
+(typeattributeset inputflinger_exec_26_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_26_0 (inputflinger_service))
+(typeattributeset input_method_service_26_0 (input_method_service))
+(typeattributeset input_service_26_0 (input_service))
+(typeattributeset installd_26_0 (installd))
+(typeattributeset install_data_file_26_0 (install_data_file))
+(typeattributeset installd_exec_26_0 (installd_exec))
+(typeattributeset installd_service_26_0 (installd_service))
+(typeattributeset install_recovery_26_0 (install_recovery))
+(typeattributeset install_recovery_exec_26_0 (install_recovery_exec))
+(typeattributeset ion_device_26_0 (ion_device))
+(typeattributeset IProxyService_service_26_0 (IProxyService_service))
+(typeattributeset ipsec_service_26_0 (ipsec_service))
+(typeattributeset isolated_app_26_0 (isolated_app))
+(typeattributeset jobscheduler_service_26_0 (jobscheduler_service))
+(typeattributeset kernel_26_0 (kernel))
+(typeattributeset keychain_data_file_26_0 (keychain_data_file))
+(typeattributeset keychord_device_26_0 (keychord_device))
+(typeattributeset keystore_26_0 (keystore))
+(typeattributeset keystore_data_file_26_0 (keystore_data_file))
+(typeattributeset keystore_exec_26_0 (keystore_exec))
+(typeattributeset keystore_service_26_0 (keystore_service))
+(typeattributeset kmem_device_26_0 (kmem_device))
+(typeattributeset kmsg_device_26_0 (kmsg_device))
+(typeattributeset labeledfs_26_0 (labeledfs))
+(typeattributeset launcherapps_service_26_0 (launcherapps_service))
+(typeattributeset lmkd_26_0 (lmkd))
+(typeattributeset lmkd_exec_26_0 (lmkd_exec))
+(typeattributeset lmkd_socket_26_0 (lmkd_socket))
+(typeattributeset location_service_26_0 (location_service))
+(typeattributeset lock_settings_service_26_0 (lock_settings_service))
+(typeattributeset logcat_exec_26_0 (logcat_exec))
+(typeattributeset logd_26_0 (logd))
+(typeattributeset log_device_26_0 (log_device))
+(typeattributeset logd_exec_26_0 (logd_exec))
+(typeattributeset logd_prop_26_0 (logd_prop))
+(typeattributeset logdr_socket_26_0 (logdr_socket))
+(typeattributeset logd_socket_26_0 (logd_socket))
+(typeattributeset logdw_socket_26_0 (logdw_socket))
+(typeattributeset logpersist_26_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_26_0 (log_prop))
+(typeattributeset log_tag_prop_26_0 (log_tag_prop))
+(typeattributeset loop_control_device_26_0 (loop_control_device))
+(typeattributeset loop_device_26_0 (loop_device))
+(typeattributeset mac_perms_file_26_0 (mac_perms_file))
+(typeattributeset mdnsd_26_0 (mdnsd))
+(typeattributeset mdnsd_socket_26_0 (mdnsd_socket))
+(typeattributeset mdns_socket_26_0 (mdns_socket))
+(typeattributeset mediacasserver_service_26_0 (mediacasserver_service))
+(typeattributeset hal_omx_server (mediacodec_26_0))
+(typeattributeset mediacodec_26_0 (mediacodec))
+(typeattributeset mediacodec_exec_26_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_26_0 (mediacodec_service))
+(typeattributeset media_data_file_26_0 (media_data_file))
+(typeattributeset mediadrmserver_26_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_26_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_26_0 (mediaextractor_service))
+(typeattributeset mediametrics_26_0 (mediametrics))
+(typeattributeset mediametrics_exec_26_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_26_0 (mediametrics_service))
+(typeattributeset media_projection_service_26_0 (media_projection_service))
+(typeattributeset media_router_service_26_0 (media_router_service))
+(typeattributeset media_rw_data_file_26_0 (media_rw_data_file))
+(typeattributeset mediaserver_26_0 (mediaserver))
+(typeattributeset mediaserver_exec_26_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_26_0 (mediaserver_service))
+(typeattributeset media_session_service_26_0 (media_session_service))
+(typeattributeset meminfo_service_26_0 (meminfo_service))
+(typeattributeset metadata_block_device_26_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_26_0 (method_trace_data_file))
+(typeattributeset midi_service_26_0 (midi_service))
+(typeattributeset misc_block_device_26_0 (misc_block_device))
+(typeattributeset misc_logd_file_26_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_26_0 (misc_user_data_file))
+(typeattributeset mmc_prop_26_0 (mmc_prop))
+(typeattributeset mnt_expand_file_26_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_26_0 (mnt_user_file))
+(typeattributeset modprobe_26_0 (modprobe))
+(typeattributeset mount_service_26_0 (mount_service))
+(typeattributeset mqueue_26_0 (mqueue))
+(typeattributeset mtd_device_26_0 (mtd_device))
+(typeattributeset mtp_26_0 (mtp))
+(typeattributeset mtp_device_26_0 (mtp_device))
+(typeattributeset mtpd_socket_26_0 (mtpd_socket))
+(typeattributeset mtp_exec_26_0 (mtp_exec))
+(typeattributeset nativetest_data_file_26_0 (nativetest_data_file))
+(typeattributeset netd_26_0 (netd))
+(typeattributeset net_data_file_26_0 (net_data_file))
+(typeattributeset netd_exec_26_0 (netd_exec))
+(typeattributeset netd_listener_service_26_0 (netd_listener_service))
+(typeattributeset net_dns_prop_26_0 (net_dns_prop))
+(typeattributeset netd_service_26_0 (netd_service))
+(typeattributeset netd_socket_26_0 (netd_socket))
+(typeattributeset netif_26_0 (netif))
+(typeattributeset netpolicy_service_26_0 (netpolicy_service))
+(typeattributeset net_radio_prop_26_0 (net_radio_prop))
+(typeattributeset netstats_service_26_0 (netstats_service))
+(typeattributeset netutils_wrapper_26_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_26_0 (network_management_service))
+(typeattributeset network_score_service_26_0 (network_score_service))
+(typeattributeset network_time_update_service_26_0 (network_time_update_service))
+(typeattributeset nfc_26_0 (nfc))
+(typeattributeset nfc_data_file_26_0 (nfc_data_file))
+(typeattributeset nfc_device_26_0 (nfc_device))
+(typeattributeset nfc_prop_26_0 (nfc_prop))
+(typeattributeset nfc_service_26_0 (nfc_service))
+(typeattributeset node_26_0 (node))
+(typeattributeset notification_service_26_0 (notification_service))
+(typeattributeset null_device_26_0 (null_device))
+(typeattributeset oemfs_26_0 (oemfs))
+(typeattributeset oem_lock_service_26_0 (oem_lock_service))
+(typeattributeset ota_data_file_26_0 (ota_data_file))
+(typeattributeset otadexopt_service_26_0 (otadexopt_service))
+(typeattributeset ota_package_file_26_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_26_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_26_0 (overlay_prop))
+(typeattributeset overlay_service_26_0 (overlay_service))
+(typeattributeset owntty_device_26_0 (owntty_device))
+(typeattributeset package_service_26_0 (package_service))
+(typeattributeset pan_result_prop_26_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_26_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir))
+(typeattributeset performanced_26_0 (performanced))
+(typeattributeset performanced_exec_26_0 (performanced_exec))
+(typeattributeset permission_service_26_0 (permission_service))
+(typeattributeset persist_debug_prop_26_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_26_0 (pinner_service))
+(typeattributeset pipefs_26_0 (pipefs))
+(typeattributeset platform_app_26_0 (platform_app))
+(typeattributeset pmsg_device_26_0 (pmsg_device))
+(typeattributeset port_26_0 (port))
+(typeattributeset port_device_26_0 (port_device))
+(typeattributeset postinstall_26_0 (postinstall))
+(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_26_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_26_0 (powerctl_prop))
+(typeattributeset power_service_26_0 (power_service))
+(typeattributeset ppp_26_0 (ppp))
+(typeattributeset ppp_device_26_0 (ppp_device))
+(typeattributeset ppp_exec_26_0 (ppp_exec))
+(typeattributeset preloads_data_file_26_0 (preloads_data_file))
+(typeattributeset preloads_media_file_26_0 (preloads_media_file))
+(typeattributeset preopt2cachename_26_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
+(typeattributeset print_service_26_0 (print_service))
+(typeattributeset priv_app_26_0 (mediaprovider priv_app))
+(typeattributeset proc_26_0
+ ( proc
+ proc_abi
+ proc_asound
+ proc_buddyinfo
+ proc_cmdline
+ proc_dirty
+ proc_diskstats
+ proc_extra_free_kbytes
+ proc_filesystems
+ proc_hostname
+ proc_hung_task
+ proc_kmsg
+ proc_loadavg
+ proc_max_map_count
+ proc_min_free_order_shift
+ proc_mounts
+ proc_page_cluster
+ proc_pagetypeinfo
+ proc_panic
+ proc_pid_max
+ proc_pipe_conf
+ proc_random
+ proc_sched
+ proc_slabinfo
+ proc_swaps
+ proc_uid_time_in_state
+ proc_uid_concurrent_active_time
+ proc_uid_concurrent_policy_time
+ proc_uid_cpupower
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat))
+(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
+(typeattributeset processinfo_service_26_0 (processinfo_service))
+(typeattributeset proc_interrupts_26_0 (proc_interrupts))
+(typeattributeset proc_iomem_26_0 (proc_iomem))
+(typeattributeset proc_meminfo_26_0 (proc_meminfo))
+(typeattributeset proc_misc_26_0 (proc_misc))
+(typeattributeset proc_modules_26_0 (proc_modules))
+(typeattributeset proc_net_26_0
+ ( proc_net
+ proc_net_tcp_udp
+ proc_qtaguid_stat))
+(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_26_0 (proc_perf))
+(typeattributeset proc_security_26_0 (proc_security))
+(typeattributeset proc_stat_26_0 (proc_stat))
+(typeattributeset procstats_service_26_0 (procstats_service))
+(typeattributeset proc_sysrq_26_0 (proc_sysrq))
+(typeattributeset proc_timer_26_0 (proc_timer))
+(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set))
+(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo))
+(typeattributeset profman_26_0 (profman))
+(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file))
+(typeattributeset profman_exec_26_0 (profman_exec))
+(typeattributeset properties_device_26_0 (properties_device))
+(typeattributeset properties_serial_26_0 (properties_serial))
+(typeattributeset property_contexts_file_26_0 (property_contexts_file))
+(typeattributeset property_data_file_26_0 (property_data_file))
+(typeattributeset property_socket_26_0 (property_socket))
+(typeattributeset pstorefs_26_0 (pstorefs))
+(typeattributeset ptmx_device_26_0 (ptmx_device))
+(typeattributeset qtaguid_device_26_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_26_0
+ ( qtaguid_proc
+ proc_qtaguid_ctrl))
+(typeattributeset racoon_26_0 (racoon))
+(typeattributeset racoon_exec_26_0 (racoon_exec))
+(typeattributeset racoon_socket_26_0 (racoon_socket))
+(typeattributeset radio_26_0 (radio))
+(typeattributeset radio_data_file_26_0 (radio_data_file))
+(typeattributeset radio_device_26_0 (radio_device))
+(typeattributeset radio_prop_26_0 (radio_prop))
+(typeattributeset radio_service_26_0 (radio_service))
+(typeattributeset ram_device_26_0 (ram_device))
+(typeattributeset random_device_26_0 (random_device))
+(typeattributeset reboot_data_file_26_0 (reboot_data_file))
+(typeattributeset recovery_26_0 (recovery))
+(typeattributeset recovery_block_device_26_0 (recovery_block_device))
+(typeattributeset recovery_data_file_26_0 (recovery_data_file))
+(typeattributeset recovery_persist_26_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_26_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_26_0 (recovery_service))
+(typeattributeset registry_service_26_0 (registry_service))
+(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_26_0 (restorecon_prop))
+(typeattributeset restrictions_service_26_0 (restrictions_service))
+(typeattributeset rild_26_0 (rild))
+(typeattributeset rild_debug_socket_26_0 (rild_debug_socket))
+(typeattributeset rild_socket_26_0 (rild_socket))
+(typeattributeset ringtone_file_26_0 (ringtone_file))
+(typeattributeset root_block_device_26_0 (root_block_device))
+(typeattributeset rootfs_26_0 (rootfs))
+(typeattributeset rpmsg_device_26_0 (rpmsg_device))
+(typeattributeset rtc_device_26_0 (rtc_device))
+(typeattributeset rttmanager_service_26_0 (rttmanager_service))
+(typeattributeset runas_26_0 (runas))
+(typeattributeset runas_exec_26_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_26_0 (safemode_prop))
+(typeattributeset same_process_hal_file_26_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service))
+(typeattributeset sdcardd_26_0 (sdcardd))
+(typeattributeset sdcardd_exec_26_0 (sdcardd_exec))
+(typeattributeset sdcardfs_26_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file))
+(typeattributeset search_service_26_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_26_0 (selinuxfs))
+(typeattributeset sensors_device_26_0 (sensors_device))
+(typeattributeset sensorservice_service_26_0 (sensorservice_service))
+(typeattributeset sepolicy_file_26_0 (sepolicy_file))
+(typeattributeset serial_device_26_0 (serial_device))
+(typeattributeset serialno_prop_26_0 (serialno_prop))
+(typeattributeset serial_service_26_0 (serial_service))
+(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file))
+(typeattributeset servicediscovery_service_26_0 (servicediscovery_service))
+(typeattributeset servicemanager_26_0 (servicemanager))
+(typeattributeset servicemanager_exec_26_0 (servicemanager_exec))
+(typeattributeset settings_service_26_0 (settings_service))
+(typeattributeset sgdisk_26_0 (sgdisk))
+(typeattributeset sgdisk_exec_26_0 (sgdisk_exec))
+(typeattributeset shared_relro_26_0 (shared_relro))
+(typeattributeset shared_relro_file_26_0 (shared_relro_file))
+(typeattributeset shell_26_0 (shell))
+(typeattributeset shell_data_file_26_0 (shell_data_file))
+(typeattributeset shell_exec_26_0 (shell_exec))
+(typeattributeset shell_prop_26_0 (shell_prop))
+(typeattributeset shm_26_0 (shm))
+(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_26_0 (shortcut_service))
+(typeattributeset slideshow_26_0 (slideshow))
+(typeattributeset socket_device_26_0 (socket_device))
+(typeattributeset sockfs_26_0 (sockfs))
+(typeattributeset statusbar_service_26_0 (statusbar_service))
+(typeattributeset storaged_service_26_0 (storaged_service))
+(typeattributeset storage_file_26_0 (storage_file))
+(typeattributeset storagestats_service_26_0 (storagestats_service))
+(typeattributeset storage_stub_file_26_0 (storage_stub_file))
+(typeattributeset su_26_0 (su))
+(typeattributeset su_exec_26_0 (su_exec))
+(typeattributeset surfaceflinger_26_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_26_0 (swap_block_device))
+(typeattributeset sysfs_26_0
+ ( sysfs
+ sysfs_android_usb
+ sysfs_dm
+ sysfs_dt_firmware_android
+ sysfs_ipv4
+ sysfs_kernel_notes
+ sysfs_loop
+ sysfs_net
+ sysfs_power
+ sysfs_rtc
+ sysfs_switch
+ sysfs_wakeup_reasons))
+(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_26_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_26_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_26_0 (sysfs_uio))
+(typeattributeset sysfs_usb_26_0 (sysfs_usb))
+(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_26_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent))
+(typeattributeset system_app_26_0 (system_app))
+(typeattributeset system_app_data_file_26_0 (system_app_data_file))
+(typeattributeset system_app_service_26_0 (system_app_service))
+(typeattributeset system_block_device_26_0 (system_block_device))
+(typeattributeset system_data_file_26_0
+ ( system_data_file
+ dropbox_data_file
+ vendor_data_file))
+(typeattributeset system_file_26_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket))
+(typeattributeset system_prop_26_0 (system_prop))
+(typeattributeset system_radio_prop_26_0 (system_radio_prop))
+(typeattributeset system_server_26_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_26_0 (system_wpa_socket))
+(typeattributeset task_service_26_0 (task_service))
+(typeattributeset tee_26_0 (tee))
+(typeattributeset tee_data_file_26_0 (tee_data_file))
+(typeattributeset tee_device_26_0 (tee_device))
+(typeattributeset telecom_service_26_0 (telecom_service))
+(typeattributeset textclassification_service_26_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file))
+(typeattributeset textservices_service_26_0 (textservices_service))
+(typeattributeset tmpfs_26_0 (tmpfs))
+(typeattributeset tombstoned_26_0 (tombstoned))
+(typeattributeset tombstone_data_file_26_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_26_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket))
+(typeattributeset toolbox_26_0 (toolbox))
+(typeattributeset toolbox_exec_26_0 (toolbox_exec))
+(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable))
+(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug))
+(typeattributeset trust_service_26_0 (trust_service))
+(typeattributeset tty_device_26_0 (tty_device))
+(typeattributeset tun_device_26_0 (tun_device))
+(typeattributeset tv_input_service_26_0 (tv_input_service))
+(typeattributeset tzdatacheck_26_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec))
+(typeattributeset ueventd_26_0 (ueventd))
+(typeattributeset uhid_device_26_0 (uhid_device))
+(typeattributeset uimode_service_26_0 (uimode_service))
+(typeattributeset uio_device_26_0 (uio_device))
+(typeattributeset uncrypt_26_0 (uncrypt))
+(typeattributeset uncrypt_exec_26_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_26_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file))
+(typeattributeset unlabeled_26_0 (unlabeled))
+(typeattributeset untrusted_app_25_26_0 (untrusted_app_25))
+(typeattributeset untrusted_app_26_0
+ ( untrusted_app
+ untrusted_app_27))
+(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app))
+(typeattributeset update_engine_26_0 (update_engine))
+(typeattributeset update_engine_data_file_26_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_26_0 (update_engine_exec))
+(typeattributeset update_engine_service_26_0 (update_engine_service))
+(typeattributeset updatelock_service_26_0 (updatelock_service))
+(typeattributeset update_verifier_26_0 (update_verifier))
+(typeattributeset update_verifier_exec_26_0 (update_verifier_exec))
+(typeattributeset usagestats_service_26_0 (usagestats_service))
+(typeattributeset usbaccessory_device_26_0 (usbaccessory_device))
+(typeattributeset usb_device_26_0 (usb_device))
+(typeattributeset usbfs_26_0 (usbfs))
+(typeattributeset usb_service_26_0 (usb_service))
+(typeattributeset userdata_block_device_26_0 (userdata_block_device))
+(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper))
+(typeattributeset user_profile_data_file_26_0 (user_profile_data_file))
+(typeattributeset user_service_26_0 (user_service))
+(typeattributeset vcs_device_26_0 (vcs_device))
+(typeattributeset vdc_26_0 (vdc))
+(typeattributeset vdc_exec_26_0 (vdc_exec))
+(typeattributeset vendor_app_file_26_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_26_0 (vendor_configs_file))
+(typeattributeset vendor_file_26_0 (vendor_file))
+(typeattributeset vendor_framework_file_26_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_26_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec))
+(typeattributeset vfat_26_0 (vfat))
+(typeattributeset vibrator_service_26_0 (vibrator_service))
+(typeattributeset video_device_26_0 (video_device))
+(typeattributeset virtual_touchpad_26_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_26_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_26_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_26_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service))
+(typeattributeset vold_26_0 (vold))
+(typeattributeset vold_data_file_26_0 (vold_data_file))
+(typeattributeset vold_device_26_0 (vold_device))
+(typeattributeset vold_exec_26_0 (vold_exec))
+(typeattributeset vold_prop_26_0 (vold_prop))
+(typeattributeset vold_socket_26_0 (vold_socket))
+(typeattributeset vpn_data_file_26_0 (vpn_data_file))
+(typeattributeset vr_hwc_26_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_26_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_26_0 (vr_manager_service))
+(typeattributeset wallpaper_file_26_0 (wallpaper_file))
+(typeattributeset wallpaper_service_26_0 (wallpaper_service))
+(typeattributeset watchdogd_26_0 (watchdogd))
+(typeattributeset watchdog_device_26_0 (watchdog_device))
+(typeattributeset webviewupdate_service_26_0 (webviewupdate_service))
+(typeattributeset webview_zygote_26_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_26_0 (wifiaware_service))
+(typeattributeset wificond_26_0 (wificond))
+(typeattributeset wificond_exec_26_0 (wificond_exec))
+(typeattributeset wificond_service_26_0 (wificond_service))
+(typeattributeset wifi_data_file_26_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_26_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_26_0 (wifip2p_service))
+(typeattributeset wifi_prop_26_0 (wifi_prop))
+(typeattributeset wifiscanner_service_26_0 (wifiscanner_service))
+(typeattributeset wifi_service_26_0 (wifi_service))
+(typeattributeset window_service_26_0 (window_service))
+(typeattributeset wpa_socket_26_0 (wpa_socket))
+(typeattributeset zero_device_26_0 (zero_device))
+(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file))
+(typeattributeset zygote_26_0 (zygote))
+(typeattributeset zygote_exec_26_0 (zygote_exec))
+(typeattributeset zygote_socket_26_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
new file mode 100644
index 0000000..b395855
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil
@@ -0,0 +1,229 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ adbd_exec
+ app_binding_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ app_zygote
+ atrace
+ binder_calls_stats_service
+ biometric_service
+ bootloader_boot_reason_prop
+ blank_screen
+ blank_screen_exec
+ blank_screen_tmpfs
+ bluetooth_a2dp_offload_prop
+ bpfloader
+ bpfloader_exec
+ broadcastradio_service
+ cgroup_bpf
+ charger_exec
+ color_display_service
+ content_capture_service
+ crossprofileapps_service
+ ctl_apexd_prop
+ ctl_interface_restart_prop
+ ctl_interface_start_prop
+ ctl_interface_stop_prop
+ ctl_sigstop_prop
+ device_config_boot_count_prop
+ device_config_reset_performed_prop
+ device_config_netd_native_prop
+ dnsresolver_service
+ e2fs
+ e2fs_exec
+ exfat
+ exported_audio_prop
+ exported_bluetooth_prop
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_overlay_prop
+ exported_pm_prop
+ exported_radio_prop
+ exported_secure_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported_wifi_prop
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_radio_prop
+ exported3_system_prop
+ fastbootd
+ fingerprint_vendor_data_file
+ flags_health_check
+ flags_health_check_exec
+ fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
+ hal_audiocontrol_hwservice
+ hal_authsecret_hwservice
+ hal_broadcastradio_hwservice
+ hal_cas_hwservice
+ hal_codec2_hwservice
+ hal_confirmationui_hwservice
+ hal_evs_hwservice
+ hal_health_storage_hwservice
+ hal_lowpan_hwservice
+ hal_neuralnetworks_hwservice
+ hal_secure_element_hwservice
+ hal_tetheroffload_hwservice
+ hal_wifi_hostapd_hwservice
+ hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
+ hal_wifi_offload_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
+ incident_helper
+ incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
+ kmsg_debug_device
+ last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lowpan_device
+ lowpan_prop
+ lowpan_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ mediaextractor_update_service
+ mediaprovider_tmpfs
+ metadata_bootstat_file
+ metadata_file
+ mnt_product_file
+ mnt_vendor_file
+ netd_stable_secret_prop
+ network_stack
+ network_stack_service
+ network_watchlist_data_file
+ network_watchlist_service
+ overlayfs_file
+ package_native_service
+ perfetto
+ perfetto_exec
+ perfetto_tmpfs
+ perfetto_traces_data_file
+ property_info
+ recovery_socket
+ role_service
+ runas_app
+ art_apex_dir
+ runtime_service
+ secure_element
+ secure_element_device
+ secure_element_tmpfs
+ secure_element_service
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ slice_service
+ socket_hook_prop
+ staging_data_file
+ stats
+ stats_data_file
+ stats_exec
+ stats_service
+ statsd
+ statsd_exec
+ statsd_tmpfs
+ statsdw
+ statsdw_socket
+ statscompanion_service
+ storaged_data_file
+ super_block_device
+ sysfs_fs_ext4_features
+ system_boot_reason_prop
+ system_bootstrap_lib_file
+ system_lmk_prop
+ system_net_netd_hwservice
+ system_update_service
+ test_boot_reason_prop
+ thermal_service
+ thermalcallback_hwservice
+ thermalserviced
+ thermalserviced_exec
+ thermalserviced_tmpfs
+ time_prop
+ timedetector_service
+ timezone_service
+ tombstoned_java_trace_socket
+ tombstone_wifi_data_file
+ trace_data_file
+ traceur_app
+ traceur_app_tmpfs
+ traced
+ traced_consumer_socket
+ traced_enabled_prop
+ traced_exec
+ traced_probes
+ traced_probes_exec
+ traced_probes_tmpfs
+ traced_producer_socket
+ traced_tmpfs
+ untrusted_app_all_devpts
+ update_engine_log_data_file
+ vendor_default_prop
+ vendor_security_patch_level_prop
+ uri_grants_service
+ usbd
+ usbd_exec
+ usbd_tmpfs
+ vendor_apex_file
+ vendor_init
+ vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
+ vold_metadata_file
+ vold_prepare_subdirs
+ vold_prepare_subdirs_exec
+ vold_service
+ vrflinger_vsync_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
+ wpantund
+ wpantund_exec
+ wpantund_service
+ wpantund_tmpfs
+ wm_trace_data_file))
+
+;; private_objects - a collection of types that were labeled differently in
+;; older policy, but that should not remain accessible to vendor policy.
