plat_sepolicy.cil 1

1. ame execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
2. (neverallow mediaprovider_app proc_version (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
3. (neverallow mediaprovider_app proc_vmallocinfo (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
4. (neverallow mediaprovider_app proc_vmstat (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
5. ;;* lme
6.  
7. ;;* lmx 204 system/sepolicy/private/app_neverallows.te
8.  
9. (neverallow base_typeattr_554 proc_filesystems (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
10. ;;* lme
11.  
12. ;;* lmx 207 system/sepolicy/private/app_neverallows.te
13.  
14. (neverallow untrusted_app_all config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
15. (neverallow ephemeral_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
16. (neverallow isolated_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
17. (neverallow mediaprovider config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
18. (neverallow untrusted_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
19. (neverallow untrusted_app_29 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
20. (neverallow untrusted_app_27 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
21. (neverallow untrusted_app_25 config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
22. (neverallow mediaprovider_app config_gz (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
23. ;;* lme
24.  
25. ;;* lmx 210 system/sepolicy/private/app_neverallows.te
26.  
27. (neverallow untrusted_app_all preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
28. (neverallow ephemeral_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
29. (neverallow isolated_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
30. (neverallow mediaprovider preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
31. (neverallow untrusted_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
32. (neverallow untrusted_app_29 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
33. (neverallow untrusted_app_27 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
34. (neverallow untrusted_app_25 preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
35. (neverallow mediaprovider_app preloads_data_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
36. ;;* lme
37.  
38. ;;* lmx 214 system/sepolicy/private/app_neverallows.te
39.  
40. (neverallow untrusted_app_all system_file (file (lock)))
41. (neverallow ephemeral_app system_file (file (lock)))
42. (neverallow isolated_app system_file (file (lock)))
43. (neverallow mediaprovider system_file (file (lock)))
44. (neverallow untrusted_app system_file (file (lock)))
45. (neverallow untrusted_app_29 system_file (file (lock)))
46. (neverallow untrusted_app_27 system_file (file (lock)))
47. (neverallow untrusted_app_25 system_file (file (lock)))
48. (neverallow mediaprovider_app system_file (file (lock)))
49. ;;* lme
50.  
51. ;;* lmx 218 system/sepolicy/private/app_neverallows.te
52.  
53. (neverallow untrusted_app_all base_typeattr_182 (hwservice_manager (add list)))
54. (neverallow ephemeral_app base_typeattr_182 (hwservice_manager (add list)))
55. (neverallow isolated_app base_typeattr_182 (hwservice_manager (add list)))
56. (neverallow mediaprovider base_typeattr_182 (hwservice_manager (add list)))
57. (neverallow untrusted_app base_typeattr_182 (hwservice_manager (add list)))
58. (neverallow untrusted_app_29 base_typeattr_182 (hwservice_manager (add list)))
59. (neverallow untrusted_app_27 base_typeattr_182 (hwservice_manager (add list)))
60. (neverallow untrusted_app_25 base_typeattr_182 (hwservice_manager (add list)))
61. (neverallow mediaprovider_app base_typeattr_182 (hwservice_manager (add list)))
62. ;;* lme
63.  
64. ;;* lmx 233 system/sepolicy/private/app_neverallows.te
65.  
66. (neverallow untrusted_app_all protected_hwservice (hwservice_manager (find)))
67. (neverallow ephemeral_app protected_hwservice (hwservice_manager (find)))
68. (neverallow isolated_app protected_hwservice (hwservice_manager (find)))
69. (neverallow mediaprovider protected_hwservice (hwservice_manager (find)))
70. (neverallow untrusted_app protected_hwservice (hwservice_manager (find)))
71. (neverallow untrusted_app_29 protected_hwservice (hwservice_manager (find)))
72. (neverallow untrusted_app_27 protected_hwservice (hwservice_manager (find)))
73. (neverallow untrusted_app_25 protected_hwservice (hwservice_manager (find)))
74. (neverallow mediaprovider_app protected_hwservice (hwservice_manager (find)))
75. ;;* lme
76.  
77. ;;* lmx 237 system/sepolicy/private/app_neverallows.te
78.  
79. (neverallow untrusted_app_all vendor_service (service_manager (find)))
80. (neverallow ephemeral_app vendor_service (service_manager (find)))
81. (neverallow isolated_app vendor_service (service_manager (find)))
82. (neverallow mediaprovider vendor_service (service_manager (find)))
83. (neverallow untrusted_app vendor_service (service_manager (find)))
84. (neverallow untrusted_app_29 vendor_service (service_manager (find)))
85. (neverallow untrusted_app_27 vendor_service (service_manager (find)))
86. (neverallow untrusted_app_25 vendor_service (service_manager (find)))
87. (neverallow mediaprovider_app vendor_service (service_manager (find)))
88. ;;* lme
89.  
90. ;;* lmx 240 system/sepolicy/private/app_neverallows.te
91.  
92. (neverallow untrusted_app_all selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
93. (neverallow ephemeral_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
94. (neverallow isolated_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
95. (neverallow mediaprovider selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
96. (neverallow untrusted_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
97. (neverallow untrusted_app_29 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
98. (neverallow untrusted_app_27 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
99. (neverallow untrusted_app_25 selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
100. (neverallow mediaprovider_app selinuxfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
101. ;;* lme
102.  
103. ;;* lmx 247 system/sepolicy/private/app_neverallows.te
104.  
105. (neverallow base_typeattr_555 proc_tty_drivers (file (ioctl read getattr lock map open watch watch_reads)))
106. ;;* lme
107.  
108. ;;* lmx 248 system/sepolicy/private/app_neverallows.te
109.  
110. (neverallow untrusted_app_all proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
111. (neverallow ephemeral_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
112. (neverallow isolated_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
113. (neverallow mediaprovider proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
114. (neverallow untrusted_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
115. (neverallow untrusted_app_29 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
116. (neverallow untrusted_app_27 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
117. (neverallow untrusted_app_25 proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
118. (neverallow mediaprovider_app proc_tty_drivers (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
119. ;;* lme
120.  
121. ;;* lmx 251 system/sepolicy/private/app_neverallows.te
122.  
123. (neverallow untrusted_app_all cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
124. (neverallow ephemeral_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
125. (neverallow isolated_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
126. (neverallow mediaprovider cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
127. (neverallow untrusted_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
128. (neverallow untrusted_app_29 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
129. (neverallow untrusted_app_27 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
130. (neverallow untrusted_app_25 cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
131. (neverallow mediaprovider_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
132. ;;* lme
133.  
134. ;;* lmx 259 system/sepolicy/private/app_neverallows.te
135.  
136. (neverallow base_typeattr_551 mnt_sdcard_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
137. ;;* lme
138.  
139. ;;* lmx 262 system/sepolicy/private/app_neverallows.te
140.  
141. (neverallow untrusted_app_all incident_service (service_manager (find)))
142. (neverallow ephemeral_app incident_service (service_manager (find)))
143. (neverallow isolated_app incident_service (service_manager (find)))
144. (neverallow mediaprovider incident_service (service_manager (find)))
145. (neverallow untrusted_app incident_service (service_manager (find)))
146. (neverallow untrusted_app_29 incident_service (service_manager (find)))
147. (neverallow untrusted_app_27 incident_service (service_manager (find)))
148. (neverallow untrusted_app_25 incident_service (service_manager (find)))
149. (neverallow mediaprovider_app incident_service (service_manager (find)))
150. ;;* lme
151.  
152. (typetransition app_zygote tmpfs file app_zygote_tmpfs)
153. (allow app_zygote app_zygote_tmpfs (file (read write getattr map)))
154. (allow app_zygote self (capability (setgid setuid)))
155. (allow app_zygote self (cap_userns (setgid setuid)))
156. (allow app_zygote self (capability (setpcap)))
157. (allow app_zygote self (cap_userns (setpcap)))
158. (allow app_zygote self (process (setcurrent)))
159. (allow app_zygote isolated_app (process (dyntransition)))
160. (allow app_zygote self (process (execmem)))
161. (allow app_zygote debugfs_trace_marker (file (getattr)))
162. (allow app_zygote system_server (process (getpgid)))
163. (allow app_zygote isolated_app (process (setpgid)))
164. (dontaudit app_zygote mnt_expand_file (dir (getattr)))
165. (allow app_zygote seapp_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
166. (allow app_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
167. (allow app_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
168. (allow app_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
169. (allow app_zygote selinuxfs (file (write lock append map open)))
170. (allow app_zygote kernel (security (check_context)))
171. (allow app_zygote selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
172. (allow app_zygote selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
173. (allow app_zygote selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
174. (allow app_zygote selinuxfs (file (write lock append map open)))
175. (allow app_zygote kernel (security (compute_av)))
176. (allow app_zygote self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
177. (allow app_zygote zygote (fd (use)))
178. (allow app_zygote zygote (process (sigchld)))
179. (allow app_zygote dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
180. (allow app_zygote dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
181. (allow app_zygote dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
182. (allow app_zygote dalvikcache_data_file (file (execute)))
183. (allow app_zygote apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
184. (allow app_zygote apk_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
185. (allow app_zygote oemfs (dir (search)))
186. (allow app_zygote vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
187. (allow app_zygote vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
188. (allow app_zygote vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
189. (allow app_zygote system_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
190. (allow app_zygote system_data_file (file (read getattr map)))
191. (allow app_zygote system_unsolzygote_socket (sock_file (write)))
192. (allow app_zygote system_server (unix_dgram_socket (sendto)))
193. ;;* lmx 78 system/sepolicy/private/app_zygote.te
194.  
195. (neverallow app_zygote base_typeattr_556 (process (dyntransition)))
196. ;;* lme
197.  
198. ;;* lmx 81 system/sepolicy/private/app_zygote.te
199.  
200. (neverallow app_zygote base_typeattr_557 (process (transition)))
201. ;;* lme
202.  
203. ;;* lmx 85 system/sepolicy/private/app_zygote.te
204.  
205. (neverallow app_zygote base_typeattr_182 (file (execute_no_trans)))
206. ;;* lme
207.  
208. ;;* lmx 89 system/sepolicy/private/app_zygote.te
209.  
210. (neverallow base_typeattr_558 app_zygote (process (dyntransition)))
211. ;;* lme
212.  
213. ;;* lmx 92 system/sepolicy/private/app_zygote.te
214.  
215. (neverallow app_zygote property_socket (sock_file (write)))
216. ;;* lme
217.  
218. ;;* lmx 93 system/sepolicy/private/app_zygote.te
219.  
220. (neverallow app_zygote property_type (property_service (set)))
221. ;;* lme
222.  
223. ;;* lmx 103 system/sepolicy/private/app_zygote.te
224.  
225. (neverallow app_zygote shell_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
226. (neverallow app_zygote bluetooth_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
227. (neverallow app_zygote nfc_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
228. (neverallow app_zygote radio_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
229. (neverallow app_zygote app_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
230. (neverallow app_zygote privapp_data_file (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
231. ;;* lme
232.  
233. ;;* lmx 109 system/sepolicy/private/app_zygote.te
234.  
235. (neverallow app_zygote base_typeattr_559 (service_manager (find)))
236. ;;* lme
237.  
238. ;;* lmx 112 system/sepolicy/private/app_zygote.te
239.  
240. (neverallow app_zygote gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
241. ;;* lme
242.  
243. ;;* lmx 115 system/sepolicy/private/app_zygote.te
244.  
245. (neverallow app_zygote cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
246. ;;* lme
247.  
248. ;;* lmx 116 system/sepolicy/private/app_zygote.te
249.  
250. (neverallow app_zygote cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
251. ;;* lme
252.  
253. ;;* lmx 132 system/sepolicy/private/app_zygote.te
254.  
255. (neverallow app_zygote domain (socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
256. (neverallow app_zygote domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
257. (neverallow app_zygote domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
258. (neverallow app_zygote domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
259. (neverallow app_zygote domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
260. (neverallow app_zygote domain (packet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
261. (neverallow app_zygote domain (key_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
262. (neverallow app_zygote domain (netlink_route_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv)))
263. (neverallow app_zygote domain (netlink_tcpdiag_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
264. (neverallow app_zygote domain (netlink_nflog_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
265. (neverallow app_zygote domain (netlink_xfrm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
266. (neverallow app_zygote domain (netlink_audit_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit)))
267. (neverallow app_zygote domain (netlink_dnrt_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
268. (neverallow app_zygote domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
269. (neverallow app_zygote domain (appletalk_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
270. (neverallow app_zygote domain (tun_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind attach_queue)))
271. (neverallow app_zygote domain (netlink_iscsi_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
272. (neverallow app_zygote domain (netlink_fib_lookup_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
273. (neverallow app_zygote domain (netlink_connector_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
274. (neverallow app_zygote domain (netlink_netfilter_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
275. (neverallow app_zygote domain (netlink_generic_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
276. (neverallow app_zygote domain (netlink_scsitransport_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
277. (neverallow app_zygote domain (netlink_rdma_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
278. (neverallow app_zygote domain (netlink_crypto_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
279. (neverallow app_zygote domain (sctp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect association)))
280. (neverallow app_zygote domain (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
281. (neverallow app_zygote domain (ax25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
282. (neverallow app_zygote domain (ipx_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
283. (neverallow app_zygote domain (netrom_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
284. (neverallow app_zygote domain (atmpvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
285. (neverallow app_zygote domain (x25_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
286. (neverallow app_zygote domain (rose_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
287. (neverallow app_zygote domain (decnet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
288. (neverallow app_zygote domain (atmsvc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
289. (neverallow app_zygote domain (rds_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
290. (neverallow app_zygote domain (irda_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
291. (neverallow app_zygote domain (pppox_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
292. (neverallow app_zygote domain (llc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
293. (neverallow app_zygote domain (can_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
294. (neverallow app_zygote domain (tipc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
295. (neverallow app_zygote domain (bluetooth_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
296. (neverallow app_zygote domain (iucv_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
297. (neverallow app_zygote domain (rxrpc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
298. (neverallow app_zygote domain (isdn_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
299. (neverallow app_zygote domain (phonet_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
300. (neverallow app_zygote domain (ieee802154_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
301. (neverallow app_zygote domain (caif_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
302. (neverallow app_zygote domain (alg_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
303. (neverallow app_zygote domain (nfc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
304. (neverallow app_zygote domain (vsock_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
305. (neverallow app_zygote domain (kcm_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
306. (neverallow app_zygote domain (qipcrtr_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
307. (neverallow app_zygote domain (smc_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
308. ;;* lme
309.  
310. ;;* lmx 146 system/sepolicy/private/app_zygote.te
311.  
312. (neverallow app_zygote base_typeattr_560 (unix_dgram_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
313. ;;* lme
314.  
315. ;;* lmx 154 system/sepolicy/private/app_zygote.te
316.  
317. (neverallow app_zygote base_typeattr_561 (unix_stream_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind connectto)))
318. ;;* lme
319.  
320. ;;* lmx 157 system/sepolicy/private/app_zygote.te
321.  
322. (neverallow app_zygote base_typeattr_182 (process (ptrace)))
323. ;;* lme
324.  
325. ;;* lmx 166 system/sepolicy/private/app_zygote.te
326.  
327. (neverallow app_zygote bluetooth_a2dp_offload_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
328. (neverallow app_zygote bluetooth_audio_hal_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
329. (neverallow app_zygote bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
330. (neverallow app_zygote exported_bluetooth_prop (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
331. ;;* lme
332.  
333. (allow init art_apex_boot_integrity_exec (file (read getattr map execute open)))
334. (allow init art_apex_boot_integrity (process (transition)))
335. (allow art_apex_boot_integrity art_apex_boot_integrity_exec (file (read getattr map execute open entrypoint)))
336. (dontaudit init art_apex_boot_integrity (process (noatsecure)))
337. (allow init art_apex_boot_integrity (process (siginh rlimitinh)))
338. (typetransition init art_apex_boot_integrity_exec process art_apex_boot_integrity)
339. (allow art_apex_boot_integrity dalvikcache_data_file (dir (ioctl read write getattr lock open watch watch_reads remove_name search)))
340. (allow art_apex_boot_integrity dalvikcache_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
341. (allow art_apex_boot_integrity shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
342. (allow art_apex_boot_integrity toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
343. (allow art_apex_boot_integrity system_file (file (execute_no_trans)))
344. (allowx art_apex_boot_integrity dalvikcache_data_file (ioctl file ((range 0x6685 0x6686))))
345. (allow art_apex_postinstall apexd (fd (use)))
346. (allow art_apex_postinstall ota_data_file (dir (ioctl read write getattr lock relabelfrom rename open watch watch_reads remove_name reparent search)))
347. (allow art_apex_postinstall ota_data_file (file (ioctl read getattr lock relabelfrom map open watch watch_reads)))
348. (allow art_apex_postinstall dalvikcache_data_file (dir (ioctl read write create getattr setattr lock relabelto rename open watch watch_reads add_name remove_name reparent search rmdir)))
349. (allow art_apex_postinstall dalvikcache_data_file (file (ioctl read getattr lock relabelto map unlink open watch watch_reads)))
350. (allow art_apex_postinstall file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
351. (allow art_apex_postinstall self (capability (sys_admin)))
352. (allow art_apex_postinstall self (cap_userns (sys_admin)))
353. (allow art_apex_postinstall shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
354. (allow art_apex_postinstall toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
355. (allow art_apex_postinstall system_file (file (execute_no_trans)))
356. (allowx art_apex_postinstall ota_data_file (ioctl file ((range 0x6685 0x6686))))
357. (allow art_apex_preinstall apexd (fd (use)))
358. (allow art_apex_preinstall ota_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
359. (allow art_apex_preinstall ota_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
360. (allow art_apex_preinstall dalvikcache_data_file (dir (ioctl read getattr lock mounton open watch watch_reads search)))
361. (allow art_apex_preinstall self (capability (sys_admin)))
362. (allow art_apex_preinstall shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
363. (allow art_apex_preinstall toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
364. (allow art_apex_preinstall art_apex_preinstall_exec (file (execute_no_trans)))
365. (allow art_apex_preinstall dex2oat_exec (file (read getattr map execute open)))
366. (allow art_apex_preinstall dex2oat (process (transition)))
367. (allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
368. (allow dex2oat art_apex_preinstall (process (sigchld)))
369. (dontaudit art_apex_preinstall dex2oat (process (noatsecure)))
370. (allow art_apex_preinstall dex2oat (process (siginh rlimitinh)))
371. (typetransition art_apex_preinstall dex2oat_exec process dex2oat)
372. (allow art_apex_preinstall system_file (file (execute_no_trans)))
373. (allowx art_apex_preinstall ota_data_file (ioctl file ((range 0x6685 0x6686))))
374. (allow atrace boottrace_data_file (dir (search)))
375. (allow atrace boottrace_data_file (file (ioctl read getattr lock map open watch watch_reads)))
376. (allow atrace debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
377. (allow atrace debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
378. (allow atrace debugfs_trace_marker (file (getattr)))
379. (allow atrace traced_probes (fd (use)))
380. (allow atrace traced_probes (fifo_file (write)))
381. (allow atrace property_socket (sock_file (write)))
382. (allow atrace init (unix_stream_socket (connectto)))
383. (allow atrace debug_prop (property_service (set)))
384. (allow atrace debug_prop (file (read getattr map open)))
385. (allow atrace base_typeattr_562 (service_manager (find)))
386. (allow atrace servicemanager (service_manager (list)))
387. (allow atrace servicemanager (binder (call transfer)))
388. (allow servicemanager atrace (binder (call transfer)))
389. (allow servicemanager atrace (dir (search)))
390. (allow servicemanager atrace (file (read open)))
391. (allow servicemanager atrace (process (getattr)))
392. (allow atrace healthd (binder (call)))
393. (allow atrace surfaceflinger (binder (call)))
394. (allow atrace system_server (binder (call)))
395. (allow atrace cameraserver (binder (call)))
396. (dontaudit atrace hwservice_manager_type (hwservice_manager (find)))
397. (dontaudit atrace service_manager_type (service_manager (find)))
398. (dontaudit atrace domain (binder (call)))
399. (allow atrace hwservicemanager_prop (file (read getattr map open)))
400. (allow init audioserver_exec (file (read getattr map execute open)))
401. (allow init audioserver (process (transition)))
402. (allow audioserver audioserver_exec (file (read getattr map execute open entrypoint)))
403. (dontaudit init audioserver (process (noatsecure)))
404. (allow init audioserver (process (siginh rlimitinh)))
405. (typetransition init audioserver_exec process audioserver)
406. (typetransition audioserver tmpfs file audioserver_tmpfs)
407. (allow audioserver audioserver_tmpfs (file (read write getattr map)))
408. (allow audioserver sdcard_type (dir (ioctl read getattr lock open watch watch_reads search)))
409. (allow audioserver sdcard_type (file (ioctl read getattr lock map open watch watch_reads)))
410. (allow audioserver sdcard_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
411. (allow audioserver servicemanager (binder (call transfer)))
412. (allow servicemanager audioserver (binder (call transfer)))
413. (allow servicemanager audioserver (dir (search)))
414. (allow servicemanager audioserver (file (read open)))
415. (allow servicemanager audioserver (process (getattr)))
416. (allow audioserver binderservicedomain (binder (call transfer)))
417. (allow binderservicedomain audioserver (binder (transfer)))
418. (allow audioserver binderservicedomain (fd (use)))
419. (allow audioserver appdomain (binder (call transfer)))
420. (allow appdomain audioserver (binder (transfer)))
421. (allow audioserver appdomain (fd (use)))
422. (allow audioserver system_file (dir (ioctl read getattr lock open watch watch_reads search)))
423. (allow audioserver system_file (file (ioctl read getattr lock map open watch watch_reads)))
424. (allow audioserver system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
425. (allow audioserver audioserver_service (service_manager (add find)))
426. ;;* lmx 32 system/sepolicy/private/audioserver.te
427.  
