blob: 6f6cbad1e20cf525253945dd475a8b9c719ba241
1 | # Write to various pseudo file systems. |
2 | #allow untrusted_app block_device:dir { search getattr }; |
3 | # |
4 | #allow untrusted_app imageserver_service:service_manager find; |
5 | # |
6 | #allow untrusted_app system_control_service:service_manager find; |
7 | # |
8 | #allow untrusted_app unlabeled:dir { search read write getattr }; |
9 | #allow untrusted_app unlabeled:file { lock open read write getattr }; |
10 | # |
11 | ## Read and write /data/data subdirectory. |
12 | #allow untrusted_app { system_app_data_file app_data_file }:dir { getattr read search }; |
13 | # |
14 | #allow untrusted_app { system_app_data_file app_data_file }:file { getattr read write }; |
15 | # |
16 | #allow untrusted_app subtitle_service:service_manager { find }; |
17 | #allow untrusted_app unlabeled:filesystem getattr; |
18 | #allow untrusted_app proc_sysrq:file { read getattr }; |
19 | #allow untrusted_app kernel:file { open read getattr }; |
20 | #allow untrusted_app kernel:dir { search getattr }; |
21 | #allow untrusted_app pppoe_wrapper:file { open read getattr }; |
22 | #allow untrusted_app pppoe_wrapper:dir { search getattr }; |
23 | #allow untrusted_app zygote:file { open read getattr }; |
24 | #allow untrusted_app zygote:dir { search getattr }; |
25 | #allow untrusted_app gatekeeperd:file { open read getattr }; |
26 | #allow untrusted_app gatekeeperd:dir { search getattr }; |
27 | #allow untrusted_app imageserver:file { open read getattr }; |
28 | #allow untrusted_app imageserver:dir { search getattr }; |
29 | #allow untrusted_app system_control:file { open read getattr }; |
30 | #allow untrusted_app system_control:dir { search getattr }; |
31 | #allow untrusted_app keystore:file { open read getattr }; |
32 | #allow untrusted_app keystore:dir { search getattr }; |
33 | #allow untrusted_app installd:file { open read getattr }; |
34 | #allow untrusted_app installd:dir { search getattr }; |
35 | #allow untrusted_app mediaserver:file { open read getattr }; |
36 | #allow untrusted_app mediaserver:dir { search getattr }; |
37 | #allow untrusted_app drmserver:file { open read getattr }; |
38 | #allow untrusted_app drmserver:dir { search getattr }; |
39 | #allow untrusted_app netd:file { open read getattr }; |
40 | #allow untrusted_app netd:dir { search getattr }; |
41 | #allow untrusted_app surfaceflinger:file { open read getattr }; |
42 | #allow untrusted_app surfaceflinger:dir { search getattr }; |
43 | #allow untrusted_app servicemanager:file { open read getattr }; |
44 | #allow untrusted_app servicemanager:dir { search getattr }; |
45 | #allow untrusted_app lmkd:file { open read getattr }; |
46 | #allow untrusted_app lmkd:dir { search getattr }; |
47 | #allow untrusted_app shell:file { open read getattr }; |
48 | #allow untrusted_app shell:dir { search getattr }; |
49 | #allow untrusted_app healthd:file { open read getattr }; |
50 | #allow untrusted_app healthd:dir { search getattr }; |
51 | #allow untrusted_app vold:file { open read getattr }; |
52 | #allow untrusted_app vold:dir { search getattr }; |
53 | #allow untrusted_app logd:file { open read getattr }; |
54 | #allow untrusted_app logd:dir { search getattr }; |
55 | #allow untrusted_app ueventd:file { open read getattr }; |
56 | #allow untrusted_app ueventd:dir { search getattr }; |
57 | #allow untrusted_app init:file { open read getattr }; |
58 | #allow untrusted_app init:dir { search getattr }; |
59 | #allow untrusted_app system_server:file { open read getattr }; |
60 | #allow untrusted_app system_server:dir { search getattr }; |
61 | #allow untrusted_app dhcp:file { open read getattr }; |
62 | #allow untrusted_app dhcp:dir { search getattr }; |
63 | #allow untrusted_app sdcardd:file { open read getattr }; |
64 | #allow untrusted_app sdcardd:dir { search getattr }; |
65 | #allow untrusted_app platform_app:file { open read getattr }; |
66 | #allow untrusted_app platform_app:dir { search getattr }; |
67 | #allow untrusted_app system_app:file { open read getattr }; |
68 | #allow untrusted_app system_app:dir { search getattr }; |
69 | #allow untrusted_app usbpm:file { open read getattr }; |
70 | #allow untrusted_app usbpm:dir { search getattr }; |
71 | # |
72 | #allow untrusted_app fuseblk:dir { search }; |
73 | #allow untrusted_app fuseblk:file { read open }; |
74 | #allow untrusted_app dex2oat:dir { getattr }; |
75 | #allow untrusted_app storage_stub_file:dir { getattr }; |
76 | |
77 | |
78 | allow untrusted_app vendor_file:file { getattr read open execute }; |
79 | allow untrusted_app sysfs_zram:file { read open getattr }; |
80 | allow untrusted_app sysfs_zram:dir { search }; |
81 |