+;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
+(typeattribute priv_objects)
+(typeattributeset priv_objects
+ ( priv_objects
+ adbd_tmpfs
+ untrusted_app_27_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.cil
new file mode 100644
index 0000000..0d883c0
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.cil
@@ -0,0 +1,1507 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type commontime_management_service)
+(type hal_wifi_offload_hwservice)
+(type mediacodec)
+(type mediacodec_exec)
+(type netd_socket)
+(type qtaguid_proc)
+(type reboot_data_file)
+(type rild)
+(type untrusted_v2_app)
+(type webview_zygote_socket)
+(type vold_socket)
+
+(expandtypeattribute (accessibility_service_27_0) true)
+(expandtypeattribute (account_service_27_0) true)
+(expandtypeattribute (activity_service_27_0) true)
+(expandtypeattribute (adbd_27_0) true)
+(expandtypeattribute (adb_data_file_27_0) true)
+(expandtypeattribute (adbd_exec_27_0) true)
+(expandtypeattribute (adbd_socket_27_0) true)
+(expandtypeattribute (adb_keys_file_27_0) true)
+(expandtypeattribute (alarm_device_27_0) true)
+(expandtypeattribute (alarm_service_27_0) true)
+(expandtypeattribute (anr_data_file_27_0) true)
+(expandtypeattribute (apk_data_file_27_0) true)
+(expandtypeattribute (apk_private_data_file_27_0) true)
+(expandtypeattribute (apk_private_tmp_file_27_0) true)
+(expandtypeattribute (apk_tmp_file_27_0) true)
+(expandtypeattribute (app_data_file_27_0) true)
+(expandtypeattribute (app_fuse_file_27_0) true)
+(expandtypeattribute (app_fusefs_27_0) true)
+(expandtypeattribute (appops_service_27_0) true)
+(expandtypeattribute (appwidget_service_27_0) true)
+(expandtypeattribute (asec_apk_file_27_0) true)
+(expandtypeattribute (asec_image_file_27_0) true)
+(expandtypeattribute (asec_public_file_27_0) true)
+(expandtypeattribute (ashmem_device_27_0) true)
+(expandtypeattribute (assetatlas_service_27_0) true)
+(expandtypeattribute (audio_data_file_27_0) true)
+(expandtypeattribute (audio_device_27_0) true)
+(expandtypeattribute (audiohal_data_file_27_0) true)
+(expandtypeattribute (audio_prop_27_0) true)
+(expandtypeattribute (audio_seq_device_27_0) true)
+(expandtypeattribute (audioserver_27_0) true)
+(expandtypeattribute (audioserver_data_file_27_0) true)
+(expandtypeattribute (audioserver_service_27_0) true)
+(expandtypeattribute (audio_service_27_0) true)
+(expandtypeattribute (audio_timer_device_27_0) true)
+(expandtypeattribute (autofill_service_27_0) true)
+(expandtypeattribute (backup_data_file_27_0) true)
+(expandtypeattribute (backup_service_27_0) true)
+(expandtypeattribute (batteryproperties_service_27_0) true)
+(expandtypeattribute (battery_service_27_0) true)
+(expandtypeattribute (batterystats_service_27_0) true)
+(expandtypeattribute (binder_device_27_0) true)
+(expandtypeattribute (binfmt_miscfs_27_0) true)
+(expandtypeattribute (blkid_27_0) true)
+(expandtypeattribute (blkid_untrusted_27_0) true)
+(expandtypeattribute (block_device_27_0) true)
+(expandtypeattribute (bluetooth_27_0) true)
+(expandtypeattribute (bluetooth_data_file_27_0) true)
+(expandtypeattribute (bluetooth_efs_file_27_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_27_0) true)
+(expandtypeattribute (bluetooth_manager_service_27_0) true)
+(expandtypeattribute (bluetooth_prop_27_0) true)
+(expandtypeattribute (bluetooth_service_27_0) true)
+(expandtypeattribute (bluetooth_socket_27_0) true)
+(expandtypeattribute (bootanim_27_0) true)
+(expandtypeattribute (bootanim_exec_27_0) true)
+(expandtypeattribute (boot_block_device_27_0) true)
+(expandtypeattribute (bootchart_data_file_27_0) true)
+(expandtypeattribute (bootstat_27_0) true)
+(expandtypeattribute (bootstat_data_file_27_0) true)
+(expandtypeattribute (bootstat_exec_27_0) true)
+(expandtypeattribute (boottime_prop_27_0) true)
+(expandtypeattribute (boottrace_data_file_27_0) true)
+(expandtypeattribute (broadcastradio_service_27_0) true)
+(expandtypeattribute (bufferhubd_27_0) true)
+(expandtypeattribute (bufferhubd_exec_27_0) true)
+(expandtypeattribute (cache_backup_file_27_0) true)
+(expandtypeattribute (cache_block_device_27_0) true)
+(expandtypeattribute (cache_file_27_0) true)
+(expandtypeattribute (cache_private_backup_file_27_0) true)
+(expandtypeattribute (cache_recovery_file_27_0) true)
+(expandtypeattribute (camera_data_file_27_0) true)
+(expandtypeattribute (camera_device_27_0) true)
+(expandtypeattribute (cameraproxy_service_27_0) true)
+(expandtypeattribute (cameraserver_27_0) true)
+(expandtypeattribute (cameraserver_exec_27_0) true)
+(expandtypeattribute (cameraserver_service_27_0) true)
+(expandtypeattribute (cgroup_27_0) true)
+(expandtypeattribute (charger_27_0) true)
+(expandtypeattribute (clatd_27_0) true)
+(expandtypeattribute (clatd_exec_27_0) true)
+(expandtypeattribute (clipboard_service_27_0) true)
+(expandtypeattribute (commontime_management_service_27_0) true)
+(expandtypeattribute (companion_device_service_27_0) true)
+(expandtypeattribute (configfs_27_0) true)
+(expandtypeattribute (config_prop_27_0) true)
+(expandtypeattribute (connectivity_service_27_0) true)
+(expandtypeattribute (connmetrics_service_27_0) true)
+(expandtypeattribute (console_device_27_0) true)
+(expandtypeattribute (consumer_ir_service_27_0) true)
+(expandtypeattribute (content_service_27_0) true)
+(expandtypeattribute (contexthub_service_27_0) true)
+(expandtypeattribute (coredump_file_27_0) true)
+(expandtypeattribute (country_detector_service_27_0) true)
+(expandtypeattribute (coverage_service_27_0) true)
+(expandtypeattribute (cppreopt_prop_27_0) true)
+(expandtypeattribute (cppreopts_27_0) true)
+(expandtypeattribute (cppreopts_exec_27_0) true)
+(expandtypeattribute (cpuctl_device_27_0) true)
+(expandtypeattribute (cpuinfo_service_27_0) true)
+(expandtypeattribute (crash_dump_27_0) true)
+(expandtypeattribute (crash_dump_exec_27_0) true)
+(expandtypeattribute (ctl_bootanim_prop_27_0) true)
+(expandtypeattribute (ctl_bugreport_prop_27_0) true)
+(expandtypeattribute (ctl_console_prop_27_0) true)
+(expandtypeattribute (ctl_default_prop_27_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_27_0) true)
+(expandtypeattribute (ctl_fuse_prop_27_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_27_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_27_0) true)
+(expandtypeattribute (dalvikcache_data_file_27_0) true)
+(expandtypeattribute (dalvik_prop_27_0) true)
+(expandtypeattribute (dbinfo_service_27_0) true)
+(expandtypeattribute (debugfs_27_0) true)
+(expandtypeattribute (debugfs_mmc_27_0) true)
+(expandtypeattribute (debugfs_trace_marker_27_0) true)
+(expandtypeattribute (debugfs_tracing_27_0) true)
+(expandtypeattribute (debugfs_tracing_debug_27_0) true)
+(expandtypeattribute (debugfs_tracing_instances_27_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_27_0) true)
+(expandtypeattribute (debuggerd_prop_27_0) true)
+(expandtypeattribute (debug_prop_27_0) true)
+(expandtypeattribute (default_android_hwservice_27_0) true)
+(expandtypeattribute (default_android_service_27_0) true)
+(expandtypeattribute (default_android_vndservice_27_0) true)
+(expandtypeattribute (default_prop_27_0) true)
+(expandtypeattribute (device_27_0) true)
+(expandtypeattribute (device_identifiers_service_27_0) true)
+(expandtypeattribute (deviceidle_service_27_0) true)
+(expandtypeattribute (device_logging_prop_27_0) true)
+(expandtypeattribute (device_policy_service_27_0) true)
+(expandtypeattribute (devicestoragemonitor_service_27_0) true)
+(expandtypeattribute (devpts_27_0) true)
+(expandtypeattribute (dex2oat_27_0) true)
+(expandtypeattribute (dex2oat_exec_27_0) true)
+(expandtypeattribute (dhcp_27_0) true)
+(expandtypeattribute (dhcp_data_file_27_0) true)
+(expandtypeattribute (dhcp_exec_27_0) true)
+(expandtypeattribute (dhcp_prop_27_0) true)
+(expandtypeattribute (diskstats_service_27_0) true)
+(expandtypeattribute (display_service_27_0) true)
+(expandtypeattribute (dm_device_27_0) true)
+(expandtypeattribute (dnsmasq_27_0) true)
+(expandtypeattribute (dnsmasq_exec_27_0) true)
+(expandtypeattribute (dnsproxyd_socket_27_0) true)
+(expandtypeattribute (DockObserver_service_27_0) true)
+(expandtypeattribute (dreams_service_27_0) true)
+(expandtypeattribute (drm_data_file_27_0) true)
+(expandtypeattribute (drmserver_27_0) true)
+(expandtypeattribute (drmserver_exec_27_0) true)
+(expandtypeattribute (drmserver_service_27_0) true)
+(expandtypeattribute (drmserver_socket_27_0) true)
+(expandtypeattribute (dropbox_service_27_0) true)
+(expandtypeattribute (dumpstate_27_0) true)
+(expandtypeattribute (dumpstate_exec_27_0) true)
+(expandtypeattribute (dumpstate_options_prop_27_0) true)
+(expandtypeattribute (dumpstate_prop_27_0) true)
+(expandtypeattribute (dumpstate_service_27_0) true)
+(expandtypeattribute (dumpstate_socket_27_0) true)
+(expandtypeattribute (e2fs_27_0) true)
+(expandtypeattribute (e2fs_exec_27_0) true)
+(expandtypeattribute (efs_file_27_0) true)
+(expandtypeattribute (ephemeral_app_27_0) true)
+(expandtypeattribute (ethernet_service_27_0) true)
+(expandtypeattribute (ffs_prop_27_0) true)
+(expandtypeattribute (file_contexts_file_27_0) true)
+(expandtypeattribute (fingerprintd_27_0) true)
+(expandtypeattribute (fingerprintd_data_file_27_0) true)
+(expandtypeattribute (fingerprintd_exec_27_0) true)
+(expandtypeattribute (fingerprintd_service_27_0) true)
+(expandtypeattribute (fingerprint_prop_27_0) true)
+(expandtypeattribute (fingerprint_service_27_0) true)
+(expandtypeattribute (firstboot_prop_27_0) true)
+(expandtypeattribute (font_service_27_0) true)
+(expandtypeattribute (frp_block_device_27_0) true)
+(expandtypeattribute (fsck_27_0) true)
+(expandtypeattribute (fsck_exec_27_0) true)
+(expandtypeattribute (fscklogs_27_0) true)
+(expandtypeattribute (fsck_untrusted_27_0) true)
+(expandtypeattribute (full_device_27_0) true)
+(expandtypeattribute (functionfs_27_0) true)
+(expandtypeattribute (fuse_27_0) true)
+(expandtypeattribute (fuse_device_27_0) true)
+(expandtypeattribute (fwk_display_hwservice_27_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_27_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_27_0) true)
+(expandtypeattribute (fwmarkd_socket_27_0) true)
+(expandtypeattribute (gatekeeperd_27_0) true)
+(expandtypeattribute (gatekeeper_data_file_27_0) true)
+(expandtypeattribute (gatekeeperd_exec_27_0) true)
+(expandtypeattribute (gatekeeper_service_27_0) true)
+(expandtypeattribute (gfxinfo_service_27_0) true)
+(expandtypeattribute (gps_control_27_0) true)
+(expandtypeattribute (gpu_device_27_0) true)
+(expandtypeattribute (gpu_service_27_0) true)
+(expandtypeattribute (graphics_device_27_0) true)
+(expandtypeattribute (graphicsstats_service_27_0) true)
+(expandtypeattribute (hal_audio_hwservice_27_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_27_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_27_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_27_0) true)
+(expandtypeattribute (hal_camera_hwservice_27_0) true)
+(expandtypeattribute (hal_cas_hwservice_27_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_27_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_27_0) true)
+(expandtypeattribute (hal_drm_hwservice_27_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_27_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_27_0) true)
+(expandtypeattribute (hal_fingerprint_service_27_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_27_0) true)
+(expandtypeattribute (hal_gnss_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_27_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_27_0) true)
+(expandtypeattribute (hal_health_hwservice_27_0) true)
+(expandtypeattribute (hal_ir_hwservice_27_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_27_0) true)
+(expandtypeattribute (hal_light_hwservice_27_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_27_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_27_0) true)
+(expandtypeattribute (hal_nfc_hwservice_27_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_27_0) true)
+(expandtypeattribute (hal_omx_hwservice_27_0) true)
+(expandtypeattribute (hal_power_hwservice_27_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_27_0) true)
+(expandtypeattribute (hal_sensors_hwservice_27_0) true)
+(expandtypeattribute (hal_telephony_hwservice_27_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_27_0) true)
+(expandtypeattribute (hal_thermal_hwservice_27_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_27_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_27_0) true)
+(expandtypeattribute (hal_usb_hwservice_27_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_27_0) true)
+(expandtypeattribute (hal_vr_hwservice_27_0) true)
+(expandtypeattribute (hal_weaver_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_27_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_27_0) true)
+(expandtypeattribute (hardware_properties_service_27_0) true)
+(expandtypeattribute (hardware_service_27_0) true)
+(expandtypeattribute (hci_attach_dev_27_0) true)
+(expandtypeattribute (hdmi_control_service_27_0) true)
+(expandtypeattribute (healthd_27_0) true)
+(expandtypeattribute (healthd_exec_27_0) true)
+(expandtypeattribute (heapdump_data_file_27_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_27_0) true)
+(expandtypeattribute (hidl_base_hwservice_27_0) true)
+(expandtypeattribute (hidl_manager_hwservice_27_0) true)
+(expandtypeattribute (hidl_memory_hwservice_27_0) true)
+(expandtypeattribute (hidl_token_hwservice_27_0) true)
+(expandtypeattribute (hwbinder_device_27_0) true)
+(expandtypeattribute (hw_random_device_27_0) true)
+(expandtypeattribute (hwservice_contexts_file_27_0) true)
+(expandtypeattribute (hwservicemanager_27_0) true)
+(expandtypeattribute (hwservicemanager_exec_27_0) true)
+(expandtypeattribute (hwservicemanager_prop_27_0) true)
+(expandtypeattribute (i2c_device_27_0) true)
+(expandtypeattribute (icon_file_27_0) true)
+(expandtypeattribute (idmap_27_0) true)
+(expandtypeattribute (idmap_exec_27_0) true)
+(expandtypeattribute (iio_device_27_0) true)
+(expandtypeattribute (imms_service_27_0) true)
+(expandtypeattribute (incident_27_0) true)
+(expandtypeattribute (incidentd_27_0) true)
+(expandtypeattribute (incident_data_file_27_0) true)
+(expandtypeattribute (incident_service_27_0) true)
+(expandtypeattribute (init_27_0) true)
+(expandtypeattribute (init_exec_27_0) true)
+(expandtypeattribute (inotify_27_0) true)
+(expandtypeattribute (input_device_27_0) true)
+(expandtypeattribute (inputflinger_27_0) true)
+(expandtypeattribute (inputflinger_exec_27_0) true)
+(expandtypeattribute (inputflinger_service_27_0) true)
+(expandtypeattribute (input_method_service_27_0) true)
+(expandtypeattribute (input_service_27_0) true)
+(expandtypeattribute (installd_27_0) true)
+(expandtypeattribute (install_data_file_27_0) true)
+(expandtypeattribute (installd_exec_27_0) true)
+(expandtypeattribute (installd_service_27_0) true)
+(expandtypeattribute (install_recovery_27_0) true)
+(expandtypeattribute (install_recovery_exec_27_0) true)
+(expandtypeattribute (ion_device_27_0) true)
+(expandtypeattribute (IProxyService_service_27_0) true)
+(expandtypeattribute (ipsec_service_27_0) true)
+(expandtypeattribute (isolated_app_27_0) true)
+(expandtypeattribute (jobscheduler_service_27_0) true)
+(expandtypeattribute (kernel_27_0) true)
+(expandtypeattribute (keychain_data_file_27_0) true)
+(expandtypeattribute (keychord_device_27_0) true)
+(expandtypeattribute (keystore_27_0) true)
+(expandtypeattribute (keystore_data_file_27_0) true)
+(expandtypeattribute (keystore_exec_27_0) true)
+(expandtypeattribute (keystore_service_27_0) true)
+(expandtypeattribute (kmem_device_27_0) true)
+(expandtypeattribute (kmsg_debug_device_27_0) true)
+(expandtypeattribute (kmsg_device_27_0) true)
+(expandtypeattribute (labeledfs_27_0) true)
+(expandtypeattribute (launcherapps_service_27_0) true)
+(expandtypeattribute (lmkd_27_0) true)
+(expandtypeattribute (lmkd_exec_27_0) true)
+(expandtypeattribute (lmkd_socket_27_0) true)
+(expandtypeattribute (location_service_27_0) true)
+(expandtypeattribute (lock_settings_service_27_0) true)
+(expandtypeattribute (logcat_exec_27_0) true)
+(expandtypeattribute (logd_27_0) true)
+(expandtypeattribute (logd_exec_27_0) true)
+(expandtypeattribute (logd_prop_27_0) true)
+(expandtypeattribute (logdr_socket_27_0) true)
+(expandtypeattribute (logd_socket_27_0) true)
+(expandtypeattribute (logdw_socket_27_0) true)
+(expandtypeattribute (logpersist_27_0) true)
+(expandtypeattribute (logpersistd_logging_prop_27_0) true)
+(expandtypeattribute (log_prop_27_0) true)
+(expandtypeattribute (log_tag_prop_27_0) true)
+(expandtypeattribute (loop_control_device_27_0) true)
+(expandtypeattribute (loop_device_27_0) true)
+(expandtypeattribute (mac_perms_file_27_0) true)
+(expandtypeattribute (mdnsd_27_0) true)
+(expandtypeattribute (mdnsd_socket_27_0) true)
+(expandtypeattribute (mdns_socket_27_0) true)
+(expandtypeattribute (mediacodec_27_0) true)
+(expandtypeattribute (mediacodec_exec_27_0) true)
+(expandtypeattribute (mediacodec_service_27_0) true)
+(expandtypeattribute (media_data_file_27_0) true)
+(expandtypeattribute (mediadrmserver_27_0) true)
+(expandtypeattribute (mediadrmserver_exec_27_0) true)
+(expandtypeattribute (mediadrmserver_service_27_0) true)
+(expandtypeattribute (mediaextractor_27_0) true)
+(expandtypeattribute (mediaextractor_exec_27_0) true)
+(expandtypeattribute (mediaextractor_service_27_0) true)
+(expandtypeattribute (mediametrics_27_0) true)
+(expandtypeattribute (mediametrics_exec_27_0) true)
+(expandtypeattribute (mediametrics_service_27_0) true)
+(expandtypeattribute (media_projection_service_27_0) true)
+(expandtypeattribute (mediaprovider_27_0) true)
+(expandtypeattribute (media_router_service_27_0) true)
+(expandtypeattribute (media_rw_data_file_27_0) true)
+(expandtypeattribute (mediaserver_27_0) true)
+(expandtypeattribute (mediaserver_exec_27_0) true)
+(expandtypeattribute (mediaserver_service_27_0) true)
+(expandtypeattribute (media_session_service_27_0) true)
+(expandtypeattribute (meminfo_service_27_0) true)
+(expandtypeattribute (metadata_block_device_27_0) true)
+(expandtypeattribute (method_trace_data_file_27_0) true)
+(expandtypeattribute (midi_service_27_0) true)
+(expandtypeattribute (misc_block_device_27_0) true)
+(expandtypeattribute (misc_logd_file_27_0) true)
+(expandtypeattribute (misc_user_data_file_27_0) true)
+(expandtypeattribute (mmc_prop_27_0) true)
+(expandtypeattribute (mnt_expand_file_27_0) true)
+(expandtypeattribute (mnt_media_rw_file_27_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_27_0) true)
+(expandtypeattribute (mnt_user_file_27_0) true)
+(expandtypeattribute (modprobe_27_0) true)
+(expandtypeattribute (mount_service_27_0) true)
+(expandtypeattribute (mqueue_27_0) true)
+(expandtypeattribute (mtd_device_27_0) true)
+(expandtypeattribute (mtp_27_0) true)
+(expandtypeattribute (mtp_device_27_0) true)
+(expandtypeattribute (mtpd_socket_27_0) true)
+(expandtypeattribute (mtp_exec_27_0) true)
+(expandtypeattribute (nativetest_data_file_27_0) true)
+(expandtypeattribute (netd_27_0) true)
+(expandtypeattribute (net_data_file_27_0) true)
+(expandtypeattribute (netd_exec_27_0) true)
+(expandtypeattribute (netd_listener_service_27_0) true)
+(expandtypeattribute (net_dns_prop_27_0) true)
+(expandtypeattribute (netd_service_27_0) true)
+(expandtypeattribute (netd_socket_27_0) true)
+(expandtypeattribute (netd_stable_secret_prop_27_0) true)
+(expandtypeattribute (netif_27_0) true)
+(expandtypeattribute (netpolicy_service_27_0) true)
+(expandtypeattribute (net_radio_prop_27_0) true)
+(expandtypeattribute (netstats_service_27_0) true)
+(expandtypeattribute (netutils_wrapper_27_0) true)
+(expandtypeattribute (netutils_wrapper_exec_27_0) true)
+(expandtypeattribute (network_management_service_27_0) true)
+(expandtypeattribute (network_score_service_27_0) true)
+(expandtypeattribute (network_time_update_service_27_0) true)
+(expandtypeattribute (nfc_27_0) true)
+(expandtypeattribute (nfc_data_file_27_0) true)
+(expandtypeattribute (nfc_device_27_0) true)
+(expandtypeattribute (nfc_prop_27_0) true)
+(expandtypeattribute (nfc_service_27_0) true)
+(expandtypeattribute (node_27_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_27_0) true)
+(expandtypeattribute (notification_service_27_0) true)
+(expandtypeattribute (null_device_27_0) true)
+(expandtypeattribute (oemfs_27_0) true)
+(expandtypeattribute (oem_lock_service_27_0) true)
+(expandtypeattribute (ota_data_file_27_0) true)
+(expandtypeattribute (otadexopt_service_27_0) true)
+(expandtypeattribute (ota_package_file_27_0) true)
+(expandtypeattribute (otapreopt_chroot_27_0) true)
+(expandtypeattribute (otapreopt_chroot_exec_27_0) true)
+(expandtypeattribute (otapreopt_slot_27_0) true)
+(expandtypeattribute (otapreopt_slot_exec_27_0) true)
+(expandtypeattribute (overlay_prop_27_0) true)
+(expandtypeattribute (overlay_service_27_0) true)
+(expandtypeattribute (owntty_device_27_0) true)
+(expandtypeattribute (package_native_service_27_0) true)
+(expandtypeattribute (package_service_27_0) true)
+(expandtypeattribute (pan_result_prop_27_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_27_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_dir_27_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_27_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_27_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_27_0) true)
+(expandtypeattribute (pdx_performance_dir_27_0) true)
+(expandtypeattribute (performanced_27_0) true)
+(expandtypeattribute (performanced_exec_27_0) true)
+(expandtypeattribute (permission_service_27_0) true)
+(expandtypeattribute (persist_debug_prop_27_0) true)
+(expandtypeattribute (persistent_data_block_service_27_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_27_0) true)
+(expandtypeattribute (pinner_service_27_0) true)
+(expandtypeattribute (pipefs_27_0) true)
+(expandtypeattribute (platform_app_27_0) true)
+(expandtypeattribute (pmsg_device_27_0) true)
+(expandtypeattribute (port_27_0) true)
+(expandtypeattribute (port_device_27_0) true)
+(expandtypeattribute (postinstall_27_0) true)
+(expandtypeattribute (postinstall_dexopt_27_0) true)
+(expandtypeattribute (postinstall_file_27_0) true)
+(expandtypeattribute (postinstall_mnt_dir_27_0) true)
+(expandtypeattribute (powerctl_prop_27_0) true)
+(expandtypeattribute (power_service_27_0) true)
+(expandtypeattribute (ppp_27_0) true)
+(expandtypeattribute (ppp_device_27_0) true)
+(expandtypeattribute (ppp_exec_27_0) true)
+(expandtypeattribute (preloads_data_file_27_0) true)
+(expandtypeattribute (preloads_media_file_27_0) true)
+(expandtypeattribute (preopt2cachename_27_0) true)
+(expandtypeattribute (preopt2cachename_exec_27_0) true)
+(expandtypeattribute (print_service_27_0) true)
+(expandtypeattribute (priv_app_27_0) true)
+(expandtypeattribute (proc_27_0) true)
+(expandtypeattribute (proc_bluetooth_writable_27_0) true)
+(expandtypeattribute (proc_cpuinfo_27_0) true)
+(expandtypeattribute (proc_drop_caches_27_0) true)
+(expandtypeattribute (processinfo_service_27_0) true)
+(expandtypeattribute (proc_interrupts_27_0) true)
+(expandtypeattribute (proc_iomem_27_0) true)
+(expandtypeattribute (proc_meminfo_27_0) true)
+(expandtypeattribute (proc_misc_27_0) true)
+(expandtypeattribute (proc_modules_27_0) true)
+(expandtypeattribute (proc_net_27_0) true)
+(expandtypeattribute (proc_overcommit_memory_27_0) true)
+(expandtypeattribute (proc_perf_27_0) true)
+(expandtypeattribute (proc_security_27_0) true)
+(expandtypeattribute (proc_stat_27_0) true)
+(expandtypeattribute (procstats_service_27_0) true)
+(expandtypeattribute (proc_sysrq_27_0) true)
+(expandtypeattribute (proc_timer_27_0) true)
+(expandtypeattribute (proc_tty_drivers_27_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_27_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_27_0) true)
+(expandtypeattribute (proc_uid_io_stats_27_0) true)
+(expandtypeattribute (proc_uid_procstat_set_27_0) true)
+(expandtypeattribute (proc_uid_time_in_state_27_0) true)
+(expandtypeattribute (proc_zoneinfo_27_0) true)
+(expandtypeattribute (profman_27_0) true)
+(expandtypeattribute (profman_dump_data_file_27_0) true)
+(expandtypeattribute (profman_exec_27_0) true)
+(expandtypeattribute (properties_device_27_0) true)
+(expandtypeattribute (properties_serial_27_0) true)
+(expandtypeattribute (property_contexts_file_27_0) true)
+(expandtypeattribute (property_data_file_27_0) true)
+(expandtypeattribute (property_socket_27_0) true)
+(expandtypeattribute (pstorefs_27_0) true)
+(expandtypeattribute (ptmx_device_27_0) true)
+(expandtypeattribute (qtaguid_device_27_0) true)
+(expandtypeattribute (qtaguid_proc_27_0) true)
+(expandtypeattribute (racoon_27_0) true)
+(expandtypeattribute (racoon_exec_27_0) true)
+(expandtypeattribute (racoon_socket_27_0) true)
+(expandtypeattribute (radio_27_0) true)
+(expandtypeattribute (radio_data_file_27_0) true)
+(expandtypeattribute (radio_device_27_0) true)
+(expandtypeattribute (radio_prop_27_0) true)
+(expandtypeattribute (radio_service_27_0) true)
+(expandtypeattribute (ram_device_27_0) true)
+(expandtypeattribute (random_device_27_0) true)
+(expandtypeattribute (reboot_data_file_27_0) true)
+(expandtypeattribute (recovery_27_0) true)
+(expandtypeattribute (recovery_block_device_27_0) true)
+(expandtypeattribute (recovery_data_file_27_0) true)
+(expandtypeattribute (recovery_persist_27_0) true)
+(expandtypeattribute (recovery_persist_exec_27_0) true)
+(expandtypeattribute (recovery_refresh_27_0) true)
+(expandtypeattribute (recovery_refresh_exec_27_0) true)
+(expandtypeattribute (recovery_service_27_0) true)
+(expandtypeattribute (registry_service_27_0) true)
+(expandtypeattribute (resourcecache_data_file_27_0) true)
+(expandtypeattribute (restorecon_prop_27_0) true)
+(expandtypeattribute (restrictions_service_27_0) true)
+(expandtypeattribute (rild_27_0) true)
+(expandtypeattribute (rild_debug_socket_27_0) true)
+(expandtypeattribute (rild_socket_27_0) true)
+(expandtypeattribute (ringtone_file_27_0) true)
+(expandtypeattribute (root_block_device_27_0) true)
+(expandtypeattribute (rootfs_27_0) true)
+(expandtypeattribute (rpmsg_device_27_0) true)
+(expandtypeattribute (rtc_device_27_0) true)
+(expandtypeattribute (rttmanager_service_27_0) true)
+(expandtypeattribute (runas_27_0) true)
+(expandtypeattribute (runas_exec_27_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_27_0) true)
+(expandtypeattribute (safemode_prop_27_0) true)
+(expandtypeattribute (same_process_hal_file_27_0) true)
+(expandtypeattribute (samplingprofiler_service_27_0) true)
+(expandtypeattribute (scheduling_policy_service_27_0) true)
+(expandtypeattribute (sdcardd_27_0) true)
+(expandtypeattribute (sdcardd_exec_27_0) true)
+(expandtypeattribute (sdcardfs_27_0) true)
+(expandtypeattribute (seapp_contexts_file_27_0) true)
+(expandtypeattribute (search_service_27_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_27_0) true)
+(expandtypeattribute (selinuxfs_27_0) true)
+(expandtypeattribute (sensors_device_27_0) true)
+(expandtypeattribute (sensorservice_service_27_0) true)
+(expandtypeattribute (sepolicy_file_27_0) true)
+(expandtypeattribute (serial_device_27_0) true)
+(expandtypeattribute (serialno_prop_27_0) true)
+(expandtypeattribute (serial_service_27_0) true)
+(expandtypeattribute (service_contexts_file_27_0) true)
+(expandtypeattribute (servicediscovery_service_27_0) true)