428. (neverallow base_typeattr_563 audioserver_service (service_manager (add)))
429. ;;* lme
430.  
431. (allow audioserver activity_service (service_manager (find)))
432. (allow audioserver appops_service (service_manager (find)))
433. (allow audioserver batterystats_service (service_manager (find)))
434. (allow audioserver external_vibrator_service (service_manager (find)))
435. (allow audioserver package_native_service (service_manager (find)))
436. (allow audioserver permission_service (service_manager (find)))
437. (allow audioserver power_service (service_manager (find)))
438. (allow audioserver scheduling_policy_service (service_manager (find)))
439. (allow audioserver mediametrics_service (service_manager (find)))
440. (allow audioserver sensor_privacy_service (service_manager (find)))
441. (allow audioserver soundtrigger_middleware_service (service_manager (find)))
442. (allow audioserver property_socket (sock_file (write)))
443. (allow audioserver init (unix_stream_socket (connectto)))
444. (allow audioserver bluetooth_a2dp_offload_prop (property_service (set)))
445. (allow audioserver bluetooth_a2dp_offload_prop (file (read getattr map open)))
446. (allow audioserver property_socket (sock_file (write)))
447. (allow audioserver init (unix_stream_socket (connectto)))
448. (allow audioserver bluetooth_audio_hal_prop (property_service (set)))
449. (allow audioserver bluetooth_audio_hal_prop (file (read getattr map open)))
450. (allow audioserver property_socket (sock_file (write)))
451. (allow audioserver init (unix_stream_socket (connectto)))
452. (allow audioserver bluetooth_prop (property_service (set)))
453. (allow audioserver bluetooth_prop (file (read getattr map open)))
454. (allow audioserver property_socket (sock_file (write)))
455. (allow audioserver init (unix_stream_socket (connectto)))
456. (allow audioserver exported_bluetooth_prop (property_service (set)))
457. (allow audioserver exported_bluetooth_prop (file (read getattr map open)))
458. (allow audioserver audio_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
459. (allow audioserver audio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
460. (allow audioserver audio_device (chr_file (read write)))
461. (allow audioserver bluetooth_socket (sock_file (write)))
462. (allow audioserver bluetooth (unix_stream_socket (connectto)))
463. (allow audioserver adbd (fd (use)))
464. (allow audioserver adbd (unix_stream_socket (read write)))
465. (allow audioserver shell (fifo_file (read write)))
466. (allow audioserver property_socket (sock_file (write)))
467. (allow audioserver init (unix_stream_socket (connectto)))
468. (allow audioserver log_tag_prop (property_service (set)))
469. (allow audioserver log_tag_prop (file (read getattr map open)))
470. ;;* lmx 85 system/sepolicy/private/audioserver.te
471.  
472. (neverallow audioserver fs_type (file (execute_no_trans)))
473. (neverallow audioserver file_type (file (execute_no_trans)))
474. ;;* lme
475.  
476. ;;* lmx 97 system/sepolicy/private/audioserver.te
477.  
478. (neverallow audioserver domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
479. (neverallow audioserver domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
480. (neverallow audioserver domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
481. ;;* lme
482.  
483. (allow audioserver sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
484. (allow audioserver self (capability2 (block_suspend)))
485. (allow audioserver self (cap2_userns (block_suspend)))
486. (allow audioserver system_suspend_server (binder (call transfer)))
487. (allow system_suspend_server audioserver (binder (transfer)))
488. (allow audioserver system_suspend_server (fd (use)))
489. (allow audioserver system_suspend_hwservice (hwservice_manager (find)))
490. (allow audioserver hwservicemanager (binder (call transfer)))
491. (allow hwservicemanager audioserver (binder (call transfer)))
492. (allow hwservicemanager audioserver (dir (search)))
493. (allow hwservicemanager audioserver (file (read map open)))
494. (allow hwservicemanager audioserver (process (getattr)))
495. (allow audioserver hwservicemanager_prop (file (read getattr map open)))
496. (allow audioserver hidl_manager_hwservice (hwservice_manager (find)))
497. (allow init auditctl_exec (file (read getattr map execute open)))
498. (allow init auditctl (process (transition)))
499. (allow auditctl auditctl_exec (file (read getattr map execute open entrypoint)))
500. (dontaudit init auditctl (process (noatsecure)))
501. (allow init auditctl (process (siginh rlimitinh)))
502. (typetransition init auditctl_exec process auditctl)
503. (allow auditctl self (capability (audit_control)))
504. (allow auditctl self (cap_userns (audit_control)))
505. (allow auditctl self (netlink_audit_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_write)))
506. (allow automotive_display_service fwk_automotive_display_hwservice (hwservice_manager (add find)))
507. (allow automotive_display_service hidl_base_hwservice (hwservice_manager (add)))
508. ;;* lmx 8 system/sepolicy/private/automotive_display_service.te
509.  
510. (neverallow base_typeattr_564 fwk_automotive_display_hwservice (hwservice_manager (add)))
511. ;;* lme
512.  
513. (allow init automotive_display_service_exec (file (read getattr map execute open)))
514. (allow init automotive_display_service (process (transition)))
515. (allow automotive_display_service automotive_display_service_exec (file (read getattr map execute open entrypoint)))
516. (dontaudit init automotive_display_service (process (noatsecure)))
517. (allow init automotive_display_service (process (siginh rlimitinh)))
518. (typetransition init automotive_display_service_exec process automotive_display_service)
519. (allow automotive_display_service servicemanager (binder (call transfer)))
520. (allow servicemanager automotive_display_service (binder (call transfer)))
521. (allow servicemanager automotive_display_service (dir (search)))
522. (allow servicemanager automotive_display_service (file (read open)))
523. (allow servicemanager automotive_display_service (process (getattr)))
524. (allow automotive_display_service hwservicemanager (binder (call transfer)))
525. (allow hwservicemanager automotive_display_service (binder (call transfer)))
526. (allow hwservicemanager automotive_display_service (dir (search)))
527. (allow hwservicemanager automotive_display_service (file (read map open)))
528. (allow hwservicemanager automotive_display_service (process (getattr)))
529. (allow automotive_display_service hwservicemanager_prop (file (read getattr map open)))
530. (allow automotive_display_service surfaceflinger_service (service_manager (find)))
531. (allow automotive_display_service surfaceflinger (binder (call transfer)))
532. (allow surfaceflinger automotive_display_service (binder (transfer)))
533. (allow automotive_display_service surfaceflinger (fd (use)))
534. (allow automotive_display_service hal_graphics_mapper_hwservice (hwservice_manager (find)))
535. (allow automotive_display_service hidl_token_hwservice (hwservice_manager (find)))
536. (allow binder_in_vendor_violators binder_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
537. (allow binderservicedomain dumpstate (fd (use)))
538. (allow binderservicedomain incidentd (fd (use)))
539. (allow binderservicedomain dumpstate (unix_stream_socket (read write getattr getopt)))
540. (allow binderservicedomain incidentd (unix_stream_socket (read write getattr getopt)))
541. (allow binderservicedomain dumpstate (fifo_file (write getattr)))
542. (allow binderservicedomain incidentd (fifo_file (write getattr)))
543. (allow binderservicedomain shell_data_file (file (write getattr)))
544. (allow binderservicedomain devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
545. (allow binderservicedomain console_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
546. (allow binderservicedomain appdomain (fd (use)))
547. (allow binderservicedomain appdomain (fifo_file (write)))
548. (allow binderservicedomain permission_service (service_manager (find)))
549. (allow binderservicedomain keystore (keystore_key (get_state get insert delete exist list sign verify)))
550. (allow keystore binderservicedomain (dir (search)))
551. (allow keystore binderservicedomain (file (read open)))
552. (allow keystore binderservicedomain (process (getattr)))
553. (allow binderservicedomain keystore_service (service_manager (find)))
554. (allow binderservicedomain keystore (binder (call transfer)))
555. (allow keystore binderservicedomain (binder (transfer)))
556. (allow binderservicedomain keystore (fd (use)))
557. (allow keystore binderservicedomain (binder (call transfer)))
558. (allow binderservicedomain keystore (binder (transfer)))
559. (allow keystore binderservicedomain (fd (use)))
560. (allow init blank_screen_exec (file (read getattr map execute open)))
561. (allow init blank_screen (process (transition)))
562. (allow blank_screen blank_screen_exec (file (read getattr map execute open entrypoint)))
563. (dontaudit init blank_screen (process (noatsecure)))
564. (allow init blank_screen (process (siginh rlimitinh)))
565. (typetransition init blank_screen_exec process blank_screen)
566. (allow blkid block_device (dir (search)))
567. (allow blkid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
568. (allow blkid dm_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
569. (allow blkid vold (fd (use)))
570. (allow blkid vold (fifo_file (read write getattr)))
571. (allow blkid blkid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
572. ;;* lmx 21 system/sepolicy/private/blkid.te
573.  
574. (neverallow base_typeattr_314 blkid (process (transition)))
575. ;;* lme
576.  
577. ;;* lmx 22 system/sepolicy/private/blkid.te
578.  
579. (neverallow base_typeattr_182 blkid (process (dyntransition)))
580. ;;* lme
581.  
582. ;;* lmx 23 system/sepolicy/private/blkid.te
583.  
584. (neverallow blkid base_typeattr_565 (file (entrypoint)))
585. ;;* lme
586.  
587. (allow blkid_untrusted block_device (dir (search)))
588. (allow blkid_untrusted vold_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
589. (allow blkid_untrusted vold (fd (use)))
590. (allow blkid_untrusted vold (fifo_file (read write getattr)))
591. (allow blkid_untrusted blkid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
592. ;;* lmx 33 system/sepolicy/private/blkid_untrusted.te
593.  
594. (neverallow blkid_untrusted dm_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
595. (neverallow blkid_untrusted root_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
596. (neverallow blkid_untrusted frp_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
597. (neverallow blkid_untrusted system_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
598. (neverallow blkid_untrusted recovery_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
599. (neverallow blkid_untrusted boot_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
600. (neverallow blkid_untrusted userdata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
601. (neverallow blkid_untrusted cache_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
602. (neverallow blkid_untrusted swap_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
603. (neverallow blkid_untrusted metadata_block_device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
604. ;;* lme
605.  
606. ;;* lmx 36 system/sepolicy/private/blkid_untrusted.te
607.  
608. (neverallow base_typeattr_314 blkid_untrusted (process (transition)))
609. ;;* lme
610.  
611. ;;* lmx 37 system/sepolicy/private/blkid_untrusted.te
612.  
613. (neverallow base_typeattr_182 blkid_untrusted (process (dyntransition)))
614. ;;* lme
615.  
616. ;;* lmx 38 system/sepolicy/private/blkid_untrusted.te
617.  
618. (neverallow blkid_untrusted base_typeattr_565 (file (entrypoint)))
619. ;;* lme
620.  
621. (typetransition bluetooth tmpfs file appdomain_tmpfs)
622. (allow bluetooth appdomain_tmpfs (file (read write getattr map execute)))
623. ;;* lmx 5 system/sepolicy/private/bluetooth.te
624.  
625. (neverallow base_typeattr_566 base_typeattr_567 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
626. ;;* lme
627.  
628. ;;* lmx 5 system/sepolicy/private/bluetooth.te
629.  
630. (neverallow base_typeattr_568 bluetooth (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
631. ;;* lme
632.  
633. ;;* lmx 5 system/sepolicy/private/bluetooth.te
634.  
635. (neverallow base_typeattr_569 bluetooth (process (ptrace)))
636. ;;* lme
637.  
638. (typetransition bluetooth bluetooth_data_file sock_file bluetooth_socket)
639. (allowx bluetooth self (ioctl udp_socket (0x6900 0x6902)))
640. (allowx bluetooth self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
641. (allowx bluetooth self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
642. (allow bluetooth sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
643. (allow bluetooth self (capability2 (block_suspend)))
644. (allow bluetooth self (cap2_userns (block_suspend)))
645. (allow bluetooth system_suspend_server (binder (call transfer)))
646. (allow system_suspend_server bluetooth (binder (transfer)))
647. (allow bluetooth system_suspend_server (fd (use)))
648. (allow bluetooth system_suspend_hwservice (hwservice_manager (find)))
649. (allow bluetooth hwservicemanager (binder (call transfer)))
650. (allow hwservicemanager bluetooth (binder (call transfer)))
651. (allow hwservicemanager bluetooth (dir (search)))
652. (allow hwservicemanager bluetooth (file (read map open)))
653. (allow hwservicemanager bluetooth (process (getattr)))
654. (allow bluetooth hwservicemanager_prop (file (read getattr map open)))
655. (allow bluetooth hidl_manager_hwservice (hwservice_manager (find)))
656. (allow bluetooth bluetooth_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
657. (allow bluetooth bluetooth_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
658. (allow bluetooth bluetooth_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
659. (allow bluetooth bluetooth_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
660. (allow bluetooth bluetooth_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
661. (allow bluetooth bluetooth_logs_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
662. (allow bluetooth bluetooth_logs_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
663. (allow bluetooth bluetooth_socket (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
664. (allow bluetooth self (capability (net_admin)))
665. (allow bluetooth self (cap_userns (net_admin)))
666. (allow bluetooth self (capability2 (wake_alarm)))
667. (allow bluetooth self (cap2_userns (wake_alarm)))
668. (allow bluetooth self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
669. (allow bluetooth self (capability (net_bind_service net_admin net_raw)))
670. (allow bluetooth self (cap_userns (net_bind_service net_admin net_raw)))
671. (allow bluetooth self (tun_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
672. (allow bluetooth tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
673. (allowx bluetooth tun_device (ioctl chr_file (0x54ca 0x54d2)))
674. (allow bluetooth efs_file (dir (search)))
675. (allow bluetooth uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
676. (allow bluetooth proc_bluetooth_writable (file (ioctl read write getattr lock append map open watch watch_reads)))
677. (allow bluetooth property_socket (sock_file (write)))
678. (allow bluetooth init (unix_stream_socket (connectto)))
679. (allow bluetooth binder_cache_bluetooth_server_prop (property_service (set)))
680. (allow bluetooth binder_cache_bluetooth_server_prop (file (read getattr map open)))
681. ;;* lmx 45 system/sepolicy/private/bluetooth.te
682.  
683. (neverallow base_typeattr_570 binder_cache_bluetooth_server_prop (property_service (set)))
684. ;;* lme
685.  
686. (allow bluetooth property_socket (sock_file (write)))
687. (allow bluetooth init (unix_stream_socket (connectto)))
688. (allow bluetooth bluetooth_a2dp_offload_prop (property_service (set)))
689. (allow bluetooth bluetooth_a2dp_offload_prop (file (read getattr map open)))
690. (allow bluetooth property_socket (sock_file (write)))
691. (allow bluetooth init (unix_stream_socket (connectto)))
692. (allow bluetooth bluetooth_audio_hal_prop (property_service (set)))
693. (allow bluetooth bluetooth_audio_hal_prop (file (read getattr map open)))
694. (allow bluetooth property_socket (sock_file (write)))
695. (allow bluetooth init (unix_stream_socket (connectto)))
696. (allow bluetooth bluetooth_prop (property_service (set)))
697. (allow bluetooth bluetooth_prop (file (read getattr map open)))
698. (allow bluetooth property_socket (sock_file (write)))
699. (allow bluetooth init (unix_stream_socket (connectto)))
700. (allow bluetooth exported_bluetooth_prop (property_service (set)))
701. (allow bluetooth exported_bluetooth_prop (file (read getattr map open)))
702. (allow bluetooth property_socket (sock_file (write)))
703. (allow bluetooth init (unix_stream_socket (connectto)))
704. (allow bluetooth pan_result_prop (property_service (set)))
705. (allow bluetooth pan_result_prop (file (read getattr map open)))
706. (allow bluetooth audioserver_service (service_manager (find)))
707. (allow bluetooth bluetooth_service (service_manager (find)))
708. (allow bluetooth drmserver_service (service_manager (find)))
709. (allow bluetooth mediaserver_service (service_manager (find)))
710. (allow bluetooth radio_service (service_manager (find)))
711. (allow bluetooth app_api_service (service_manager (find)))
712. (allow bluetooth system_api_service (service_manager (find)))
713. (allow bluetooth network_stack_service (service_manager (find)))
714. (allow bluetooth shell_data_file (file (read)))
715. (allow bluetooth self (capability (sys_nice)))
716. (allow bluetooth self (cap_userns (sys_nice)))
717. (allow bluetooth runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
718. ;;* lmx 85 system/sepolicy/private/bluetooth.te
719.  
720. (neverallow bluetooth self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
721. (neverallow bluetooth self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
722. ;;* lme
723.  
724. ;;* lmx 86 system/sepolicy/private/bluetooth.te
725.  
726. (neverallow bluetooth self (capability2 (mac_override mac_admin syslog audit_read)))
727. (neverallow bluetooth self (cap2_userns (mac_override mac_admin syslog audit_read)))
728. ;;* lme
729.  
730. (allow bluetoothdomain bluetooth (unix_stream_socket (ioctl read write getattr getopt setopt shutdown)))
731. (allow init bootanim_exec (file (read getattr map execute open)))
732. (allow init bootanim (process (transition)))
733. (allow bootanim bootanim_exec (file (read getattr map execute open entrypoint)))
734. (dontaudit init bootanim (process (noatsecure)))
735. (allow init bootanim (process (siginh rlimitinh)))
736. (typetransition init bootanim_exec process bootanim)
737. (dontaudit bootanim unlabeled (dir (search)))
738. (dontaudit bootanim vendor_default_prop (file (read)))
739. (allow init bootstat_exec (file (read getattr map execute open)))
740. (allow init bootstat (process (transition)))
741. (allow bootstat bootstat_exec (file (read getattr map execute open entrypoint)))
742. (dontaudit init bootstat (process (noatsecure)))
743. (allow init bootstat (process (siginh rlimitinh)))
744. (typetransition init bootstat_exec process bootstat)
745. (allow init boringssl_self_test_exec (file (read getattr map execute open)))
746. (allow init boringssl_self_test (process (transition)))
747. (allow boringssl_self_test boringssl_self_test_exec (file (read getattr map execute open entrypoint)))
748. (dontaudit init boringssl_self_test (process (noatsecure)))
749. (allow init boringssl_self_test (process (siginh rlimitinh)))
750. (typetransition init boringssl_self_test_exec process boringssl_self_test)
751. (allow init vendor_boringssl_self_test_exec (file (read getattr map execute open)))
752. (allow init vendor_boringssl_self_test (process (transition)))
753. (allow vendor_boringssl_self_test vendor_boringssl_self_test_exec (file (read getattr map execute open entrypoint)))
754. (dontaudit init vendor_boringssl_self_test (process (noatsecure)))
755. (allow init vendor_boringssl_self_test (process (siginh rlimitinh)))
756. (typetransition init vendor_boringssl_self_test_exec process vendor_boringssl_self_test)
757. (allow boringssl_self_test boringssl_self_test_marker (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
758. (allow vendor_boringssl_self_test boringssl_self_test_marker (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
759. (allow boringssl_self_test boringssl_self_test_marker (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
760. (allow vendor_boringssl_self_test boringssl_self_test_marker (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
761. (allow boringssl_self_test kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
762. (allow vendor_boringssl_self_test kmsg_debug_device (chr_file (ioctl write getattr lock append map open)))
763. ;;* lmx 66 system/sepolicy/private/boringssl_self_test.te
764.  