+(expandtypeattribute (servicemanager_27_0) true)
+(expandtypeattribute (servicemanager_exec_27_0) true)
+(expandtypeattribute (settings_service_27_0) true)
+(expandtypeattribute (sgdisk_27_0) true)
+(expandtypeattribute (sgdisk_exec_27_0) true)
+(expandtypeattribute (shared_relro_27_0) true)
+(expandtypeattribute (shared_relro_file_27_0) true)
+(expandtypeattribute (shell_27_0) true)
+(expandtypeattribute (shell_data_file_27_0) true)
+(expandtypeattribute (shell_exec_27_0) true)
+(expandtypeattribute (shell_prop_27_0) true)
+(expandtypeattribute (shm_27_0) true)
+(expandtypeattribute (shortcut_manager_icons_27_0) true)
+(expandtypeattribute (shortcut_service_27_0) true)
+(expandtypeattribute (slideshow_27_0) true)
+(expandtypeattribute (socket_device_27_0) true)
+(expandtypeattribute (sockfs_27_0) true)
+(expandtypeattribute (statusbar_service_27_0) true)
+(expandtypeattribute (storaged_service_27_0) true)
+(expandtypeattribute (storage_file_27_0) true)
+(expandtypeattribute (storagestats_service_27_0) true)
+(expandtypeattribute (storage_stub_file_27_0) true)
+(expandtypeattribute (su_27_0) true)
+(expandtypeattribute (su_exec_27_0) true)
+(expandtypeattribute (surfaceflinger_27_0) true)
+(expandtypeattribute (surfaceflinger_service_27_0) true)
+(expandtypeattribute (swap_block_device_27_0) true)
+(expandtypeattribute (sysfs_27_0) true)
+(expandtypeattribute (sysfs_batteryinfo_27_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_27_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_27_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_27_0) true)
+(expandtypeattribute (sysfs_hwrandom_27_0) true)
+(expandtypeattribute (sysfs_leds_27_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_27_0) true)
+(expandtypeattribute (sysfs_mac_address_27_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_27_0) true)
+(expandtypeattribute (sysfs_thermal_27_0) true)
+(expandtypeattribute (sysfs_uio_27_0) true)
+(expandtypeattribute (sysfs_usb_27_0) true)
+(expandtypeattribute (sysfs_usermodehelper_27_0) true)
+(expandtypeattribute (sysfs_vibrator_27_0) true)
+(expandtypeattribute (sysfs_wake_lock_27_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_27_0) true)
+(expandtypeattribute (sysfs_zram_27_0) true)
+(expandtypeattribute (sysfs_zram_uevent_27_0) true)
+(expandtypeattribute (system_app_27_0) true)
+(expandtypeattribute (system_app_data_file_27_0) true)
+(expandtypeattribute (system_app_service_27_0) true)
+(expandtypeattribute (system_block_device_27_0) true)
+(expandtypeattribute (system_data_file_27_0) true)
+(expandtypeattribute (system_file_27_0) true)
+(expandtypeattribute (systemkeys_data_file_27_0) true)
+(expandtypeattribute (system_ndebug_socket_27_0) true)
+(expandtypeattribute (system_net_netd_hwservice_27_0) true)
+(expandtypeattribute (system_prop_27_0) true)
+(expandtypeattribute (system_radio_prop_27_0) true)
+(expandtypeattribute (system_server_27_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_27_0) true)
+(expandtypeattribute (system_wpa_socket_27_0) true)
+(expandtypeattribute (task_service_27_0) true)
+(expandtypeattribute (tee_27_0) true)
+(expandtypeattribute (tee_data_file_27_0) true)
+(expandtypeattribute (tee_device_27_0) true)
+(expandtypeattribute (telecom_service_27_0) true)
+(expandtypeattribute (textclassification_service_27_0) true)
+(expandtypeattribute (textclassifier_data_file_27_0) true)
+(expandtypeattribute (textservices_service_27_0) true)
+(expandtypeattribute (thermalcallback_hwservice_27_0) true)
+(expandtypeattribute (thermal_service_27_0) true)
+(expandtypeattribute (thermalserviced_27_0) true)
+(expandtypeattribute (thermalserviced_exec_27_0) true)
+(expandtypeattribute (timezone_service_27_0) true)
+(expandtypeattribute (tmpfs_27_0) true)
+(expandtypeattribute (tombstoned_27_0) true)
+(expandtypeattribute (tombstone_data_file_27_0) true)
+(expandtypeattribute (tombstoned_crash_socket_27_0) true)
+(expandtypeattribute (tombstoned_exec_27_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_27_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_27_0) true)
+(expandtypeattribute (toolbox_27_0) true)
+(expandtypeattribute (toolbox_exec_27_0) true)
+(expandtypeattribute (trust_service_27_0) true)
+(expandtypeattribute (tty_device_27_0) true)
+(expandtypeattribute (tun_device_27_0) true)
+(expandtypeattribute (tv_input_service_27_0) true)
+(expandtypeattribute (tzdatacheck_27_0) true)
+(expandtypeattribute (tzdatacheck_exec_27_0) true)
+(expandtypeattribute (ueventd_27_0) true)
+(expandtypeattribute (uhid_device_27_0) true)
+(expandtypeattribute (uimode_service_27_0) true)
+(expandtypeattribute (uio_device_27_0) true)
+(expandtypeattribute (uncrypt_27_0) true)
+(expandtypeattribute (uncrypt_exec_27_0) true)
+(expandtypeattribute (uncrypt_socket_27_0) true)
+(expandtypeattribute (unencrypted_data_file_27_0) true)
+(expandtypeattribute (unlabeled_27_0) true)
+(expandtypeattribute (untrusted_app_25_27_0) true)
+(expandtypeattribute (untrusted_app_27_0) true)
+(expandtypeattribute (untrusted_v2_app_27_0) true)
+(expandtypeattribute (update_engine_27_0) true)
+(expandtypeattribute (update_engine_data_file_27_0) true)
+(expandtypeattribute (update_engine_exec_27_0) true)
+(expandtypeattribute (update_engine_service_27_0) true)
+(expandtypeattribute (updatelock_service_27_0) true)
+(expandtypeattribute (update_verifier_27_0) true)
+(expandtypeattribute (update_verifier_exec_27_0) true)
+(expandtypeattribute (usagestats_service_27_0) true)
+(expandtypeattribute (usbaccessory_device_27_0) true)
+(expandtypeattribute (usb_device_27_0) true)
+(expandtypeattribute (usbfs_27_0) true)
+(expandtypeattribute (usb_service_27_0) true)
+(expandtypeattribute (userdata_block_device_27_0) true)
+(expandtypeattribute (usermodehelper_27_0) true)
+(expandtypeattribute (user_profile_data_file_27_0) true)
+(expandtypeattribute (user_service_27_0) true)
+(expandtypeattribute (vcs_device_27_0) true)
+(expandtypeattribute (vdc_27_0) true)
+(expandtypeattribute (vdc_exec_27_0) true)
+(expandtypeattribute (vendor_app_file_27_0) true)
+(expandtypeattribute (vendor_configs_file_27_0) true)
+(expandtypeattribute (vendor_file_27_0) true)
+(expandtypeattribute (vendor_framework_file_27_0) true)
+(expandtypeattribute (vendor_hal_file_27_0) true)
+(expandtypeattribute (vendor_overlay_file_27_0) true)
+(expandtypeattribute (vendor_shell_exec_27_0) true)
+(expandtypeattribute (vendor_toolbox_exec_27_0) true)
+(expandtypeattribute (vfat_27_0) true)
+(expandtypeattribute (vibrator_service_27_0) true)
+(expandtypeattribute (video_device_27_0) true)
+(expandtypeattribute (virtual_touchpad_27_0) true)
+(expandtypeattribute (virtual_touchpad_exec_27_0) true)
+(expandtypeattribute (virtual_touchpad_service_27_0) true)
+(expandtypeattribute (vndbinder_device_27_0) true)
+(expandtypeattribute (vndk_sp_file_27_0) true)
+(expandtypeattribute (vndservice_contexts_file_27_0) true)
+(expandtypeattribute (vndservicemanager_27_0) true)
+(expandtypeattribute (voiceinteraction_service_27_0) true)
+(expandtypeattribute (vold_27_0) true)
+(expandtypeattribute (vold_data_file_27_0) true)
+(expandtypeattribute (vold_device_27_0) true)
+(expandtypeattribute (vold_exec_27_0) true)
+(expandtypeattribute (vold_prop_27_0) true)
+(expandtypeattribute (vold_socket_27_0) true)
+(expandtypeattribute (vpn_data_file_27_0) true)
+(expandtypeattribute (vr_hwc_27_0) true)
+(expandtypeattribute (vr_hwc_exec_27_0) true)
+(expandtypeattribute (vr_hwc_service_27_0) true)
+(expandtypeattribute (vr_manager_service_27_0) true)
+(expandtypeattribute (wallpaper_file_27_0) true)
+(expandtypeattribute (wallpaper_service_27_0) true)
+(expandtypeattribute (watchdogd_27_0) true)
+(expandtypeattribute (watchdog_device_27_0) true)
+(expandtypeattribute (webviewupdate_service_27_0) true)
+(expandtypeattribute (webview_zygote_27_0) true)
+(expandtypeattribute (webview_zygote_exec_27_0) true)
+(expandtypeattribute (webview_zygote_socket_27_0) true)
+(expandtypeattribute (wifiaware_service_27_0) true)
+(expandtypeattribute (wificond_27_0) true)
+(expandtypeattribute (wificond_exec_27_0) true)
+(expandtypeattribute (wificond_service_27_0) true)
+(expandtypeattribute (wifi_data_file_27_0) true)
+(expandtypeattribute (wifi_log_prop_27_0) true)
+(expandtypeattribute (wifip2p_service_27_0) true)
+(expandtypeattribute (wifi_prop_27_0) true)
+(expandtypeattribute (wifiscanner_service_27_0) true)
+(expandtypeattribute (wifi_service_27_0) true)
+(expandtypeattribute (window_service_27_0) true)
+(expandtypeattribute (wpa_socket_27_0) true)
+(expandtypeattribute (zero_device_27_0) true)
+(expandtypeattribute (zoneinfo_data_file_27_0) true)
+(expandtypeattribute (zygote_27_0) true)
+(expandtypeattribute (zygote_exec_27_0) true)
+(expandtypeattribute (zygote_socket_27_0) true)
+(typeattributeset accessibility_service_27_0 (accessibility_service))
+(typeattributeset account_service_27_0 (account_service))
+(typeattributeset activity_service_27_0 (activity_service))
+(typeattributeset adbd_27_0 (adbd))
+(typeattributeset adb_data_file_27_0 (adb_data_file))
+(typeattributeset adbd_exec_27_0 (adbd_exec))
+(typeattributeset adbd_socket_27_0 (adbd_socket))
+(typeattributeset adb_keys_file_27_0 (adb_keys_file))
+(typeattributeset alarm_device_27_0 (alarm_device))
+(typeattributeset alarm_service_27_0 (alarm_service))
+(typeattributeset anr_data_file_27_0 (anr_data_file))
+(typeattributeset apk_data_file_27_0 (apk_data_file))
+(typeattributeset apk_private_data_file_27_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_27_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_27_0 (apk_tmp_file))
+(typeattributeset app_data_file_27_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_27_0 (app_fuse_file))
+(typeattributeset app_fusefs_27_0 (app_fusefs))
+(typeattributeset appops_service_27_0 (appops_service))
+(typeattributeset appwidget_service_27_0 (appwidget_service))
+(typeattributeset asec_apk_file_27_0 (asec_apk_file))
+(typeattributeset asec_image_file_27_0 (asec_image_file))
+(typeattributeset asec_public_file_27_0 (asec_public_file))
+(typeattributeset ashmem_device_27_0 (ashmem_device))
+(typeattributeset assetatlas_service_27_0 (assetatlas_service))
+(typeattributeset audio_data_file_27_0 (audio_data_file))
+(typeattributeset audio_device_27_0 (audio_device))
+(typeattributeset audiohal_data_file_27_0 (audiohal_data_file))
+(typeattributeset audio_prop_27_0 (audio_prop))
+(typeattributeset audio_seq_device_27_0 (audio_seq_device))
+(typeattributeset audioserver_27_0 (audioserver))
+(typeattributeset audioserver_data_file_27_0 (audioserver_data_file))
+(typeattributeset audioserver_service_27_0 (audioserver_service))
+(typeattributeset audio_service_27_0 (audio_service))
+(typeattributeset audio_timer_device_27_0 (audio_timer_device))
+(typeattributeset autofill_service_27_0 (autofill_service))
+(typeattributeset backup_data_file_27_0 (backup_data_file))
+(typeattributeset backup_service_27_0 (backup_service))
+(typeattributeset batteryproperties_service_27_0 (batteryproperties_service))
+(typeattributeset battery_service_27_0 (battery_service))
+(typeattributeset batterystats_service_27_0 (batterystats_service))
+(typeattributeset binder_device_27_0 (binder_device))
+(typeattributeset binfmt_miscfs_27_0 (binfmt_miscfs))
+(typeattributeset blkid_27_0 (blkid))
+(typeattributeset blkid_untrusted_27_0 (blkid_untrusted))
+(typeattributeset block_device_27_0 (block_device))
+(typeattributeset bluetooth_27_0 (bluetooth))
+(typeattributeset bluetooth_data_file_27_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_27_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_27_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_27_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_27_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_27_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_27_0 (bluetooth_socket))
+(typeattributeset bootanim_27_0 (bootanim))
+(typeattributeset bootanim_exec_27_0 (bootanim_exec))
+(typeattributeset boot_block_device_27_0 (boot_block_device))
+(typeattributeset bootchart_data_file_27_0 (bootchart_data_file))
+(typeattributeset bootstat_27_0 (bootstat))
+(typeattributeset bootstat_data_file_27_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_27_0 (bootstat_exec))
+(typeattributeset boottime_prop_27_0 (boottime_prop))
+(typeattributeset boottrace_data_file_27_0 (boottrace_data_file))
+(typeattributeset broadcastradio_service_27_0 (broadcastradio_service))
+(typeattributeset bufferhubd_27_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_27_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_27_0 (cache_backup_file))
+(typeattributeset cache_block_device_27_0 (cache_block_device))
+(typeattributeset cache_file_27_0 (cache_file))
+(typeattributeset cache_private_backup_file_27_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_27_0 (cache_recovery_file))
+(typeattributeset camera_data_file_27_0 (camera_data_file))
+(typeattributeset camera_device_27_0 (camera_device))
+(typeattributeset cameraproxy_service_27_0 (cameraproxy_service))
+(typeattributeset cameraserver_27_0 (cameraserver))
+(typeattributeset cameraserver_exec_27_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_27_0 (cameraserver_service))
+(typeattributeset cgroup_27_0 (cgroup))
+(typeattributeset charger_27_0 (charger))
+(typeattributeset clatd_27_0 (clatd))
+(typeattributeset clatd_exec_27_0 (clatd_exec))
+(typeattributeset clipboard_service_27_0 (clipboard_service))
+(typeattributeset commontime_management_service_27_0 (commontime_management_service))
+(typeattributeset companion_device_service_27_0 (companion_device_service))
+(typeattributeset configfs_27_0 (configfs))
+(typeattributeset config_prop_27_0 (config_prop))
+(typeattributeset connectivity_service_27_0 (connectivity_service))
+(typeattributeset connmetrics_service_27_0 (connmetrics_service))
+(typeattributeset console_device_27_0 (console_device))
+(typeattributeset consumer_ir_service_27_0 (consumer_ir_service))
+(typeattributeset content_service_27_0 (content_service))
+(typeattributeset contexthub_service_27_0 (contexthub_service))
+(typeattributeset coredump_file_27_0 (coredump_file))
+(typeattributeset country_detector_service_27_0 (country_detector_service))
+(typeattributeset coverage_service_27_0 (coverage_service))
+(typeattributeset cppreopt_prop_27_0 (cppreopt_prop))
+(typeattributeset cppreopts_27_0 (cppreopts))
+(typeattributeset cppreopts_exec_27_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_27_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_27_0 (cpuinfo_service))
+(typeattributeset crash_dump_27_0 (crash_dump))
+(typeattributeset crash_dump_exec_27_0 (crash_dump_exec))
+(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_27_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop))
+(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop))
+(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_rildaemon_prop_27_0 (ctl_rildaemon_prop))
+(typeattributeset dalvikcache_data_file_27_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_27_0 (dalvik_prop))
+(typeattributeset dbinfo_service_27_0 (dbinfo_service))
+(typeattributeset debugfs_27_0
+ ( debugfs
+ debugfs_wakeup_sources))
+(typeattributeset debugfs_mmc_27_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_27_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_27_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_27_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_27_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wifi_tracing_27_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_27_0 (debuggerd_prop))
+(typeattributeset debug_prop_27_0 (debug_prop))
+(typeattributeset default_android_hwservice_27_0 (default_android_hwservice))
+(typeattributeset default_android_service_27_0 (default_android_service))
+(typeattributeset default_android_vndservice_27_0 (default_android_vndservice))
+(typeattributeset default_prop_27_0
+ ( default_prop
+ pm_prop))
+(typeattributeset device_27_0 (device))
+(typeattributeset device_identifiers_service_27_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_27_0 (deviceidle_service))
+(typeattributeset device_logging_prop_27_0 (device_logging_prop))
+(typeattributeset device_policy_service_27_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_27_0 (devicestoragemonitor_service))
+(typeattributeset devpts_27_0 (devpts))
+(typeattributeset dex2oat_27_0 (dex2oat))
+(typeattributeset dex2oat_exec_27_0 (dex2oat_exec))
+(typeattributeset dhcp_27_0 (dhcp))
+(typeattributeset dhcp_data_file_27_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_27_0 (dhcp_exec))
+(typeattributeset dhcp_prop_27_0 (dhcp_prop))
+(typeattributeset diskstats_service_27_0 (diskstats_service))
+(typeattributeset display_service_27_0 (display_service))
+(typeattributeset dm_device_27_0 (dm_device))
+(typeattributeset dnsmasq_27_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_27_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_27_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_27_0 (DockObserver_service))
+(typeattributeset dreams_service_27_0 (dreams_service))
+(typeattributeset drm_data_file_27_0 (drm_data_file))
+(typeattributeset drmserver_27_0 (drmserver))
+(typeattributeset drmserver_exec_27_0 (drmserver_exec))
+(typeattributeset drmserver_service_27_0 (drmserver_service))
+(typeattributeset drmserver_socket_27_0 (drmserver_socket))
+(typeattributeset dropbox_service_27_0 (dropbox_service))
+(typeattributeset dumpstate_27_0 (dumpstate))
+(typeattributeset dumpstate_exec_27_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_27_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_27_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_27_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_27_0 (dumpstate_socket))
+(typeattributeset e2fs_27_0 (e2fs))
+(typeattributeset e2fs_exec_27_0 (e2fs_exec))
+(typeattributeset efs_file_27_0 (efs_file))
+(typeattributeset ephemeral_app_27_0 (ephemeral_app))
+(typeattributeset ethernet_service_27_0 (ethernet_service))
+(typeattributeset ffs_prop_27_0 (ffs_prop))
+(typeattributeset file_contexts_file_27_0 (file_contexts_file))
+(typeattributeset fingerprintd_27_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_27_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_27_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_27_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_27_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_27_0 (fingerprint_service))
+(typeattributeset firstboot_prop_27_0 (firstboot_prop))
+(typeattributeset font_service_27_0 (font_service))
+(typeattributeset frp_block_device_27_0 (frp_block_device))
+(typeattributeset fsck_27_0 (fsck))
+(typeattributeset fsck_exec_27_0 (fsck_exec))
+(typeattributeset fscklogs_27_0 (fscklogs))
+(typeattributeset fsck_untrusted_27_0 (fsck_untrusted))
+(typeattributeset full_device_27_0 (full_device))
+(typeattributeset functionfs_27_0 (functionfs))
+(typeattributeset fuse_27_0 (fuse))
+(typeattributeset fuse_device_27_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_27_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_27_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_27_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_27_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_27_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_27_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_27_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_27_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_27_0 (gfxinfo_service))
+(typeattributeset gps_control_27_0 (gps_control))
+(typeattributeset gpu_device_27_0 (gpu_device))
+(typeattributeset gpu_service_27_0 (gpu_service))
+(typeattributeset graphics_device_27_0 (graphics_device))
+(typeattributeset graphicsstats_service_27_0 (graphicsstats_service))
+(typeattributeset hal_audio_hwservice_27_0 (hal_audio_hwservice))
+(typeattributeset hal_bluetooth_hwservice_27_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_27_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_27_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_27_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_27_0 (hal_cas_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_27_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_contexthub_hwservice_27_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_27_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_27_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_fingerprint_hwservice_27_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_27_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_27_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_27_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_27_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_27_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_27_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_27_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_27_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_27_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_27_0 (hal_light_hwservice))
+(typeattributeset hal_memtrack_hwservice_27_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_27_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_27_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_27_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_27_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_27_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_27_0 (hal_renderscript_hwservice))
+(typeattributeset hal_sensors_hwservice_27_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_27_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_27_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_27_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_27_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_27_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_hwservice_27_0 (hal_usb_hwservice))
+(typeattributeset hal_vibrator_hwservice_27_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_27_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_27_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hwservice_27_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_27_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_27_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_27_0 (hardware_properties_service))
+(typeattributeset hardware_service_27_0 (hardware_service))
+(typeattributeset hci_attach_dev_27_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_27_0 (hdmi_control_service))
+(typeattributeset healthd_27_0 (healthd))
+(typeattributeset healthd_exec_27_0 (healthd_exec))
+(typeattributeset heapdump_data_file_27_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_27_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_27_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_27_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_27_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_27_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_27_0 (hwbinder_device))
+(typeattributeset hw_random_device_27_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_27_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_27_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_27_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_27_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_27_0 (i2c_device))
+(typeattributeset icon_file_27_0 (icon_file))
+(typeattributeset idmap_27_0 (idmap))
+(typeattributeset idmap_exec_27_0 (idmap_exec))
+(typeattributeset iio_device_27_0 (iio_device))
+(typeattributeset imms_service_27_0 (imms_service))
+(typeattributeset incident_27_0 (incident))
+(typeattributeset incidentd_27_0 (incidentd))
+(typeattributeset incident_data_file_27_0 (incident_data_file))
+(typeattributeset incident_service_27_0 (incident_service))
+(typeattributeset init_27_0 (init))
+(typeattributeset init_exec_27_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_27_0 (inotify))
+(typeattributeset input_device_27_0 (input_device))
+(typeattributeset inputflinger_27_0 (inputflinger))
+(typeattributeset inputflinger_exec_27_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_27_0 (inputflinger_service))
+(typeattributeset input_method_service_27_0 (input_method_service))
+(typeattributeset input_service_27_0 (input_service))
+(typeattributeset installd_27_0 (installd))
+(typeattributeset install_data_file_27_0 (install_data_file))
+(typeattributeset installd_exec_27_0 (installd_exec))
+(typeattributeset installd_service_27_0 (installd_service))
+(typeattributeset install_recovery_27_0 (install_recovery))
+(typeattributeset install_recovery_exec_27_0 (install_recovery_exec))
+(typeattributeset ion_device_27_0 (ion_device))
+(typeattributeset IProxyService_service_27_0 (IProxyService_service))
+(typeattributeset ipsec_service_27_0 (ipsec_service))
+(typeattributeset isolated_app_27_0 (isolated_app))
+(typeattributeset jobscheduler_service_27_0 (jobscheduler_service))
+(typeattributeset kernel_27_0 (kernel))
+(typeattributeset keychain_data_file_27_0 (keychain_data_file))
+(typeattributeset keychord_device_27_0 (keychord_device))
+(typeattributeset keystore_27_0 (keystore))
+(typeattributeset keystore_data_file_27_0 (keystore_data_file))
+(typeattributeset keystore_exec_27_0 (keystore_exec))
+(typeattributeset keystore_service_27_0 (keystore_service))
+(typeattributeset kmem_device_27_0 (kmem_device))
+(typeattributeset kmsg_debug_device_27_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_27_0 (kmsg_device))
+(typeattributeset labeledfs_27_0 (labeledfs))
+(typeattributeset launcherapps_service_27_0 (launcherapps_service))
+(typeattributeset lmkd_27_0 (lmkd))
+(typeattributeset lmkd_exec_27_0 (lmkd_exec))
+(typeattributeset lmkd_socket_27_0 (lmkd_socket))
+(typeattributeset location_service_27_0 (location_service))
+(typeattributeset lock_settings_service_27_0 (lock_settings_service))
+(typeattributeset logcat_exec_27_0 (logcat_exec))
+(typeattributeset logd_27_0 (logd))
+(typeattributeset logd_exec_27_0 (logd_exec))
+(typeattributeset logd_prop_27_0 (logd_prop))
+(typeattributeset logdr_socket_27_0 (logdr_socket))
+(typeattributeset logd_socket_27_0 (logd_socket))
+(typeattributeset logdw_socket_27_0 (logdw_socket))
+(typeattributeset logpersist_27_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_27_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_27_0 (log_prop))
+(typeattributeset log_tag_prop_27_0 (log_tag_prop))
+(typeattributeset loop_control_device_27_0 (loop_control_device))
+(typeattributeset loop_device_27_0 (loop_device))
+(typeattributeset mac_perms_file_27_0 (mac_perms_file))
+(typeattributeset mdnsd_27_0 (mdnsd))
+(typeattributeset mdnsd_socket_27_0 (mdnsd_socket))
+(typeattributeset mdns_socket_27_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_27_0))
+(typeattributeset mediacodec_27_0 (mediacodec))
+(typeattributeset mediacodec_exec_27_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_27_0 (mediacodec_service))
+(typeattributeset media_data_file_27_0 (media_data_file))
+(typeattributeset mediadrmserver_27_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_27_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_27_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_27_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_27_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_27_0 (mediaextractor_service))
+(typeattributeset mediametrics_27_0 (mediametrics))
+(typeattributeset mediametrics_exec_27_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_27_0 (mediametrics_service))
+(typeattributeset media_projection_service_27_0 (media_projection_service))
+(typeattributeset mediaprovider_27_0 (mediaprovider))
+(typeattributeset media_router_service_27_0 (media_router_service))
+(typeattributeset media_rw_data_file_27_0 (media_rw_data_file))
+(typeattributeset mediaserver_27_0 (mediaserver))
+(typeattributeset mediaserver_exec_27_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_27_0 (mediaserver_service))
+(typeattributeset media_session_service_27_0 (media_session_service))
+(typeattributeset meminfo_service_27_0 (meminfo_service))
+(typeattributeset metadata_block_device_27_0 (metadata_block_device))
+(typeattributeset method_trace_data_file_27_0 (method_trace_data_file))
+(typeattributeset midi_service_27_0 (midi_service))
+(typeattributeset misc_block_device_27_0 (misc_block_device))
+(typeattributeset misc_logd_file_27_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_27_0 (misc_user_data_file))
+(typeattributeset mmc_prop_27_0 (mmc_prop))
+(typeattributeset mnt_expand_file_27_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_27_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_27_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_27_0 (mnt_user_file))
+(typeattributeset modprobe_27_0 (modprobe))
+(typeattributeset mount_service_27_0 (mount_service))
+(typeattributeset mqueue_27_0 (mqueue))
+(typeattributeset mtd_device_27_0 (mtd_device))
+(typeattributeset mtp_27_0 (mtp))
+(typeattributeset mtp_device_27_0 (mtp_device))
+(typeattributeset mtpd_socket_27_0 (mtpd_socket))
+(typeattributeset mtp_exec_27_0 (mtp_exec))
+(typeattributeset nativetest_data_file_27_0 (nativetest_data_file))
+(typeattributeset netd_27_0 (netd))
+(typeattributeset net_data_file_27_0 (net_data_file))
+(typeattributeset netd_exec_27_0 (netd_exec))
+(typeattributeset netd_listener_service_27_0 (netd_listener_service))
+(typeattributeset net_dns_prop_27_0 (net_dns_prop))
+(typeattributeset netd_service_27_0 (netd_service))
+(typeattributeset netd_socket_27_0 (netd_socket))
+(typeattributeset netd_stable_secret_prop_27_0 (netd_stable_secret_prop))
+(typeattributeset netif_27_0 (netif))
+(typeattributeset netpolicy_service_27_0 (netpolicy_service))
+(typeattributeset net_radio_prop_27_0 (net_radio_prop))
+(typeattributeset netstats_service_27_0 (netstats_service))
+(typeattributeset netutils_wrapper_27_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_27_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_27_0 (network_management_service))
+(typeattributeset network_score_service_27_0 (network_score_service))
+(typeattributeset network_time_update_service_27_0 (network_time_update_service))
+(typeattributeset nfc_27_0 (nfc))
+(typeattributeset nfc_data_file_27_0 (nfc_data_file))
+(typeattributeset nfc_device_27_0 (nfc_device))
+(typeattributeset nfc_prop_27_0 (nfc_prop))
+(typeattributeset nfc_service_27_0 (nfc_service))
+(typeattributeset node_27_0 (node))
+(typeattributeset nonplat_service_contexts_file_27_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_27_0 (notification_service))
+(typeattributeset null_device_27_0 (null_device))
+(typeattributeset oemfs_27_0 (oemfs))
+(typeattributeset oem_lock_service_27_0 (oem_lock_service))
+(typeattributeset ota_data_file_27_0 (ota_data_file))
+(typeattributeset otadexopt_service_27_0 (otadexopt_service))
+(typeattributeset ota_package_file_27_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_27_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_27_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_27_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_27_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_27_0 (overlay_prop))
+(typeattributeset overlay_service_27_0 (overlay_service))
+(typeattributeset owntty_device_27_0 (owntty_device))
+(typeattributeset package_native_service_27_0 (package_native_service))
+(typeattributeset package_service_27_0 (package_service))
+(typeattributeset pan_result_prop_27_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_27_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_27_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_27_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_27_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_27_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_27_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_27_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_27_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_27_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_27_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_27_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_27_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_27_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_27_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_27_0 (pdx_performance_dir))
+(typeattributeset performanced_27_0 (performanced))
+(typeattributeset performanced_exec_27_0 (performanced_exec))
+(typeattributeset permission_service_27_0 (permission_service))
+(typeattributeset persist_debug_prop_27_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_27_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_27_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_27_0 (pinner_service))
+(typeattributeset pipefs_27_0 (pipefs))
+(typeattributeset platform_app_27_0 (platform_app))
+(typeattributeset pmsg_device_27_0 (pmsg_device))
+(typeattributeset port_27_0 (port))
+(typeattributeset port_device_27_0 (port_device))
+(typeattributeset postinstall_27_0 (postinstall))
+(typeattributeset postinstall_dexopt_27_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_27_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_27_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_27_0 (powerctl_prop))
+(typeattributeset power_service_27_0 (power_service))
+(typeattributeset ppp_27_0 (ppp))
+(typeattributeset ppp_device_27_0 (ppp_device))
+(typeattributeset ppp_exec_27_0 (ppp_exec))
+(typeattributeset preloads_data_file_27_0 (preloads_data_file))
+(typeattributeset preloads_media_file_27_0 (preloads_media_file))
+(typeattributeset preopt2cachename_27_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_27_0 (preopt2cachename_exec))
+(typeattributeset print_service_27_0 (print_service))
+(typeattributeset priv_app_27_0 (priv_app))
+(typeattributeset proc_27_0
+ ( proc
+ proc_abi
+ proc_asound
+ proc_buddyinfo
+ proc_cmdline
+ proc_dirty
+ proc_diskstats
+ proc_extra_free_kbytes
+ proc_filesystems
+ proc_hostname
+ proc_hung_task
+ proc_kmsg
+ proc_loadavg
+ proc_max_map_count
+ proc_min_free_order_shift
+ proc_mounts
+ proc_page_cluster
+ proc_pagetypeinfo
+ proc_panic
+ proc_pid_max
+ proc_pipe_conf
+ proc_random
+ proc_sched
+ proc_slabinfo
+ proc_swaps
+ proc_uid_concurrent_active_time
+ proc_uid_concurrent_policy_time
+ proc_uid_cpupower
+ proc_uptime
+ proc_version
+ proc_vmallocinfo
+ proc_vmstat))
+(typeattributeset proc_bluetooth_writable_27_0 (proc_bluetooth_writable))
+(typeattributeset proc_cpuinfo_27_0 (proc_cpuinfo))
+(typeattributeset proc_drop_caches_27_0 (proc_drop_caches))
+(typeattributeset processinfo_service_27_0 (processinfo_service))
+(typeattributeset proc_interrupts_27_0 (proc_interrupts))
+(typeattributeset proc_iomem_27_0 (proc_iomem))
+(typeattributeset proc_meminfo_27_0 (proc_meminfo))
+(typeattributeset proc_misc_27_0 (proc_misc))
+(typeattributeset proc_modules_27_0 (proc_modules))
+(typeattributeset proc_net_27_0
+ ( proc_net
+ proc_net_tcp_udp
+ proc_qtaguid_stat))
+(typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory))
+(typeattributeset proc_perf_27_0 (proc_perf))
+(typeattributeset proc_security_27_0 (proc_security))
+(typeattributeset proc_stat_27_0 (proc_stat))
+(typeattributeset procstats_service_27_0 (procstats_service))
+(typeattributeset proc_sysrq_27_0 (proc_sysrq))
+(typeattributeset proc_timer_27_0 (proc_timer))
+(typeattributeset proc_tty_drivers_27_0 (proc_tty_drivers))
+(typeattributeset proc_uid_cputime_removeuid_27_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_27_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_27_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_27_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_27_0 (proc_uid_time_in_state))
+(typeattributeset proc_zoneinfo_27_0 (proc_zoneinfo))
+(typeattributeset profman_27_0 (profman))
+(typeattributeset profman_dump_data_file_27_0 (profman_dump_data_file))
+(typeattributeset profman_exec_27_0 (profman_exec))
+(typeattributeset properties_device_27_0 (properties_device))
+(typeattributeset properties_serial_27_0 (properties_serial))
+(typeattributeset property_contexts_file_27_0 (property_contexts_file))
+(typeattributeset property_data_file_27_0 (property_data_file))
+(typeattributeset property_socket_27_0 (property_socket))
+(typeattributeset pstorefs_27_0 (pstorefs))
+(typeattributeset ptmx_device_27_0 (ptmx_device))
+(typeattributeset qtaguid_device_27_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_27_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
+(typeattributeset racoon_27_0 (racoon))
+(typeattributeset racoon_exec_27_0 (racoon_exec))
+(typeattributeset racoon_socket_27_0 (racoon_socket))
+(typeattributeset radio_27_0 (radio))
+(typeattributeset radio_data_file_27_0 (radio_data_file))
+(typeattributeset radio_device_27_0 (radio_device))
+(typeattributeset radio_prop_27_0 (radio_prop))
+(typeattributeset radio_service_27_0 (radio_service))
+(typeattributeset ram_device_27_0 (ram_device))
+(typeattributeset random_device_27_0 (random_device))
+(typeattributeset reboot_data_file_27_0 (reboot_data_file))
+(typeattributeset recovery_27_0 (recovery))
+(typeattributeset recovery_block_device_27_0 (recovery_block_device))
+(typeattributeset recovery_data_file_27_0 (recovery_data_file))
+(typeattributeset recovery_persist_27_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_27_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_27_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_27_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_27_0 (recovery_service))
+(typeattributeset registry_service_27_0 (registry_service))
+(typeattributeset resourcecache_data_file_27_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_27_0 (restorecon_prop))
+(typeattributeset restrictions_service_27_0 (restrictions_service))
+(typeattributeset rild_27_0 (rild))
+(typeattributeset rild_debug_socket_27_0 (rild_debug_socket))
+(typeattributeset rild_socket_27_0 (rild_socket))
+(typeattributeset ringtone_file_27_0 (ringtone_file))
+(typeattributeset root_block_device_27_0 (root_block_device))
+(typeattributeset rootfs_27_0 (rootfs))
+(typeattributeset rpmsg_device_27_0 (rpmsg_device))
+(typeattributeset rtc_device_27_0 (rtc_device))
+(typeattributeset rttmanager_service_27_0 (rttmanager_service))
+(typeattributeset runas_27_0 (runas))
+(typeattributeset runas_exec_27_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_27_0 (safemode_prop))
+(typeattributeset same_process_hal_file_27_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service))
+(typeattributeset sdcardd_27_0 (sdcardd))
+(typeattributeset sdcardd_exec_27_0 (sdcardd_exec))
+(typeattributeset sdcardfs_27_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_27_0 (seapp_contexts_file))
+(typeattributeset search_service_27_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_27_0 (sec_key_att_app_id_provider_service))
+(typeattributeset selinuxfs_27_0 (selinuxfs))
+(typeattributeset sensors_device_27_0 (sensors_device))
+(typeattributeset sensorservice_service_27_0 (sensorservice_service))
+(typeattributeset sepolicy_file_27_0 (sepolicy_file))
+(typeattributeset serial_device_27_0 (serial_device))
+(typeattributeset serialno_prop_27_0 (serialno_prop))
+(typeattributeset serial_service_27_0 (serial_service))
+(typeattributeset service_contexts_file_27_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_27_0 (servicediscovery_service))
+(typeattributeset servicemanager_27_0 (servicemanager))
+(typeattributeset servicemanager_exec_27_0 (servicemanager_exec))
+(typeattributeset settings_service_27_0 (settings_service))
+(typeattributeset sgdisk_27_0 (sgdisk))
+(typeattributeset sgdisk_exec_27_0 (sgdisk_exec))
+(typeattributeset shared_relro_27_0 (shared_relro))
+(typeattributeset shared_relro_file_27_0 (shared_relro_file))
+(typeattributeset shell_27_0 (shell))
+(typeattributeset shell_data_file_27_0 (shell_data_file))
+(typeattributeset shell_exec_27_0 (shell_exec))
+(typeattributeset shell_prop_27_0 (shell_prop))
+(typeattributeset shm_27_0 (shm))
+(typeattributeset shortcut_manager_icons_27_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_27_0 (shortcut_service))
+(typeattributeset slideshow_27_0 (slideshow))
+(typeattributeset socket_device_27_0 (socket_device))
+(typeattributeset sockfs_27_0 (sockfs))
+(typeattributeset statusbar_service_27_0 (statusbar_service))
+(typeattributeset storaged_service_27_0 (storaged_service))
+(typeattributeset storage_file_27_0 (storage_file))
+(typeattributeset storagestats_service_27_0 (storagestats_service))
+(typeattributeset storage_stub_file_27_0 (storage_stub_file))
+(typeattributeset su_27_0 (su))
+(typeattributeset su_exec_27_0 (su_exec))
+(typeattributeset surfaceflinger_27_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_27_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_27_0 (swap_block_device))
+(typeattributeset sysfs_27_0
+ ( sysfs
+ sysfs_android_usb
+ sysfs_dm
+ sysfs_dt_firmware_android
+ sysfs_ipv4
+ sysfs_kernel_notes
+ sysfs_loop
+ sysfs_net
+ sysfs_power
+ sysfs_rtc
+ sysfs_switch
+ sysfs_wakeup_reasons))
+(typeattributeset sysfs_batteryinfo_27_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_27_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_27_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_fs_ext4_features_27_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_hwrandom_27_0 (sysfs_hwrandom))
+(typeattributeset sysfs_leds_27_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_27_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_27_0 (sysfs_mac_address))
+(typeattributeset sysfs_nfc_power_writable_27_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_thermal_27_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_27_0 (sysfs_uio))
+(typeattributeset sysfs_usb_27_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_27_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_27_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_27_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wlan_fwpath_27_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_27_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_27_0 (sysfs_zram_uevent))
+(typeattributeset system_app_27_0 (system_app))
+(typeattributeset system_app_data_file_27_0 (system_app_data_file))
+(typeattributeset system_app_service_27_0 (system_app_service))
+(typeattributeset system_block_device_27_0 (system_block_device))
+(typeattributeset system_data_file_27_0
+ ( system_data_file
+ dropbox_data_file
+ vendor_data_file))
+(typeattributeset system_file_27_0
+ ( system_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_27_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_27_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_27_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_27_0 (system_prop))
+(typeattributeset system_radio_prop_27_0 (system_radio_prop))
+(typeattributeset system_server_27_0 (system_server))
+(typeattributeset system_wifi_keystore_hwservice_27_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_27_0 (system_wpa_socket))
+(typeattributeset task_service_27_0 (task_service))
+(typeattributeset tee_27_0 (tee))
+(typeattributeset tee_data_file_27_0 (tee_data_file))
+(typeattributeset tee_device_27_0 (tee_device))
+(typeattributeset telecom_service_27_0 (telecom_service))
+(typeattributeset textclassification_service_27_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_27_0 (textclassifier_data_file))
+(typeattributeset textservices_service_27_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_27_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_27_0 (thermal_service))
+(typeattributeset thermalserviced_27_0 (thermalserviced))
+(typeattributeset thermalserviced_exec_27_0 (thermalserviced_exec))
+(typeattributeset timezone_service_27_0 (timezone_service))
+(typeattributeset tmpfs_27_0 (tmpfs))
+(typeattributeset tombstoned_27_0 (tombstoned))
+(typeattributeset tombstone_data_file_27_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_27_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_27_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_27_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_27_0 (tombstoned_java_trace_socket))
+(typeattributeset toolbox_27_0 (toolbox))
+(typeattributeset toolbox_exec_27_0 (toolbox_exec))
+(typeattributeset trust_service_27_0 (trust_service))
+(typeattributeset tty_device_27_0 (tty_device))
+(typeattributeset tun_device_27_0 (tun_device))
+(typeattributeset tv_input_service_27_0 (tv_input_service))
+(typeattributeset tzdatacheck_27_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_27_0 (tzdatacheck_exec))
+(typeattributeset ueventd_27_0 (ueventd))
+(typeattributeset uhid_device_27_0 (uhid_device))
+(typeattributeset uimode_service_27_0 (uimode_service))
+(typeattributeset uio_device_27_0 (uio_device))
+(typeattributeset uncrypt_27_0 (uncrypt))
+(typeattributeset uncrypt_exec_27_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_27_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_27_0 (unencrypted_data_file))
+(typeattributeset unlabeled_27_0 (unlabeled))
+(typeattributeset untrusted_app_25_27_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_0
+ ( untrusted_app
+ untrusted_app_27))
+(typeattributeset untrusted_v2_app_27_0 (untrusted_v2_app))
+(typeattributeset update_engine_27_0 (update_engine))
+(typeattributeset update_engine_data_file_27_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_27_0 (update_engine_exec))
+(typeattributeset update_engine_service_27_0 (update_engine_service))
+(typeattributeset updatelock_service_27_0 (updatelock_service))
+(typeattributeset update_verifier_27_0 (update_verifier))
+(typeattributeset update_verifier_exec_27_0 (update_verifier_exec))
+(typeattributeset usagestats_service_27_0 (usagestats_service))
+(typeattributeset usbaccessory_device_27_0 (usbaccessory_device))
+(typeattributeset usb_device_27_0 (usb_device))
+(typeattributeset usbfs_27_0 (usbfs))
+(typeattributeset usb_service_27_0 (usb_service))
+(typeattributeset userdata_block_device_27_0 (userdata_block_device))
+(typeattributeset usermodehelper_27_0 (usermodehelper))
+(typeattributeset user_profile_data_file_27_0 (user_profile_data_file))
+(typeattributeset user_service_27_0 (user_service))
+(typeattributeset vcs_device_27_0 (vcs_device))
+(typeattributeset vdc_27_0 (vdc))
+(typeattributeset vdc_exec_27_0 (vdc_exec))
+(typeattributeset vendor_app_file_27_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_27_0 (vendor_configs_file))
+(typeattributeset vendor_file_27_0 (vendor_file))
+(typeattributeset vendor_framework_file_27_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_27_0 (vendor_hal_file))
+(typeattributeset vendor_overlay_file_27_0 (vendor_overlay_file))
+(typeattributeset vendor_shell_exec_27_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_27_0 (vendor_toolbox_exec))
+(typeattributeset vfat_27_0 (vfat))
+(typeattributeset vibrator_service_27_0 (vibrator_service))
+(typeattributeset video_device_27_0 (video_device))
+(typeattributeset virtual_touchpad_27_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_27_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_27_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_27_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_27_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_27_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_27_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_27_0 (voiceinteraction_service))
+(typeattributeset vold_27_0 (vold))
+(typeattributeset vold_data_file_27_0 (vold_data_file))
+(typeattributeset vold_device_27_0 (vold_device))
+(typeattributeset vold_exec_27_0 (vold_exec))
+(typeattributeset vold_prop_27_0 (vold_prop))
+(typeattributeset vold_socket_27_0 (vold_socket))
+(typeattributeset vpn_data_file_27_0 (vpn_data_file))
+(typeattributeset vr_hwc_27_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_27_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_27_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_27_0 (vr_manager_service))
+(typeattributeset wallpaper_file_27_0 (wallpaper_file))
+(typeattributeset wallpaper_service_27_0 (wallpaper_service))
+(typeattributeset watchdogd_27_0 (watchdogd))
+(typeattributeset watchdog_device_27_0 (watchdog_device))
+(typeattributeset webviewupdate_service_27_0 (webviewupdate_service))
+(typeattributeset webview_zygote_27_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_27_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_socket_27_0 (webview_zygote_socket))
+(typeattributeset wifiaware_service_27_0 (wifiaware_service))
+(typeattributeset wificond_27_0 (wificond))
+(typeattributeset wificond_exec_27_0 (wificond_exec))
+(typeattributeset wificond_service_27_0 (wificond_service))
+(typeattributeset wifi_data_file_27_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_27_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_27_0 (wifip2p_service))
+(typeattributeset wifi_prop_27_0 (wifi_prop))
+(typeattributeset wifiscanner_service_27_0 (wifiscanner_service))
+(typeattributeset wifi_service_27_0 (wifi_service))
+(typeattributeset window_service_27_0 (window_service))
+(typeattributeset wpa_socket_27_0 (wpa_socket))
+(typeattributeset zero_device_27_0 (zero_device))
+(typeattributeset zoneinfo_data_file_27_0 (zoneinfo_data_file))
+(typeattributeset zygote_27_0 (zygote))
+(typeattributeset zygote_exec_27_0 (zygote_exec))
+(typeattributeset zygote_socket_27_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
new file mode 100644
index 0000000..cb500c9
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil
@@ -0,0 +1,206 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ app_binding_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ app_zygote
+ atrace
+ binder_calls_stats_service
+ biometric_service
+ blank_screen
+ blank_screen_exec
+ blank_screen_tmpfs
+ bootloader_boot_reason_prop
+ bluetooth_a2dp_offload_prop
+ bpfloader
+ bpfloader_exec
+ cgroup_bpf
+ charger_exec
+ color_display_service
+ content_capture_service
+ crossprofileapps_service
+ ctl_apexd_prop
+ ctl_interface_restart_prop
+ ctl_interface_start_prop
+ ctl_interface_stop_prop
+ ctl_sigstop_prop
+ device_config_boot_count_prop
+ device_config_reset_performed_prop
+ device_config_netd_native_prop
+ dnsresolver_service
+ exfat
+ exported2_config_prop
+ exported2_default_prop
+ exported2_radio_prop
+ exported2_system_prop
+ exported2_vold_prop
+ exported3_default_prop
+ exported3_radio_prop
+ exported3_system_prop
+ exported_audio_prop
+ exported_bluetooth_prop
+ exported_config_prop
+ exported_dalvik_prop
+ exported_default_prop
+ exported_dumpstate_prop
+ exported_ffs_prop
+ exported_fingerprint_prop
+ exported_overlay_prop
+ exported_pm_prop
+ exported_radio_prop
+ exported_secure_prop
+ exported_system_prop
+ exported_system_radio_prop
+ exported_vold_prop
+ exported_wifi_prop
+ fastbootd
+ flags_health_check
+ flags_health_check_exec
+ fingerprint_vendor_data_file
+ fs_bpf
+ fwk_stats_hwservice
+ hal_atrace_hwservice
+ hal_audiocontrol_hwservice
+ hal_authsecret_hwservice
+ hal_codec2_hwservice
+ hal_confirmationui_hwservice
+ hal_evs_hwservice
+ hal_health_storage_hwservice
+ hal_lowpan_hwservice
+ hal_secure_element_hwservice
+ hal_usb_gadget_hwservice
+ hal_vehicle_hwservice
+ hal_wifi_hostapd_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
+ incident_helper
+ incident_helper_exec
+ iorapd
+ iorapd_data_file
+ iorapd_exec
+ iorapd_service
+ iorapd_tmpfs
+ last_boot_reason_prop
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lowpan_device
+ lowpan_prop
+ lowpan_service
+ mediaextractor_update_service
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ metadata_bootstat_file
+ metadata_file
+ mnt_product_file
+ mnt_vendor_file
+ network_stack
+ network_stack_service
+ network_watchlist_data_file
+ network_watchlist_service
+ overlayfs_file
+ perfetto
+ perfetto_exec
+ perfetto_tmpfs
+ perfetto_traces_data_file
+ property_info
+ recovery_socket
+ role_service
+ runas_app
+ art_apex_dir
+ runtime_service
+ secure_element
+ secure_element_device
+ secure_element_service
+ secure_element_tmpfs
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ slice_service
+ socket_hook_prop
+ stats
+ stats_data_file
+ stats_exec
+ stats_service
+ statscompanion_service
+ statsd
+ statsd_exec
+ statsd_tmpfs
+ statsdw
+ statsdw_socket
+ storaged_data_file
+ super_block_device
+ staging_data_file
+ system_boot_reason_prop
+ system_bootstrap_lib_file
+ system_lmk_prop
+ system_update_service
+ test_boot_reason_prop
+ time_prop
+ timedetector_service
+ tombstone_wifi_data_file
+ trace_data_file
+ traced
+ traced_consumer_socket
+ traced_enabled_prop
+ traced_exec
+ traced_probes
+ traced_probes_exec
+ traced_probes_tmpfs
+ traced_producer_socket
+ traced_tmpfs
+ traceur_app
+ traceur_app_tmpfs
+ untrusted_app_all_devpts
+ update_engine_log_data_file
+ uri_grants_service
+ usbd
+ usbd_exec
+ usbd_tmpfs
+ vendor_apex_file
+ vendor_default_prop
+ vendor_init
+ vendor_security_patch_level_prop
+ vendor_shell
+ vendor_socket_hook_prop
+ vndk_prop
+ vold_metadata_file
+ vold_prepare_subdirs
+ vold_prepare_subdirs_exec
+ vold_service
+ vrflinger_vsync_service
+ wait_for_keymaster
+ wait_for_keymaster_exec
+ wait_for_keymaster_tmpfs
+ watchdogd_tmpfs
+ wm_trace_data_file
+ wpantund
+ wpantund_exec
+ wpantund_service
+ wpantund_tmpfs))
+
+;; private_objects - a collection of types that were labeled differently in
+;; older policy, but that should not remain accessible to vendor policy.
+;; Thus, these types are also not mapped, but recorded for checkapi tests
+(type priv_objects)
+(typeattribute priv_objects)
+(typeattributeset priv_objects
+ ( priv_objects
+ untrusted_app_27_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.cil
new file mode 100644
index 0000000..321e938
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.cil
@@ -0,0 +1,1744 @@
+;; attributes removed from current policy
+(typeattribute hal_wifi_offload)
+(typeattribute hal_wifi_offload_client)
+(typeattribute hal_wifi_offload_server)
+
+;; types removed from current policy
+(type alarm_device)
+(type audio_seq_device)
+(type audio_timer_device)
+(type commontime_management_service)
+(type cpuctl_device)
+(type full_device)
+(type hal_wifi_offload_hwservice)
+(type i2c_device)
+(type kmem_device)
+(type mediacodec)
+(type mediacodec_exec)
+(type mediaextractor_update_service)
+(type mtd_device)
+(type netd_socket)
+(type qtaguid_proc)
+(type thermalcallback_hwservice)
+(type thermalserviced)
+(type thermalserviced_exec)
+(type untrusted_v2_app)
+(type vcs_device)
+
+;; Public 28.0 SEPolicy is divergent on different devices w.r.t
+;; exported_audio_prop type. We need this typeattribute declaration so that the
+;; mapping file compiles with vendor policies without exported_audio_prop type.