765. (neverallow base_typeattr_571 boringssl_self_test_marker (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
766. ;;* lme
767.  
768. ;;* lmx 74 system/sepolicy/private/boringssl_self_test.te
769.  
770. (neverallow base_typeattr_571 boringssl_self_test_marker (dir (write)))
771. ;;* lme
772.  
773. (allow bpfloader fs_bpf (dir (write add_name search)))
774. (allow bpfloader fs_bpf (file (read create setattr)))
775. (allow bpfloader self (bpf (map_create map_read map_write prog_load prog_run)))
776. (allow bpfloader self (capability (chown sys_admin)))
777. ;;* lmx 21 system/sepolicy/private/bpfloader.te
778.  
779. (neverallow base_typeattr_226 fs_bpf (dir (setattr)))
780. ;;* lme
781.  
782. ;;* lmx 22 system/sepolicy/private/bpfloader.te
783.  
784. (neverallow base_typeattr_572 fs_bpf (dir (write add_name)))
785. ;;* lme
786.  
787. ;;* lmx 23 system/sepolicy/private/bpfloader.te
788.  
789. (neverallow domain fs_bpf (dir (rename reparent rmdir)))
790. ;;* lme
791.  
792. ;;* lmx 26 system/sepolicy/private/bpfloader.te
793.  
794. (neverallow base_typeattr_573 fs_bpf (file (setattr)))
795. ;;* lme
796.  
797. ;;* lmx 27 system/sepolicy/private/bpfloader.te
798.  
799. (neverallow base_typeattr_572 fs_bpf (file (create)))
800. ;;* lme
801.  
802. ;;* lmx 28 system/sepolicy/private/bpfloader.te
803.  
804. (neverallow domain fs_bpf (file (unlink rename)))
805. ;;* lme
806.  
807. ;;* lmx 30 system/sepolicy/private/bpfloader.te
808.  
809. (neverallow base_typeattr_572 base_typeattr_182 (bpf (map_create prog_load)))
810. ;;* lme
811.  
812. ;;* lmx 31 system/sepolicy/private/bpfloader.te
813.  
814. (neverallow base_typeattr_574 base_typeattr_182 (bpf (prog_run)))
815. ;;* lme
816.  
817. ;;* lmx 32 system/sepolicy/private/bpfloader.te
818.  
819. (neverallow base_typeattr_575 base_typeattr_182 (bpf (map_read map_write)))
820. ;;* lme
821.  
822. ;;* lmx 34 system/sepolicy/private/bpfloader.te
823.  
824. (neverallow base_typeattr_576 bpfloader_exec (file (execute execute_no_trans)))
825. ;;* lme
826.  
827. ;;* lmx 36 system/sepolicy/private/bpfloader.te
828.  
829. (neverallow bpfloader domain (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
830. (neverallow bpfloader domain (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
831. (neverallow bpfloader domain (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
832. ;;* lme
833.  
834. ;;* lmx 39 system/sepolicy/private/bpfloader.te
835.  
836. (neverallow domain bpfloader (process (ptrace)))
837. ;;* lme
838.  
839. (allow bpfloader property_socket (sock_file (write)))
840. (allow bpfloader init (unix_stream_socket (connectto)))
841. (allow bpfloader bpf_progs_loaded_prop (property_service (set)))
842. (allow bpfloader bpf_progs_loaded_prop (file (read getattr map open)))
843. (allow init bufferhubd_exec (file (read getattr map execute open)))
844. (allow init bufferhubd (process (transition)))
845. (allow bufferhubd bufferhubd_exec (file (read getattr map execute open entrypoint)))
846. (dontaudit init bufferhubd (process (noatsecure)))
847. (allow init bufferhubd (process (siginh rlimitinh)))
848. (typetransition init bufferhubd_exec process bufferhubd)
849. (allow init cameraserver_exec (file (read getattr map execute open)))
850. (allow init cameraserver (process (transition)))
851. (allow cameraserver cameraserver_exec (file (read getattr map execute open entrypoint)))
852. (dontaudit init cameraserver (process (noatsecure)))
853. (allow init cameraserver (process (siginh rlimitinh)))
854. (typetransition init cameraserver_exec process cameraserver)
855. (typetransition cameraserver tmpfs file cameraserver_tmpfs)
856. (allow cameraserver cameraserver_tmpfs (file (read write getattr map)))
857. (allow clatd proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
858. (allow clatd proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
859. (allow clatd proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
860. (allow clatd netd (fd (use)))
861. (allow clatd netd (fifo_file (read write)))
862. (allow clatd netd (netlink_kobject_uevent_socket (read write)))
863. (allow clatd netd (netlink_nflog_socket (read write)))
864. (allow clatd netd (netlink_route_socket (read write)))
865. (allow clatd netd (udp_socket (read write)))
866. (allow clatd netd (unix_stream_socket (read write)))
867. (allow clatd netd (unix_dgram_socket (read write)))
868. (allow clatd self (capability (setgid setuid net_admin net_raw)))
869. (allow clatd self (cap_userns (setgid setuid net_admin net_raw)))
870. (allow clatd self (capability (ipc_lock)))
871. (allow clatd self (cap_userns (ipc_lock)))
872. (allow clatd self (netlink_route_socket (nlmsg_write)))
873. (allow clatd self (rawip_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
874. (allow clatd self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
875. (allow clatd tun_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
876. (allow coredomain pm_prop (file (read getattr map open)))
877. (allow coredomain exported_pm_prop (file (read getattr map open)))
878. ;;* lmx 4 system/sepolicy/private/coredomain.te
879.  
880. (neverallow base_typeattr_577 sysfs_leds (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
881. ;;* lme
882.  
883. ;;* lmx 19 system/sepolicy/private/coredomain.te
884.  
885. (neverallow base_typeattr_578 vendor_app_file (dir (read getattr open search)))
886. ;;* lme
887.  
888. ;;* lmx 36 system/sepolicy/private/coredomain.te
889.  
890. (neverallow base_typeattr_579 vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
891. ;;* lme
892.  
893. ;;* lmx 53 system/sepolicy/private/coredomain.te
894.  
895. (neverallow base_typeattr_580 vendor_overlay_file (dir (read getattr open search)))
896. ;;* lme
897.  
898. ;;* lmx 74 system/sepolicy/private/coredomain.te
899.  
900. (neverallow base_typeattr_580 vendor_overlay_file (file (open)))
901. ;;* lme
902.  
903. ;;* lmx 97 system/sepolicy/private/coredomain.te
904.  
905. (neverallow base_typeattr_581 proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
906. ;;* lme
907.  
908. ;;* lmx 97 system/sepolicy/private/coredomain.te
909.  
910. (neverallow base_typeattr_577 sysfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
911. ;;* lme
912.  
913. ;;* lmx 97 system/sepolicy/private/coredomain.te
914.  
915. (neverallow base_typeattr_582 device (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
916. (neverallow base_typeattr_582 device (blk_file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
917. ;;* lme
918.  
919. ;;* lmx 97 system/sepolicy/private/coredomain.te
920.  
921. (neverallow base_typeattr_583 debugfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
922. ;;* lme
923.  
924. ;;* lmx 97 system/sepolicy/private/coredomain.te
925.  
926. (neverallow base_typeattr_584 debugfs_tracing (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
927. ;;* lme
928.  
929. ;;* lmx 97 system/sepolicy/private/coredomain.te
930.  
931. (neverallow base_typeattr_482 inotify (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
932. ;;* lme
933.  
934. ;;* lmx 97 system/sepolicy/private/coredomain.te
935.  
936. (neverallow base_typeattr_585 pstorefs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
937. ;;* lme
938.  
939. ;;* lmx 97 system/sepolicy/private/coredomain.te
940.  
941. (neverallow base_typeattr_586 configfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
942. ;;* lme
943.  
944. ;;* lmx 97 system/sepolicy/private/coredomain.te
945.  
946. (neverallow base_typeattr_587 functionfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
947. ;;* lme
948.  
949. ;;* lmx 97 system/sepolicy/private/coredomain.te
950.  
951. (neverallow base_typeattr_482 usbfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
952. (neverallow base_typeattr_482 binfmt_miscfs (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
953. ;;* lme
954.  
955. ;;* lmx 192 system/sepolicy/private/coredomain.te
956.  
957. (neverallow coredomain radio_device (chr_file (ioctl read write append open)))
958. (neverallow coredomain iio_device (chr_file (ioctl read write append open)))
959. ;;* lme
960.  
961. ;;* lmx 196 system/sepolicy/private/coredomain.te
962.  
963. (neverallow coredomain tee_device (chr_file (ioctl read write append open)))
964. ;;* lme
965.  
966. (allow init cppreopts_exec (file (read getattr map execute open)))
967. (allow init cppreopts (process (transition)))
968. (allow cppreopts cppreopts_exec (file (read getattr map execute open entrypoint)))
969. (dontaudit init cppreopts (process (noatsecure)))
970. (allow init cppreopts (process (siginh rlimitinh)))
971. (typetransition init cppreopts_exec process cppreopts)
972. (allow cppreopts preopt2cachename_exec (file (read getattr map execute open)))
973. (allow cppreopts preopt2cachename (process (transition)))
974. (allow preopt2cachename preopt2cachename_exec (file (read getattr map execute open entrypoint)))
975. (allow preopt2cachename cppreopts (process (sigchld)))
976. (dontaudit cppreopts preopt2cachename (process (noatsecure)))
977. (allow cppreopts preopt2cachename (process (siginh rlimitinh)))
978. (typetransition cppreopts preopt2cachename_exec process preopt2cachename)
979. (allow cppreopts dalvikcache_data_file (dir (write add_name remove_name search)))
980. (allow cppreopts dalvikcache_data_file (file (read write create getattr unlink rename open)))
981. (allow cppreopts shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
982. (allow cppreopts system_file (dir (read open)))
983. (allow cppreopts toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
984. (dontaudit cppreopts postinstall_mnt_dir (dir (search)))
985. (dontaudit crash_dump dev_type (chr_file (read write)))
986. (dontaudit crash_dump devpts (chr_file (read write)))
987. (allow crash_dump base_typeattr_588 (process (sigchld sigkill sigstop signal ptrace)))
988. ;;* lmx 46 system/sepolicy/private/crash_dump.te
989.  
990. (neverallow crash_dump apexd (process (sigkill sigstop signal)))
991. (neverallow crash_dump init (process (sigkill sigstop signal)))
992. (neverallow crash_dump kernel (process (sigkill sigstop signal)))
993. (neverallow crash_dump keystore (process (sigkill sigstop signal)))
994. (neverallow crash_dump llkd (process (sigkill sigstop signal)))
995. (neverallow crash_dump logd (process (sigkill sigstop signal)))
996. (neverallow crash_dump ueventd (process (sigkill sigstop signal)))
997. (neverallow crash_dump vendor_init (process (sigkill sigstop signal)))
998. (neverallow crash_dump vold (process (sigkill sigstop signal)))
999. (neverallow crash_dump bpfloader (process (sigkill sigstop signal)))
1000. ;;* lme
1001.  
1002. ;;* lmx 48 system/sepolicy/private/crash_dump.te
1003.  
1004. (neverallow crash_dump self (process (ptrace)))
1005. ;;* lme
1006.  
1007. ;;* lmx 49 system/sepolicy/private/crash_dump.te
1008.  
1009. (neverallow crash_dump gpu_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1010. ;;* lme
1011.  
1012. (allow init credstore_exec (file (read getattr map execute open)))
1013. (allow init credstore (process (transition)))
1014. (allow credstore credstore_exec (file (read getattr map execute open entrypoint)))
1015. (dontaudit init credstore (process (noatsecure)))
1016. (allow init credstore (process (siginh rlimitinh)))
1017. (typetransition init credstore_exec process credstore)
1018. (allow init derive_sdk_exec (file (read getattr map execute open)))
1019. (allow init derive_sdk (process (transition)))
1020. (allow derive_sdk derive_sdk_exec (file (read getattr map execute open entrypoint)))
1021. (dontaudit init derive_sdk (process (noatsecure)))
1022. (allow init derive_sdk (process (siginh rlimitinh)))
1023. (typetransition init derive_sdk_exec process derive_sdk)
1024. (allow derive_sdk apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
1025. (allow derive_sdk property_socket (sock_file (write)))
1026. (allow derive_sdk init (unix_stream_socket (connectto)))
1027. (allow derive_sdk module_sdkextensions_prop (property_service (set)))
1028. (allow derive_sdk module_sdkextensions_prop (file (read getattr map open)))
1029. ;;* lmx 12 system/sepolicy/private/derive_sdk.te
1030.  
1031. (neverallow base_typeattr_589 module_sdkextensions_prop (property_service (set)))
1032. ;;* lme
1033.  
1034. (allow dex2oat apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
1035. (allow dex2oat apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1036. (allow dex2oat apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1037. (allow dex2oat vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
1038. (allow dex2oat vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
1039. (allow dex2oat vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1040. (allow dex2oat vendor_framework_file (dir (getattr search)))
1041. (allow dex2oat vendor_framework_file (file (read getattr map open)))
1042. (allow dex2oat tmpfs (file (read getattr map)))
1043. (allow dex2oat dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
1044. (allow dex2oat dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1045. (allow dex2oat dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1046. (allow dex2oat dalvikcache_data_file (file (write)))
1047. (allow dex2oat dalvikcache_data_file (lnk_file (read)))
1048. (allow dex2oat installd (fd (use)))
1049. (allow dex2oat system_file (file (lock)))
1050. (allow dex2oat asec_apk_file (file (read map)))
1051. (allow dex2oat unlabeled (file (read map)))
1052. (allow dex2oat oemfs (file (read map)))
1053. (allow dex2oat apk_tmp_file (dir (search)))
1054. (allow dex2oat apk_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
1055. (allow dex2oat user_profile_data_file (file (read getattr lock map)))
1056. (allow dex2oat app_data_file (file (read write getattr lock map)))
1057. (allow dex2oat privapp_data_file (file (read write getattr lock map)))
1058. (allow dex2oat postinstall_dexopt (fd (use)))
1059. (allow dex2oat postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
1060. (allow dex2oat postinstall_file (filesystem (getattr)))
1061. (allow dex2oat postinstall_file (lnk_file (read getattr)))
1062. (allow dex2oat postinstall_file (file (read)))
1063. (allow dex2oat postinstall_file (file (getattr execute open)))
1064. (allow dex2oat postinstall_apex_mnt_dir (dir (getattr search)))
1065. (allow dex2oat ota_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
1066. (allow dex2oat ota_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1067. (allow dex2oat ota_data_file (lnk_file (read create)))
1068. (allow dex2oat ota_data_file (file (write create setattr lock append map open)))
1069. (allow dex2oat apexd (fd (use)))
1070. (allow dex2oat art_apex_preinstall (fd (use)))
1071. ;;* lmx 84 system/sepolicy/private/dex2oat.te
1072.  
1073. (neverallow dex2oat app_data_file (file (open)))
1074. (neverallow dex2oat app_data_file (lnk_file (open)))
1075. (neverallow dex2oat app_data_file (sock_file (open)))
1076. (neverallow dex2oat app_data_file (fifo_file (open)))
1077. (neverallow dex2oat privapp_data_file (file (open)))
1078. (neverallow dex2oat privapp_data_file (lnk_file (open)))
1079. (neverallow dex2oat privapp_data_file (sock_file (open)))
1080. (neverallow dex2oat privapp_data_file (fifo_file (open)))
1081. ;;* lme
1082.  
1083. (typetransition dexoptanalyzer tmpfs file dexoptanalyzer_tmpfs)
1084. (allow dexoptanalyzer dexoptanalyzer_tmpfs (file (read write getattr map)))
1085. (allow dexoptanalyzer dalvikcache_data_file (dir (getattr search)))
1086. (allow dexoptanalyzer dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1087. (allow dexoptanalyzer dalvikcache_data_file (lnk_file (read)))
1088. (allow dexoptanalyzer installd (fd (use)))
1089. (allow dexoptanalyzer installd (fifo_file (write getattr)))
1090. (allow dexoptanalyzer system_file (file (lock)))
1091. (allow dexoptanalyzer app_data_file (dir (getattr search)))
1092. (allow dexoptanalyzer privapp_data_file (dir (getattr search)))
1093. (allow dexoptanalyzer app_data_file (file (read getattr map)))
1094. (allow dexoptanalyzer privapp_data_file (file (read getattr map)))
1095. (dontaudit dexoptanalyzer app_data_file (dir (audit_access)))
1096. (dontaudit dexoptanalyzer privapp_data_file (dir (audit_access)))
1097. (allow dexoptanalyzer system_data_file (lnk_file (getattr)))
1098. (allow init dhcp_exec (file (read getattr map execute open)))
1099. (allow init dhcp (process (transition)))
1100. (allow dhcp dhcp_exec (file (read getattr map execute open entrypoint)))
1101. (dontaudit init dhcp (process (noatsecure)))
1102. (allow init dhcp (process (siginh rlimitinh)))
1103. (typetransition init dhcp_exec process dhcp)
1104. (typetransition dhcp system_data_file dir dhcp_data_file)
1105. (typetransition dhcp system_data_file file dhcp_data_file)
1106. (allow domain crash_dump_exec (file (read getattr map execute open)))
1107. (allow domain crash_dump (process (transition)))
1108. (allow crash_dump crash_dump_exec (file (read getattr map execute open entrypoint)))
1109. (allow crash_dump domain (process (sigchld)))
1110. (dontaudit domain crash_dump (process (noatsecure)))
1111. (allow domain crash_dump (process (siginh rlimitinh)))
1112. (typetransition domain crash_dump_exec process crash_dump)
1113. (allow domain crash_dump (process (sigchld)))
1114. (allow domain heapprofd_prop (file (read getattr map open)))
1115. (allow domain cgroup (dir (search)))
1116. (allow base_typeattr_590 cgroup (dir (write lock open add_name remove_name search)))
1117. (allow base_typeattr_590 cgroup (file (write lock append map open)))
1118. (allow domain cgroup_rc_file (dir (search)))
1119. (allow domain cgroup_rc_file (file (ioctl read getattr lock map open watch watch_reads)))
1120. (allow domain task_profiles_file (file (ioctl read getattr lock map open watch watch_reads)))
1121. (allow domain vendor_task_profiles_file (file (ioctl read getattr lock map open watch watch_reads)))
1122. (allow domain use_memfd_prop (file (read getattr map open)))
1123. (allow domain module_sdkextensions_prop (file (read getattr map open)))
1124. (allow domain bq_config_prop (file (read getattr map open)))
1125. (allow appdomain core_property_type (file (read getattr map open)))
1126. (allow coredomain core_property_type (file (read getattr map open)))
1127. (allow shell core_property_type (file (read getattr map open)))
1128. (allow appdomain exported_dalvik_prop (file (read getattr map open)))
1129. (allow coredomain exported_dalvik_prop (file (read getattr map open)))
1130. (allow shell exported_dalvik_prop (file (read getattr map open)))
1131. (allow appdomain exported_ffs_prop (file (read getattr map open)))
1132. (allow coredomain exported_ffs_prop (file (read getattr map open)))
1133. (allow shell exported_ffs_prop (file (read getattr map open)))
1134. (allow appdomain exported_system_radio_prop (file (read getattr map open)))
1135. (allow coredomain exported_system_radio_prop (file (read getattr map open)))
1136. (allow shell exported_system_radio_prop (file (read getattr map open)))
1137. (allow appdomain exported2_config_prop (file (read getattr map open)))
1138. (allow coredomain exported2_config_prop (file (read getattr map open)))
1139. (allow shell exported2_config_prop (file (read getattr map open)))
1140. (allow appdomain exported2_radio_prop (file (read getattr map open)))
1141. (allow coredomain exported2_radio_prop (file (read getattr map open)))
1142. (allow shell exported2_radio_prop (file (read getattr map open)))
1143. (allow appdomain exported2_system_prop (file (read getattr map open)))
1144. (allow coredomain exported2_system_prop (file (read getattr map open)))
1145. (allow shell exported2_system_prop (file (read getattr map open)))
1146. (allow appdomain exported2_vold_prop (file (read getattr map open)))
1147. (allow coredomain exported2_vold_prop (file (read getattr map open)))
1148. (allow shell exported2_vold_prop (file (read getattr map open)))
1149. (allow appdomain exported3_default_prop (file (read getattr map open)))
1150. (allow coredomain exported3_default_prop (file (read getattr map open)))
1151. (allow shell exported3_default_prop (file (read getattr map open)))
1152. (allow appdomain exported3_radio_prop (file (read getattr map open)))
1153. (allow coredomain exported3_radio_prop (file (read getattr map open)))
1154. (allow shell exported3_radio_prop (file (read getattr map open)))
1155. (allow appdomain exported3_system_prop (file (read getattr map open)))
1156. (allow coredomain exported3_system_prop (file (read getattr map open)))
1157. (allow shell exported3_system_prop (file (read getattr map open)))
1158. (allow appdomain exported_camera_prop (file (read getattr map open)))
1159. (allow coredomain exported_camera_prop (file (read getattr map open)))
1160. (allow shell exported_camera_prop (file (read getattr map open)))
1161. (allow appdomain userspace_reboot_config_prop (file (read getattr map open)))
1162. (allow coredomain userspace_reboot_config_prop (file (read getattr map open)))
1163. (allow shell userspace_reboot_config_prop (file (read getattr map open)))
1164. (allow coredomain userspace_reboot_exported_prop (file (read getattr map open)))
1165. (allow shell userspace_reboot_exported_prop (file (read getattr map open)))
1166. (allow coredomain userspace_reboot_log_prop (file (read getattr map open)))
1167. (allow shell userspace_reboot_log_prop (file (read getattr map open)))
1168. (allow coredomain userspace_reboot_test_prop (file (read getattr map open)))
1169. (allow shell userspace_reboot_test_prop (file (read getattr map open)))
1170. (allow base_typeattr_591 vendor_default_prop (file (read getattr map open)))
1171. (allow domain kernel (key (search)))
1172. (allow domain fsverity_init (key (search)))
1173. (allow domain linkerconfig_file (dir (search)))
1174. (allow domain linkerconfig_file (file (ioctl read getattr lock map open watch watch_reads)))
1175. (allow domain boringssl_self_test_marker (dir (search)))
1176. ;;* lmx 134 system/sepolicy/private/domain.te
1177.  
1178. (neverallow base_typeattr_592 self (capability (sys_ptrace)))
1179. (neverallow base_typeattr_592 self (cap_userns (sys_ptrace)))
1180. ;;* lme
1181.  
1182. ;;* lmx 137 system/sepolicy/private/domain.te
1183.  
1184. (neverallow base_typeattr_593 base_typeattr_182 (keystore_key (gen_unique_id)))
1185. ;;* lme
1186.  
1187. ;;* lmx 144 system/sepolicy/private/domain.te
1188.  
1189. (neverallow base_typeattr_226 debugfs_tracing_debug (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1190. ;;* lme
1191.  
1192. ;;* lmx 148 system/sepolicy/private/domain.te
1193.  
1194. (neverallow base_typeattr_229 dropbox_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1195. ;;* lme
1196.  
1197. ;;* lmx 149 system/sepolicy/private/domain.te
1198.  
1199. (neverallow base_typeattr_229 dropbox_data_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1200. ;;* lme
1201.  
1202. ;;* lmx 157 system/sepolicy/private/domain.te
1203.  
1204. (neverallow base_typeattr_288 app_data_file (file (create unlink)))
1205. (neverallow base_typeattr_288 app_data_file (dir (create unlink)))
1206. (neverallow base_typeattr_288 app_data_file (lnk_file (create unlink)))
1207. (neverallow base_typeattr_288 app_data_file (chr_file (create unlink)))
1208. (neverallow base_typeattr_288 app_data_file (blk_file (create unlink)))
1209. (neverallow base_typeattr_288 app_data_file (sock_file (create unlink)))
1210. (neverallow base_typeattr_288 app_data_file (fifo_file (create unlink)))
1211. (neverallow base_typeattr_288 privapp_data_file (file (create unlink)))
1212. (neverallow base_typeattr_288 privapp_data_file (dir (create unlink)))
1213. (neverallow base_typeattr_288 privapp_data_file (lnk_file (create unlink)))
1214. (neverallow base_typeattr_288 privapp_data_file (chr_file (create unlink)))
1215. (neverallow base_typeattr_288 privapp_data_file (blk_file (create unlink)))
1216. (neverallow base_typeattr_288 privapp_data_file (sock_file (create unlink)))
1217. (neverallow base_typeattr_288 privapp_data_file (fifo_file (create unlink)))
1218. ;;* lme
1219.  
1220. ;;* lmx 176 system/sepolicy/private/domain.te
1221.  
1222. (neverallow base_typeattr_594 app_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1223. (neverallow base_typeattr_594 privapp_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1224. ;;* lme
1225.  
1226. ;;* lmx 185 system/sepolicy/private/domain.te
1227.  
1228. (neverallow base_typeattr_595 app_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
1229. (neverallow base_typeattr_595 privapp_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
1230. ;;* lme
1231.  
1232. ;;* lmx 194 system/sepolicy/private/domain.te
1233.  
1234. (neverallow base_typeattr_596 app_data_file (file (open)))
1235. (neverallow base_typeattr_596 app_data_file (lnk_file (open)))
1236. (neverallow base_typeattr_596 app_data_file (chr_file (open)))
1237. (neverallow base_typeattr_596 app_data_file (blk_file (open)))
1238. (neverallow base_typeattr_596 app_data_file (sock_file (open)))
1239. (neverallow base_typeattr_596 app_data_file (fifo_file (open)))
1240. (neverallow base_typeattr_596 privapp_data_file (file (open)))
1241. (neverallow base_typeattr_596 privapp_data_file (lnk_file (open)))
1242. (neverallow base_typeattr_596 privapp_data_file (chr_file (open)))
1243. (neverallow base_typeattr_596 privapp_data_file (blk_file (open)))
1244. (neverallow base_typeattr_596 privapp_data_file (sock_file (open)))
1245. (neverallow base_typeattr_596 privapp_data_file (fifo_file (open)))
1246. ;;* lme
1247.  
1248. ;;* lmx 200 system/sepolicy/private/domain.te
1249.  
1250. (neverallow base_typeattr_288 app_data_file (file (create unlink)))
1251. (neverallow base_typeattr_288 app_data_file (dir (create unlink)))
1252. (neverallow base_typeattr_288 app_data_file (lnk_file (create unlink)))
1253. (neverallow base_typeattr_288 app_data_file (chr_file (create unlink)))
1254. (neverallow base_typeattr_288 app_data_file (blk_file (create unlink)))
1255. (neverallow base_typeattr_288 app_data_file (sock_file (create unlink)))
1256. (neverallow base_typeattr_288 app_data_file (fifo_file (create unlink)))
1257. (neverallow base_typeattr_288 privapp_data_file (file (create unlink)))
1258. (neverallow base_typeattr_288 privapp_data_file (dir (create unlink)))
1259. (neverallow base_typeattr_288 privapp_data_file (lnk_file (create unlink)))
1260. (neverallow base_typeattr_288 privapp_data_file (chr_file (create unlink)))
1261. (neverallow base_typeattr_288 privapp_data_file (blk_file (create unlink)))
1262. (neverallow base_typeattr_288 privapp_data_file (sock_file (create unlink)))
1263. (neverallow base_typeattr_288 privapp_data_file (fifo_file (create unlink)))
1264. ;;* lme
1265.  
1266. ;;* lmx 205 system/sepolicy/private/domain.te
1267.  
1268. (neverallow base_typeattr_450 app_data_file (file (relabelfrom relabelto)))
1269. (neverallow base_typeattr_450 app_data_file (dir (relabelfrom relabelto)))
1270. (neverallow base_typeattr_450 app_data_file (lnk_file (relabelfrom relabelto)))
1271. (neverallow base_typeattr_450 app_data_file (chr_file (relabelfrom relabelto)))
1272. (neverallow base_typeattr_450 app_data_file (blk_file (relabelfrom relabelto)))
1273. (neverallow base_typeattr_450 app_data_file (sock_file (relabelfrom relabelto)))
1274. (neverallow base_typeattr_450 app_data_file (fifo_file (relabelfrom relabelto)))
1275. (neverallow base_typeattr_450 privapp_data_file (file (relabelfrom relabelto)))
1276. (neverallow base_typeattr_450 privapp_data_file (dir (relabelfrom relabelto)))
1277. (neverallow base_typeattr_450 privapp_data_file (lnk_file (relabelfrom relabelto)))
1278. (neverallow base_typeattr_450 privapp_data_file (chr_file (relabelfrom relabelto)))
1279. (neverallow base_typeattr_450 privapp_data_file (blk_file (relabelfrom relabelto)))
1280. (neverallow base_typeattr_450 privapp_data_file (sock_file (relabelfrom relabelto)))
1281. (neverallow base_typeattr_450 privapp_data_file (fifo_file (relabelfrom relabelto)))
1282. ;;* lme
1283.  
1284. ;;* lmx 211 system/sepolicy/private/domain.te
1285.  
1286. (neverallow base_typeattr_597 staging_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1287. ;;* lme
1288.  
1289. ;;* lmx 212 system/sepolicy/private/domain.te
1290.  
1291. (neverallow base_typeattr_598 staging_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1292. ;;* lme
1293.  
1294. ;;* lmx 213 system/sepolicy/private/domain.te
1295.  
1296. (neverallow base_typeattr_599 staging_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
1297. ;;* lme
1298.  
1299. ;;* lmx 217 system/sepolicy/private/domain.te
1300.  
1301. (neverallow base_typeattr_229 staging_data_file (file (write create setattr relabelfrom append rename execute execute_no_trans)))
1302. ;;* lme
1303.  
1304. ;;* lmx 224 system/sepolicy/private/domain.te
1305.  
1306. (neverallow base_typeattr_600 base_typeattr_601 (file (execute)))
1307. ;;* lme
1308.  
1309. ;;* lmx 254 system/sepolicy/private/domain.te
1310.  
1311. (neverallow base_typeattr_602 base_typeattr_603 (file (execute)))
1312. ;;* lme
1313.  
1314. ;;* lmx 261 system/sepolicy/private/domain.te
1315.  
1316. (neverallow base_typeattr_226 cgroup_rc_file (file (write create setattr relabelfrom append unlink link rename)))
1317. ;;* lme
1318.  
1319. ;;* lmx 275 system/sepolicy/private/domain.te
1320.  
1321. (neverallow base_typeattr_604 dalvikcache_data_file (file (write create setattr relabelfrom append unlink link rename)))
1322. ;;* lme
1323.  
1324. ;;* lmx 288 system/sepolicy/private/domain.te
1325.  
1326. (neverallow base_typeattr_604 dalvikcache_data_file (dir (write create setattr relabelfrom link rename add_name remove_name reparent rmdir)))
1327. ;;* lme
1328.  
1329. ;;* lmx 315 system/sepolicy/private/domain.te
1330.  
1331. (neverallow base_typeattr_605 self (capability (dac_override)))
1332. (neverallow base_typeattr_605 self (cap_userns (dac_override)))
1333. ;;* lme
1334.  
1335. ;;* lmx 327 system/sepolicy/private/domain.te
1336.  
1337. (neverallow base_typeattr_606 self (capability (dac_read_search)))
1338. (neverallow base_typeattr_606 self (cap_userns (dac_read_search)))
1339. ;;* lme
1340.  
1341. ;;* lmx 343 system/sepolicy/private/domain.te
1342.  
1343. (neverallow base_typeattr_607 base_typeattr_608 (filesystem (mount remount relabelfrom relabelto)))
1344. ;;* lme
1345.  
1346. ;;* lmx 359 system/sepolicy/private/domain.te
1347.  
1348. (neverallow base_typeattr_609 self (capability (sys_rawio)))
1349. (neverallow base_typeattr_609 self (cap_userns (sys_rawio)))
1350. ;;* lme
1351.  
1352. ;;* lmx 367 system/sepolicy/private/domain.te
1353.  
1354. (neverallow base_typeattr_610 mirror_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1355. ;;* lme
1356.  
1357. ;;* lmx 370 system/sepolicy/private/domain.te
1358.  
1359. (neverallow base_typeattr_230 net_dns_prop (property_service (set)))
1360. ;;* lme
1361.  
1362. ;;* lmx 371 system/sepolicy/private/domain.te
1363.  
1364. (neverallow base_typeattr_611 net_dns_prop (file (read)))
1365. ;;* lme
1366.  
1367. ;;* lmx 374 system/sepolicy/private/domain.te
1368.  
1369. (neverallow base_typeattr_226 debugfs_kprobes (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1370. ;;* lme
1371.  
1372. (allow init drmserver_exec (file (read getattr map execute open)))
1373. (allow init drmserver (process (transition)))
1374. (allow drmserver drmserver_exec (file (read getattr map execute open entrypoint)))
1375. (dontaudit init drmserver (process (noatsecure)))
1376. (allow init drmserver (process (siginh rlimitinh)))
1377. (typetransition init drmserver_exec process drmserver)
1378. (typetransition drmserver apk_data_file sock_file drmserver_socket)
1379. (allow init dumpstate_exec (file (read getattr map execute open)))
1380. (allow init dumpstate (process (transition)))
1381. (allow dumpstate dumpstate_exec (file (read getattr map execute open entrypoint)))
1382. (dontaudit init dumpstate (process (noatsecure)))
1383. (allow init dumpstate (process (siginh rlimitinh)))
1384. (typetransition init dumpstate_exec process dumpstate)
1385. (allow dumpstate vdc_exec (file (read getattr map execute open)))
1386. (allow dumpstate vdc (process (transition)))
1387. (allow vdc vdc_exec (file (read getattr map execute open entrypoint)))
1388. (allow vdc dumpstate (process (sigchld)))
1389. (dontaudit dumpstate vdc (process (noatsecure)))
1390. (allow dumpstate vdc (process (siginh rlimitinh)))
1391. (typetransition dumpstate vdc_exec process vdc)
1392. (allow dumpstate system_file (file (lock)))
1393. (allow dumpstate storaged_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
1394. (allow dumpstate incidentd (binder (call transfer)))
1395. (allow incidentd dumpstate (binder (transfer)))
1396. (allow dumpstate incidentd (fd (use)))
1397. (allow dumpstate storaged (binder (call transfer)))
1398. (allow storaged dumpstate (binder (transfer)))
1399. (allow dumpstate storaged (fd (use)))
1400. (allow dumpstate statsd (binder (call transfer)))
1401. (allow statsd dumpstate (binder (transfer)))
1402. (allow dumpstate statsd (fd (use)))
1403. (allow dumpstate gpuservice (binder (call transfer)))
1404. (allow gpuservice dumpstate (binder (transfer)))
1405. (allow dumpstate gpuservice (fd (use)))
1406. (allow dumpstate idmap (binder (call transfer)))
1407. (allow idmap dumpstate (binder (transfer)))
1408. (allow dumpstate idmap (fd (use)))
1409. (allow dumpstate boottime_prop (file (read getattr map open)))
1410. (allow dumpstate netd (process (signal)))
1411. (allow dumpstate statsd (process (signal)))
1412. (allow dumpstate debugfs_wakeup_sources (file (ioctl read getattr lock map open watch watch_reads)))
1413. (allow dumpstate dev_type (blk_file (getattr)))
1414. (allow dumpstate webview_zygote (process (signal)))
1415. (dontaudit dumpstate update_engine (binder (call)))
1416. (allow dumpstate proc_net_tcp_udp (file (ioctl read getattr lock map open watch watch_reads)))
1417. (allow dumpstate incidentcompanion_service (binder (call transfer)))
1418. (allow incidentcompanion_service dumpstate (binder (transfer)))
1419. (allow dumpstate incidentcompanion_service (fd (use)))
1420. (allow dumpstate property_socket (sock_file (write)))
1421. (allow dumpstate init (unix_stream_socket (connectto)))
1422. (allow dumpstate lpdumpd_prop (property_service (set)))
1423. (allow dumpstate lpdumpd_prop (file (read getattr map open)))
1424. (allow dumpstate lpdumpd (binder (call transfer)))
1425. (allow lpdumpd dumpstate (binder (transfer)))
1426. (allow dumpstate lpdumpd (fd (use)))
1427. (allow dumpstate gsid_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
1428. (allow dumpstate property_socket (sock_file (write)))
1429. (allow dumpstate init (unix_stream_socket (connectto)))
1430. (allow dumpstate ctl_gsid_prop (property_service (set)))
1431. (allow dumpstate ctl_gsid_prop (file (read getattr map open)))
1432. (allow dumpstate gsid (binder (call transfer)))
1433. (allow gsid dumpstate (binder (transfer)))
1434. (allow dumpstate gsid (fd (use)))
1435. (allow dumpstate ota_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
1436. (allow dumpstate ota_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
1437. (allow dumpstate ota_metadata_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1438. (typetransition ephemeral_app tmpfs file appdomain_tmpfs)
1439. (allow ephemeral_app appdomain_tmpfs (file (read write getattr map execute)))
1440. ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
1441.  
1442. (neverallow base_typeattr_612 base_typeattr_613 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1443. ;;* lme
1444.  
1445. ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
1446.  
1447. (neverallow base_typeattr_614 ephemeral_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1448. ;;* lme
1449.  
1450. ;;* lmx 17 system/sepolicy/private/ephemeral_app.te
1451.  
1452. (neverallow base_typeattr_615 ephemeral_app (process (ptrace)))
1453. ;;* lme
1454.  