+(typeattribute exported_audio_prop_28_0)
+
+(expandtypeattribute (accessibility_service_28_0) true)
+(expandtypeattribute (account_service_28_0) true)
+(expandtypeattribute (activity_service_28_0) true)
+(expandtypeattribute (adbd_28_0) true)
+(expandtypeattribute (adb_data_file_28_0) true)
+(expandtypeattribute (adbd_exec_28_0) true)
+(expandtypeattribute (adbd_socket_28_0) true)
+(expandtypeattribute (adb_keys_file_28_0) true)
+(expandtypeattribute (alarm_device_28_0) true)
+(expandtypeattribute (alarm_service_28_0) true)
+(expandtypeattribute (anr_data_file_28_0) true)
+(expandtypeattribute (apk_data_file_28_0) true)
+(expandtypeattribute (apk_private_data_file_28_0) true)
+(expandtypeattribute (apk_private_tmp_file_28_0) true)
+(expandtypeattribute (apk_tmp_file_28_0) true)
+(expandtypeattribute (app_data_file_28_0) true)
+(expandtypeattribute (app_fuse_file_28_0) true)
+(expandtypeattribute (app_fusefs_28_0) true)
+(expandtypeattribute (appops_service_28_0) true)
+(expandtypeattribute (appwidget_service_28_0) true)
+(expandtypeattribute (asec_apk_file_28_0) true)
+(expandtypeattribute (asec_image_file_28_0) true)
+(expandtypeattribute (asec_public_file_28_0) true)
+(expandtypeattribute (ashmem_device_28_0) true)
+(expandtypeattribute (assetatlas_service_28_0) true)
+(expandtypeattribute (audio_data_file_28_0) true)
+(expandtypeattribute (audio_device_28_0) true)
+(expandtypeattribute (audiohal_data_file_28_0) true)
+(expandtypeattribute (audio_prop_28_0) true)
+(expandtypeattribute (audio_seq_device_28_0) true)
+(expandtypeattribute (audioserver_28_0) true)
+(expandtypeattribute (audioserver_data_file_28_0) true)
+(expandtypeattribute (audioserver_service_28_0) true)
+(expandtypeattribute (audio_service_28_0) true)
+(expandtypeattribute (audio_timer_device_28_0) true)
+(expandtypeattribute (autofill_service_28_0) true)
+(expandtypeattribute (backup_data_file_28_0) true)
+(expandtypeattribute (backup_service_28_0) true)
+(expandtypeattribute (batteryproperties_service_28_0) true)
+(expandtypeattribute (battery_service_28_0) true)
+(expandtypeattribute (batterystats_service_28_0) true)
+(expandtypeattribute (binder_calls_stats_service_28_0) true)
+(expandtypeattribute (binder_device_28_0) true)
+(expandtypeattribute (binfmt_miscfs_28_0) true)
+(expandtypeattribute (blkid_28_0) true)
+(expandtypeattribute (blkid_untrusted_28_0) true)
+(expandtypeattribute (block_device_28_0) true)
+(expandtypeattribute (bluetooth_28_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_28_0) true)
+(expandtypeattribute (bluetooth_data_file_28_0) true)
+(expandtypeattribute (bluetooth_efs_file_28_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_28_0) true)
+(expandtypeattribute (bluetooth_manager_service_28_0) true)
+(expandtypeattribute (bluetooth_prop_28_0) true)
+(expandtypeattribute (bluetooth_service_28_0) true)
+(expandtypeattribute (bluetooth_socket_28_0) true)
+(expandtypeattribute (bootanim_28_0) true)
+(expandtypeattribute (bootanim_exec_28_0) true)
+(expandtypeattribute (boot_block_device_28_0) true)
+(expandtypeattribute (bootchart_data_file_28_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_28_0) true)
+(expandtypeattribute (bootstat_28_0) true)
+(expandtypeattribute (bootstat_data_file_28_0) true)
+(expandtypeattribute (bootstat_exec_28_0) true)
+(expandtypeattribute (boottime_prop_28_0) true)
+(expandtypeattribute (boottrace_data_file_28_0) true)
+(expandtypeattribute (broadcastradio_service_28_0) true)
+(expandtypeattribute (bufferhubd_28_0) true)
+(expandtypeattribute (bufferhubd_exec_28_0) true)
+(expandtypeattribute (cache_backup_file_28_0) true)
+(expandtypeattribute (cache_block_device_28_0) true)
+(expandtypeattribute (cache_file_28_0) true)
+(expandtypeattribute (cache_private_backup_file_28_0) true)
+(expandtypeattribute (cache_recovery_file_28_0) true)
+(expandtypeattribute (camera_data_file_28_0) true)
+(expandtypeattribute (camera_device_28_0) true)
+(expandtypeattribute (cameraproxy_service_28_0) true)
+(expandtypeattribute (cameraserver_28_0) true)
+(expandtypeattribute (cameraserver_exec_28_0) true)
+(expandtypeattribute (cameraserver_service_28_0) true)
+(expandtypeattribute (cgroup_28_0) true)
+(expandtypeattribute (cgroup_bpf_28_0) true)
+(expandtypeattribute (charger_28_0) true)
+(expandtypeattribute (clatd_28_0) true)
+(expandtypeattribute (clatd_exec_28_0) true)
+(expandtypeattribute (clipboard_service_28_0) true)
+(expandtypeattribute (commontime_management_service_28_0) true)
+(expandtypeattribute (companion_device_service_28_0) true)
+(expandtypeattribute (configfs_28_0) true)
+(expandtypeattribute (config_prop_28_0) true)
+(expandtypeattribute (connectivity_service_28_0) true)
+(expandtypeattribute (connmetrics_service_28_0) true)
+(expandtypeattribute (console_device_28_0) true)
+(expandtypeattribute (consumer_ir_service_28_0) true)
+(expandtypeattribute (content_service_28_0) true)
+(expandtypeattribute (contexthub_service_28_0) true)
+(expandtypeattribute (coredump_file_28_0) true)
+(expandtypeattribute (country_detector_service_28_0) true)
+(expandtypeattribute (coverage_service_28_0) true)
+(expandtypeattribute (cppreopt_prop_28_0) true)
+(expandtypeattribute (cppreopts_28_0) true)
+(expandtypeattribute (cppreopts_exec_28_0) true)
+(expandtypeattribute (cpuctl_device_28_0) true)
+(expandtypeattribute (cpuinfo_service_28_0) true)
+(expandtypeattribute (crash_dump_28_0) true)
+(expandtypeattribute (crash_dump_exec_28_0) true)
+(expandtypeattribute (crossprofileapps_service_28_0) true)
+(expandtypeattribute (ctl_bootanim_prop_28_0) true)
+(expandtypeattribute (ctl_bugreport_prop_28_0) true)
+(expandtypeattribute (ctl_console_prop_28_0) true)
+(expandtypeattribute (ctl_default_prop_28_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_28_0) true)
+(expandtypeattribute (ctl_fuse_prop_28_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_28_0) true)
+(expandtypeattribute (ctl_interface_start_prop_28_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_28_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_28_0) true)
+(expandtypeattribute (ctl_restart_prop_28_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_28_0) true)
+(expandtypeattribute (ctl_sigstop_prop_28_0) true)
+(expandtypeattribute (ctl_start_prop_28_0) true)
+(expandtypeattribute (ctl_stop_prop_28_0) true)
+(expandtypeattribute (dalvikcache_data_file_28_0) true)
+(expandtypeattribute (dalvik_prop_28_0) true)
+(expandtypeattribute (dbinfo_service_28_0) true)
+(expandtypeattribute (debugfs_28_0) true)
+(expandtypeattribute (debugfs_mmc_28_0) true)
+(expandtypeattribute (debugfs_trace_marker_28_0) true)
+(expandtypeattribute (debugfs_tracing_28_0) true)
+(expandtypeattribute (debugfs_tracing_debug_28_0) true)
+(expandtypeattribute (debugfs_tracing_instances_28_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_28_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_28_0) true)
+(expandtypeattribute (debuggerd_prop_28_0) true)
+(expandtypeattribute (debug_prop_28_0) true)
+(expandtypeattribute (default_android_hwservice_28_0) true)
+(expandtypeattribute (default_android_service_28_0) true)
+(expandtypeattribute (default_android_vndservice_28_0) true)
+(expandtypeattribute (default_prop_28_0) true)
+(expandtypeattribute (device_28_0) true)
+(expandtypeattribute (device_identifiers_service_28_0) true)
+(expandtypeattribute (deviceidle_service_28_0) true)
+(expandtypeattribute (device_logging_prop_28_0) true)
+(expandtypeattribute (device_policy_service_28_0) true)
+(expandtypeattribute (devicestoragemonitor_service_28_0) true)
+(expandtypeattribute (devpts_28_0) true)
+(expandtypeattribute (dex2oat_28_0) true)
+(expandtypeattribute (dex2oat_exec_28_0) true)
+(expandtypeattribute (dhcp_28_0) true)
+(expandtypeattribute (dhcp_data_file_28_0) true)
+(expandtypeattribute (dhcp_exec_28_0) true)
+(expandtypeattribute (dhcp_prop_28_0) true)
+(expandtypeattribute (diskstats_service_28_0) true)
+(expandtypeattribute (display_service_28_0) true)
+(expandtypeattribute (dm_device_28_0) true)
+(expandtypeattribute (dnsmasq_28_0) true)
+(expandtypeattribute (dnsmasq_exec_28_0) true)
+(expandtypeattribute (dnsproxyd_socket_28_0) true)
+(expandtypeattribute (DockObserver_service_28_0) true)
+(expandtypeattribute (dreams_service_28_0) true)
+(expandtypeattribute (drm_data_file_28_0) true)
+(expandtypeattribute (drmserver_28_0) true)
+(expandtypeattribute (drmserver_exec_28_0) true)
+(expandtypeattribute (drmserver_service_28_0) true)
+(expandtypeattribute (drmserver_socket_28_0) true)
+(expandtypeattribute (dropbox_service_28_0) true)
+(expandtypeattribute (dumpstate_28_0) true)
+(expandtypeattribute (dumpstate_exec_28_0) true)
+(expandtypeattribute (dumpstate_options_prop_28_0) true)
+(expandtypeattribute (dumpstate_prop_28_0) true)
+(expandtypeattribute (dumpstate_service_28_0) true)
+(expandtypeattribute (dumpstate_socket_28_0) true)
+(expandtypeattribute (e2fs_28_0) true)
+(expandtypeattribute (e2fs_exec_28_0) true)
+(expandtypeattribute (efs_file_28_0) true)
+(expandtypeattribute (ephemeral_app_28_0) true)
+(expandtypeattribute (ethernet_service_28_0) true)
+(expandtypeattribute (exfat_28_0) true)
+(expandtypeattribute (exported2_config_prop_28_0) true)
+(expandtypeattribute (exported2_default_prop_28_0) true)
+(expandtypeattribute (exported2_radio_prop_28_0) true)
+(expandtypeattribute (exported2_system_prop_28_0) true)
+(expandtypeattribute (exported2_vold_prop_28_0) true)
+(expandtypeattribute (exported3_default_prop_28_0) true)
+(expandtypeattribute (exported3_radio_prop_28_0) true)
+(expandtypeattribute (exported3_system_prop_28_0) true)
+(expandtypeattribute (exported_audio_prop_28_0) true)
+(expandtypeattribute (exported_bluetooth_prop_28_0) true)
+(expandtypeattribute (exported_config_prop_28_0) true)
+(expandtypeattribute (exported_dalvik_prop_28_0) true)
+(expandtypeattribute (exported_default_prop_28_0) true)
+(expandtypeattribute (exported_dumpstate_prop_28_0) true)
+(expandtypeattribute (exported_ffs_prop_28_0) true)
+(expandtypeattribute (exported_fingerprint_prop_28_0) true)
+(expandtypeattribute (exported_overlay_prop_28_0) true)
+(expandtypeattribute (exported_pm_prop_28_0) true)
+(expandtypeattribute (exported_radio_prop_28_0) true)
+(expandtypeattribute (exported_secure_prop_28_0) true)
+(expandtypeattribute (exported_system_prop_28_0) true)
+(expandtypeattribute (exported_system_radio_prop_28_0) true)
+(expandtypeattribute (exported_vold_prop_28_0) true)
+(expandtypeattribute (exported_wifi_prop_28_0) true)
+(expandtypeattribute (ffs_prop_28_0) true)
+(expandtypeattribute (file_contexts_file_28_0) true)
+(expandtypeattribute (fingerprintd_28_0) true)
+(expandtypeattribute (fingerprintd_data_file_28_0) true)
+(expandtypeattribute (fingerprintd_exec_28_0) true)
+(expandtypeattribute (fingerprintd_service_28_0) true)
+(expandtypeattribute (fingerprint_prop_28_0) true)
+(expandtypeattribute (fingerprint_service_28_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_28_0) true)
+(expandtypeattribute (firstboot_prop_28_0) true)
+(expandtypeattribute (font_service_28_0) true)
+(expandtypeattribute (frp_block_device_28_0) true)
+(expandtypeattribute (fs_bpf_28_0) true)
+(expandtypeattribute (fsck_28_0) true)
+(expandtypeattribute (fsck_exec_28_0) true)
+(expandtypeattribute (fscklogs_28_0) true)
+(expandtypeattribute (fsck_untrusted_28_0) true)
+(expandtypeattribute (full_device_28_0) true)
+(expandtypeattribute (functionfs_28_0) true)
+(expandtypeattribute (fuse_28_0) true)
+(expandtypeattribute (fuse_device_28_0) true)
+(expandtypeattribute (fwk_display_hwservice_28_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_28_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_28_0) true)
+(expandtypeattribute (fwmarkd_socket_28_0) true)
+(expandtypeattribute (gatekeeperd_28_0) true)
+(expandtypeattribute (gatekeeper_data_file_28_0) true)
+(expandtypeattribute (gatekeeperd_exec_28_0) true)
+(expandtypeattribute (gatekeeper_service_28_0) true)
+(expandtypeattribute (gfxinfo_service_28_0) true)
+(expandtypeattribute (gps_control_28_0) true)
+(expandtypeattribute (gpu_device_28_0) true)
+(expandtypeattribute (gpu_service_28_0) true)
+(expandtypeattribute (graphics_device_28_0) true)
+(expandtypeattribute (graphicsstats_service_28_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_28_0) true)
+(expandtypeattribute (hal_audio_hwservice_28_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_28_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_28_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_28_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_28_0) true)
+(expandtypeattribute (hal_camera_hwservice_28_0) true)
+(expandtypeattribute (hal_cas_hwservice_28_0) true)
+(expandtypeattribute (hal_codec2_hwservice_28_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_28_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_28_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_28_0) true)
+(expandtypeattribute (hal_drm_hwservice_28_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_28_0) true)
+(expandtypeattribute (hal_evs_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_28_0) true)
+(expandtypeattribute (hal_fingerprint_service_28_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_28_0) true)
+(expandtypeattribute (hal_gnss_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_28_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_28_0) true)
+(expandtypeattribute (hal_health_hwservice_28_0) true)
+(expandtypeattribute (hal_ir_hwservice_28_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_28_0) true)
+(expandtypeattribute (hal_light_hwservice_28_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_28_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_28_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_28_0) true)
+(expandtypeattribute (hal_nfc_hwservice_28_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_28_0) true)
+(expandtypeattribute (hal_omx_hwservice_28_0) true)
+(expandtypeattribute (hal_power_hwservice_28_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_28_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_28_0) true)
+(expandtypeattribute (hal_sensors_hwservice_28_0) true)
+(expandtypeattribute (hal_telephony_hwservice_28_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_28_0) true)
+(expandtypeattribute (hal_thermal_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_28_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_28_0) true)
+(expandtypeattribute (hal_usb_hwservice_28_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_28_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_28_0) true)
+(expandtypeattribute (hal_vr_hwservice_28_0) true)
+(expandtypeattribute (hal_weaver_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_28_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_28_0) true)
+(expandtypeattribute (hardware_properties_service_28_0) true)
+(expandtypeattribute (hardware_service_28_0) true)
+(expandtypeattribute (hci_attach_dev_28_0) true)
+(expandtypeattribute (hdmi_control_service_28_0) true)
+(expandtypeattribute (healthd_28_0) true)
+(expandtypeattribute (healthd_exec_28_0) true)
+(expandtypeattribute (heapdump_data_file_28_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_28_0) true)
+(expandtypeattribute (hidl_base_hwservice_28_0) true)
+(expandtypeattribute (hidl_manager_hwservice_28_0) true)
+(expandtypeattribute (hidl_memory_hwservice_28_0) true)
+(expandtypeattribute (hidl_token_hwservice_28_0) true)
+(expandtypeattribute (hwbinder_device_28_0) true)
+(expandtypeattribute (hw_random_device_28_0) true)
+(expandtypeattribute (hwservice_contexts_file_28_0) true)
+(expandtypeattribute (hwservicemanager_28_0) true)
+(expandtypeattribute (hwservicemanager_exec_28_0) true)
+(expandtypeattribute (hwservicemanager_prop_28_0) true)
+(expandtypeattribute (i2c_device_28_0) true)
+(expandtypeattribute (icon_file_28_0) true)
+(expandtypeattribute (idmap_28_0) true)
+(expandtypeattribute (idmap_exec_28_0) true)
+(expandtypeattribute (iio_device_28_0) true)
+(expandtypeattribute (imms_service_28_0) true)
+(expandtypeattribute (incident_28_0) true)
+(expandtypeattribute (incidentd_28_0) true)
+(expandtypeattribute (incident_data_file_28_0) true)
+(expandtypeattribute (incident_helper_28_0) true)
+(expandtypeattribute (incident_service_28_0) true)
+(expandtypeattribute (init_28_0) true)
+(expandtypeattribute (init_exec_28_0) true)
+(expandtypeattribute (inotify_28_0) true)
+(expandtypeattribute (input_device_28_0) true)
+(expandtypeattribute (inputflinger_28_0) true)
+(expandtypeattribute (inputflinger_exec_28_0) true)
+(expandtypeattribute (inputflinger_service_28_0) true)
+(expandtypeattribute (input_method_service_28_0) true)
+(expandtypeattribute (input_service_28_0) true)
+(expandtypeattribute (installd_28_0) true)
+(expandtypeattribute (install_data_file_28_0) true)
+(expandtypeattribute (installd_exec_28_0) true)
+(expandtypeattribute (installd_service_28_0) true)
+(expandtypeattribute (install_recovery_28_0) true)
+(expandtypeattribute (install_recovery_exec_28_0) true)
+(expandtypeattribute (ion_device_28_0) true)
+(expandtypeattribute (IProxyService_service_28_0) true)
+(expandtypeattribute (ipsec_service_28_0) true)
+(expandtypeattribute (isolated_app_28_0) true)
+(expandtypeattribute (jobscheduler_service_28_0) true)
+(expandtypeattribute (kernel_28_0) true)
+(expandtypeattribute (keychain_data_file_28_0) true)
+(expandtypeattribute (keychord_device_28_0) true)
+(expandtypeattribute (keystore_28_0) true)
+(expandtypeattribute (keystore_data_file_28_0) true)
+(expandtypeattribute (keystore_exec_28_0) true)
+(expandtypeattribute (keystore_service_28_0) true)
+(expandtypeattribute (kmem_device_28_0) true)
+(expandtypeattribute (kmsg_debug_device_28_0) true)
+(expandtypeattribute (kmsg_device_28_0) true)
+(expandtypeattribute (labeledfs_28_0) true)
+(expandtypeattribute (last_boot_reason_prop_28_0) true)
+(expandtypeattribute (launcherapps_service_28_0) true)
+(expandtypeattribute (lmkd_28_0) true)
+(expandtypeattribute (lmkd_exec_28_0) true)
+(expandtypeattribute (lmkd_socket_28_0) true)
+(expandtypeattribute (location_service_28_0) true)
+(expandtypeattribute (lock_settings_service_28_0) true)
+(expandtypeattribute (logcat_exec_28_0) true)
+(expandtypeattribute (logd_28_0) true)
+(expandtypeattribute (logd_exec_28_0) true)
+(expandtypeattribute (logd_prop_28_0) true)
+(expandtypeattribute (logdr_socket_28_0) true)
+(expandtypeattribute (logd_socket_28_0) true)
+(expandtypeattribute (logdw_socket_28_0) true)
+(expandtypeattribute (logpersist_28_0) true)
+(expandtypeattribute (logpersistd_logging_prop_28_0) true)
+(expandtypeattribute (log_prop_28_0) true)
+(expandtypeattribute (log_tag_prop_28_0) true)
+(expandtypeattribute (loop_control_device_28_0) true)
+(expandtypeattribute (loop_device_28_0) true)
+(expandtypeattribute (lowpan_device_28_0) true)
+(expandtypeattribute (lowpan_prop_28_0) true)
+(expandtypeattribute (lowpan_service_28_0) true)
+(expandtypeattribute (mac_perms_file_28_0) true)
+(expandtypeattribute (mdnsd_28_0) true)
+(expandtypeattribute (mdnsd_socket_28_0) true)
+(expandtypeattribute (mdns_socket_28_0) true)
+(expandtypeattribute (mediacodec_28_0) true)
+(expandtypeattribute (mediacodec_exec_28_0) true)
+(expandtypeattribute (mediacodec_service_28_0) true)
+(expandtypeattribute (media_data_file_28_0) true)
+(expandtypeattribute (mediadrmserver_28_0) true)
+(expandtypeattribute (mediadrmserver_exec_28_0) true)
+(expandtypeattribute (mediadrmserver_service_28_0) true)
+(expandtypeattribute (mediaextractor_28_0) true)
+(expandtypeattribute (mediaextractor_exec_28_0) true)
+(expandtypeattribute (mediaextractor_service_28_0) true)
+(expandtypeattribute (mediaextractor_update_service_28_0) true)
+(expandtypeattribute (mediametrics_28_0) true)
+(expandtypeattribute (mediametrics_exec_28_0) true)
+(expandtypeattribute (mediametrics_service_28_0) true)
+(expandtypeattribute (media_projection_service_28_0) true)
+(expandtypeattribute (mediaprovider_28_0) true)
+(expandtypeattribute (media_router_service_28_0) true)
+(expandtypeattribute (media_rw_data_file_28_0) true)
+(expandtypeattribute (mediaserver_28_0) true)
+(expandtypeattribute (mediaserver_exec_28_0) true)
+(expandtypeattribute (mediaserver_service_28_0) true)
+(expandtypeattribute (media_session_service_28_0) true)
+(expandtypeattribute (meminfo_service_28_0) true)
+(expandtypeattribute (metadata_block_device_28_0) true)
+(expandtypeattribute (metadata_file_28_0) true)
+(expandtypeattribute (method_trace_data_file_28_0) true)
+(expandtypeattribute (midi_service_28_0) true)
+(expandtypeattribute (misc_block_device_28_0) true)
+(expandtypeattribute (misc_logd_file_28_0) true)
+(expandtypeattribute (misc_user_data_file_28_0) true)
+(expandtypeattribute (mmc_prop_28_0) true)
+(expandtypeattribute (mnt_expand_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_file_28_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_28_0) true)
+(expandtypeattribute (mnt_user_file_28_0) true)
+(expandtypeattribute (mnt_vendor_file_28_0) true)
+(expandtypeattribute (modprobe_28_0) true)
+(expandtypeattribute (mount_service_28_0) true)
+(expandtypeattribute (mqueue_28_0) true)
+(expandtypeattribute (mtd_device_28_0) true)
+(expandtypeattribute (mtp_28_0) true)
+(expandtypeattribute (mtp_device_28_0) true)
+(expandtypeattribute (mtpd_socket_28_0) true)
+(expandtypeattribute (mtp_exec_28_0) true)
+(expandtypeattribute (nativetest_data_file_28_0) true)
+(expandtypeattribute (netd_28_0) true)
+(expandtypeattribute (net_data_file_28_0) true)
+(expandtypeattribute (netd_exec_28_0) true)
+(expandtypeattribute (netd_listener_service_28_0) true)
+(expandtypeattribute (net_dns_prop_28_0) true)
+(expandtypeattribute (netd_service_28_0) true)
+(expandtypeattribute (netd_socket_28_0) true)
+(expandtypeattribute (netd_stable_secret_prop_28_0) true)
+(expandtypeattribute (netif_28_0) true)
+(expandtypeattribute (netpolicy_service_28_0) true)
+(expandtypeattribute (net_radio_prop_28_0) true)
+(expandtypeattribute (netstats_service_28_0) true)
+(expandtypeattribute (netutils_wrapper_28_0) true)
+(expandtypeattribute (netutils_wrapper_exec_28_0) true)
+(expandtypeattribute (network_management_service_28_0) true)
+(expandtypeattribute (network_score_service_28_0) true)
+(expandtypeattribute (network_time_update_service_28_0) true)
+(expandtypeattribute (network_watchlist_data_file_28_0) true)
+(expandtypeattribute (network_watchlist_service_28_0) true)
+(expandtypeattribute (nfc_28_0) true)
+(expandtypeattribute (nfc_data_file_28_0) true)
+(expandtypeattribute (nfc_device_28_0) true)
+(expandtypeattribute (nfc_prop_28_0) true)
+(expandtypeattribute (nfc_service_28_0) true)
+(expandtypeattribute (node_28_0) true)
+(expandtypeattribute (nonplat_service_contexts_file_28_0) true)
+(expandtypeattribute (notification_service_28_0) true)
+(expandtypeattribute (null_device_28_0) true)
+(expandtypeattribute (oemfs_28_0) true)
+(expandtypeattribute (oem_lock_service_28_0) true)
+(expandtypeattribute (ota_data_file_28_0) true)
+(expandtypeattribute (otadexopt_service_28_0) true)
+(expandtypeattribute (ota_package_file_28_0) true)
+(expandtypeattribute (otapreopt_chroot_28_0) true)
+(expandtypeattribute (otapreopt_chroot_exec_28_0) true)
+(expandtypeattribute (otapreopt_slot_28_0) true)
+(expandtypeattribute (otapreopt_slot_exec_28_0) true)
+(expandtypeattribute (overlay_prop_28_0) true)
+(expandtypeattribute (overlay_service_28_0) true)
+(expandtypeattribute (owntty_device_28_0) true)
+(expandtypeattribute (package_native_service_28_0) true)
+(expandtypeattribute (package_service_28_0) true)
+(expandtypeattribute (pan_result_prop_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_28_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_dir_28_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_28_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_28_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_28_0) true)
+(expandtypeattribute (pdx_performance_dir_28_0) true)
+(expandtypeattribute (performanced_28_0) true)
+(expandtypeattribute (performanced_exec_28_0) true)
+(expandtypeattribute (permission_service_28_0) true)
+(expandtypeattribute (persist_debug_prop_28_0) true)
+(expandtypeattribute (persistent_data_block_service_28_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_28_0) true)
+(expandtypeattribute (pinner_service_28_0) true)
+(expandtypeattribute (pipefs_28_0) true)
+(expandtypeattribute (platform_app_28_0) true)
+(expandtypeattribute (pm_prop_28_0) true)
+(expandtypeattribute (pmsg_device_28_0) true)
+(expandtypeattribute (port_28_0) true)
+(expandtypeattribute (port_device_28_0) true)
+(expandtypeattribute (postinstall_28_0) true)
+(expandtypeattribute (postinstall_dexopt_28_0) true)
+(expandtypeattribute (postinstall_file_28_0) true)
+(expandtypeattribute (postinstall_mnt_dir_28_0) true)
+(expandtypeattribute (powerctl_prop_28_0) true)
+(expandtypeattribute (power_service_28_0) true)
+(expandtypeattribute (ppp_28_0) true)
+(expandtypeattribute (ppp_device_28_0) true)
+(expandtypeattribute (ppp_exec_28_0) true)
+(expandtypeattribute (preloads_data_file_28_0) true)
+(expandtypeattribute (preloads_media_file_28_0) true)
+(expandtypeattribute (preopt2cachename_28_0) true)
+(expandtypeattribute (preopt2cachename_exec_28_0) true)
+(expandtypeattribute (print_service_28_0) true)
+(expandtypeattribute (priv_app_28_0) true)
+(expandtypeattribute (proc_28_0) true)
+(expandtypeattribute (proc_abi_28_0) true)
+(expandtypeattribute (proc_asound_28_0) true)
+(expandtypeattribute (proc_bluetooth_writable_28_0) true)
+(expandtypeattribute (proc_buddyinfo_28_0) true)
+(expandtypeattribute (proc_cmdline_28_0) true)
+(expandtypeattribute (proc_cpuinfo_28_0) true)
+(expandtypeattribute (proc_dirty_28_0) true)
+(expandtypeattribute (proc_diskstats_28_0) true)
+(expandtypeattribute (proc_drop_caches_28_0) true)
+(expandtypeattribute (processinfo_service_28_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_28_0) true)
+(expandtypeattribute (proc_filesystems_28_0) true)
+(expandtypeattribute (proc_hostname_28_0) true)
+(expandtypeattribute (proc_hung_task_28_0) true)
+(expandtypeattribute (proc_interrupts_28_0) true)
+(expandtypeattribute (proc_iomem_28_0) true)
+(expandtypeattribute (proc_kmsg_28_0) true)
+(expandtypeattribute (proc_loadavg_28_0) true)
+(expandtypeattribute (proc_max_map_count_28_0) true)
+(expandtypeattribute (proc_meminfo_28_0) true)
+(expandtypeattribute (proc_min_free_order_shift_28_0) true)
+(expandtypeattribute (proc_misc_28_0) true)
+(expandtypeattribute (proc_modules_28_0) true)
+(expandtypeattribute (proc_mounts_28_0) true)
+(expandtypeattribute (proc_net_28_0) true)
+(expandtypeattribute (proc_overcommit_memory_28_0) true)
+(expandtypeattribute (proc_page_cluster_28_0) true)
+(expandtypeattribute (proc_pagetypeinfo_28_0) true)
+(expandtypeattribute (proc_panic_28_0) true)
+(expandtypeattribute (proc_perf_28_0) true)
+(expandtypeattribute (proc_pid_max_28_0) true)
+(expandtypeattribute (proc_pipe_conf_28_0) true)
+(expandtypeattribute (proc_qtaguid_stat_28_0) true)
+(expandtypeattribute (proc_random_28_0) true)
+(expandtypeattribute (proc_sched_28_0) true)
+(expandtypeattribute (proc_security_28_0) true)
+(expandtypeattribute (proc_stat_28_0) true)
+(expandtypeattribute (procstats_service_28_0) true)
+(expandtypeattribute (proc_swaps_28_0) true)
+(expandtypeattribute (proc_sysrq_28_0) true)
+(expandtypeattribute (proc_timer_28_0) true)
+(expandtypeattribute (proc_tty_drivers_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_28_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_28_0) true)
+(expandtypeattribute (proc_uid_cpupower_28_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_28_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_28_0) true)
+(expandtypeattribute (proc_uid_io_stats_28_0) true)
+(expandtypeattribute (proc_uid_procstat_set_28_0) true)
+(expandtypeattribute (proc_uid_time_in_state_28_0) true)
+(expandtypeattribute (proc_uptime_28_0) true)
+(expandtypeattribute (proc_version_28_0) true)
+(expandtypeattribute (proc_vmallocinfo_28_0) true)
+(expandtypeattribute (proc_vmstat_28_0) true)
+(expandtypeattribute (proc_zoneinfo_28_0) true)
+(expandtypeattribute (profman_28_0) true)
+(expandtypeattribute (profman_dump_data_file_28_0) true)
+(expandtypeattribute (profman_exec_28_0) true)
+(expandtypeattribute (properties_device_28_0) true)