1455. (allow ephemeral_app sdcard_type (file (ioctl read write getattr lock append)))
1456. (allow ephemeral_app media_rw_data_file (file (ioctl read write getattr lock append)))
1457. (allow ephemeral_app privapp_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
1458. (allow ephemeral_app app_data_file (file (ioctl read getattr lock map execute open watch watch_reads)))
1459. (allow ephemeral_app privapp_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1460. (allow ephemeral_app rs_exec (file (read getattr map execute open)))
1461. (allow ephemeral_app rs (process (transition)))
1462. (allow rs rs_exec (file (read getattr map execute open entrypoint)))
1463. (allow rs ephemeral_app (process (sigchld)))
1464. (dontaudit ephemeral_app rs (process (noatsecure)))
1465. (allow ephemeral_app rs (process (siginh rlimitinh)))
1466. (typetransition ephemeral_app rs_exec process rs)
1467. (allow ephemeral_app app_exec_data_file (file (ioctl read getattr lock map unlink execute open watch watch_reads)))
1468. (allow ephemeral_app audioserver_service (service_manager (find)))
1469. (allow ephemeral_app cameraserver_service (service_manager (find)))
1470. (allow ephemeral_app mediaserver_service (service_manager (find)))
1471. (allow ephemeral_app mediaextractor_service (service_manager (find)))
1472. (allow ephemeral_app mediametrics_service (service_manager (find)))
1473. (allow ephemeral_app mediadrmserver_service (service_manager (find)))
1474. (allow ephemeral_app drmserver_service (service_manager (find)))
1475. (allow ephemeral_app radio_service (service_manager (find)))
1476. (allow ephemeral_app ephemeral_app_api_service (service_manager (find)))
1477. (allow ephemeral_app gpu_service (service_manager (find)))
1478. (allow ephemeral_app gpuservice (binder (call transfer)))
1479. (allow gpuservice ephemeral_app (binder (transfer)))
1480. (allow ephemeral_app gpuservice (fd (use)))
1481. (allow ephemeral_app traced (fd (use)))
1482. (allow ephemeral_app traced_tmpfs (file (read write getattr map)))
1483. (allow ephemeral_app traced_producer_socket (sock_file (write)))
1484. (allow ephemeral_app traced (unix_stream_socket (connectto)))
1485. (allow traced ephemeral_app (fd (use)))
1486. (allow heapprofd ephemeral_app (process (signal)))
1487. (allow ephemeral_app heapprofd_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
1488. (allow heapprofd ephemeral_app (file (ioctl read getattr lock map open watch watch_reads)))
1489. (allow heapprofd ephemeral_app (dir (ioctl read getattr lock open watch watch_reads search)))
1490. (allow traced_perf ephemeral_app (file (ioctl read getattr lock map open watch watch_reads)))
1491. (allow traced_perf ephemeral_app (dir (ioctl read getattr lock open watch watch_reads search)))
1492. (allow traced_perf ephemeral_app (process (signal)))
1493. (allow ephemeral_app traced_perf_socket (sock_file (write)))
1494. (allow ephemeral_app traced_perf (unix_stream_socket (connectto)))
1495. (allow traced_perf ephemeral_app (fd (use)))
1496. (allow ephemeral_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
1497. (allow ephemeral_app ashmem_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
1498. ;;* lmx 71 system/sepolicy/private/ephemeral_app.te
1499.  
1500. (neverallow ephemeral_app app_data_file (file (execute_no_trans)))
1501. (neverallow ephemeral_app privapp_data_file (file (execute_no_trans)))
1502. ;;* lme
1503.  
1504. ;;* lmx 74 system/sepolicy/private/ephemeral_app.te
1505.  
1506. (neverallow ephemeral_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
1507. ;;* lme
1508.  
1509. ;;* lmx 77 system/sepolicy/private/ephemeral_app.te
1510.  
1511. (neverallow ephemeral_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
1512. ;;* lme
1513.  
1514. ;;* lmx 81 system/sepolicy/private/ephemeral_app.te
1515.  
1516. (neverallow ephemeral_app debugfs (file (read)))
1517. ;;* lme
1518.  
1519. ;;* lmx 84 system/sepolicy/private/ephemeral_app.te
1520.  
1521. (neverallow ephemeral_app gpu_device (chr_file (execute)))
1522. ;;* lme
1523.  
1524. ;;* lmx 87 system/sepolicy/private/ephemeral_app.te
1525.  
1526. (neverallow ephemeral_app sysfs (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1527. ;;* lme
1528.  
1529. ;;* lmx 91 system/sepolicy/private/ephemeral_app.te
1530.  
1531. (neverallow ephemeral_app proc (file (ioctl read write create setattr lock relabelfrom append unlink link rename execute open watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans)))
1532. ;;* lme
1533.  
1534. ;;* lmx 94 system/sepolicy/private/ephemeral_app.te
1535.  
1536. (neverallow ephemeral_app sdcard_type (file (create open)))
1537. (neverallow ephemeral_app media_rw_data_file (file (create open)))
1538. ;;* lme
1539.  
1540. ;;* lmx 95 system/sepolicy/private/ephemeral_app.te
1541.  
1542. (neverallow ephemeral_app sdcard_type (dir (search)))
1543. (neverallow ephemeral_app media_rw_data_file (dir (search)))
1544. ;;* lme
1545.  
1546. ;;* lmx 99 system/sepolicy/private/ephemeral_app.te
1547.  
1548. (neverallow ephemeral_app proc_net (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1549. ;;* lme
1550.  
1551. (allow init fingerprintd_exec (file (read getattr map execute open)))
1552. (allow init fingerprintd (process (transition)))
1553. (allow fingerprintd fingerprintd_exec (file (read getattr map execute open entrypoint)))
1554. (dontaudit init fingerprintd (process (noatsecure)))
1555. (allow init fingerprintd (process (siginh rlimitinh)))
1556. (typetransition init fingerprintd_exec process fingerprintd)
1557. (allow init flags_health_check_exec (file (read getattr map execute open)))
1558. (allow init flags_health_check (process (transition)))
1559. (allow flags_health_check flags_health_check_exec (file (read getattr map execute open entrypoint)))
1560. (dontaudit init flags_health_check (process (noatsecure)))
1561. (allow init flags_health_check (process (siginh rlimitinh)))
1562. (typetransition init flags_health_check_exec process flags_health_check)
1563. (allow init fsck_exec (file (read getattr map execute open)))
1564. (allow init fsck (process (transition)))
1565. (allow fsck fsck_exec (file (read getattr map execute open entrypoint)))
1566. (dontaudit init fsck (process (noatsecure)))
1567. (allow init fsck (process (siginh rlimitinh)))
1568. (typetransition init fsck_exec process fsck)
1569. (allow fsck metadata_block_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
1570. (allow init fsverity_init_exec (file (read getattr map execute open)))
1571. (allow init fsverity_init (process (transition)))
1572. (allow fsverity_init fsverity_init_exec (file (read getattr map execute open entrypoint)))
1573. (dontaudit init fsverity_init (process (noatsecure)))
1574. (allow init fsverity_init (process (siginh rlimitinh)))
1575. (typetransition init fsverity_init_exec process fsverity_init)
1576. (allow fsverity_init proc_keys (file (ioctl read getattr lock map open watch watch_reads)))
1577. (dontaudit fsverity_init init (key (view)))
1578. (dontaudit fsverity_init vold (key (view)))
1579. (allow fsverity_init kernel (key (view write search setattr)))
1580. (allow fsverity_init fsverity_init (key (view write search)))
1581. (allow fsverity_init proc_fs_verity (file (write lock append map open)))
1582. (dontaudit fsverity_init kernel (system (module_request)))
1583. (allow fwk_bufferhub ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
1584. (allow init fwk_bufferhub_exec (file (read getattr map execute open)))
1585. (allow init fwk_bufferhub (process (transition)))
1586. (allow fwk_bufferhub fwk_bufferhub_exec (file (read getattr map execute open entrypoint)))
1587. (dontaudit init fwk_bufferhub (process (noatsecure)))
1588. (allow init fwk_bufferhub (process (siginh rlimitinh)))
1589. (typetransition init fwk_bufferhub_exec process fwk_bufferhub)
1590. (allow init gatekeeperd_exec (file (read getattr map execute open)))
1591. (allow init gatekeeperd (process (transition)))
1592. (allow gatekeeperd gatekeeperd_exec (file (read getattr map execute open entrypoint)))
1593. (dontaudit init gatekeeperd (process (noatsecure)))
1594. (allow init gatekeeperd (process (siginh rlimitinh)))
1595. (typetransition init gatekeeperd_exec process gatekeeperd)
1596. (typetransition gmscore_app tmpfs file appdomain_tmpfs)
1597. (allow gmscore_app appdomain_tmpfs (file (read write getattr map execute)))
1598. ;;* lmx 6 system/sepolicy/private/gmscore_app.te
1599.  
1600. (neverallow base_typeattr_616 base_typeattr_617 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1601. ;;* lme
1602.  
1603. ;;* lmx 6 system/sepolicy/private/gmscore_app.te
1604.  
1605. (neverallow base_typeattr_618 gmscore_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
1606. ;;* lme
1607.  
1608. ;;* lmx 6 system/sepolicy/private/gmscore_app.te
1609.  
1610. (neverallow base_typeattr_619 gmscore_app (process (ptrace)))
1611. ;;* lme
1612.  
1613. (allow gmscore_app sysfs_type (dir (search)))
1614. (allow gmscore_app sysfs_net (dir (ioctl read getattr lock open watch watch_reads search)))
1615. (allow gmscore_app sysfs_net (file (ioctl read getattr lock map open watch watch_reads)))
1616. (allow gmscore_app sysfs_net (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1617. (allow gmscore_app sysfs_zram (dir (ioctl read getattr lock open watch watch_reads search)))
1618. (allow gmscore_app sysfs_zram (file (ioctl read getattr lock map open watch watch_reads)))
1619. (allow gmscore_app sysfs_zram (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1620. (allow gmscore_app rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
1621. (allow gmscore_app rootfs (file (ioctl read getattr lock map open watch watch_reads)))
1622. (allow gmscore_app rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1623. (allow gmscore_app config_gz (file (read getattr open)))
1624. (allow gmscore_app update_engine (binder (call transfer)))
1625. (allow update_engine gmscore_app (binder (transfer)))
1626. (allow gmscore_app update_engine (fd (use)))
1627. (allow gmscore_app update_engine_service (service_manager (find)))
1628. (allow gmscore_app storaged (binder (call transfer)))
1629. (allow storaged gmscore_app (binder (transfer)))
1630. (allow gmscore_app storaged (fd (use)))
1631. (allow gmscore_app storaged_service (service_manager (find)))
1632. (allow gmscore_app system_update_service (service_manager (find)))
1633. (allow gmscore_app statsd (binder (call transfer)))
1634. (allow statsd gmscore_app (binder (transfer)))
1635. (allow gmscore_app statsd (fd (use)))
1636. (allow gmscore_app keystore (keystore_key (gen_unique_id)))
1637. (allow gmscore_app selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
1638. (dontaudit gmscore_app exec_type (file (ioctl read getattr lock map open watch watch_reads)))
1639. (dontaudit gmscore_app device (dir (ioctl read getattr lock open watch watch_reads search)))
1640. (dontaudit gmscore_app fs_bpf (dir (ioctl read getattr lock open watch watch_reads search)))
1641. (dontaudit gmscore_app net_dns_prop (file (ioctl read getattr lock map open watch watch_reads)))
1642. (dontaudit gmscore_app proc (file (ioctl read getattr lock map open watch watch_reads)))
1643. (dontaudit gmscore_app proc_interrupts (file (ioctl read getattr lock map open watch watch_reads)))
1644. (dontaudit gmscore_app proc_modules (file (ioctl read getattr lock map open watch watch_reads)))
1645. (dontaudit gmscore_app proc_net (file (ioctl read getattr lock map open watch watch_reads)))
1646. (dontaudit gmscore_app proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
1647. (dontaudit gmscore_app proc_version (file (ioctl read getattr lock map open watch watch_reads)))
1648. (dontaudit gmscore_app sysfs (dir (ioctl read getattr lock open watch watch_reads search)))
1649. (dontaudit gmscore_app sysfs (file (ioctl read getattr lock map open watch watch_reads)))
1650. (dontaudit gmscore_app sysfs_android_usb (file (ioctl read getattr lock map open watch watch_reads)))
1651. (dontaudit gmscore_app sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
1652. (dontaudit gmscore_app sysfs_loop (file (ioctl read getattr lock map open watch watch_reads)))
1653. (dontaudit gmscore_app wifi_prop (file (ioctl read getattr lock map open watch watch_reads)))
1654. (dontaudit gmscore_app exported_wifi_prop (file (ioctl read getattr lock map open watch watch_reads)))
1655. (dontaudit gmscore_app wifi_prop (file (ioctl read getattr lock map open watch watch_reads)))
1656. (dontaudit gmscore_app mirror_data_file (dir (search)))
1657. (dontaudit gmscore_app mnt_vendor_file (dir (search)))
1658. (allow gmscore_app self (process (ptrace)))
1659. (allow gmscore_app privapp_data_file (file (execute)))
1660. (allow gmscore_app privapp_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1661. (allow gmscore_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
1662. (allow gmscore_app gpuservice (binder (call transfer)))
1663. (allow gpuservice gmscore_app (binder (transfer)))
1664. (allow gmscore_app gpuservice (fd (use)))
1665. (allow gmscore_app gpu_service (service_manager (find)))
1666. (allow gmscore_app app_api_service (service_manager (find)))
1667. (allow gmscore_app system_api_service (service_manager (find)))
1668. (allow gmscore_app audioserver_service (service_manager (find)))
1669. (allow gmscore_app cameraserver_service (service_manager (find)))
1670. (allow gmscore_app drmserver_service (service_manager (find)))
1671. (allow gmscore_app mediadrmserver_service (service_manager (find)))
1672. (allow gmscore_app mediaextractor_service (service_manager (find)))
1673. (allow gmscore_app mediametrics_service (service_manager (find)))
1674. (allow gmscore_app mediaserver_service (service_manager (find)))
1675. (allow gmscore_app network_watchlist_service (service_manager (find)))
1676. (allow gmscore_app nfc_service (service_manager (find)))
1677. (allow gmscore_app oem_lock_service (service_manager (find)))
1678. (allow gmscore_app persistent_data_block_service (service_manager (find)))
1679. (allow gmscore_app radio_service (service_manager (find)))
1680. (allow gmscore_app recovery_service (service_manager (find)))
1681. (allow gmscore_app stats_service (service_manager (find)))
1682. (allow gmscore_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1683. (allow gmscore_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
1684. (allow gmscore_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
1685. (allow gmscore_app cache_recovery_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
1686. (allow gmscore_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1687. (allow gmscore_app cache_recovery_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1688. (allow gmscore_app cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1689. (allow gmscore_app ota_package_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
1690. (allow gmscore_app ota_package_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1691. (allow gmscore_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1692. (allow gmscore_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
1693. (allow gmscore_app anr_data_file (file (ioctl read getattr lock map open watch watch_reads)))
1694. (allow gmscore_app priv_app (tcp_socket (read write)))
1695. (allow init gpuservice_exec (file (read getattr map execute open)))
1696. (allow init gpuservice (process (transition)))
1697. (allow gpuservice gpuservice_exec (file (read getattr map execute open entrypoint)))
1698. (dontaudit init gpuservice (process (noatsecure)))
1699. (allow init gpuservice (process (siginh rlimitinh)))
1700. (typetransition init gpuservice_exec process gpuservice)
1701. (allow gpuservice adbd (binder (call transfer)))
1702. (allow adbd gpuservice (binder (transfer)))
1703. (allow gpuservice adbd (fd (use)))
1704. (allow gpuservice shell (binder (call transfer)))
1705. (allow shell gpuservice (binder (transfer)))
1706. (allow gpuservice shell (fd (use)))
1707. (allow gpuservice system_server (binder (call transfer)))
1708. (allow system_server gpuservice (binder (transfer)))
1709. (allow gpuservice system_server (fd (use)))
1710. (allow gpuservice servicemanager (binder (call transfer)))
1711. (allow servicemanager gpuservice (binder (call transfer)))
1712. (allow servicemanager gpuservice (dir (search)))
1713. (allow servicemanager gpuservice (file (read open)))
1714. (allow servicemanager gpuservice (process (getattr)))
1715. (allow gpuservice gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
1716. (allow gpuservice same_process_hal_file (file (read getattr map execute open)))
1717. (allow gpuservice ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
1718. (allow gpuservice hwservicemanager_prop (file (read getattr map open)))
1719. (allow gpuservice hwservicemanager (binder (call transfer)))
1720. (allow hwservicemanager gpuservice (binder (call transfer)))
1721. (allow hwservicemanager gpuservice (dir (search)))
1722. (allow hwservicemanager gpuservice (file (read map open)))
1723. (allow hwservicemanager gpuservice (process (getattr)))
1724. (allow gpuservice graphics_device (dir (search)))
1725. (allow gpuservice graphics_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
1726. (allow gpuservice shell (fifo_file (write)))
1727. (allow gpuservice adbd (unix_stream_socket (read write getattr)))
1728. (allow gpuservice devpts (chr_file (read write getattr)))
1729. (allow gpuservice dumpstate (fd (use)))
1730. (allow gpuservice dumpstate (fifo_file (write)))
1731. (allow gpuservice stats_service (service_manager (find)))
1732. (allow gpuservice statsmanager_service (service_manager (find)))
1733. (allow gpuservice statsd (binder (call transfer)))
1734. (allow statsd gpuservice (binder (transfer)))
1735. (allow gpuservice statsd (fd (use)))
1736. (allow gpuservice gpu_service (service_manager (add find)))
1737. ;;* lmx 45 system/sepolicy/private/gpuservice.te
1738.  
1739. (neverallow base_typeattr_620 gpu_service (service_manager (add)))
1740. ;;* lme
1741.  
1742. (allow init gsid_exec (file (read getattr map execute open)))
1743. (allow init gsid (process (transition)))
1744. (allow gsid gsid_exec (file (read getattr map execute open entrypoint)))
1745. (dontaudit init gsid (process (noatsecure)))
1746. (allow init gsid (process (siginh rlimitinh)))
1747. (typetransition init gsid_exec process gsid)
1748. (allow gsid servicemanager (binder (call transfer)))
1749. (allow servicemanager gsid (binder (call transfer)))
1750. (allow servicemanager gsid (dir (search)))
1751. (allow servicemanager gsid (file (read open)))
1752. (allow servicemanager gsid (process (getattr)))
1753. (allow gsid gsi_service (service_manager (add find)))
1754. ;;* lmx 11 system/sepolicy/private/gsid.te
1755.  
1756. (neverallow base_typeattr_621 gsi_service (service_manager (add)))
1757. ;;* lme
1758.  
1759. (allow gsid property_socket (sock_file (write)))
1760. (allow gsid init (unix_stream_socket (connectto)))
1761. (allow gsid gsid_prop (property_service (set)))
1762. (allow gsid gsid_prop (file (read getattr map open)))
1763. (allow gsid dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
1764. (allow gsid dm_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
1765. (allow gsid self (capability (sys_admin)))
1766. (allow gsid self (cap_userns (sys_admin)))
1767. (dontaudit gsid self (capability (dac_override)))
1768. (dontaudit gsid self (cap_userns (dac_override)))
1769. (allow gsid loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
1770. (allow gsid loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
1771. (allowx gsid loop_device (ioctl blk_file (0x1261)))
1772. (allowx gsid loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) (range 0x4c08 0x4c09))))
1773. (allow gsid sysfs_dm (dir (ioctl read getattr lock open watch watch_reads search)))
1774. (allow gsid sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
1775. (allow gsid sysfs_dm (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1776. (allow gsid sysfs_fs_f2fs (dir (ioctl read getattr lock open watch watch_reads search)))
1777. (allow gsid sysfs_fs_f2fs (file (ioctl read getattr lock map open watch watch_reads)))
1778. (allow gsid sysfs_fs_f2fs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
1779. (allow gsid proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
1780. (allow gsid sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
1781. (allow gsid sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
1782. (allow gsid block_device (dir (ioctl read getattr lock open watch watch_reads search)))
1783. (allowx gsid userdata_block_device (ioctl blk_file (0x1278 0x127a)))
1784. (allowx gsid sdcard_block_device (ioctl blk_file (0x1278 0x127a)))
1785. (allow gsid mnt_media_rw_file (dir (ioctl read getattr lock open watch watch_reads search)))
1786. (allow gsid vfat (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
1787. (allow gsid vfat (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1788. (allow gsid sdcard_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
1789. (allow gsid self (capability (sys_rawio)))
1790. (allow gsid self (cap_userns (sys_rawio)))
1791. (allow gsid adbd (fd (use)))
1792. (allow gsid adbd (unix_stream_socket (ioctl read write getattr setattr lock append map bind connect getopt setopt shutdown)))
1793. ;;* lmx 84 system/sepolicy/private/gsid.te
1794.  
1795. (neverallow base_typeattr_622 gsid_prop (property_service (set)))
1796. ;;* lme
1797.  
1798. (allow gsid userdata_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
1799. (allow gsid metadata_file (dir (getattr search)))
1800. (allow gsid gsi_metadata_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
1801. (allow gsid ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
1802. (allow gsid gsi_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1803. (allow gsid ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1804. (allow gsid gsi_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
1805. (allow gsid ota_image_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
1806. (allow gsid gsi_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1807. (allow gsid ota_image_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
1808. (allowx gsid gsi_data_file (ioctl file (0x660b)))
1809. (allowx gsid ota_image_data_file (ioctl file (0x660b)))
1810. (allow gsid system_server (binder (call)))
1811. ;;* lmx 147 system/sepolicy/private/gsid.te
1812.  
1813. (neverallow base_typeattr_623 gsi_metadata_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1814. ;;* lme
1815.  
1816. ;;* lmx 155 system/sepolicy/private/gsid.te
1817.  
1818. (neverallow base_typeattr_624 gsi_metadata_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1819. (neverallow base_typeattr_624 gsi_metadata_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1820. (neverallow base_typeattr_624 gsi_metadata_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1821. (neverallow base_typeattr_624 gsi_metadata_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1822. ;;* lme
1823.  
1824. ;;* lmx 163 system/sepolicy/private/gsid.te
1825.  
1826. (neverallow base_typeattr_624 gsi_metadata_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1827. (neverallow base_typeattr_624 gsi_metadata_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1828. (neverallow base_typeattr_624 gsi_metadata_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1829. (neverallow base_typeattr_624 gsi_metadata_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1830. (neverallow base_typeattr_624 gsi_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1831. (neverallow base_typeattr_624 gsi_data_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1832. (neverallow base_typeattr_624 gsi_data_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1833. (neverallow base_typeattr_624 gsi_data_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1834. ;;* lme
1835.  
1836. ;;* lmx 169 system/sepolicy/private/gsid.te
1837.  
1838. (neverallow base_typeattr_625 gsi_data_file (dir (write lock relabelfrom append map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
1839. ;;* lme
1840.  
1841. ;;* lmx 175 system/sepolicy/private/gsid.te
1842.  
1843. (neverallow base_typeattr_625 gsi_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
1844. ;;* lme
1845.  
1846. ;;* lmx 180 system/sepolicy/private/gsid.te
1847.  
1848. (neverallow base_typeattr_621 gsi_data_file (file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
1849. (neverallow base_typeattr_621 gsi_data_file (lnk_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1850. (neverallow base_typeattr_621 gsi_data_file (sock_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1851. (neverallow base_typeattr_621 gsi_data_file (fifo_file (ioctl read write create setattr lock relabelfrom append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
1852. ;;* lme
1853.  
1854. (allow init hal_allocator_default_exec (file (read getattr map execute open)))
1855. (allow init hal_allocator_default (process (transition)))
1856. (allow hal_allocator_default hal_allocator_default_exec (file (read getattr map execute open entrypoint)))
1857. (dontaudit init hal_allocator_default (process (noatsecure)))
1858. (allow init hal_allocator_default (process (siginh rlimitinh)))
1859. (typetransition init hal_allocator_default_exec process hal_allocator_default)
1860. (allow halclientdomain hwservicemanager (binder (call transfer)))
1861. (allow hwservicemanager halclientdomain (binder (call transfer)))
1862. (allow hwservicemanager halclientdomain (dir (search)))
1863. (allow hwservicemanager halclientdomain (file (read map open)))
1864. (allow hwservicemanager halclientdomain (process (getattr)))
1865. (allow halclientdomain hwservicemanager_prop (file (read getattr map open)))
1866. (allow halclientdomain hidl_manager_hwservice (hwservice_manager (find)))
1867. (allow halserverdomain hwservicemanager (binder (call transfer)))
1868. (allow hwservicemanager halserverdomain (binder (call transfer)))
1869. (allow hwservicemanager halserverdomain (dir (search)))
1870. (allow hwservicemanager halserverdomain (file (read map open)))
1871. (allow hwservicemanager halserverdomain (process (getattr)))
1872. (allow halserverdomain system_file (dir (ioctl read getattr lock open watch watch_reads search)))
1873. (allow halserverdomain hwservicemanager_prop (file (read getattr map open)))
1874. (allow init healthd_exec (file (read getattr map execute open)))
1875. (allow init healthd (process (transition)))
1876. (allow healthd healthd_exec (file (read getattr map execute open entrypoint)))
1877. (dontaudit init healthd (process (noatsecure)))
1878. (allow init healthd (process (siginh rlimitinh)))
1879. (typetransition init healthd_exec process healthd)
1880. (allow init heapprofd_exec (file (read getattr map execute open)))
1881. (allow init heapprofd (process (transition)))
1882. (allow heapprofd heapprofd_exec (file (read getattr map execute open entrypoint)))
1883. (dontaudit init heapprofd (process (noatsecure)))
1884. (allow init heapprofd (process (siginh rlimitinh)))
1885. (typetransition init heapprofd_exec process heapprofd)
1886. (typetransition heapprofd tmpfs file heapprofd_tmpfs)
1887. (allow heapprofd heapprofd_tmpfs (file (read write getattr map)))
1888. (allow heapprofd property_socket (sock_file (write)))
1889. (allow heapprofd init (unix_stream_socket (connectto)))
1890. (allow heapprofd heapprofd_prop (property_service (set)))
1891. (allow heapprofd heapprofd_prop (file (read getattr map open)))
1892. (allow heapprofd self (capability (kill)))
1893. (dontaudit heapprofd domain (dir (open search)))
1894. (allow heapprofd traced (fd (use)))
1895. (allow heapprofd traced_tmpfs (file (read write getattr map)))
1896. (allow heapprofd traced_producer_socket (sock_file (write)))
1897. (allow heapprofd traced (unix_stream_socket (connectto)))
1898. (allow traced heapprofd (fd (use)))
1899. (dontaudit heapprofd self (capability (dac_override dac_read_search)))
1900. (dontaudit heapprofd self (cap_userns (dac_override dac_read_search)))
1901. ;;* lmx 62 system/sepolicy/private/heapprofd.te
1902.  
1903. (neverallow heapprofd init (file (read)))
1904. (neverallow heapprofd kernel (file (read)))
1905. (neverallow heapprofd keystore (file (read)))
1906. (neverallow heapprofd llkd (file (read)))
1907. (neverallow heapprofd logd (file (read)))
1908. (neverallow heapprofd ueventd (file (read)))
1909. (neverallow heapprofd vendor_init (file (read)))
1910. (neverallow heapprofd vold (file (read)))
1911. (neverallow heapprofd bpfloader (file (read)))
1912. ;;* lme
1913.  
1914. ;;* lmx 62 system/sepolicy/private/heapprofd.te
1915.  
1916. (neverallow heapprofd init (process (signal)))
1917. (neverallow heapprofd kernel (process (signal)))
1918. (neverallow heapprofd keystore (process (signal)))
1919. (neverallow heapprofd llkd (process (signal)))
1920. (neverallow heapprofd logd (process (signal)))
1921. (neverallow heapprofd ueventd (process (signal)))
1922. (neverallow heapprofd vendor_init (process (signal)))
1923. (neverallow heapprofd vold (process (signal)))
1924. (neverallow heapprofd bpfloader (process (signal)))
1925. ;;* lme
1926.  
1927. ;;* lmx 74 system/sepolicy/private/heapprofd.te
1928.  
1929. (neverallow heapprofd vendor_file (file (write create setattr relabelfrom append unlink link rename execute execute_no_trans)))
1930. ;;* lme
1931.  
1932. (allow init hwservicemanager_exec (file (read getattr map execute open)))
1933. (allow init hwservicemanager (process (transition)))
1934. (allow hwservicemanager hwservicemanager_exec (file (read getattr map execute open entrypoint)))
1935. (dontaudit init hwservicemanager (process (noatsecure)))
1936. (allow init hwservicemanager (process (siginh rlimitinh)))
1937. (typetransition init hwservicemanager_exec process hwservicemanager)
1938. (allow hwservicemanager hidl_manager_hwservice (hwservice_manager (add find)))
1939. (allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
1940. ;;* lmx 5 system/sepolicy/private/hwservicemanager.te
1941.  
1942. (neverallow base_typeattr_626 hidl_manager_hwservice (hwservice_manager (add)))
1943. ;;* lme
1944.  
1945. (allow hwservicemanager hidl_token_hwservice (hwservice_manager (add find)))
1946. (allow hwservicemanager hidl_base_hwservice (hwservice_manager (add)))
1947. ;;* lmx 6 system/sepolicy/private/hwservicemanager.te
1948.  
1949. (neverallow base_typeattr_626 hidl_token_hwservice (hwservice_manager (add)))
1950. ;;* lme
1951.  
1952. (allow hwservicemanager property_socket (sock_file (write)))
1953. (allow hwservicemanager init (unix_stream_socket (connectto)))
1954. (allow hwservicemanager ctl_interface_start_prop (property_service (set)))
1955. (allow hwservicemanager ctl_interface_start_prop (file (read getattr map open)))
1956. (allow init idmap_exec (file (read getattr map execute open)))
1957. (allow init idmap (process (transition)))
1958. (allow idmap idmap_exec (file (read getattr map execute open entrypoint)))
1959. (dontaudit init idmap (process (noatsecure)))
1960. (allow init idmap (process (siginh rlimitinh)))
1961. (typetransition init idmap_exec process idmap)
1962. (allow shell incident_exec (file (read getattr map execute open)))
1963. (allow shell incident (process (transition)))
1964. (allow incident incident_exec (file (read getattr map execute open entrypoint)))
1965. (allow incident shell (process (sigchld)))
1966. (dontaudit shell incident (process (noatsecure)))
1967. (allow shell incident (process (siginh rlimitinh)))
1968. (typetransition shell incident_exec process incident)
1969. (allow dumpstate incident_exec (file (read getattr map execute open)))
1970. (allow dumpstate incident (process (transition)))
1971. (allow incident incident_exec (file (read getattr map execute open entrypoint)))
1972. (allow incident dumpstate (process (sigchld)))
1973. (dontaudit dumpstate incident (process (noatsecure)))
1974. (allow dumpstate incident (process (siginh rlimitinh)))
1975. (typetransition dumpstate incident_exec process incident)
1976. (allow incident shell (fd (use)))
1977. (allow incident dumpstate (fd (use)))
1978. (allow incident dumpstate (unix_stream_socket (read write)))
1979. (allow incident shell_data_file (file (write)))
1980. (allow incident devpts (chr_file (read write)))
1981. (allow incident adbd (fd (use)))
1982. (allow incident adbd (unix_stream_socket (read write)))
1983. (allow incident adbd (process (sigchld)))
1984. (allow incident servicemanager (binder (call transfer)))
1985. (allow servicemanager incident (binder (call transfer)))
1986. (allow servicemanager incident (dir (search)))
1987. (allow servicemanager incident (file (read open)))
1988. (allow servicemanager incident (process (getattr)))
1989. (allow incident incident_service (service_manager (find)))
1990. (allow incident incidentd (binder (call transfer)))
1991. (allow incidentd incident (binder (transfer)))
1992. (allow incident incidentd (fd (use)))
1993. (allow incident incidentd (fifo_file (write)))
1994. ;;* lmx 37 system/sepolicy/private/incident.te
1995.  
1996. (neverallow base_typeattr_627 incident_exec (file (execute execute_no_trans)))
1997. ;;* lme
1998.  
1999. (allow incidentd incident_helper_exec (file (read getattr map execute open)))
2000. (allow incidentd incident_helper (process (transition)))
2001. (allow incident_helper incident_helper_exec (file (read getattr map execute open entrypoint)))
2002. (allow incident_helper incidentd (process (sigchld)))
2003. (dontaudit incidentd incident_helper (process (noatsecure)))
2004. (allow incidentd incident_helper (process (siginh rlimitinh)))
2005. (typetransition incidentd incident_helper_exec process incident_helper)
2006. (allow incident_helper dumpstate (fd (use)))
2007. (allow incident_helper incident (fd (use)))
2008. (allow incident_helper incidentd (fd (use)))
2009. (allow incident_helper shell (fd (use)))
2010. (allow incident_helper dumpstate (fifo_file (read write getattr)))
2011. (allow incident_helper incident (fifo_file (read write getattr)))
2012. (allow incident_helper incidentd (fifo_file (read write getattr)))
2013. (allow incident_helper shell (fifo_file (read write getattr)))
2014. (allow incident_helper incidentd (unix_stream_socket (read write)))
2015. ;;* lmx 14 system/sepolicy/private/incident_helper.te
2016.  
2017. (neverallow base_typeattr_628 incident_helper_exec (file (execute execute_no_trans)))
2018. ;;* lme
2019.  
2020. (allow init incidentd_exec (file (read getattr map execute open)))
2021. (allow init incidentd (process (transition)))
2022. (allow incidentd incidentd_exec (file (read getattr map execute open entrypoint)))
2023. (dontaudit init incidentd (process (noatsecure)))
2024. (allow init incidentd (process (siginh rlimitinh)))
2025. (typetransition init incidentd_exec process incidentd)
2026. (allow incidentd servicemanager (binder (call transfer)))
2027. (allow servicemanager incidentd (binder (call transfer)))
2028. (allow servicemanager incidentd (dir (search)))
2029. (allow servicemanager incidentd (file (read open)))
2030. (allow servicemanager incidentd (process (getattr)))
2031. (allow incidentd sysfs_wake_lock (file (ioctl read write getattr lock append map open watch watch_reads)))
2032. (allow incidentd self (capability2 (block_suspend)))
2033. (allow incidentd self (cap2_userns (block_suspend)))
2034. (allow incidentd system_suspend_server (binder (call transfer)))
2035. (allow system_suspend_server incidentd (binder (transfer)))
2036. (allow incidentd system_suspend_server (fd (use)))
2037. (allow incidentd system_suspend_hwservice (hwservice_manager (find)))
2038. (allow incidentd hwservicemanager (binder (call transfer)))
2039. (allow hwservicemanager incidentd (binder (call transfer)))
2040. (allow hwservicemanager incidentd (dir (search)))
2041. (allow hwservicemanager incidentd (file (read map open)))
2042. (allow hwservicemanager incidentd (process (getattr)))
2043. (allow incidentd hwservicemanager_prop (file (read getattr map open)))
2044. (allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
2045. (allow incidentd domain (dir (ioctl read getattr lock open watch watch_reads search)))
2046. (allow incidentd domain (file (ioctl read getattr lock map open watch watch_reads)))
2047. (allow incidentd domain (lnk_file (ioctl read getattr lock map open watch watch_reads)))
2048. (allow incidentd incident_helper (process (sigkill)))
2049. (allow incidentd system_file (file (execute_no_trans)))
2050. (allow incidentd toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
2051. (allow incidentd proc_version (file (ioctl read getattr lock map open watch watch_reads)))
2052. (allow incidentd proc_pagetypeinfo (file (ioctl read getattr lock map open watch watch_reads)))
2053. (allow incidentd debugfs_wakeup_sources (file (ioctl read getattr lock map open watch watch_reads)))
2054. (allow incidentd proc_meminfo (file (read open)))
2055. (allow incidentd sysfs_devices_system_cpu (file (ioctl read getattr lock map open watch watch_reads)))
2056. (allow incidentd domain (process (getattr)))
2057. (allow incidentd sysfs_batteryinfo (dir (search)))
2058. (allow incidentd sysfs_batteryinfo (file (ioctl read getattr lock map open watch watch_reads)))
2059. (allow incidentd stats_service (service_manager (find)))
2060. (allow incidentd statsd (binder (call transfer)))
2061. (allow statsd incidentd (binder (transfer)))
2062. (allow incidentd statsd (fd (use)))
2063. (allow incidentd perfetto_traces_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
2064. (allow incidentd perfetto_traces_data_file (file (ioctl read getattr lock map open watch watch_reads)))
2065. (allow incidentd incident_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
2066. (allow incidentd incident_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
2067. (allow incidentd servicemanager (binder (call transfer)))
2068. (allow servicemanager incidentd (binder (call transfer)))
2069. (allow servicemanager incidentd (dir (search)))
2070. (allow servicemanager incidentd (file (read open)))
2071. (allow servicemanager incidentd (process (getattr)))
2072. (allow incidentd hwservicemanager (binder (call transfer)))
2073. (allow hwservicemanager incidentd (binder (call transfer)))
2074. (allow hwservicemanager incidentd (dir (search)))
2075. (allow hwservicemanager incidentd (file (read map open)))
2076. (allow hwservicemanager incidentd (process (getattr)))
2077. (allow incidentd hwservicemanager (hwservice_manager (list)))
2078. (allow incidentd hwservicemanager_prop (file (read getattr map open)))
2079. (allow incidentd hidl_manager_hwservice (hwservice_manager (find)))
2080. (allow incidentd proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
2081. (allow incidentd proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
2082. (allow incidentd proc_stat (file (ioctl read getattr lock map open watch watch_reads)))
2083. (allow incidentd appdomain (process (signal)))
2084. (allow incidentd ephemeral_app (process (signal)))
2085. (allow incidentd system_server (process (signal)))
2086. (allow incidentd hal_audio_server (process (signal)))
2087. (allow incidentd hal_bluetooth_server (process (signal)))
2088. (allow incidentd hal_camera_server (process (signal)))
2089. (allow incidentd hal_codec2_server (process (signal)))
2090. (allow incidentd hal_face_server (process (signal)))
2091. (allow incidentd hal_graphics_allocator_server (process (signal)))
2092. (allow incidentd hal_graphics_composer_server (process (signal)))
2093. (allow incidentd hal_health_server (process (signal)))
2094. (allow incidentd hal_omx_server (process (signal)))
2095. (allow incidentd hal_sensors_server (process (signal)))
2096. (allow incidentd hal_vr_server (process (signal)))
2097. (allow incidentd audioserver (process (signal)))
2098. (allow incidentd cameraserver (process (signal)))
2099. (allow incidentd drmserver (process (signal)))
2100. (allow incidentd inputflinger (process (signal)))
2101. (allow incidentd mediadrmserver (process (signal)))
2102. (allow incidentd mediaextractor (process (signal)))
2103. (allow incidentd mediametrics (process (signal)))
2104. (allow incidentd mediaserver (process (signal)))
2105. (allow incidentd sdcardd (process (signal)))
2106. (allow incidentd statsd (process (signal)))
2107. (allow incidentd surfaceflinger (process (signal)))
2108. (allow incidentd system_server (binder (call transfer)))
2109. (allow system_server incidentd (binder (transfer)))
2110. (allow incidentd system_server (fd (use)))
2111. (allow incidentd appdomain (binder (call transfer)))
2112. (allow appdomain incidentd (binder (transfer)))
2113. (allow incidentd appdomain (fd (use)))
2114. ;;* lmx 115 system/sepolicy/private/incidentd.te
2115.  
2116. (neverallow incidentd base_typeattr_182 (process (ptrace)))
2117. ;;* lme
2118.  
2119. (allow incidentd self (capability (kill)))
2120. (allow incidentd self (cap_userns (kill)))
2121. (allow incidentd tombstoned_intercept_socket (sock_file (write)))
2122. (allow incidentd tombstoned (unix_stream_socket (connectto)))
2123. (allow incidentd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
2124. (allow incidentd zygote_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
2125. (allow incidentd device_config_runtime_native_prop (file (read getattr map open)))
2126. (allow incidentd device_config_runtime_native_boot_prop (file (read getattr map open)))
2127. (allow incidentd system_file (file (lock)))
2128. (dontaudit incidentd dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
2129. (dontaudit incidentd tmpfs (file (ioctl read write getattr lock append map execute open watch watch_reads execute_no_trans)))
2130. (allow incidentd misc_logd_file (dir (ioctl read getattr lock open watch watch_reads search)))
2131. (allow incidentd misc_logd_file (file (ioctl read getattr lock map open watch watch_reads)))
2132. (allow incidentd misc_logd_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
2133. (allow incidentd system_server_service (service_manager (find)))
2134. (allow incidentd app_api_service (service_manager (find)))
2135. (allow incidentd system_api_service (service_manager (find)))
2136. (allow incidentd incident_service (service_manager (add find)))
2137. ;;* lmx 156 system/sepolicy/private/incidentd.te
2138.  
2139. (neverallow base_typeattr_629 incident_service (service_manager (add)))
2140. ;;* lme
2141.  
2142. (allow incidentd dumpstate (fd (use)))
2143. (allow incidentd incident (fd (use)))
2144. (allow incidentd dumpstate (fifo_file (write)))
2145. (allow incidentd incident (fifo_file (write)))
2146. (allow incidentd incident (binder (call transfer)))
2147. (allow incident incidentd (binder (transfer)))
2148. (allow incidentd incident (fd (use)))
2149. ;;* lmx 194 system/sepolicy/private/incidentd.te
2150.  