+(expandtypeattribute (properties_serial_28_0) true)
+(expandtypeattribute (property_contexts_file_28_0) true)
+(expandtypeattribute (property_data_file_28_0) true)
+(expandtypeattribute (property_info_28_0) true)
+(expandtypeattribute (property_socket_28_0) true)
+(expandtypeattribute (pstorefs_28_0) true)
+(expandtypeattribute (ptmx_device_28_0) true)
+(expandtypeattribute (qtaguid_device_28_0) true)
+(expandtypeattribute (qtaguid_proc_28_0) true)
+(expandtypeattribute (racoon_28_0) true)
+(expandtypeattribute (racoon_exec_28_0) true)
+(expandtypeattribute (racoon_socket_28_0) true)
+(expandtypeattribute (radio_28_0) true)
+(expandtypeattribute (radio_data_file_28_0) true)
+(expandtypeattribute (radio_device_28_0) true)
+(expandtypeattribute (radio_prop_28_0) true)
+(expandtypeattribute (radio_service_28_0) true)
+(expandtypeattribute (ram_device_28_0) true)
+(expandtypeattribute (random_device_28_0) true)
+(expandtypeattribute (recovery_28_0) true)
+(expandtypeattribute (recovery_block_device_28_0) true)
+(expandtypeattribute (recovery_data_file_28_0) true)
+(expandtypeattribute (recovery_persist_28_0) true)
+(expandtypeattribute (recovery_persist_exec_28_0) true)
+(expandtypeattribute (recovery_refresh_28_0) true)
+(expandtypeattribute (recovery_refresh_exec_28_0) true)
+(expandtypeattribute (recovery_service_28_0) true)
+(expandtypeattribute (registry_service_28_0) true)
+(expandtypeattribute (resourcecache_data_file_28_0) true)
+(expandtypeattribute (restorecon_prop_28_0) true)
+(expandtypeattribute (restrictions_service_28_0) true)
+(expandtypeattribute (rild_debug_socket_28_0) true)
+(expandtypeattribute (rild_socket_28_0) true)
+(expandtypeattribute (ringtone_file_28_0) true)
+(expandtypeattribute (root_block_device_28_0) true)
+(expandtypeattribute (rootfs_28_0) true)
+(expandtypeattribute (rpmsg_device_28_0) true)
+(expandtypeattribute (rtc_device_28_0) true)
+(expandtypeattribute (rttmanager_service_28_0) true)
+(expandtypeattribute (runas_28_0) true)
+(expandtypeattribute (runas_exec_28_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_28_0) true)
+(expandtypeattribute (safemode_prop_28_0) true)
+(expandtypeattribute (same_process_hal_file_28_0) true)
+(expandtypeattribute (samplingprofiler_service_28_0) true)
+(expandtypeattribute (scheduling_policy_service_28_0) true)
+(expandtypeattribute (sdcardd_28_0) true)
+(expandtypeattribute (sdcardd_exec_28_0) true)
+(expandtypeattribute (sdcardfs_28_0) true)
+(expandtypeattribute (seapp_contexts_file_28_0) true)
+(expandtypeattribute (search_service_28_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_28_0) true)
+(expandtypeattribute (secure_element_28_0) true)
+(expandtypeattribute (secure_element_device_28_0) true)
+(expandtypeattribute (secure_element_service_28_0) true)
+(expandtypeattribute (selinuxfs_28_0) true)
+(expandtypeattribute (sensors_device_28_0) true)
+(expandtypeattribute (sensorservice_service_28_0) true)
+(expandtypeattribute (sepolicy_file_28_0) true)
+(expandtypeattribute (serial_device_28_0) true)
+(expandtypeattribute (serialno_prop_28_0) true)
+(expandtypeattribute (serial_service_28_0) true)
+(expandtypeattribute (service_contexts_file_28_0) true)
+(expandtypeattribute (servicediscovery_service_28_0) true)
+(expandtypeattribute (servicemanager_28_0) true)
+(expandtypeattribute (servicemanager_exec_28_0) true)
+(expandtypeattribute (settings_service_28_0) true)
+(expandtypeattribute (sgdisk_28_0) true)
+(expandtypeattribute (sgdisk_exec_28_0) true)
+(expandtypeattribute (shared_relro_28_0) true)
+(expandtypeattribute (shared_relro_file_28_0) true)
+(expandtypeattribute (shell_28_0) true)
+(expandtypeattribute (shell_data_file_28_0) true)
+(expandtypeattribute (shell_exec_28_0) true)
+(expandtypeattribute (shell_prop_28_0) true)
+(expandtypeattribute (shm_28_0) true)
+(expandtypeattribute (shortcut_manager_icons_28_0) true)
+(expandtypeattribute (shortcut_service_28_0) true)
+(expandtypeattribute (slice_service_28_0) true)
+(expandtypeattribute (slideshow_28_0) true)
+(expandtypeattribute (socket_device_28_0) true)
+(expandtypeattribute (sockfs_28_0) true)
+(expandtypeattribute (statusbar_service_28_0) true)
+(expandtypeattribute (storaged_service_28_0) true)
+(expandtypeattribute (storage_file_28_0) true)
+(expandtypeattribute (storagestats_service_28_0) true)
+(expandtypeattribute (storage_stub_file_28_0) true)
+(expandtypeattribute (su_28_0) true)
+(expandtypeattribute (su_exec_28_0) true)
+(expandtypeattribute (surfaceflinger_28_0) true)
+(expandtypeattribute (surfaceflinger_service_28_0) true)
+(expandtypeattribute (swap_block_device_28_0) true)
+(expandtypeattribute (sysfs_28_0) true)
+(expandtypeattribute (sysfs_android_usb_28_0) true)
+(expandtypeattribute (sysfs_batteryinfo_28_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_28_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_28_0) true)
+(expandtypeattribute (sysfs_dm_28_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_28_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_28_0) true)
+(expandtypeattribute (sysfs_hwrandom_28_0) true)
+(expandtypeattribute (sysfs_ipv4_28_0) true)
+(expandtypeattribute (sysfs_kernel_notes_28_0) true)
+(expandtypeattribute (sysfs_leds_28_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_28_0) true)
+(expandtypeattribute (sysfs_mac_address_28_0) true)
+(expandtypeattribute (sysfs_net_28_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_28_0) true)
+(expandtypeattribute (sysfs_power_28_0) true)
+(expandtypeattribute (sysfs_rtc_28_0) true)
+(expandtypeattribute (sysfs_switch_28_0) true)
+(expandtypeattribute (sysfs_thermal_28_0) true)
+(expandtypeattribute (sysfs_uio_28_0) true)
+(expandtypeattribute (sysfs_usb_28_0) true)
+(expandtypeattribute (sysfs_usermodehelper_28_0) true)
+(expandtypeattribute (sysfs_vibrator_28_0) true)
+(expandtypeattribute (sysfs_wake_lock_28_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_28_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_28_0) true)
+(expandtypeattribute (sysfs_zram_28_0) true)
+(expandtypeattribute (sysfs_zram_uevent_28_0) true)
+(expandtypeattribute (system_app_28_0) true)
+(expandtypeattribute (system_app_data_file_28_0) true)
+(expandtypeattribute (system_app_service_28_0) true)
+(expandtypeattribute (system_block_device_28_0) true)
+(expandtypeattribute (system_boot_reason_prop_28_0) true)
+(expandtypeattribute (system_data_file_28_0) true)
+(expandtypeattribute (system_file_28_0) true)
+(expandtypeattribute (systemkeys_data_file_28_0) true)
+(expandtypeattribute (system_ndebug_socket_28_0) true)
+(expandtypeattribute (system_net_netd_hwservice_28_0) true)
+(expandtypeattribute (system_prop_28_0) true)
+(expandtypeattribute (system_radio_prop_28_0) true)
+(expandtypeattribute (system_server_28_0) true)
+(expandtypeattribute (system_update_service_28_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_28_0) true)
+(expandtypeattribute (system_wpa_socket_28_0) true)
+(expandtypeattribute (task_service_28_0) true)
+(expandtypeattribute (tee_28_0) true)
+(expandtypeattribute (tee_data_file_28_0) true)
+(expandtypeattribute (tee_device_28_0) true)
+(expandtypeattribute (telecom_service_28_0) true)
+(expandtypeattribute (test_boot_reason_prop_28_0) true)
+(expandtypeattribute (textclassification_service_28_0) true)
+(expandtypeattribute (textclassifier_data_file_28_0) true)
+(expandtypeattribute (textservices_service_28_0) true)
+(expandtypeattribute (thermalcallback_hwservice_28_0) true)
+(expandtypeattribute (thermal_service_28_0) true)
+(expandtypeattribute (timezone_service_28_0) true)
+(expandtypeattribute (tmpfs_28_0) true)
+(expandtypeattribute (tombstoned_28_0) true)
+(expandtypeattribute (tombstone_data_file_28_0) true)
+(expandtypeattribute (tombstoned_crash_socket_28_0) true)
+(expandtypeattribute (tombstoned_exec_28_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_28_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_28_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_28_0) true)
+(expandtypeattribute (toolbox_28_0) true)
+(expandtypeattribute (toolbox_exec_28_0) true)
+(expandtypeattribute (trace_data_file_28_0) true)
+(expandtypeattribute (traced_consumer_socket_28_0) true)
+(expandtypeattribute (traced_enabled_prop_28_0) true)
+(expandtypeattribute (traced_probes_28_0) true)
+(expandtypeattribute (traced_producer_socket_28_0) true)
+(expandtypeattribute (traceur_app_28_0) true)
+(expandtypeattribute (trust_service_28_0) true)
+(expandtypeattribute (tty_device_28_0) true)
+(expandtypeattribute (tun_device_28_0) true)
+(expandtypeattribute (tv_input_service_28_0) true)
+(expandtypeattribute (tzdatacheck_28_0) true)
+(expandtypeattribute (tzdatacheck_exec_28_0) true)
+(expandtypeattribute (ueventd_28_0) true)
+(expandtypeattribute (uhid_device_28_0) true)
+(expandtypeattribute (uimode_service_28_0) true)
+(expandtypeattribute (uio_device_28_0) true)
+(expandtypeattribute (uncrypt_28_0) true)
+(expandtypeattribute (uncrypt_exec_28_0) true)
+(expandtypeattribute (uncrypt_socket_28_0) true)
+(expandtypeattribute (unencrypted_data_file_28_0) true)
+(expandtypeattribute (unlabeled_28_0) true)
+(expandtypeattribute (untrusted_app_25_28_0) true)
+(expandtypeattribute (untrusted_app_27_28_0) true)
+(expandtypeattribute (untrusted_app_28_0) true)
+(expandtypeattribute (untrusted_v2_app_28_0) true)
+(expandtypeattribute (update_engine_28_0) true)
+(expandtypeattribute (update_engine_data_file_28_0) true)
+(expandtypeattribute (update_engine_exec_28_0) true)
+(expandtypeattribute (update_engine_log_data_file_28_0) true)
+(expandtypeattribute (update_engine_service_28_0) true)
+(expandtypeattribute (updatelock_service_28_0) true)
+(expandtypeattribute (update_verifier_28_0) true)
+(expandtypeattribute (update_verifier_exec_28_0) true)
+(expandtypeattribute (usagestats_service_28_0) true)
+(expandtypeattribute (usbaccessory_device_28_0) true)
+(expandtypeattribute (usbd_28_0) true)
+(expandtypeattribute (usb_device_28_0) true)
+(expandtypeattribute (usbd_exec_28_0) true)
+(expandtypeattribute (usbfs_28_0) true)
+(expandtypeattribute (usb_service_28_0) true)
+(expandtypeattribute (userdata_block_device_28_0) true)
+(expandtypeattribute (usermodehelper_28_0) true)
+(expandtypeattribute (user_profile_data_file_28_0) true)
+(expandtypeattribute (user_service_28_0) true)
+(expandtypeattribute (vcs_device_28_0) true)
+(expandtypeattribute (vdc_28_0) true)
+(expandtypeattribute (vdc_exec_28_0) true)
+(expandtypeattribute (vendor_app_file_28_0) true)
+(expandtypeattribute (vendor_configs_file_28_0) true)
+(expandtypeattribute (vendor_data_file_28_0) true)
+(expandtypeattribute (vendor_default_prop_28_0) true)
+(expandtypeattribute (vendor_file_28_0) true)
+(expandtypeattribute (vendor_framework_file_28_0) true)
+(expandtypeattribute (vendor_hal_file_28_0) true)
+(expandtypeattribute (vendor_init_28_0) true)
+(expandtypeattribute (vendor_overlay_file_28_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_28_0) true)
+(expandtypeattribute (vendor_shell_28_0) true)
+(expandtypeattribute (vendor_shell_exec_28_0) true)
+(expandtypeattribute (vendor_toolbox_exec_28_0) true)
+(expandtypeattribute (vfat_28_0) true)
+(expandtypeattribute (vibrator_service_28_0) true)
+(expandtypeattribute (video_device_28_0) true)
+(expandtypeattribute (virtual_touchpad_28_0) true)
+(expandtypeattribute (virtual_touchpad_exec_28_0) true)
+(expandtypeattribute (virtual_touchpad_service_28_0) true)
+(expandtypeattribute (vndbinder_device_28_0) true)
+(expandtypeattribute (vndk_sp_file_28_0) true)
+(expandtypeattribute (vndservice_contexts_file_28_0) true)
+(expandtypeattribute (vndservicemanager_28_0) true)
+(expandtypeattribute (voiceinteraction_service_28_0) true)
+(expandtypeattribute (vold_28_0) true)
+(expandtypeattribute (vold_data_file_28_0) true)
+(expandtypeattribute (vold_device_28_0) true)
+(expandtypeattribute (vold_exec_28_0) true)
+(expandtypeattribute (vold_metadata_file_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_28_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_28_0) true)
+(expandtypeattribute (vold_prop_28_0) true)
+(expandtypeattribute (vold_service_28_0) true)
+(expandtypeattribute (vpn_data_file_28_0) true)
+(expandtypeattribute (vr_hwc_28_0) true)
+(expandtypeattribute (vr_hwc_exec_28_0) true)
+(expandtypeattribute (vr_hwc_service_28_0) true)
+(expandtypeattribute (vr_manager_service_28_0) true)
+(expandtypeattribute (wallpaper_file_28_0) true)
+(expandtypeattribute (wallpaper_service_28_0) true)
+(expandtypeattribute (watchdogd_28_0) true)
+(expandtypeattribute (watchdog_device_28_0) true)
+(expandtypeattribute (webviewupdate_service_28_0) true)
+(expandtypeattribute (webview_zygote_28_0) true)
+(expandtypeattribute (webview_zygote_exec_28_0) true)
+(expandtypeattribute (wifiaware_service_28_0) true)
+(expandtypeattribute (wificond_28_0) true)
+(expandtypeattribute (wificond_exec_28_0) true)
+(expandtypeattribute (wificond_service_28_0) true)
+(expandtypeattribute (wifi_data_file_28_0) true)
+(expandtypeattribute (wifi_log_prop_28_0) true)
+(expandtypeattribute (wifip2p_service_28_0) true)
+(expandtypeattribute (wifi_prop_28_0) true)
+(expandtypeattribute (wifiscanner_service_28_0) true)
+(expandtypeattribute (wifi_service_28_0) true)
+(expandtypeattribute (window_service_28_0) true)
+(expandtypeattribute (wpantund_28_0) true)
+(expandtypeattribute (wpantund_exec_28_0) true)
+(expandtypeattribute (wpantund_service_28_0) true)
+(expandtypeattribute (wpa_socket_28_0) true)
+(expandtypeattribute (zero_device_28_0) true)
+(expandtypeattribute (zoneinfo_data_file_28_0) true)
+(expandtypeattribute (zygote_28_0) true)
+(expandtypeattribute (zygote_exec_28_0) true)
+(expandtypeattribute (zygote_socket_28_0) true)
+(typeattributeset accessibility_service_28_0 (accessibility_service))
+(typeattributeset account_service_28_0 (account_service))
+(typeattributeset activity_service_28_0 (activity_service))
+(typeattributeset adbd_28_0 (adbd))
+(typeattributeset adb_data_file_28_0 (adb_data_file))
+(typeattributeset adbd_exec_28_0 (adbd_exec))
+(typeattributeset adbd_socket_28_0 (adbd_socket))
+(typeattributeset adb_keys_file_28_0 (adb_keys_file))
+(typeattributeset alarm_device_28_0 (alarm_device))
+(typeattributeset alarm_service_28_0 (alarm_service))
+(typeattributeset anr_data_file_28_0 (anr_data_file))
+(typeattributeset apk_data_file_28_0 (apk_data_file))
+(typeattributeset apk_private_data_file_28_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_28_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_28_0 (apk_tmp_file))
+(typeattributeset app_data_file_28_0 (app_data_file privapp_data_file))
+(typeattributeset app_fuse_file_28_0 (app_fuse_file))
+(typeattributeset app_fusefs_28_0 (app_fusefs))
+(typeattributeset appops_service_28_0 (appops_service))
+(typeattributeset appwidget_service_28_0 (appwidget_service))
+(typeattributeset asec_apk_file_28_0 (asec_apk_file))
+(typeattributeset asec_image_file_28_0 (asec_image_file))
+(typeattributeset asec_public_file_28_0 (asec_public_file))
+(typeattributeset ashmem_device_28_0 (ashmem_device))
+(typeattributeset assetatlas_service_28_0 (assetatlas_service))
+(typeattributeset audio_data_file_28_0 (audio_data_file))
+(typeattributeset audio_device_28_0 (audio_device))
+(typeattributeset audiohal_data_file_28_0 (audiohal_data_file))
+(typeattributeset audio_prop_28_0 (audio_prop))
+(typeattributeset audio_seq_device_28_0 (audio_seq_device))
+(typeattributeset audioserver_28_0 (audioserver))
+(typeattributeset audioserver_data_file_28_0 (audioserver_data_file))
+(typeattributeset audioserver_service_28_0 (audioserver_service))
+(typeattributeset audio_service_28_0 (audio_service))
+(typeattributeset audio_timer_device_28_0 (audio_timer_device))
+(typeattributeset autofill_service_28_0 (autofill_service))
+(typeattributeset backup_data_file_28_0 (backup_data_file))
+(typeattributeset backup_service_28_0 (backup_service))
+(typeattributeset batteryproperties_service_28_0 (batteryproperties_service))
+(typeattributeset battery_service_28_0 (battery_service))
+(typeattributeset batterystats_service_28_0 (batterystats_service))
+(typeattributeset binder_calls_stats_service_28_0 (binder_calls_stats_service))
+(typeattributeset binder_device_28_0 (binder_device))
+(typeattributeset binfmt_miscfs_28_0 (binfmt_miscfs))
+(typeattributeset blkid_28_0 (blkid))
+(typeattributeset blkid_untrusted_28_0 (blkid_untrusted))
+(typeattributeset block_device_28_0 (block_device))
+(typeattributeset bluetooth_28_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_28_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_data_file_28_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_28_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_28_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_28_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_28_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_28_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_28_0 (bluetooth_socket))
+(typeattributeset bootanim_28_0 (bootanim))
+(typeattributeset bootanim_exec_28_0 (bootanim_exec))
+(typeattributeset boot_block_device_28_0 (boot_block_device))
+(typeattributeset bootchart_data_file_28_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_28_0 (bootloader_boot_reason_prop))
+(typeattributeset bootstat_28_0 (bootstat))
+(typeattributeset bootstat_data_file_28_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_28_0 (bootstat_exec))
+(typeattributeset boottime_prop_28_0 (boottime_prop))
+(typeattributeset boottrace_data_file_28_0 (boottrace_data_file))
+(typeattributeset broadcastradio_service_28_0 (broadcastradio_service))
+(typeattributeset bufferhubd_28_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_28_0 (bufferhubd_exec))
+(typeattributeset cache_backup_file_28_0 (cache_backup_file))
+(typeattributeset cache_block_device_28_0 (cache_block_device))
+(typeattributeset cache_file_28_0 (cache_file))
+(typeattributeset cache_private_backup_file_28_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_28_0 (cache_recovery_file))
+(typeattributeset camera_data_file_28_0 (camera_data_file))
+(typeattributeset camera_device_28_0 (camera_device))
+(typeattributeset cameraproxy_service_28_0 (cameraproxy_service))
+(typeattributeset cameraserver_28_0 (cameraserver))
+(typeattributeset cameraserver_exec_28_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_28_0 (cameraserver_service))
+(typeattributeset cgroup_28_0 (cgroup))
+(typeattributeset cgroup_bpf_28_0 (cgroup_bpf))
+(typeattributeset charger_28_0 (charger))
+(typeattributeset clatd_28_0 (clatd))
+(typeattributeset clatd_exec_28_0 (clatd_exec))
+(typeattributeset clipboard_service_28_0 (clipboard_service))
+(typeattributeset commontime_management_service_28_0 (commontime_management_service))
+(typeattributeset companion_device_service_28_0 (companion_device_service))
+(typeattributeset configfs_28_0 (configfs))
+(typeattributeset config_prop_28_0 (config_prop))
+(typeattributeset connectivity_service_28_0 (connectivity_service))
+(typeattributeset connmetrics_service_28_0 (connmetrics_service))
+(typeattributeset console_device_28_0 (console_device))
+(typeattributeset consumer_ir_service_28_0 (consumer_ir_service))
+(typeattributeset content_service_28_0 (content_service))
+(typeattributeset contexthub_service_28_0 (contexthub_service))
+(typeattributeset coredump_file_28_0 (coredump_file))
+(typeattributeset country_detector_service_28_0 (country_detector_service))
+(typeattributeset coverage_service_28_0 (coverage_service))
+(typeattributeset cppreopt_prop_28_0 (cppreopt_prop))
+(typeattributeset cppreopts_28_0 (cppreopts))
+(typeattributeset cppreopts_exec_28_0 (cppreopts_exec))
+(typeattributeset cpuctl_device_28_0 (cpuctl_device))
+(typeattributeset cpuinfo_service_28_0 (cpuinfo_service))
+(typeattributeset crash_dump_28_0 (crash_dump))
+(typeattributeset crash_dump_exec_28_0 (crash_dump_exec))
+(typeattributeset crossprofileapps_service_28_0 (crossprofileapps_service))
+(typeattributeset ctl_bootanim_prop_28_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_28_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_28_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_28_0
+ ( ctl_adbd_prop
+ ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_28_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_28_0 (ctl_fuse_prop))
+(typeattributeset ctl_interface_restart_prop_28_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_28_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_28_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_28_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_28_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_28_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_28_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_28_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_28_0 (ctl_stop_prop))
+(typeattributeset dalvikcache_data_file_28_0 (dalvikcache_data_file))
+(typeattributeset dalvik_prop_28_0 (dalvik_prop))
+(typeattributeset dbinfo_service_28_0 (dbinfo_service))
+(typeattributeset debugfs_28_0 (debugfs))
+(typeattributeset debugfs_mmc_28_0 (debugfs_mmc))
+(typeattributeset debugfs_trace_marker_28_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_28_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_28_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_28_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_wakeup_sources_28_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_28_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_28_0 (debuggerd_prop))
+(typeattributeset debug_prop_28_0 (debug_prop))
+(typeattributeset default_android_hwservice_28_0 (default_android_hwservice))
+(typeattributeset default_android_service_28_0 (default_android_service))
+(typeattributeset default_android_vndservice_28_0 (default_android_vndservice))
+(typeattributeset default_prop_28_0 (default_prop))
+(typeattributeset device_28_0 (device))
+(typeattributeset device_identifiers_service_28_0 (device_identifiers_service))
+(typeattributeset deviceidle_service_28_0 (deviceidle_service))
+(typeattributeset device_logging_prop_28_0 (device_logging_prop))
+(typeattributeset device_policy_service_28_0 (device_policy_service))
+(typeattributeset devicestoragemonitor_service_28_0 (devicestoragemonitor_service))
+(typeattributeset devpts_28_0 (devpts))
+(typeattributeset dex2oat_28_0 (dex2oat))
+(typeattributeset dex2oat_exec_28_0 (dex2oat_exec))
+(typeattributeset dhcp_28_0 (dhcp))
+(typeattributeset dhcp_data_file_28_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_28_0 (dhcp_exec))
+(typeattributeset dhcp_prop_28_0 (dhcp_prop))
+(typeattributeset diskstats_service_28_0 (diskstats_service))
+(typeattributeset display_service_28_0 (display_service))
+(typeattributeset dm_device_28_0 (dm_device))
+(typeattributeset dnsmasq_28_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_28_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_28_0 (dnsproxyd_socket))
+(typeattributeset DockObserver_service_28_0 (DockObserver_service))
+(typeattributeset dreams_service_28_0 (dreams_service))
+(typeattributeset drm_data_file_28_0 (drm_data_file))
+(typeattributeset drmserver_28_0 (drmserver))
+(typeattributeset drmserver_exec_28_0 (drmserver_exec))
+(typeattributeset drmserver_service_28_0 (drmserver_service))
+(typeattributeset drmserver_socket_28_0 (drmserver_socket))
+(typeattributeset dropbox_service_28_0 (dropbox_service))
+(typeattributeset dumpstate_28_0 (dumpstate))
+(typeattributeset dumpstate_exec_28_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_28_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_28_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_28_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_28_0 (dumpstate_socket))
+(typeattributeset e2fs_28_0 (e2fs))
+(typeattributeset e2fs_exec_28_0 (e2fs_exec))
+(typeattributeset efs_file_28_0 (efs_file))
+(typeattributeset ephemeral_app_28_0 (ephemeral_app))
+(typeattributeset ethernet_service_28_0 (ethernet_service))
+(typeattributeset exfat_28_0 (exfat))
+(typeattributeset exported2_config_prop_28_0 (exported2_config_prop))
+(typeattributeset exported2_default_prop_28_0 (exported2_default_prop))
+(typeattributeset exported2_radio_prop_28_0 (exported2_radio_prop))
+(typeattributeset exported2_system_prop_28_0 (exported2_system_prop))
+(typeattributeset exported2_vold_prop_28_0 (exported2_vold_prop))
+(typeattributeset exported3_default_prop_28_0 (exported3_default_prop))
+(typeattributeset exported3_radio_prop_28_0 (exported3_radio_prop))
+(typeattributeset exported3_system_prop_28_0 (exported3_system_prop))
+(typeattributeset exported_audio_prop_28_0 (exported_audio_prop))
+(typeattributeset exported_bluetooth_prop_28_0 (exported_bluetooth_prop))
+(typeattributeset exported_config_prop_28_0 (exported_config_prop))
+(typeattributeset exported_dalvik_prop_28_0 (exported_dalvik_prop))
+(typeattributeset exported_default_prop_28_0 (exported_default_prop))
+(typeattributeset exported_dumpstate_prop_28_0 (exported_dumpstate_prop))
+(typeattributeset exported_ffs_prop_28_0 (exported_ffs_prop))
+(typeattributeset exported_fingerprint_prop_28_0 (exported_fingerprint_prop))
+(typeattributeset exported_overlay_prop_28_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_28_0 (exported_pm_prop))
+(typeattributeset exported_radio_prop_28_0 (exported_radio_prop))
+(typeattributeset exported_secure_prop_28_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_28_0 (exported_system_prop))
+(typeattributeset exported_system_radio_prop_28_0 (exported_system_radio_prop))
+(typeattributeset exported_vold_prop_28_0 (exported_vold_prop))
+(typeattributeset exported_wifi_prop_28_0 (exported_wifi_prop))
+(typeattributeset ffs_prop_28_0 (ffs_prop))
+(typeattributeset file_contexts_file_28_0 (file_contexts_file))
+(typeattributeset fingerprintd_28_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_28_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_28_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_28_0 (fingerprintd_service))
+(typeattributeset fingerprint_prop_28_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_28_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file))
+(typeattributeset firstboot_prop_28_0 (firstboot_prop))
+(typeattributeset font_service_28_0 (font_service))
+(typeattributeset frp_block_device_28_0 (frp_block_device))
+(typeattributeset fs_bpf_28_0 (fs_bpf))
+(typeattributeset fsck_28_0 (fsck))
+(typeattributeset fsck_exec_28_0 (fsck_exec))
+(typeattributeset fscklogs_28_0 (fscklogs))
+(typeattributeset fsck_untrusted_28_0 (fsck_untrusted))
+(typeattributeset full_device_28_0 (full_device))
+(typeattributeset functionfs_28_0 (functionfs))
+(typeattributeset fuse_28_0 (fuse))
+(typeattributeset fuse_device_28_0 (fuse_device))
+(typeattributeset fwk_display_hwservice_28_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_28_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_28_0 (fwk_sensor_hwservice))
+(typeattributeset fwmarkd_socket_28_0 (fwmarkd_socket))
+(typeattributeset gatekeeperd_28_0 (gatekeeperd))
+(typeattributeset gatekeeper_data_file_28_0 (gatekeeper_data_file))
+(typeattributeset gatekeeperd_exec_28_0 (gatekeeperd_exec))
+(typeattributeset gatekeeper_service_28_0 (gatekeeper_service))
+(typeattributeset gfxinfo_service_28_0 (gfxinfo_service))
+(typeattributeset gps_control_28_0 (gps_control))
+(typeattributeset gpu_device_28_0 (gpu_device))
+(typeattributeset gpu_service_28_0 (gpu_service))
+(typeattributeset graphics_device_28_0 (graphics_device))
+(typeattributeset graphicsstats_service_28_0 (graphicsstats_service))
+(typeattributeset hal_audiocontrol_hwservice_28_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audio_hwservice_28_0 (hal_audio_hwservice))
+(typeattributeset hal_authsecret_hwservice_28_0 (hal_authsecret_hwservice))
+(typeattributeset hal_bluetooth_hwservice_28_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_28_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_28_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_28_0 (hal_camera_hwservice))
+(typeattributeset hal_cas_hwservice_28_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_28_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_28_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_28_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_28_0 (hal_contexthub_hwservice))