2151. (neverallow base_typeattr_630 incident_data_file (file (write create getattr setattr lock append map unlink rename execute open execute_no_trans)))
2152. ;;* lme
2153.  
2154. ;;* lmx 196 system/sepolicy/private/incidentd.te
2155.  
2156. (neverallow base_typeattr_631 incident_data_file (file (ioctl read getattr lock map open watch watch_reads)))
2157. ;;* lme
2158.  
2159. ;;* lmx 198 system/sepolicy/private/incidentd.te
2160.  
2161. (neverallow base_typeattr_630 incident_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
2162. ;;* lme
2163.  
2164. (typetransition init tmpfs file init_tmpfs)
2165. (allow init init_tmpfs (file (read write getattr map)))
2166. (allow init rootfs (file (read getattr map execute open)))
2167. (allow init healthd (process (transition)))
2168. (allow healthd rootfs (file (read getattr map execute open entrypoint)))
2169. (dontaudit init healthd (process (noatsecure)))
2170. (allow init healthd (process (siginh rlimitinh)))
2171. (allow init rootfs (file (read getattr map execute open)))
2172. (allow init slideshow (process (transition)))
2173. (allow slideshow rootfs (file (read getattr map execute open entrypoint)))
2174. (dontaudit init slideshow (process (noatsecure)))
2175. (allow init slideshow (process (siginh rlimitinh)))
2176. (allow init charger_exec (file (read getattr map execute open)))
2177. (allow init charger (process (transition)))
2178. (allow charger charger_exec (file (read getattr map execute open entrypoint)))
2179. (dontaudit init charger (process (noatsecure)))
2180. (allow init charger (process (siginh rlimitinh)))
2181. (typetransition init charger_exec process charger)
2182. (allow init e2fs_exec (file (read getattr map execute open)))
2183. (allow init e2fs (process (transition)))
2184. (allow e2fs e2fs_exec (file (read getattr map execute open entrypoint)))
2185. (dontaudit init e2fs (process (noatsecure)))
2186. (allow init e2fs (process (siginh rlimitinh)))
2187. (typetransition init e2fs_exec process e2fs)
2188. (allow init bpfloader_exec (file (read getattr map execute open)))
2189. (allow init bpfloader (process (transition)))
2190. (allow bpfloader bpfloader_exec (file (read getattr map execute open entrypoint)))
2191. (dontaudit init bpfloader (process (noatsecure)))
2192. (allow init bpfloader (process (siginh rlimitinh)))
2193. (typetransition init bpfloader_exec process bpfloader)
2194. (allow init shell_exec (file (read getattr map execute open)))
2195. (allow init shell (process (transition)))
2196. (allow shell shell_exec (file (read getattr map execute open entrypoint)))
2197. (dontaudit init shell (process (noatsecure)))
2198. (allow init shell (process (siginh rlimitinh)))
2199. (allow init init_exec (file (read getattr map execute open)))
2200. (allow init ueventd (process (transition)))
2201. (allow ueventd init_exec (file (read getattr map execute open entrypoint)))
2202. (dontaudit init ueventd (process (noatsecure)))
2203. (allow init ueventd (process (siginh rlimitinh)))
2204. (allow init init_exec (file (read getattr map execute open)))
2205. (allow init vendor_init (process (transition)))
2206. (allow vendor_init init_exec (file (read getattr map execute open entrypoint)))
2207. (dontaudit init vendor_init (process (noatsecure)))
2208. (allow init vendor_init (process (siginh rlimitinh)))
2209. (allow init rootfs (file (read getattr map execute open)))
2210. (allow init toolbox_exec (file (read getattr map execute open)))
2211. (allow init modprobe (process (transition)))
2212. (allow modprobe rootfs (file (read getattr map execute open entrypoint)))
2213. (allow modprobe toolbox_exec (file (read getattr map execute open entrypoint)))
2214. (dontaudit init modprobe (process (noatsecure)))
2215. (allow init modprobe (process (siginh rlimitinh)))
2216. (allow init sysfs_dm (file (read)))
2217. (allow init property_socket (sock_file (write)))
2218. (allow init init (unix_stream_socket (connectto)))
2219. (allow init powerctl_prop (property_service (set)))
2220. (allow init powerctl_prop (file (read getattr map open)))
2221. (allow init property_socket (sock_file (write)))
2222. (allow init init (unix_stream_socket (connectto)))
2223. (allow init userspace_reboot_exported_prop (property_service (set)))
2224. (allow init userspace_reboot_exported_prop (file (read getattr map open)))
2225. ;;* lmx 45 system/sepolicy/private/init.te
2226.  
2227. (neverallow base_typeattr_181 userspace_reboot_exported_prop (property_service (set)))
2228. ;;* lme
2229.  
2230. (allow init self (perf_event (open cpu)))
2231. ;;* lmx 54 system/sepolicy/private/init.te
2232.  
2233. (neverallow init self (perf_event (kernel tracepoint read write)))
2234. ;;* lme
2235.  
2236. (dontaudit init self (perf_event (kernel tracepoint read write)))
2237. (allow init property_socket (sock_file (write)))
2238. (allow init init (unix_stream_socket (connectto)))
2239. (allow init init_perf_lsm_hooks_prop (property_service (set)))
2240. (allow init init_perf_lsm_hooks_prop (file (read getattr map open)))
2241. ;;* lmx 60 system/sepolicy/private/init.te
2242.  
2243. (neverallow base_typeattr_181 init_perf_lsm_hooks_prop (property_service (set)))
2244. ;;* lme
2245.  
2246. (allow init inputflinger_exec (file (read getattr map execute open)))
2247. (allow init inputflinger (process (transition)))
2248. (allow inputflinger inputflinger_exec (file (read getattr map execute open entrypoint)))
2249. (dontaudit init inputflinger (process (noatsecure)))
2250. (allow init inputflinger (process (siginh rlimitinh)))
2251. (typetransition init inputflinger_exec process inputflinger)
2252. (allow init installd_exec (file (read getattr map execute open)))
2253. (allow init installd (process (transition)))
2254. (allow installd installd_exec (file (read getattr map execute open entrypoint)))
2255. (dontaudit init installd (process (noatsecure)))
2256. (allow init installd (process (siginh rlimitinh)))
2257. (typetransition init installd_exec process installd)
2258. (allow installd migrate_legacy_obb_data_exec (file (read getattr map execute open)))
2259. (allow installd migrate_legacy_obb_data (process (transition)))
2260. (allow migrate_legacy_obb_data migrate_legacy_obb_data_exec (file (read getattr map execute open entrypoint)))
2261. (allow migrate_legacy_obb_data installd (process (sigchld)))
2262. (dontaudit installd migrate_legacy_obb_data (process (noatsecure)))
2263. (allow installd migrate_legacy_obb_data (process (siginh rlimitinh)))
2264. (typetransition installd migrate_legacy_obb_data_exec process migrate_legacy_obb_data)
2265. (allow installd shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
2266. (allow installd dex2oat_exec (file (read getattr map execute open)))
2267. (allow installd dex2oat (process (transition)))
2268. (allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
2269. (allow dex2oat installd (process (sigchld)))
2270. (dontaudit installd dex2oat (process (noatsecure)))
2271. (allow installd dex2oat (process (siginh rlimitinh)))
2272. (typetransition installd dex2oat_exec process dex2oat)
2273. (allow installd dexoptanalyzer_exec (file (read getattr map execute open)))
2274. (allow installd dexoptanalyzer (process (transition)))
2275. (allow dexoptanalyzer dexoptanalyzer_exec (file (read getattr map execute open entrypoint)))
2276. (allow dexoptanalyzer installd (process (sigchld)))
2277. (dontaudit installd dexoptanalyzer (process (noatsecure)))
2278. (allow installd dexoptanalyzer (process (siginh rlimitinh)))
2279. (typetransition installd dexoptanalyzer_exec process dexoptanalyzer)
2280. (allow installd viewcompiler_exec (file (read getattr map execute open)))
2281. (allow installd viewcompiler (process (transition)))
2282. (allow viewcompiler viewcompiler_exec (file (read getattr map execute open entrypoint)))
2283. (allow viewcompiler installd (process (sigchld)))
2284. (dontaudit installd viewcompiler (process (noatsecure)))
2285. (allow installd viewcompiler (process (siginh rlimitinh)))
2286. (typetransition installd viewcompiler_exec process viewcompiler)
2287. (allow installd profman_exec (file (read getattr map execute open)))
2288. (allow installd profman (process (transition)))
2289. (allow profman profman_exec (file (read getattr map execute open entrypoint)))
2290. (allow profman installd (process (sigchld)))
2291. (dontaudit installd profman (process (noatsecure)))
2292. (allow installd profman (process (siginh rlimitinh)))
2293. (typetransition installd profman_exec process profman)
2294. (allow installd idmap_exec (file (read getattr map execute open)))
2295. (allow installd idmap (process (transition)))
2296. (allow idmap idmap_exec (file (read getattr map execute open entrypoint)))
2297. (allow idmap installd (process (sigchld)))
2298. (dontaudit installd idmap (process (noatsecure)))
2299. (allow installd idmap (process (siginh rlimitinh)))
2300. (typetransition installd idmap_exec process idmap)
2301. (allow installd dumpstate (fd (use)))
2302. (allow installd dumpstate (fifo_file (ioctl read getattr lock map open watch watch_reads)))
2303. (allow installd app_exec_data_file (file (unlink)))
2304. (allow installd rollback_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
2305. (allow installd rollback_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
2306. (allow installd device_config_runtime_native_prop (file (read getattr map open)))
2307. (allow installd device_config_runtime_native_boot_prop (file (read getattr map open)))
2308. (allow installd apk_verity_prop (file (read getattr map open)))
2309. (allow installd staging_data_file (file (unlink)))
2310. (allow installd staging_data_file (dir (read write open remove_name search rmdir)))
2311. (allow iorap_inode2filename dalvikcache_data_file (dir (read getattr open search)))
2312. (allow iorap_inode2filename dalvikcache_data_file (file (getattr)))
2313. (allow iorap_inode2filename dex2oat_exec (lnk_file (read getattr open)))
2314. (allow iorap_inode2filename dexoptanalyzer_exec (file (getattr)))
2315. (allow iorap_inode2filename storaged_data_file (dir (read getattr open search)))
2316. (allow iorap_inode2filename storaged_data_file (file (getattr)))
2317. (allow init iorap_prefetcherd_exec (file (read getattr map execute open)))
2318. (allow init iorap_prefetcherd (process (transition)))
2319. (allow iorap_prefetcherd iorap_prefetcherd_exec (file (read getattr map execute open entrypoint)))
2320. (dontaudit init iorap_prefetcherd (process (noatsecure)))
2321. (allow init iorap_prefetcherd (process (siginh rlimitinh)))
2322. (typetransition init iorap_prefetcherd_exec process iorap_prefetcherd)
2323. (typetransition iorap_prefetcherd tmpfs file iorap_prefetcherd_tmpfs)
2324. (allow iorap_prefetcherd iorap_prefetcherd_tmpfs (file (read write getattr map)))
2325. (allow init iorapd_exec (file (read getattr map execute open)))
2326. (allow init iorapd (process (transition)))
2327. (allow iorapd iorapd_exec (file (read getattr map execute open entrypoint)))
2328. (dontaudit init iorapd (process (noatsecure)))
2329. (allow init iorapd (process (siginh rlimitinh)))
2330. (typetransition init iorapd_exec process iorapd)
2331. (typetransition iorapd tmpfs file iorapd_tmpfs)
2332. (allow iorapd iorapd_tmpfs (file (read write getattr map)))
2333. (allow iorapd iorap_prefetcherd_exec (file (read getattr map execute open)))
2334. (allow iorapd iorap_prefetcherd (process (transition)))
2335. (allow iorap_prefetcherd iorap_prefetcherd_exec (file (read getattr map execute open entrypoint)))
2336. (allow iorap_prefetcherd iorapd (process (sigchld)))
2337. (dontaudit iorapd iorap_prefetcherd (process (noatsecure)))
2338. (allow iorapd iorap_prefetcherd (process (siginh rlimitinh)))
2339. (typetransition iorapd iorap_prefetcherd_exec process iorap_prefetcherd)
2340. (allow iorapd iorap_inode2filename_exec (file (read getattr map execute open)))
2341. (allow iorapd iorap_inode2filename (process (transition)))
2342. (allow iorap_inode2filename iorap_inode2filename_exec (file (read getattr map execute open entrypoint)))
2343. (allow iorap_inode2filename iorapd (process (sigchld)))
2344. (dontaudit iorapd iorap_inode2filename (process (noatsecure)))
2345. (allow iorapd iorap_inode2filename (process (siginh rlimitinh)))
2346. (typetransition iorapd iorap_inode2filename_exec process iorap_inode2filename)
2347. (allow iorapd device_config_runtime_native_boot_prop (file (read getattr map open)))
2348. (typetransition isolated_app tmpfs file appdomain_tmpfs)
2349. (allow isolated_app appdomain_tmpfs (file (read write getattr map execute)))
2350. ;;* lmx 11 system/sepolicy/private/isolated_app.te
2351.  
2352. (neverallow base_typeattr_632 base_typeattr_556 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2353. ;;* lme
2354.  
2355. ;;* lmx 11 system/sepolicy/private/isolated_app.te
2356.  
2357. (neverallow base_typeattr_633 isolated_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2358. ;;* lme
2359.  
2360. ;;* lmx 11 system/sepolicy/private/isolated_app.te
2361.  
2362. (neverallow base_typeattr_634 isolated_app (process (ptrace)))
2363. ;;* lme
2364.  
2365. (allow isolated_app app_data_file (file (read write getattr lock append map)))
2366. (allow isolated_app privapp_data_file (file (read write getattr lock append map)))
2367. (allow isolated_app untrusted_app_all (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2368. (allow isolated_app untrusted_app_all (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2369. (allow isolated_app ephemeral_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2370. (allow isolated_app ephemeral_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2371. (allow isolated_app priv_app (tcp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2372. (allow isolated_app priv_app (udp_socket (read write getattr setattr lock append map bind connect getopt setopt shutdown)))
2373. (allow isolated_app activity_service (service_manager (find)))
2374. (allow isolated_app display_service (service_manager (find)))
2375. (allow isolated_app webviewupdate_service (service_manager (find)))
2376. (allow isolated_app self (process (ptrace)))
2377. (allow isolated_app sdcard_type (file (read write getattr lock append map)))
2378. (allow isolated_app media_rw_data_file (file (read write getattr lock append map)))
2379. (allow isolated_app webview_zygote (fd (use)))
2380. (allow isolated_app webview_zygote (process (sigchld)))
2381. (allow isolated_app webview_zygote (unix_dgram_socket (write)))
2382. (allow isolated_app webview_zygote_tmpfs (file (read)))
2383. (allow isolated_app app_zygote (fd (use)))
2384. (allow isolated_app app_zygote (process (sigchld)))
2385. (allow isolated_app app_zygote (unix_dgram_socket (write)))
2386. (dontaudit isolated_app shell_data_file (dir (search)))
2387. (allow isolated_app traced (fd (use)))
2388. (allow isolated_app traced_tmpfs (file (read write getattr map)))
2389. (allow isolated_app traced_producer_socket (sock_file (write)))
2390. (allow isolated_app traced (unix_stream_socket (connectto)))
2391. (allow traced isolated_app (fd (use)))
2392. (allow heapprofd isolated_app (process (signal)))
2393. (allow isolated_app heapprofd_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
2394. (allow heapprofd isolated_app (file (ioctl read getattr lock map open watch watch_reads)))
2395. (allow heapprofd isolated_app (dir (ioctl read getattr lock open watch watch_reads search)))
2396. (allow traced_perf isolated_app (file (ioctl read getattr lock map open watch watch_reads)))
2397. (allow traced_perf isolated_app (dir (ioctl read getattr lock open watch watch_reads search)))
2398. (allow traced_perf isolated_app (process (signal)))
2399. (allow isolated_app traced_perf_socket (sock_file (write)))
2400. (allow isolated_app traced_perf (unix_stream_socket (connectto)))
2401. (allow traced_perf isolated_app (fd (use)))
2402. ;;* lmx 75 system/sepolicy/private/isolated_app.te
2403.  
2404. (neverallow isolated_app app_data_file (file (open)))
2405. (neverallow isolated_app privapp_data_file (file (open)))
2406. ;;* lme
2407.  
2408. ;;* lmx 80 system/sepolicy/private/isolated_app.te
2409.  
2410. (neverallow isolated_app anr_data_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto map unlink link rename execute quotaon mounton audit_access execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2411. ;;* lme
2412.  
2413. ;;* lmx 81 system/sepolicy/private/isolated_app.te
2414.  
2415. (neverallow isolated_app anr_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
2416. ;;* lme
2417.  
2418. ;;* lmx 84 system/sepolicy/private/isolated_app.te
2419.  
2420. (neverallow isolated_app hwbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2421. ;;* lme
2422.  
2423. ;;* lmx 85 system/sepolicy/private/isolated_app.te
2424.  
2425. (neverallow isolated_app base_typeattr_182 (hwservice_manager (add find list)))
2426. ;;* lme
2427.  
2428. ;;* lmx 88 system/sepolicy/private/isolated_app.te
2429.  
2430. (neverallow isolated_app vndbinder_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2431. ;;* lme
2432.  
2433. ;;* lmx 92 system/sepolicy/private/isolated_app.te
2434.  
2435. (neverallow isolated_app base_typeattr_182 (service_manager (add list)))
2436. ;;* lme
2437.  
2438. ;;* lmx 102 system/sepolicy/private/isolated_app.te
2439.  
2440. (neverallow isolated_app base_typeattr_635 (service_manager (find)))
2441. ;;* lme
2442.  
2443. ;;* lmx 105 system/sepolicy/private/isolated_app.te
2444.  
2445. (neverallow isolated_app gpu_device (chr_file (ioctl read write getattr lock append map execute open watch watch_reads)))
2446. ;;* lme
2447.  
2448. ;;* lmx 108 system/sepolicy/private/isolated_app.te
2449.  
2450. (neverallow isolated_app cache_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
2451. ;;* lme
2452.  
2453. ;;* lmx 109 system/sepolicy/private/isolated_app.te
2454.  
2455. (neverallow isolated_app cache_file (file (ioctl write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2456. ;;* lme
2457.  
2458. ;;* lmx 113 system/sepolicy/private/isolated_app.te
2459.  
2460. (neverallow isolated_app sdcard_type (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
2461. (neverallow isolated_app mnt_user_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
2462. (neverallow isolated_app storage_file (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
2463. ;;* lme
2464.  
2465. ;;* lmx 114 system/sepolicy/private/isolated_app.te
2466.  
2467. (neverallow isolated_app mnt_user_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2468. (neverallow isolated_app mnt_user_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2469. (neverallow isolated_app mnt_user_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2470. (neverallow isolated_app mnt_user_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2471. (neverallow isolated_app mnt_user_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2472. (neverallow isolated_app mnt_user_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2473. (neverallow isolated_app storage_file (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2474. (neverallow isolated_app storage_file (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2475. (neverallow isolated_app storage_file (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2476. (neverallow isolated_app storage_file (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2477. (neverallow isolated_app storage_file (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2478. (neverallow isolated_app storage_file (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2479. ;;* lme
2480.  
2481. ;;* lmx 115 system/sepolicy/private/isolated_app.te
2482.  
2483. (neverallow isolated_app sdcard_type (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2484. (neverallow isolated_app sdcard_type (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2485. (neverallow isolated_app sdcard_type (blk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2486. (neverallow isolated_app sdcard_type (sock_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2487. (neverallow isolated_app sdcard_type (fifo_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
2488. ;;* lme
2489.  
2490. ;;* lmx 116 system/sepolicy/private/isolated_app.te
2491.  
2492. (neverallow isolated_app sdcard_type (file (ioctl create setattr relabelfrom relabelto unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2493. ;;* lme
2494.  
2495. ;;* lmx 119 system/sepolicy/private/isolated_app.te
2496.  