+(typeattributeset hal_drm_hwservice_28_0 (hal_drm_hwservice))
+(typeattributeset hal_dumpstate_hwservice_28_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_evs_hwservice_28_0 (hal_evs_hwservice))
+(typeattributeset hal_fingerprint_hwservice_28_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_28_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_28_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_28_0 (hal_gnss_hwservice))
+(typeattributeset hal_graphics_allocator_hwservice_28_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_composer_hwservice_28_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_mapper_hwservice_28_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_28_0 (hal_health_hwservice))
+(typeattributeset hal_ir_hwservice_28_0 (hal_ir_hwservice))
+(typeattributeset hal_keymaster_hwservice_28_0 (hal_keymaster_hwservice))
+(typeattributeset hal_light_hwservice_28_0 (hal_light_hwservice))
+(typeattributeset hal_lowpan_hwservice_28_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_28_0 (hal_memtrack_hwservice))
+(typeattributeset hal_neuralnetworks_hwservice_28_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_nfc_hwservice_28_0 (hal_nfc_hwservice))
+(typeattributeset hal_oemlock_hwservice_28_0 (hal_oemlock_hwservice))
+(typeattributeset hal_omx_hwservice_28_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_28_0 (hal_power_hwservice))
+(typeattributeset hal_renderscript_hwservice_28_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_28_0 (hal_secure_element_hwservice))
+(typeattributeset hal_sensors_hwservice_28_0 (hal_sensors_hwservice))
+(typeattributeset hal_telephony_hwservice_28_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_28_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_28_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_28_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_28_0 (hal_tv_input_hwservice))
+(typeattributeset hal_usb_gadget_hwservice_28_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_28_0 (hal_usb_hwservice))
+(typeattributeset hal_vehicle_hwservice_28_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vibrator_hwservice_28_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vr_hwservice_28_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_28_0 (hal_weaver_hwservice))
+(typeattributeset hal_wifi_hostapd_hwservice_28_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hwservice_28_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_offload_hwservice_28_0 (hal_wifi_offload_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_28_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hardware_properties_service_28_0 (hardware_properties_service))
+(typeattributeset hardware_service_28_0 (hardware_service))
+(typeattributeset hci_attach_dev_28_0 (hci_attach_dev))
+(typeattributeset hdmi_control_service_28_0 (hdmi_control_service))
+(typeattributeset healthd_28_0 (healthd))
+(typeattributeset healthd_exec_28_0 (healthd_exec))
+(typeattributeset heapdump_data_file_28_0 (heapdump_data_file))
+(typeattributeset hidl_allocator_hwservice_28_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_28_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_28_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_28_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_28_0 (hidl_token_hwservice))
+(typeattributeset hwbinder_device_28_0 (hwbinder_device))
+(typeattributeset hw_random_device_28_0 (hw_random_device))
+(typeattributeset hwservice_contexts_file_28_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_28_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_28_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_28_0 (hwservicemanager_prop))
+(typeattributeset i2c_device_28_0 (i2c_device))
+(typeattributeset icon_file_28_0 (icon_file))
+(typeattributeset idmap_28_0 (idmap))
+(typeattributeset idmap_exec_28_0 (idmap_exec))
+(typeattributeset iio_device_28_0 (iio_device))
+(typeattributeset imms_service_28_0 (imms_service))
+(typeattributeset incident_28_0 (incident))
+(typeattributeset incidentd_28_0 (incidentd))
+(typeattributeset incident_data_file_28_0 (incident_data_file))
+(typeattributeset incident_helper_28_0 (incident_helper))
+(typeattributeset incident_service_28_0 (incident_service))
+(typeattributeset init_28_0 (init))
+(typeattributeset init_exec_28_0 (init_exec watchdogd_exec))
+(typeattributeset inotify_28_0 (inotify))
+(typeattributeset input_device_28_0 (input_device))
+(typeattributeset inputflinger_28_0 (inputflinger))
+(typeattributeset inputflinger_exec_28_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_28_0 (inputflinger_service))
+(typeattributeset input_method_service_28_0 (input_method_service))
+(typeattributeset input_service_28_0 (input_service))
+(typeattributeset installd_28_0 (installd))
+(typeattributeset install_data_file_28_0 (install_data_file))
+(typeattributeset installd_exec_28_0 (installd_exec))
+(typeattributeset installd_service_28_0 (installd_service))
+(typeattributeset install_recovery_28_0 (install_recovery))
+(typeattributeset install_recovery_exec_28_0 (install_recovery_exec))
+(typeattributeset ion_device_28_0 (ion_device))
+(typeattributeset IProxyService_service_28_0 (IProxyService_service))
+(typeattributeset ipsec_service_28_0 (ipsec_service))
+(typeattributeset isolated_app_28_0 (isolated_app))
+(typeattributeset jobscheduler_service_28_0 (jobscheduler_service))
+(typeattributeset kernel_28_0 (kernel))
+(typeattributeset keychain_data_file_28_0 (keychain_data_file))
+(typeattributeset keychord_device_28_0 (keychord_device))
+(typeattributeset keystore_28_0 (keystore))
+(typeattributeset keystore_data_file_28_0 (keystore_data_file))
+(typeattributeset keystore_exec_28_0 (keystore_exec))
+(typeattributeset keystore_service_28_0 (keystore_service))
+(typeattributeset kmem_device_28_0 (kmem_device))
+(typeattributeset kmsg_debug_device_28_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_28_0 (kmsg_device))
+(typeattributeset labeledfs_28_0 (labeledfs))
+(typeattributeset last_boot_reason_prop_28_0 (last_boot_reason_prop))
+(typeattributeset launcherapps_service_28_0 (launcherapps_service))
+(typeattributeset lmkd_28_0 (lmkd))
+(typeattributeset lmkd_exec_28_0 (lmkd_exec))
+(typeattributeset lmkd_socket_28_0 (lmkd_socket))
+(typeattributeset location_service_28_0 (location_service))
+(typeattributeset lock_settings_service_28_0 (lock_settings_service))
+(typeattributeset logcat_exec_28_0 (logcat_exec))
+(typeattributeset logd_28_0 (logd))
+(typeattributeset logd_exec_28_0 (logd_exec))
+(typeattributeset logd_prop_28_0 (logd_prop))
+(typeattributeset logdr_socket_28_0 (logdr_socket))
+(typeattributeset logd_socket_28_0 (logd_socket))
+(typeattributeset logdw_socket_28_0 (logdw_socket))
+(typeattributeset logpersist_28_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_28_0 (logpersistd_logging_prop))
+(typeattributeset log_prop_28_0 (log_prop))
+(typeattributeset log_tag_prop_28_0 (log_tag_prop))
+(typeattributeset loop_control_device_28_0 (loop_control_device))
+(typeattributeset loop_device_28_0 (loop_device))
+(typeattributeset lowpan_device_28_0 (lowpan_device))
+(typeattributeset lowpan_prop_28_0 (lowpan_prop))
+(typeattributeset lowpan_service_28_0 (lowpan_service))
+(typeattributeset mac_perms_file_28_0 (mac_perms_file))
+(typeattributeset mdnsd_28_0 (mdnsd))
+(typeattributeset mdnsd_socket_28_0 (mdnsd_socket))
+(typeattributeset mdns_socket_28_0 (mdns_socket))
+(typeattributeset hal_omx_server (mediacodec_28_0))
+(typeattributeset mediacodec_28_0 (mediacodec))
+(typeattributeset mediacodec_exec_28_0 (mediacodec_exec))
+(typeattributeset mediacodec_service_28_0 (mediacodec_service))
+(typeattributeset media_data_file_28_0 (media_data_file))
+(typeattributeset mediadrmserver_28_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_28_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_28_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_28_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_28_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_28_0 (mediaextractor_service))
+(typeattributeset mediaextractor_update_service_28_0 (mediaextractor_update_service))
+(typeattributeset mediametrics_28_0 (mediametrics))
+(typeattributeset mediametrics_exec_28_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_28_0 (mediametrics_service))
+(typeattributeset media_projection_service_28_0 (media_projection_service))
+(typeattributeset mediaprovider_28_0 (mediaprovider))
+(typeattributeset media_router_service_28_0 (media_router_service))
+(typeattributeset media_rw_data_file_28_0 (media_rw_data_file))
+(typeattributeset mediaserver_28_0 (mediaserver))
+(typeattributeset mediaserver_exec_28_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_28_0 (mediaserver_service))
+(typeattributeset media_session_service_28_0 (media_session_service))
+(typeattributeset meminfo_service_28_0 (meminfo_service))
+(typeattributeset metadata_block_device_28_0 (metadata_block_device))
+(typeattributeset metadata_file_28_0 (metadata_file))
+(typeattributeset method_trace_data_file_28_0 (method_trace_data_file))
+(typeattributeset midi_service_28_0 (midi_service))
+(typeattributeset misc_block_device_28_0 (misc_block_device))
+(typeattributeset misc_logd_file_28_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_28_0 (misc_user_data_file))
+(typeattributeset mmc_prop_28_0 (mmc_prop))
+(typeattributeset mnt_expand_file_28_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_28_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_28_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_user_file_28_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_28_0 (mnt_vendor_file))
+(typeattributeset modprobe_28_0 (modprobe))
+(typeattributeset mount_service_28_0 (mount_service))
+(typeattributeset mqueue_28_0 (mqueue))
+(typeattributeset mtd_device_28_0 (mtd_device))
+(typeattributeset mtp_28_0 (mtp))
+(typeattributeset mtp_device_28_0 (mtp_device))
+(typeattributeset mtpd_socket_28_0 (mtpd_socket))
+(typeattributeset mtp_exec_28_0 (mtp_exec))
+(typeattributeset nativetest_data_file_28_0 (nativetest_data_file))
+(typeattributeset netd_28_0 (netd))
+(typeattributeset net_data_file_28_0 (net_data_file))
+(typeattributeset netd_exec_28_0 (netd_exec))
+(typeattributeset netd_listener_service_28_0 (netd_listener_service))
+(typeattributeset net_dns_prop_28_0 (net_dns_prop))
+(typeattributeset netd_service_28_0 (netd_service))
+(typeattributeset netd_socket_28_0 (netd_socket))
+(typeattributeset netd_stable_secret_prop_28_0 (netd_stable_secret_prop))
+(typeattributeset netif_28_0 (netif))
+(typeattributeset netpolicy_service_28_0 (netpolicy_service))
+(typeattributeset net_radio_prop_28_0 (net_radio_prop))
+(typeattributeset netstats_service_28_0 (netstats_service))
+(typeattributeset netutils_wrapper_28_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_28_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_28_0 (network_management_service))
+(typeattributeset network_score_service_28_0 (network_score_service))
+(typeattributeset network_time_update_service_28_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_28_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_28_0 (network_watchlist_service))
+(typeattributeset nfc_28_0 (nfc))
+(typeattributeset nfc_data_file_28_0 (nfc_data_file))
+(typeattributeset nfc_device_28_0 (nfc_device))
+(typeattributeset nfc_prop_28_0 (nfc_prop))
+(typeattributeset nfc_service_28_0 (nfc_service))
+(typeattributeset node_28_0 (node))
+(typeattributeset nonplat_service_contexts_file_28_0 (nonplat_service_contexts_file))
+(typeattributeset notification_service_28_0 (notification_service))
+(typeattributeset null_device_28_0 (null_device))
+(typeattributeset oemfs_28_0 (oemfs))
+(typeattributeset oem_lock_service_28_0 (oem_lock_service))
+(typeattributeset ota_data_file_28_0 (ota_data_file))
+(typeattributeset otadexopt_service_28_0 (otadexopt_service))
+(typeattributeset ota_package_file_28_0 (ota_package_file))
+(typeattributeset otapreopt_chroot_28_0 (otapreopt_chroot))
+(typeattributeset otapreopt_chroot_exec_28_0 (otapreopt_chroot_exec))
+(typeattributeset otapreopt_slot_28_0 (otapreopt_slot))
+(typeattributeset otapreopt_slot_exec_28_0 (otapreopt_slot_exec))
+(typeattributeset overlay_prop_28_0 (overlay_prop))
+(typeattributeset overlay_service_28_0 (overlay_service))
+(typeattributeset owntty_device_28_0 (owntty_device))
+(typeattributeset package_native_service_28_0 (package_native_service))
+(typeattributeset package_service_28_0 (package_service))
+(typeattributeset pan_result_prop_28_0 (pan_result_prop))
+(typeattributeset pdx_bufferhub_client_channel_socket_28_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_28_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_28_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_28_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_28_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_28_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_28_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_28_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_28_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_28_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_28_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_28_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_28_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_28_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir))
+(typeattributeset performanced_28_0 (performanced))
+(typeattributeset performanced_exec_28_0 (performanced_exec))
+(typeattributeset permission_service_28_0 (permission_service))
+(typeattributeset persist_debug_prop_28_0 (persist_debug_prop))
+(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_28_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_28_0 (pinner_service))
+(typeattributeset pipefs_28_0 (pipefs))
+(typeattributeset platform_app_28_0 (platform_app))
+(typeattributeset pm_prop_28_0 (pm_prop))
+(typeattributeset pmsg_device_28_0 (pmsg_device))
+(typeattributeset port_28_0 (port))
+(typeattributeset port_device_28_0 (port_device))
+(typeattributeset postinstall_28_0 (postinstall))
+(typeattributeset postinstall_dexopt_28_0 (postinstall_dexopt))
+(typeattributeset postinstall_file_28_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_28_0 (postinstall_mnt_dir))
+(typeattributeset powerctl_prop_28_0 (powerctl_prop))
+(typeattributeset power_service_28_0 (power_service))
+(typeattributeset ppp_28_0 (ppp))
+(typeattributeset ppp_device_28_0 (ppp_device))
+(typeattributeset ppp_exec_28_0 (ppp_exec))
+(typeattributeset preloads_data_file_28_0 (preloads_data_file))
+(typeattributeset preloads_media_file_28_0 (preloads_media_file))
+(typeattributeset preopt2cachename_28_0 (preopt2cachename))
+(typeattributeset preopt2cachename_exec_28_0 (preopt2cachename_exec))
+(typeattributeset print_service_28_0 (print_service))
+(typeattributeset priv_app_28_0 (priv_app))
+(typeattributeset proc_28_0
+ ( proc
+ proc_fs_verity
+ proc_keys
+ proc_kpageflags
+ proc_lowmemorykiller
+ proc_pressure_cpu
+ proc_pressure_io
+ proc_pressure_mem
+ proc_slabinfo))
+(typeattributeset proc_abi_28_0 (proc_abi))
+(typeattributeset proc_asound_28_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_28_0 (proc_bluetooth_writable))
+(typeattributeset proc_buddyinfo_28_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_28_0 (proc_cmdline))
+(typeattributeset proc_cpuinfo_28_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_28_0 (proc_dirty))
+(typeattributeset proc_diskstats_28_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_28_0 (proc_drop_caches))
+(typeattributeset processinfo_service_28_0 (processinfo_service))
+(typeattributeset proc_extra_free_kbytes_28_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_28_0 (proc_filesystems))
+(typeattributeset proc_hostname_28_0 (proc_hostname))
+(typeattributeset proc_hung_task_28_0 (proc_hung_task))
+(typeattributeset proc_interrupts_28_0 (proc_interrupts))
+(typeattributeset proc_iomem_28_0 (proc_iomem))
+(typeattributeset proc_kmsg_28_0 (proc_kmsg))
+(typeattributeset proc_loadavg_28_0 (proc_loadavg))
+(typeattributeset proc_max_map_count_28_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_28_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_28_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_28_0 (proc_misc))
+(typeattributeset proc_modules_28_0 (proc_modules))
+(typeattributeset proc_mounts_28_0 (proc_mounts))
+(typeattributeset proc_net_28_0
+ ( proc_net
+ proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_28_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_28_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_28_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_28_0 (proc_panic))
+(typeattributeset proc_perf_28_0 (proc_perf))
+(typeattributeset proc_pid_max_28_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_28_0 (proc_pipe_conf))
+(typeattributeset proc_qtaguid_stat_28_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_28_0 (proc_random))
+(typeattributeset proc_sched_28_0 (proc_sched))
+(typeattributeset proc_security_28_0 (proc_security))
+(typeattributeset proc_stat_28_0 (proc_stat))
+(typeattributeset procstats_service_28_0 (procstats_service))
+(typeattributeset proc_swaps_28_0 (proc_swaps))
+(typeattributeset proc_sysrq_28_0 (proc_sysrq))
+(typeattributeset proc_timer_28_0 (proc_timer))
+(typeattributeset proc_tty_drivers_28_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_28_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_28_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_28_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_28_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_28_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_28_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_28_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_28_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_28_0 (proc_uptime))
+(typeattributeset proc_version_28_0 (proc_version))
+(typeattributeset proc_vmallocinfo_28_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_28_0 (proc_vmstat))
+(typeattributeset proc_zoneinfo_28_0 (proc_zoneinfo))
+(typeattributeset profman_28_0 (profman))
+(typeattributeset profman_dump_data_file_28_0 (profman_dump_data_file))
+(typeattributeset profman_exec_28_0 (profman_exec))
+(typeattributeset properties_device_28_0 (properties_device))
+(typeattributeset properties_serial_28_0 (properties_serial))
+(typeattributeset property_contexts_file_28_0 (property_contexts_file))
+(typeattributeset property_data_file_28_0 (property_data_file))
+(typeattributeset property_info_28_0 (property_info))
+(typeattributeset property_socket_28_0 (property_socket))
+(typeattributeset pstorefs_28_0 (pstorefs))
+(typeattributeset ptmx_device_28_0 (ptmx_device))
+(typeattributeset qtaguid_device_28_0 (qtaguid_device))
+(typeattributeset qtaguid_proc_28_0
+ ( proc_qtaguid_ctrl
+ qtaguid_proc))
+(typeattributeset racoon_28_0 (racoon))
+(typeattributeset racoon_exec_28_0 (racoon_exec))
+(typeattributeset racoon_socket_28_0 (racoon_socket))
+(typeattributeset radio_28_0 (radio))
+(typeattributeset radio_data_file_28_0 (radio_data_file))
+(typeattributeset radio_device_28_0 (radio_device))
+(typeattributeset radio_prop_28_0 (radio_prop))
+(typeattributeset radio_service_28_0 (radio_service))
+(typeattributeset ram_device_28_0 (ram_device))
+(typeattributeset random_device_28_0 (random_device))
+(typeattributeset recovery_28_0 (recovery))
+(typeattributeset recovery_block_device_28_0 (recovery_block_device))
+(typeattributeset recovery_data_file_28_0 (recovery_data_file))
+(typeattributeset recovery_persist_28_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_28_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_28_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_28_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_28_0 (recovery_service))
+(typeattributeset registry_service_28_0 (registry_service))
+(typeattributeset resourcecache_data_file_28_0 (resourcecache_data_file))
+(typeattributeset restorecon_prop_28_0 (restorecon_prop))
+(typeattributeset restrictions_service_28_0 (restrictions_service))
+(typeattributeset rild_debug_socket_28_0 (rild_debug_socket))
+(typeattributeset rild_socket_28_0 (rild_socket))
+(typeattributeset ringtone_file_28_0 (ringtone_file))
+(typeattributeset root_block_device_28_0 (root_block_device))
+(typeattributeset rootfs_28_0 (rootfs))
+(typeattributeset rpmsg_device_28_0 (rpmsg_device))
+(typeattributeset rtc_device_28_0 (rtc_device))
+(typeattributeset rttmanager_service_28_0 (rttmanager_service))
+(typeattributeset runas_28_0 (runas))
+(typeattributeset runas_exec_28_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_28_0 (runtime_event_log_tags_file))
+(typeattributeset safemode_prop_28_0 (safemode_prop))
+(typeattributeset same_process_hal_file_28_0
+ ( same_process_hal_file
+ vendor_public_lib_file))
+(typeattributeset samplingprofiler_service_28_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_28_0 (scheduling_policy_service))
+(typeattributeset sdcardd_28_0 (sdcardd))
+(typeattributeset sdcardd_exec_28_0 (sdcardd_exec))
+(typeattributeset sdcardfs_28_0 (sdcardfs))
+(typeattributeset seapp_contexts_file_28_0 (seapp_contexts_file))
+(typeattributeset search_service_28_0 (search_service))
+(typeattributeset sec_key_att_app_id_provider_service_28_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_28_0 (secure_element))
+(typeattributeset secure_element_device_28_0 (secure_element_device))
+(typeattributeset secure_element_service_28_0 (secure_element_service))
+(typeattributeset selinuxfs_28_0 (selinuxfs))
+(typeattributeset sensors_device_28_0 (sensors_device))
+(typeattributeset sensorservice_service_28_0 (sensorservice_service))
+(typeattributeset sepolicy_file_28_0 (sepolicy_file))
+(typeattributeset serial_device_28_0 (serial_device))
+(typeattributeset serialno_prop_28_0 (serialno_prop))
+(typeattributeset serial_service_28_0 (serial_service))
+(typeattributeset service_contexts_file_28_0 (service_contexts_file))
+(typeattributeset servicediscovery_service_28_0 (servicediscovery_service))
+(typeattributeset servicemanager_28_0 (servicemanager))
+(typeattributeset servicemanager_exec_28_0 (servicemanager_exec))
+(typeattributeset settings_service_28_0 (settings_service))
+(typeattributeset sgdisk_28_0 (sgdisk))
+(typeattributeset sgdisk_exec_28_0 (sgdisk_exec))
+(typeattributeset shared_relro_28_0 (shared_relro))
+(typeattributeset shared_relro_file_28_0 (shared_relro_file))
+(typeattributeset shell_28_0 (shell))
+(typeattributeset shell_data_file_28_0 (shell_data_file))
+(typeattributeset shell_exec_28_0 (shell_exec))
+(typeattributeset shell_prop_28_0 (shell_prop))
+(typeattributeset shm_28_0 (shm))
+(typeattributeset shortcut_manager_icons_28_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_28_0 (shortcut_service))
+(typeattributeset slice_service_28_0 (slice_service))
+(typeattributeset slideshow_28_0 (slideshow))
+(typeattributeset socket_device_28_0 (socket_device))
+(typeattributeset sockfs_28_0 (sockfs))
+(typeattributeset statusbar_service_28_0 (statusbar_service))
+(typeattributeset storaged_service_28_0 (storaged_service))
+(typeattributeset storage_file_28_0 (storage_file))
+(typeattributeset storagestats_service_28_0 (storagestats_service))
+(typeattributeset storage_stub_file_28_0 (storage_stub_file))
+(typeattributeset su_28_0 (su))
+(typeattributeset su_exec_28_0 (su_exec))
+(typeattributeset surfaceflinger_28_0 (surfaceflinger))
+(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
+(typeattributeset swap_block_device_28_0 (swap_block_device))
+(typeattributeset sysfs_28_0
+ ( sysfs
+ sysfs_devices_block
+ sysfs_extcon
+ sysfs_loop
+ sysfs_transparent_hugepage))
+(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devices_system_cpu_28_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_28_0 (sysfs_dm))
+(typeattributeset sysfs_dt_firmware_android_28_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_fs_ext4_features_28_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_hwrandom_28_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ipv4_28_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_28_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_28_0 (sysfs_leds))
+(typeattributeset sysfs_lowmemorykiller_28_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_mac_address_28_0 (sysfs_mac_address))
+(typeattributeset sysfs_net_28_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_28_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_28_0 (sysfs_power))
+(typeattributeset sysfs_rtc_28_0 (sysfs_rtc))
+(typeattributeset sysfs_switch_28_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_28_0 (sysfs_thermal))
+(typeattributeset sysfs_uio_28_0 (sysfs_uio))
+(typeattributeset sysfs_usb_28_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_28_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vibrator_28_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_28_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_reasons_28_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_28_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_28_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_28_0 (sysfs_zram_uevent))
+(typeattributeset system_app_28_0 (system_app))
+(typeattributeset system_app_data_file_28_0 (system_app_data_file))
+(typeattributeset system_app_service_28_0 (system_app_service))
+(typeattributeset system_block_device_28_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_28_0 (system_boot_reason_prop))
+(typeattributeset system_data_file_28_0
+ ( dropbox_data_file
+ system_data_file
+ packages_list_file))
+(typeattributeset system_file_28_0
+ ( system_file
+ system_asan_options_file
+ system_lib_file
+ system_linker_config_file
+ system_linker_exec
+ system_seccomp_policy_file
+ system_security_cacerts_file
+ tcpdump_exec
+ system_zoneinfo_file
+))
+(typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file))
+(typeattributeset system_ndebug_socket_28_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_28_0 (system_net_netd_hwservice))
+(typeattributeset system_prop_28_0 (system_prop))
+(typeattributeset system_radio_prop_28_0 (system_radio_prop))
+(typeattributeset system_server_28_0 (system_server))
+(typeattributeset system_update_service_28_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_28_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_28_0 (system_wpa_socket))
+(typeattributeset task_service_28_0 (task_service))
+(typeattributeset tee_28_0 (tee))
+(typeattributeset tee_data_file_28_0 (tee_data_file))
+(typeattributeset tee_device_28_0 (tee_device))
+(typeattributeset telecom_service_28_0 (telecom_service))
+(typeattributeset test_boot_reason_prop_28_0 (test_boot_reason_prop))
+(typeattributeset textclassification_service_28_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_28_0 (textclassifier_data_file))
+(typeattributeset textservices_service_28_0 (textservices_service))
+(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice))
+(typeattributeset thermal_service_28_0 (thermal_service))
+(typeattributeset timezone_service_28_0 (timezone_service))
+(typeattributeset tmpfs_28_0
+ ( mnt_sdcard_file
+ tmpfs))
+(typeattributeset tombstoned_28_0 (tombstoned))
+(typeattributeset tombstone_data_file_28_0 (tombstone_data_file))
+(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_28_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_28_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_28_0 (tombstoned_java_trace_socket))
+(typeattributeset tombstone_wifi_data_file_28_0 (tombstone_wifi_data_file))
+(typeattributeset toolbox_28_0 (toolbox))
+(typeattributeset toolbox_exec_28_0 (toolbox_exec))
+(typeattributeset trace_data_file_28_0 (trace_data_file))
+(typeattributeset traced_consumer_socket_28_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_28_0 (traced_enabled_prop))
+(typeattributeset traced_probes_28_0 (traced_probes))
+(typeattributeset traced_producer_socket_28_0 (traced_producer_socket))
+(typeattributeset traceur_app_28_0 (traceur_app))
+(typeattributeset trust_service_28_0 (trust_service))
+(typeattributeset tty_device_28_0 (tty_device))
+(typeattributeset tun_device_28_0 (tun_device))
+(typeattributeset tv_input_service_28_0 (tv_input_service))
+(typeattributeset tzdatacheck_28_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_28_0 (tzdatacheck_exec))
+(typeattributeset ueventd_28_0 (ueventd))
+(typeattributeset uhid_device_28_0 (uhid_device))
+(typeattributeset uimode_service_28_0 (uimode_service))
+(typeattributeset uio_device_28_0 (uio_device))
+(typeattributeset uncrypt_28_0 (uncrypt))
+(typeattributeset uncrypt_exec_28_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_28_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_28_0 (unencrypted_data_file))
+(typeattributeset unlabeled_28_0 (unlabeled))
+(typeattributeset untrusted_app_25_28_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_28_0 (untrusted_app_27))
+(typeattributeset untrusted_app_28_0 (untrusted_app))
+(typeattributeset untrusted_v2_app_28_0 (untrusted_v2_app))
+(typeattributeset update_engine_28_0 (update_engine))
+(typeattributeset update_engine_data_file_28_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_28_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_28_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_28_0 (update_engine_service))
+(typeattributeset updatelock_service_28_0 (updatelock_service))
+(typeattributeset update_verifier_28_0 (update_verifier))
+(typeattributeset update_verifier_exec_28_0 (update_verifier_exec))
+(typeattributeset usagestats_service_28_0 (usagestats_service))
+(typeattributeset usbaccessory_device_28_0 (usbaccessory_device))
+(typeattributeset usbd_28_0 (usbd))
+(typeattributeset usb_device_28_0 (usb_device))
+(typeattributeset usbd_exec_28_0 (usbd_exec))
+(typeattributeset usbfs_28_0 (usbfs))
+(typeattributeset usb_service_28_0 (usb_service))
+(typeattributeset userdata_block_device_28_0 (userdata_block_device))
+(typeattributeset usermodehelper_28_0 (usermodehelper))
+(typeattributeset user_profile_data_file_28_0 (user_profile_data_file))
+(typeattributeset user_service_28_0 (user_service))
+(typeattributeset vcs_device_28_0 (vcs_device))
+(typeattributeset vdc_28_0 (vdc))
+(typeattributeset vdc_exec_28_0 (vdc_exec))
+(typeattributeset vendor_app_file_28_0 (vendor_app_file))
+(typeattributeset vendor_configs_file_28_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_28_0 (vendor_data_file))
+(typeattributeset vendor_default_prop_28_0 (vendor_default_prop))
+(typeattributeset vendor_file_28_0 (vendor_file))
+(typeattributeset vendor_framework_file_28_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_28_0 (vendor_hal_file))
+(typeattributeset vendor_init_28_0 (vendor_init))
+(typeattributeset vendor_overlay_file_28_0 (vendor_overlay_file))
+(typeattributeset vendor_security_patch_level_prop_28_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_shell_28_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_28_0 (vendor_shell_exec))
+(typeattributeset vendor_toolbox_exec_28_0 (vendor_toolbox_exec))
+(typeattributeset vfat_28_0 (vfat))
+(typeattributeset vibrator_service_28_0 (vibrator_service))
+(typeattributeset video_device_28_0 (video_device))
+(typeattributeset virtual_touchpad_28_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_28_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_28_0 (virtual_touchpad_service))
+(typeattributeset vndbinder_device_28_0 (vndbinder_device))
+(typeattributeset vndk_sp_file_28_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_28_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_28_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_28_0 (voiceinteraction_service))
+(typeattributeset vold_28_0 (vold))
+(typeattributeset vold_data_file_28_0 (vold_data_file))
+(typeattributeset vold_device_28_0 (vold_device))
+(typeattributeset vold_exec_28_0 (vold_exec))
+(typeattributeset vold_metadata_file_28_0 (vold_metadata_file))
+(typeattributeset vold_prepare_subdirs_28_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_28_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_28_0 (vold_prop))
+(typeattributeset vold_service_28_0 (vold_service))
+(typeattributeset vpn_data_file_28_0 (vpn_data_file))
+(typeattributeset vr_hwc_28_0 (vr_hwc))
+(typeattributeset vr_hwc_exec_28_0 (vr_hwc_exec))
+(typeattributeset vr_hwc_service_28_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_28_0 (vr_manager_service))
+(typeattributeset wallpaper_file_28_0 (wallpaper_file))
+(typeattributeset wallpaper_service_28_0 (wallpaper_service))
+(typeattributeset watchdogd_28_0 (watchdogd))
+(typeattributeset watchdog_device_28_0 (watchdog_device))
+(typeattributeset webviewupdate_service_28_0 (webviewupdate_service))
+(typeattributeset webview_zygote_28_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_28_0 (webview_zygote_exec))
+(typeattributeset wifiaware_service_28_0 (wifiaware_service))
+(typeattributeset wificond_28_0 (wificond))
+(typeattributeset wificond_exec_28_0 (wificond_exec))
+(typeattributeset wificond_service_28_0 (wificond_service))
+(typeattributeset wifi_data_file_28_0 (wifi_data_file))
+(typeattributeset wifi_log_prop_28_0 (wifi_log_prop))
+(typeattributeset wifip2p_service_28_0 (wifip2p_service))
+(typeattributeset wifi_prop_28_0 (wifi_prop))
+(typeattributeset wifiscanner_service_28_0 (wifiscanner_service))
+(typeattributeset wifi_service_28_0 (wifi_service))
+(typeattributeset window_service_28_0 (window_service))
+(typeattributeset wpantund_28_0 (wpantund))
+(typeattributeset wpantund_exec_28_0 (wpantund_exec))
+(typeattributeset wpantund_service_28_0 (wpantund_service))
+(typeattributeset wpa_socket_28_0 (wpa_socket))
+(typeattributeset zero_device_28_0 (zero_device))
+(typeattributeset zoneinfo_data_file_28_0 (zoneinfo_data_file))
+(typeattributeset zygote_28_0 (zygote))
+(typeattributeset zygote_exec_28_0 (zygote_exec))
+(typeattributeset zygote_socket_28_0 (zygote_socket))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil
new file mode 100644
index 0000000..30af58c
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil
@@ -0,0 +1,5 @@
+(typeattribute vendordomain)
+(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
+(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
+(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff))))
+(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
new file mode 100644
index 0000000..d24d12d
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil
@@ -0,0 +1,159 @@
+;; new_objects - a collection of types that have been introduced that have no
+;; analogue in older policy. Thus, we do not need to map these types to
+;; previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ activity_task_service
+ adb_service
+ apex_data_file
+ apex_metadata_file
+ apex_mnt_dir
+ apex_service
+ apexd
+ apexd_exec
+ apexd_prop
+ apexd_tmpfs
+ appdomain_tmpfs
+ app_binding_service
+ app_prediction_service
+ app_zygote
+ app_zygote_tmpfs
+ ashmemd
+ ashmem_device_service
+ attention_service
+ biometric_service
+ bluetooth_audio_hal_prop
+ bpf_progs_loaded_prop
+ bugreport_service
+ cgroup_desc_file
+ cgroup_rc_file
+ charger_exec
+ content_capture_service
+ content_suggestions_service
+ cpu_variant_prop
+ ctl_apexd_prop
+ ctl_gsid_prop
+ dev_cpu_variant
+ device_config_activity_manager_native_boot_prop
+ device_config_boot_count_prop
+ device_config_input_native_boot_prop
+ device_config_netd_native_prop
+ device_config_reset_performed_prop
+ device_config_runtime_native_boot_prop
+ device_config_runtime_native_prop
+ device_config_media_native_prop
+ device_config_service
+ device_config_sys_traced_prop
+ dnsresolver_service
+ dynamic_system_service
+ dynamic_system_prop
+ face_service
+ face_vendor_data_file
+ sota_prop
+ fastbootd
+ flags_health_check
+ flags_health_check_exec
+ fwk_bufferhub_hwservice
+ fwk_camera_hwservice
+ fwk_stats_hwservice
+ gpuservice
+ gsi_data_file
+ gsi_metadata_file
+ gsi_service
+ gsid
+ gsid_exec
+ gsid_prop
+ color_display_service
+ external_vibrator_service
+ hal_atrace_hwservice
+ hal_face_hwservice
+ hal_graphics_composer_server_tmpfs
+ hal_health_storage_hwservice
+ hal_input_classifier_hwservice
+ hal_power_stats_hwservice
+ heapprofd
+ heapprofd_enabled_prop
+ heapprofd_exec
+ heapprofd_prop
+ heapprofd_socket
+ idmap_service
+ iris_service
+ iris_vendor_data_file
+ llkd
+ llkd_exec
+ llkd_prop
+ llkd_tmpfs
+ looper_stats_service
+ lpdumpd
+ lpdumpd_exec
+ lpdumpd_prop
+ lpdump_service
+ iorapd
+ iorapd_exec
+ iorapd_data_file
+ iorapd_service
+ iorapd_tmpfs
+ mediaswcodec
+ mediaswcodec_exec
+ mediaswcodec_tmpfs
+ metadata_bootstat_file
+ mnt_product_file
+ network_stack
+ network_stack_service
+ network_stack_tmpfs
+ nnapi_ext_deny_product_prop
+ overlayfs_file
+ password_slot_metadata_file
+ permissionmgr_service
+ postinstall_apex_mnt_dir
+ recovery_socket
+ role_service
+ rollback_service
+ rs
+ rs_exec
+ rss_hwm_reset
+ rss_hwm_reset_exec
+ runas_app
+ runas_app_tmpfs
+ art_apex_dir
+ runtime_service
+ sdcard_block_device
+ sensor_privacy_service
+ server_configurable_flags_data_file
+ simpleperf_app_runner
+ simpleperf_app_runner_exec
+ socket_hook_prop
+ su_tmpfs
+ super_block_device
+ sysfs_fs_f2fs
+ system_bootstrap_lib_file
+ system_event_log_tags_file
+ system_lmk_prop
+ system_suspend_hwservice
+ system_suspend_control_service
+ system_trace_prop
+ staging_data_file
+ task_profiles_file
+ testharness_service
+ test_harness_prop
+ theme_prop
+ time_prop
+ timedetector_service
+ timezonedetector_service
+ traced_lazy_prop
+ uri_grants_service
+ use_memfd_prop
+ vendor_apex_file
+ vendor_cgroup_desc_file
+ vendor_idc_file
+ vendor_keychars_file
+ vendor_keylayout_file
+ vendor_misc_writer
+ vendor_misc_writer_exec
+ vendor_socket_hook_prop
+ vendor_task_profiles_file
+ vndk_prop
+ vrflinger_vsync_service
+ watchdogd_tmpfs))
diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.cil
new file mode 100644
index 0000000..5231498
--- /dev/null
+++ b/prebuilts/api/30.0/private/compat/29.0/29.0.cil
@@ -0,0 +1,1970 @@
+;; types removed from current policy
+(type ashmemd)
+(type hal_wifi_offload_hwservice)
+(type install_recovery)
+(type install_recovery_exec)
+(type mediacodec_service)
+(type perfprofd_data_file)
+(type perfprofd_service)
+(type sysfs_mac_address)
+(type wificond_service)
+
+(expandtypeattribute (accessibility_service_29_0) true)
+(expandtypeattribute (account_service_29_0) true)
+(expandtypeattribute (activity_service_29_0) true)
+(expandtypeattribute (activity_task_service_29_0) true)
+(expandtypeattribute (adbd_29_0) true)
+(expandtypeattribute (adb_data_file_29_0) true)
+(expandtypeattribute (adbd_exec_29_0) true)
+(expandtypeattribute (adbd_socket_29_0) true)
+(expandtypeattribute (adb_keys_file_29_0) true)
+(expandtypeattribute (adb_service_29_0) true)
+(expandtypeattribute (alarm_service_29_0) true)
+(expandtypeattribute (anr_data_file_29_0) true)
+(expandtypeattribute (apexd_29_0) true)
+(expandtypeattribute (apex_data_file_29_0) true)
+(expandtypeattribute (apexd_exec_29_0) true)
+(expandtypeattribute (apexd_prop_29_0) true)
+(expandtypeattribute (apex_metadata_file_29_0) true)
+(expandtypeattribute (apex_mnt_dir_29_0) true)
+(expandtypeattribute (apex_service_29_0) true)
+(expandtypeattribute (apk_data_file_29_0) true)
+(expandtypeattribute (apk_private_data_file_29_0) true)
+(expandtypeattribute (apk_private_tmp_file_29_0) true)
+(expandtypeattribute (apk_tmp_file_29_0) true)
+(expandtypeattribute (app_binding_service_29_0) true)
+(expandtypeattribute (app_data_file_29_0) true)
+(expandtypeattribute (appdomain_tmpfs_29_0) true)
+(expandtypeattribute (app_fuse_file_29_0) true)
+(expandtypeattribute (app_fusefs_29_0) true)
+(expandtypeattribute (appops_service_29_0) true)
+(expandtypeattribute (app_prediction_service_29_0) true)
+(expandtypeattribute (appwidget_service_29_0) true)
+(expandtypeattribute (app_zygote_29_0) true)
+(expandtypeattribute (app_zygote_tmpfs_29_0) true)
+(expandtypeattribute (asec_apk_file_29_0) true)
+(expandtypeattribute (asec_image_file_29_0) true)
+(expandtypeattribute (asec_public_file_29_0) true)
+(expandtypeattribute (ashmemd_29_0) true)
+(expandtypeattribute (ashmem_device_29_0) true)
+(expandtypeattribute (assetatlas_service_29_0) true)
+(expandtypeattribute (audio_data_file_29_0) true)
+(expandtypeattribute (audio_device_29_0) true)
+(expandtypeattribute (audiohal_data_file_29_0) true)
+(expandtypeattribute (audio_prop_29_0) true)
+(expandtypeattribute (audioserver_29_0) true)
+(expandtypeattribute (audioserver_data_file_29_0) true)
+(expandtypeattribute (audioserver_service_29_0) true)
+(expandtypeattribute (audioserver_tmpfs_29_0) true)
+(expandtypeattribute (audio_service_29_0) true)
+(expandtypeattribute (autofill_service_29_0) true)
+(expandtypeattribute (backup_data_file_29_0) true)
+(expandtypeattribute (backup_service_29_0) true)
+(expandtypeattribute (batteryproperties_service_29_0) true)
+(expandtypeattribute (battery_service_29_0) true)
+(expandtypeattribute (batterystats_service_29_0) true)
+(expandtypeattribute (binder_calls_stats_service_29_0) true)
+(expandtypeattribute (binder_device_29_0) true)
+(expandtypeattribute (binfmt_miscfs_29_0) true)
+(expandtypeattribute (biometric_service_29_0) true)
+(expandtypeattribute (blkid_29_0) true)
+(expandtypeattribute (blkid_untrusted_29_0) true)
+(expandtypeattribute (block_device_29_0) true)
+(expandtypeattribute (bluetooth_29_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_29_0) true)
+(expandtypeattribute (bluetooth_audio_hal_prop_29_0) true)
+(expandtypeattribute (bluetooth_data_file_29_0) true)
+(expandtypeattribute (bluetooth_efs_file_29_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_29_0) true)
+(expandtypeattribute (bluetooth_manager_service_29_0) true)
+(expandtypeattribute (bluetooth_prop_29_0) true)
+(expandtypeattribute (bluetooth_service_29_0) true)
+(expandtypeattribute (bluetooth_socket_29_0) true)
+(expandtypeattribute (bootanim_29_0) true)
+(expandtypeattribute (bootanim_exec_29_0) true)
+(expandtypeattribute (boot_block_device_29_0) true)
+(expandtypeattribute (bootchart_data_file_29_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_29_0) true)
+(expandtypeattribute (bootstat_29_0) true)
+(expandtypeattribute (bootstat_data_file_29_0) true)
+(expandtypeattribute (bootstat_exec_29_0) true)
+(expandtypeattribute (boottime_prop_29_0) true)
+(expandtypeattribute (boottrace_data_file_29_0) true)
+(expandtypeattribute (bpf_progs_loaded_prop_29_0) true)
+(expandtypeattribute (broadcastradio_service_29_0) true)
+(expandtypeattribute (bufferhubd_29_0) true)
+(expandtypeattribute (bufferhubd_exec_29_0) true)
+(expandtypeattribute (bugreport_service_29_0) true)
+(expandtypeattribute (cache_backup_file_29_0) true)
+(expandtypeattribute (cache_block_device_29_0) true)
+(expandtypeattribute (cache_file_29_0) true)
+(expandtypeattribute (cache_private_backup_file_29_0) true)
+(expandtypeattribute (cache_recovery_file_29_0) true)
+(expandtypeattribute (camera_data_file_29_0) true)
+(expandtypeattribute (camera_device_29_0) true)
+(expandtypeattribute (cameraproxy_service_29_0) true)
+(expandtypeattribute (cameraserver_29_0) true)
+(expandtypeattribute (cameraserver_exec_29_0) true)
+(expandtypeattribute (cameraserver_service_29_0) true)
+(expandtypeattribute (cameraserver_tmpfs_29_0) true)
+(expandtypeattribute (cgroup_29_0) true)
+(expandtypeattribute (cgroup_bpf_29_0) true)
+(expandtypeattribute (cgroup_desc_file_29_0) true)
+(expandtypeattribute (cgroup_rc_file_29_0) true)
+(expandtypeattribute (charger_29_0) true)
+(expandtypeattribute (charger_exec_29_0) true)
+(expandtypeattribute (clatd_29_0) true)
+(expandtypeattribute (clatd_exec_29_0) true)
+(expandtypeattribute (clipboard_service_29_0) true)
+(expandtypeattribute (color_display_service_29_0) true)
+(expandtypeattribute (companion_device_service_29_0) true)
+(expandtypeattribute (configfs_29_0) true)
+(expandtypeattribute (config_prop_29_0) true)
+(expandtypeattribute (connectivity_service_29_0) true)
+(expandtypeattribute (connmetrics_service_29_0) true)
+(expandtypeattribute (console_device_29_0) true)
+(expandtypeattribute (consumer_ir_service_29_0) true)
+(expandtypeattribute (content_capture_service_29_0) true)
+(expandtypeattribute (content_service_29_0) true)
+(expandtypeattribute (content_suggestions_service_29_0) true)
+(expandtypeattribute (contexthub_service_29_0) true)
+(expandtypeattribute (coredump_file_29_0) true)
+(expandtypeattribute (country_detector_service_29_0) true)
+(expandtypeattribute (coverage_service_29_0) true)
+(expandtypeattribute (cppreopt_prop_29_0) true)
+(expandtypeattribute (cpuinfo_service_29_0) true)
+(expandtypeattribute (cpu_variant_prop_29_0) true)
+(expandtypeattribute (crash_dump_29_0) true)
+(expandtypeattribute (crash_dump_exec_29_0) true)
+(expandtypeattribute (crossprofileapps_service_29_0) true)
+(expandtypeattribute (ctl_adbd_prop_29_0) true)
+(expandtypeattribute (ctl_bootanim_prop_29_0) true)
+(expandtypeattribute (ctl_bugreport_prop_29_0) true)
+(expandtypeattribute (ctl_console_prop_29_0) true)
+(expandtypeattribute (ctl_default_prop_29_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_29_0) true)
+(expandtypeattribute (ctl_fuse_prop_29_0) true)
+(expandtypeattribute (ctl_gsid_prop_29_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_29_0) true)
+(expandtypeattribute (ctl_interface_start_prop_29_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_29_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_29_0) true)
+(expandtypeattribute (ctl_restart_prop_29_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_29_0) true)
+(expandtypeattribute (ctl_sigstop_prop_29_0) true)
+(expandtypeattribute (ctl_start_prop_29_0) true)
+(expandtypeattribute (ctl_stop_prop_29_0) true)
+(expandtypeattribute (dalvikcache_data_file_29_0) true)
+(expandtypeattribute (dalvik_prop_29_0) true)
+(expandtypeattribute (dbinfo_service_29_0) true)
+(expandtypeattribute (debugfs_29_0) true)
+(expandtypeattribute (debugfs_mmc_29_0) true)
+(expandtypeattribute (debugfs_trace_marker_29_0) true)
+(expandtypeattribute (debugfs_tracing_29_0) true)
+(expandtypeattribute (debugfs_tracing_debug_29_0) true)
+(expandtypeattribute (debugfs_tracing_instances_29_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_29_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_29_0) true)
+(expandtypeattribute (debuggerd_prop_29_0) true)
+(expandtypeattribute (debug_prop_29_0) true)
+(expandtypeattribute (default_android_hwservice_29_0) true)
+(expandtypeattribute (default_android_service_29_0) true)
+(expandtypeattribute (default_android_vndservice_29_0) true)
+(expandtypeattribute (default_prop_29_0) true)
+(expandtypeattribute (dev_cpu_variant_29_0) true)
+(expandtypeattribute (device_29_0) true)
+(expandtypeattribute (device_config_activity_manager_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_boot_count_prop_29_0) true)
+(expandtypeattribute (device_config_input_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_media_native_prop_29_0) true)
+(expandtypeattribute (device_config_netd_native_prop_29_0) true)
+(expandtypeattribute (device_config_reset_performed_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_boot_prop_29_0) true)
+(expandtypeattribute (device_config_runtime_native_prop_29_0) true)
+(expandtypeattribute (device_config_service_29_0) true)
+(expandtypeattribute (device_identifiers_service_29_0) true)
+(expandtypeattribute (deviceidle_service_29_0) true)
+(expandtypeattribute (device_logging_prop_29_0) true)
+(expandtypeattribute (device_policy_service_29_0) true)
+(expandtypeattribute (devicestoragemonitor_service_29_0) true)
+(expandtypeattribute (devpts_29_0) true)
+(expandtypeattribute (dhcp_29_0) true)
+(expandtypeattribute (dhcp_data_file_29_0) true)
+(expandtypeattribute (dhcp_exec_29_0) true)
+(expandtypeattribute (dhcp_prop_29_0) true)
+(expandtypeattribute (diskstats_service_29_0) true)
+(expandtypeattribute (display_service_29_0) true)
+(expandtypeattribute (dm_device_29_0) true)
+(expandtypeattribute (dnsmasq_29_0) true)
+(expandtypeattribute (dnsmasq_exec_29_0) true)
+(expandtypeattribute (dnsproxyd_socket_29_0) true)
+(expandtypeattribute (dnsresolver_service_29_0) true)
+(expandtypeattribute (DockObserver_service_29_0) true)
+(expandtypeattribute (dreams_service_29_0) true)
+(expandtypeattribute (drm_data_file_29_0) true)
+(expandtypeattribute (drmserver_29_0) true)
+(expandtypeattribute (drmserver_exec_29_0) true)
+(expandtypeattribute (drmserver_service_29_0) true)
+(expandtypeattribute (drmserver_socket_29_0) true)
+(expandtypeattribute (dropbox_data_file_29_0) true)
+(expandtypeattribute (dropbox_service_29_0) true)
+(expandtypeattribute (dumpstate_29_0) true)
+(expandtypeattribute (dumpstate_exec_29_0) true)
+(expandtypeattribute (dumpstate_options_prop_29_0) true)
+(expandtypeattribute (dumpstate_prop_29_0) true)
+(expandtypeattribute (dumpstate_service_29_0) true)
+(expandtypeattribute (dumpstate_socket_29_0) true)
+(expandtypeattribute (dynamic_system_prop_29_0) true)
+(expandtypeattribute (e2fs_29_0) true)
+(expandtypeattribute (e2fs_exec_29_0) true)
+(expandtypeattribute (efs_file_29_0) true)
+(expandtypeattribute (ephemeral_app_29_0) true)
+(expandtypeattribute (ethernet_service_29_0) true)
+(expandtypeattribute (exfat_29_0) true)
+(expandtypeattribute (exported2_config_prop_29_0) true)
+(expandtypeattribute (exported2_default_prop_29_0) true)
+(expandtypeattribute (exported2_radio_prop_29_0) true)
+(expandtypeattribute (exported2_system_prop_29_0) true)
+(expandtypeattribute (exported2_vold_prop_29_0) true)
+(expandtypeattribute (exported3_default_prop_29_0) true)
+(expandtypeattribute (exported3_radio_prop_29_0) true)
+(expandtypeattribute (exported3_system_prop_29_0) true)
+(expandtypeattribute (exported_audio_prop_29_0) true)
+(expandtypeattribute (exported_bluetooth_prop_29_0) true)
+(expandtypeattribute (exported_config_prop_29_0) true)
+(expandtypeattribute (exported_dalvik_prop_29_0) true)
+(expandtypeattribute (exported_default_prop_29_0) true)
+(expandtypeattribute (exported_dumpstate_prop_29_0) true)
+(expandtypeattribute (exported_ffs_prop_29_0) true)
+(expandtypeattribute (exported_fingerprint_prop_29_0) true)
+(expandtypeattribute (exported_overlay_prop_29_0) true)
+(expandtypeattribute (exported_pm_prop_29_0) true)
+(expandtypeattribute (exported_radio_prop_29_0) true)
+(expandtypeattribute (exported_secure_prop_29_0) true)
+(expandtypeattribute (exported_system_prop_29_0) true)
+(expandtypeattribute (exported_system_radio_prop_29_0) true)
+(expandtypeattribute (exported_vold_prop_29_0) true)
+(expandtypeattribute (exported_wifi_prop_29_0) true)
+(expandtypeattribute (external_vibrator_service_29_0) true)
+(expandtypeattribute (face_service_29_0) true)
+(expandtypeattribute (face_vendor_data_file_29_0) true)
+(expandtypeattribute (fastbootd_29_0) true)
+(expandtypeattribute (ffs_prop_29_0) true)
+(expandtypeattribute (file_contexts_file_29_0) true)
+(expandtypeattribute (fingerprintd_29_0) true)
+(expandtypeattribute (fingerprintd_data_file_29_0) true)
+(expandtypeattribute (fingerprintd_exec_29_0) true)
+(expandtypeattribute (fingerprintd_service_29_0) true)
+(expandtypeattribute (fingerprint_prop_29_0) true)
+(expandtypeattribute (fingerprint_service_29_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_29_0) true)
+(expandtypeattribute (firstboot_prop_29_0) true)
+(expandtypeattribute (flags_health_check_29_0) true)
+(expandtypeattribute (flags_health_check_exec_29_0) true)
+(expandtypeattribute (font_service_29_0) true)
+(expandtypeattribute (frp_block_device_29_0) true)
+(expandtypeattribute (fs_bpf_29_0) true)
+(expandtypeattribute (fsck_29_0) true)
+(expandtypeattribute (fsck_exec_29_0) true)
+(expandtypeattribute (fscklogs_29_0) true)
+(expandtypeattribute (fsck_untrusted_29_0) true)
+(expandtypeattribute (functionfs_29_0) true)
+(expandtypeattribute (fuse_29_0) true)
+(expandtypeattribute (fuse_device_29_0) true)
+(expandtypeattribute (fwk_bufferhub_hwservice_29_0) true)
+(expandtypeattribute (fwk_camera_hwservice_29_0) true)
+(expandtypeattribute (fwk_display_hwservice_29_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_29_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_29_0) true)
+(expandtypeattribute (fwk_stats_hwservice_29_0) true)
+(expandtypeattribute (fwmarkd_socket_29_0) true)
+(expandtypeattribute (gatekeeperd_29_0) true)
+(expandtypeattribute (gatekeeper_data_file_29_0) true)
+(expandtypeattribute (gatekeeperd_exec_29_0) true)
+(expandtypeattribute (gatekeeper_service_29_0) true)
+(expandtypeattribute (gfxinfo_service_29_0) true)
+(expandtypeattribute (gps_control_29_0) true)
+(expandtypeattribute (gpu_device_29_0) true)
+(expandtypeattribute (gpu_service_29_0) true)
+(expandtypeattribute (gpuservice_29_0) true)
+(expandtypeattribute (graphics_device_29_0) true)
+(expandtypeattribute (graphicsstats_service_29_0) true)
+(expandtypeattribute (gsi_data_file_29_0) true)
+(expandtypeattribute (gsid_prop_29_0) true)
+(expandtypeattribute (gsi_metadata_file_29_0) true)
+(expandtypeattribute (hal_atrace_hwservice_29_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_29_0) true)
+(expandtypeattribute (hal_audio_hwservice_29_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_29_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_29_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_29_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_29_0) true)
+(expandtypeattribute (hal_camera_hwservice_29_0) true)
+(expandtypeattribute (hal_cas_hwservice_29_0) true)
+(expandtypeattribute (hal_codec2_hwservice_29_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_29_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_29_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_29_0) true)
+(expandtypeattribute (hal_drm_hwservice_29_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_29_0) true)
+(expandtypeattribute (hal_evs_hwservice_29_0) true)
+(expandtypeattribute (hal_face_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_29_0) true)
+(expandtypeattribute (hal_fingerprint_service_29_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_29_0) true)
+(expandtypeattribute (hal_gnss_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_29_0) true)
+(expandtypeattribute (hal_graphics_composer_server_tmpfs_29_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_29_0) true)
+(expandtypeattribute (hal_health_hwservice_29_0) true)
+(expandtypeattribute (hal_health_storage_hwservice_29_0) true)
+(expandtypeattribute (hal_input_classifier_hwservice_29_0) true)
+(expandtypeattribute (hal_ir_hwservice_29_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_29_0) true)
+(expandtypeattribute (hal_light_hwservice_29_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_29_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_29_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_29_0) true)
+(expandtypeattribute (hal_nfc_hwservice_29_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_29_0) true)
+(expandtypeattribute (hal_omx_hwservice_29_0) true)
+(expandtypeattribute (hal_power_hwservice_29_0) true)
+(expandtypeattribute (hal_power_stats_hwservice_29_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_29_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_29_0) true)
+(expandtypeattribute (hal_sensors_hwservice_29_0) true)
+(expandtypeattribute (hal_telephony_hwservice_29_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_29_0) true)
+(expandtypeattribute (hal_thermal_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_29_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_29_0) true)
+(expandtypeattribute (hal_usb_hwservice_29_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_29_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_29_0) true)
+(expandtypeattribute (hal_vr_hwservice_29_0) true)
+(expandtypeattribute (hal_weaver_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_offload_hwservice_29_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_29_0) true)
+(expandtypeattribute (hardware_properties_service_29_0) true)
+(expandtypeattribute (hardware_service_29_0) true)
+(expandtypeattribute (hci_attach_dev_29_0) true)
+(expandtypeattribute (hdmi_control_service_29_0) true)
+(expandtypeattribute (healthd_29_0) true)
+(expandtypeattribute (healthd_exec_29_0) true)
+(expandtypeattribute (heapdump_data_file_29_0) true)
+(expandtypeattribute (heapprofd_29_0) true)
+(expandtypeattribute (heapprofd_enabled_prop_29_0) true)
+(expandtypeattribute (heapprofd_prop_29_0) true)
+(expandtypeattribute (heapprofd_socket_29_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_29_0) true)
+(expandtypeattribute (hidl_base_hwservice_