2497. (neverallow isolated_app usbaccessory_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2498. (neverallow isolated_app usb_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
2499. ;;* lme
2500.  
2501. ;;* lmx 122 system/sepolicy/private/isolated_app.te
2502.  
2503. (neverallow isolated_app webview_zygote (sock_file (write)))
2504. ;;* lme
2505.  
2506. ;;* lmx 131 system/sepolicy/private/isolated_app.te
2507.  
2508. (neverallow isolated_app base_typeattr_636 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2509. ;;* lme
2510.  
2511. ;;* lmx 152 system/sepolicy/private/isolated_app.te
2512.  
2513. (neverallow isolated_app untrusted_app_all (socket (create)))
2514. (neverallow isolated_app untrusted_app_all (tcp_socket (create)))
2515. (neverallow isolated_app untrusted_app_all (udp_socket (create)))
2516. (neverallow isolated_app untrusted_app_all (rawip_socket (create)))
2517. (neverallow isolated_app untrusted_app_all (netlink_socket (create)))
2518. (neverallow isolated_app untrusted_app_all (packet_socket (create)))
2519. (neverallow isolated_app untrusted_app_all (key_socket (create)))
2520. (neverallow isolated_app untrusted_app_all (netlink_route_socket (create)))
2521. (neverallow isolated_app untrusted_app_all (netlink_tcpdiag_socket (create)))
2522. (neverallow isolated_app untrusted_app_all (netlink_nflog_socket (create)))
2523. (neverallow isolated_app untrusted_app_all (netlink_xfrm_socket (create)))
2524. (neverallow isolated_app untrusted_app_all (netlink_selinux_socket (create)))
2525. (neverallow isolated_app untrusted_app_all (netlink_audit_socket (create)))
2526. (neverallow isolated_app untrusted_app_all (netlink_dnrt_socket (create)))
2527. (neverallow isolated_app untrusted_app_all (netlink_kobject_uevent_socket (create)))
2528. (neverallow isolated_app untrusted_app_all (appletalk_socket (create)))
2529. (neverallow isolated_app untrusted_app_all (tun_socket (create)))
2530. (neverallow isolated_app untrusted_app_all (netlink_iscsi_socket (create)))
2531. (neverallow isolated_app untrusted_app_all (netlink_fib_lookup_socket (create)))
2532. (neverallow isolated_app untrusted_app_all (netlink_connector_socket (create)))
2533. (neverallow isolated_app untrusted_app_all (netlink_netfilter_socket (create)))
2534. (neverallow isolated_app untrusted_app_all (netlink_generic_socket (create)))
2535. (neverallow isolated_app untrusted_app_all (netlink_scsitransport_socket (create)))
2536. (neverallow isolated_app untrusted_app_all (netlink_rdma_socket (create)))
2537. (neverallow isolated_app untrusted_app_all (netlink_crypto_socket (create)))
2538. (neverallow isolated_app untrusted_app_all (sctp_socket (create)))
2539. (neverallow isolated_app untrusted_app_all (icmp_socket (create)))
2540. (neverallow isolated_app untrusted_app_all (ax25_socket (create)))
2541. (neverallow isolated_app untrusted_app_all (ipx_socket (create)))
2542. (neverallow isolated_app untrusted_app_all (netrom_socket (create)))
2543. (neverallow isolated_app untrusted_app_all (atmpvc_socket (create)))
2544. (neverallow isolated_app untrusted_app_all (x25_socket (create)))
2545. (neverallow isolated_app untrusted_app_all (rose_socket (create)))
2546. (neverallow isolated_app untrusted_app_all (decnet_socket (create)))
2547. (neverallow isolated_app untrusted_app_all (atmsvc_socket (create)))
2548. (neverallow isolated_app untrusted_app_all (rds_socket (create)))
2549. (neverallow isolated_app untrusted_app_all (irda_socket (create)))
2550. (neverallow isolated_app untrusted_app_all (pppox_socket (create)))
2551. (neverallow isolated_app untrusted_app_all (llc_socket (create)))
2552. (neverallow isolated_app untrusted_app_all (can_socket (create)))
2553. (neverallow isolated_app untrusted_app_all (tipc_socket (create)))
2554. (neverallow isolated_app untrusted_app_all (bluetooth_socket (create)))
2555. (neverallow isolated_app untrusted_app_all (iucv_socket (create)))
2556. (neverallow isolated_app untrusted_app_all (rxrpc_socket (create)))
2557. (neverallow isolated_app untrusted_app_all (isdn_socket (create)))
2558. (neverallow isolated_app untrusted_app_all (phonet_socket (create)))
2559. (neverallow isolated_app untrusted_app_all (ieee802154_socket (create)))
2560. (neverallow isolated_app untrusted_app_all (caif_socket (create)))
2561. (neverallow isolated_app untrusted_app_all (alg_socket (create)))
2562. (neverallow isolated_app untrusted_app_all (nfc_socket (create)))
2563. (neverallow isolated_app untrusted_app_all (vsock_socket (create)))
2564. (neverallow isolated_app untrusted_app_all (kcm_socket (create)))
2565. (neverallow isolated_app untrusted_app_all (qipcrtr_socket (create)))
2566. (neverallow isolated_app untrusted_app_all (smc_socket (create)))
2567. (neverallow isolated_app untrusted_app_all (xdp_socket (create)))
2568. (neverallow isolated_app ephemeral_app (socket (create)))
2569. (neverallow isolated_app ephemeral_app (tcp_socket (create)))
2570. (neverallow isolated_app ephemeral_app (udp_socket (create)))
2571. (neverallow isolated_app ephemeral_app (rawip_socket (create)))
2572. (neverallow isolated_app ephemeral_app (netlink_socket (create)))
2573. (neverallow isolated_app ephemeral_app (packet_socket (create)))
2574. (neverallow isolated_app ephemeral_app (key_socket (create)))
2575. (neverallow isolated_app ephemeral_app (netlink_route_socket (create)))
2576. (neverallow isolated_app ephemeral_app (netlink_tcpdiag_socket (create)))
2577. (neverallow isolated_app ephemeral_app (netlink_nflog_socket (create)))
2578. (neverallow isolated_app ephemeral_app (netlink_xfrm_socket (create)))
2579. (neverallow isolated_app ephemeral_app (netlink_selinux_socket (create)))
2580. (neverallow isolated_app ephemeral_app (netlink_audit_socket (create)))
2581. (neverallow isolated_app ephemeral_app (netlink_dnrt_socket (create)))
2582. (neverallow isolated_app ephemeral_app (netlink_kobject_uevent_socket (create)))
2583. (neverallow isolated_app ephemeral_app (appletalk_socket (create)))
2584. (neverallow isolated_app ephemeral_app (tun_socket (create)))
2585. (neverallow isolated_app ephemeral_app (netlink_iscsi_socket (create)))
2586. (neverallow isolated_app ephemeral_app (netlink_fib_lookup_socket (create)))
2587. (neverallow isolated_app ephemeral_app (netlink_connector_socket (create)))
2588. (neverallow isolated_app ephemeral_app (netlink_netfilter_socket (create)))
2589. (neverallow isolated_app ephemeral_app (netlink_generic_socket (create)))
2590. (neverallow isolated_app ephemeral_app (netlink_scsitransport_socket (create)))
2591. (neverallow isolated_app ephemeral_app (netlink_rdma_socket (create)))
2592. (neverallow isolated_app ephemeral_app (netlink_crypto_socket (create)))
2593. (neverallow isolated_app ephemeral_app (sctp_socket (create)))
2594. (neverallow isolated_app ephemeral_app (icmp_socket (create)))
2595. (neverallow isolated_app ephemeral_app (ax25_socket (create)))
2596. (neverallow isolated_app ephemeral_app (ipx_socket (create)))
2597. (neverallow isolated_app ephemeral_app (netrom_socket (create)))
2598. (neverallow isolated_app ephemeral_app (atmpvc_socket (create)))
2599. (neverallow isolated_app ephemeral_app (x25_socket (create)))
2600. (neverallow isolated_app ephemeral_app (rose_socket (create)))
2601. (neverallow isolated_app ephemeral_app (decnet_socket (create)))
2602. (neverallow isolated_app ephemeral_app (atmsvc_socket (create)))
2603. (neverallow isolated_app ephemeral_app (rds_socket (create)))
2604. (neverallow isolated_app ephemeral_app (irda_socket (create)))
2605. (neverallow isolated_app ephemeral_app (pppox_socket (create)))
2606. (neverallow isolated_app ephemeral_app (llc_socket (create)))
2607. (neverallow isolated_app ephemeral_app (can_socket (create)))
2608. (neverallow isolated_app ephemeral_app (tipc_socket (create)))
2609. (neverallow isolated_app ephemeral_app (bluetooth_socket (create)))
2610. (neverallow isolated_app ephemeral_app (iucv_socket (create)))
2611. (neverallow isolated_app ephemeral_app (rxrpc_socket (create)))
2612. (neverallow isolated_app ephemeral_app (isdn_socket (create)))
2613. (neverallow isolated_app ephemeral_app (phonet_socket (create)))
2614. (neverallow isolated_app ephemeral_app (ieee802154_socket (create)))
2615. (neverallow isolated_app ephemeral_app (caif_socket (create)))
2616. (neverallow isolated_app ephemeral_app (alg_socket (create)))
2617. (neverallow isolated_app ephemeral_app (nfc_socket (create)))
2618. (neverallow isolated_app ephemeral_app (vsock_socket (create)))
2619. (neverallow isolated_app ephemeral_app (kcm_socket (create)))
2620. (neverallow isolated_app ephemeral_app (qipcrtr_socket (create)))
2621. (neverallow isolated_app ephemeral_app (smc_socket (create)))
2622. (neverallow isolated_app ephemeral_app (xdp_socket (create)))
2623. (neverallow isolated_app priv_app (socket (create)))
2624. (neverallow isolated_app priv_app (tcp_socket (create)))
2625. (neverallow isolated_app priv_app (udp_socket (create)))
2626. (neverallow isolated_app priv_app (rawip_socket (create)))
2627. (neverallow isolated_app priv_app (netlink_socket (create)))
2628. (neverallow isolated_app priv_app (packet_socket (create)))
2629. (neverallow isolated_app priv_app (key_socket (create)))
2630. (neverallow isolated_app priv_app (netlink_route_socket (create)))
2631. (neverallow isolated_app priv_app (netlink_tcpdiag_socket (create)))
2632. (neverallow isolated_app priv_app (netlink_nflog_socket (create)))
2633. (neverallow isolated_app priv_app (netlink_xfrm_socket (create)))
2634. (neverallow isolated_app priv_app (netlink_selinux_socket (create)))
2635. (neverallow isolated_app priv_app (netlink_audit_socket (create)))
2636. (neverallow isolated_app priv_app (netlink_dnrt_socket (create)))
2637. (neverallow isolated_app priv_app (netlink_kobject_uevent_socket (create)))
2638. (neverallow isolated_app priv_app (appletalk_socket (create)))
2639. (neverallow isolated_app priv_app (tun_socket (create)))
2640. (neverallow isolated_app priv_app (netlink_iscsi_socket (create)))
2641. (neverallow isolated_app priv_app (netlink_fib_lookup_socket (create)))
2642. (neverallow isolated_app priv_app (netlink_connector_socket (create)))
2643. (neverallow isolated_app priv_app (netlink_netfilter_socket (create)))
2644. (neverallow isolated_app priv_app (netlink_generic_socket (create)))
2645. (neverallow isolated_app priv_app (netlink_scsitransport_socket (create)))
2646. (neverallow isolated_app priv_app (netlink_rdma_socket (create)))
2647. (neverallow isolated_app priv_app (netlink_crypto_socket (create)))
2648. (neverallow isolated_app priv_app (sctp_socket (create)))
2649. (neverallow isolated_app priv_app (icmp_socket (create)))
2650. (neverallow isolated_app priv_app (ax25_socket (create)))
2651. (neverallow isolated_app priv_app (ipx_socket (create)))
2652. (neverallow isolated_app priv_app (netrom_socket (create)))
2653. (neverallow isolated_app priv_app (atmpvc_socket (create)))
2654. (neverallow isolated_app priv_app (x25_socket (create)))
2655. (neverallow isolated_app priv_app (rose_socket (create)))
2656. (neverallow isolated_app priv_app (decnet_socket (create)))
2657. (neverallow isolated_app priv_app (atmsvc_socket (create)))
2658. (neverallow isolated_app priv_app (rds_socket (create)))
2659. (neverallow isolated_app priv_app (irda_socket (create)))
2660. (neverallow isolated_app priv_app (pppox_socket (create)))
2661. (neverallow isolated_app priv_app (llc_socket (create)))
2662. (neverallow isolated_app priv_app (can_socket (create)))
2663. (neverallow isolated_app priv_app (tipc_socket (create)))
2664. (neverallow isolated_app priv_app (bluetooth_socket (create)))
2665. (neverallow isolated_app priv_app (iucv_socket (create)))
2666. (neverallow isolated_app priv_app (rxrpc_socket (create)))
2667. (neverallow isolated_app priv_app (isdn_socket (create)))
2668. (neverallow isolated_app priv_app (phonet_socket (create)))
2669. (neverallow isolated_app priv_app (ieee802154_socket (create)))
2670. (neverallow isolated_app priv_app (caif_socket (create)))
2671. (neverallow isolated_app priv_app (alg_socket (create)))
2672. (neverallow isolated_app priv_app (nfc_socket (create)))
2673. (neverallow isolated_app priv_app (vsock_socket (create)))
2674. (neverallow isolated_app priv_app (kcm_socket (create)))
2675. (neverallow isolated_app priv_app (qipcrtr_socket (create)))
2676. (neverallow isolated_app priv_app (smc_socket (create)))
2677. (neverallow isolated_app priv_app (xdp_socket (create)))
2678. (neverallow isolated_app self (socket (create)))
2679. (neverallow isolated_app self (tcp_socket (create)))
2680. (neverallow isolated_app self (udp_socket (create)))
2681. (neverallow isolated_app self (rawip_socket (create)))
2682. (neverallow isolated_app self (netlink_socket (create)))
2683. (neverallow isolated_app self (packet_socket (create)))
2684. (neverallow isolated_app self (key_socket (create)))
2685. (neverallow isolated_app self (netlink_route_socket (create)))
2686. (neverallow isolated_app self (netlink_tcpdiag_socket (create)))
2687. (neverallow isolated_app self (netlink_nflog_socket (create)))
2688. (neverallow isolated_app self (netlink_xfrm_socket (create)))
2689. (neverallow isolated_app self (netlink_selinux_socket (create)))
2690. (neverallow isolated_app self (netlink_audit_socket (create)))
2691. (neverallow isolated_app self (netlink_dnrt_socket (create)))
2692. (neverallow isolated_app self (netlink_kobject_uevent_socket (create)))
2693. (neverallow isolated_app self (appletalk_socket (create)))
2694. (neverallow isolated_app self (tun_socket (create)))
2695. (neverallow isolated_app self (netlink_iscsi_socket (create)))
2696. (neverallow isolated_app self (netlink_fib_lookup_socket (create)))
2697. (neverallow isolated_app self (netlink_connector_socket (create)))
2698. (neverallow isolated_app self (netlink_netfilter_socket (create)))
2699. (neverallow isolated_app self (netlink_generic_socket (create)))
2700. (neverallow isolated_app self (netlink_scsitransport_socket (create)))
2701. (neverallow isolated_app self (netlink_rdma_socket (create)))
2702. (neverallow isolated_app self (netlink_crypto_socket (create)))
2703. (neverallow isolated_app self (sctp_socket (create)))
2704. (neverallow isolated_app self (icmp_socket (create)))
2705. (neverallow isolated_app self (ax25_socket (create)))
2706. (neverallow isolated_app self (ipx_socket (create)))
2707. (neverallow isolated_app self (netrom_socket (create)))
2708. (neverallow isolated_app self (atmpvc_socket (create)))
2709. (neverallow isolated_app self (x25_socket (create)))
2710. (neverallow isolated_app self (rose_socket (create)))
2711. (neverallow isolated_app self (decnet_socket (create)))
2712. (neverallow isolated_app self (atmsvc_socket (create)))
2713. (neverallow isolated_app self (rds_socket (create)))
2714. (neverallow isolated_app self (irda_socket (create)))
2715. (neverallow isolated_app self (pppox_socket (create)))
2716. (neverallow isolated_app self (llc_socket (create)))
2717. (neverallow isolated_app self (can_socket (create)))
2718. (neverallow isolated_app self (tipc_socket (create)))
2719. (neverallow isolated_app self (bluetooth_socket (create)))
2720. (neverallow isolated_app self (iucv_socket (create)))
2721. (neverallow isolated_app self (rxrpc_socket (create)))
2722. (neverallow isolated_app self (isdn_socket (create)))
2723. (neverallow isolated_app self (phonet_socket (create)))
2724. (neverallow isolated_app self (ieee802154_socket (create)))
2725. (neverallow isolated_app self (caif_socket (create)))
2726. (neverallow isolated_app self (alg_socket (create)))
2727. (neverallow isolated_app self (nfc_socket (create)))
2728. (neverallow isolated_app self (vsock_socket (create)))
2729. (neverallow isolated_app self (kcm_socket (create)))
2730. (neverallow isolated_app self (qipcrtr_socket (create)))
2731. (neverallow isolated_app self (smc_socket (create)))
2732. (neverallow isolated_app self (xdp_socket (create)))
2733. ;;* lme
2734.  
2735. (allow init iw_exec (file (read getattr map execute open)))
2736. (allow init iw (process (transition)))
2737. (allow iw iw_exec (file (read getattr map execute open entrypoint)))
2738. (dontaudit init iw (process (noatsecure)))
2739. (allow init iw (process (siginh rlimitinh)))
2740. (typetransition init iw_exec process iw)
2741. (allow kernel init_exec (file (read getattr map execute open)))
2742. (allow kernel init (process (transition)))
2743. (allow init init_exec (file (read getattr map execute open entrypoint)))
2744. (allow init kernel (process (sigchld)))
2745. (dontaudit kernel init (process (noatsecure)))
2746. (allow kernel init (process (siginh rlimitinh)))
2747. (typetransition kernel init_exec process init)
2748. (allow kernel otapreopt_chroot (fd (use)))
2749. (allow kernel postinstall_file (file (read)))
2750. (allow init keystore_exec (file (read getattr map execute open)))
2751. (allow init keystore (process (transition)))
2752. (allow keystore keystore_exec (file (read getattr map execute open entrypoint)))
2753. (dontaudit init keystore (process (noatsecure)))
2754. (allow init keystore (process (siginh rlimitinh)))
2755. (typetransition init keystore_exec process keystore)
2756. (allow keystore platform_app (binder (call)))
2757. (allow keystore device_logging_prop (file (read getattr map open)))
2758. (allow keystore statsdw_socket (sock_file (write)))
2759. (allow keystore statsd (unix_dgram_socket (sendto)))
2760. (allow init linkerconfig_exec (file (read getattr map execute open)))
2761. (allow init linkerconfig (process (transition)))
2762. (allow linkerconfig linkerconfig_exec (file (read getattr map execute open entrypoint)))
2763. (dontaudit init linkerconfig (process (noatsecure)))
2764. (allow init linkerconfig (process (siginh rlimitinh)))
2765. (typetransition init linkerconfig_exec process linkerconfig)
2766. (allow linkerconfig linkerconfig_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
2767. (allow linkerconfig linkerconfig_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
2768. (allow linkerconfig kmsg_device (chr_file (write lock append map open)))
2769. (allow linkerconfig devpts (chr_file (read write)))
2770. (allow linkerconfig apex_mnt_dir (dir (ioctl read getattr lock open watch watch_reads search)))
2771. ;;* lmx 19 system/sepolicy/private/linkerconfig.te
2772.  
2773. (neverallow base_typeattr_637 linkerconfig_exec (file (execute execute_no_trans)))
2774. ;;* lme
2775.  
2776. (allow init llkd_exec (file (read getattr map execute open)))
2777. (allow init llkd (process (transition)))
2778. (allow llkd llkd_exec (file (read getattr map execute open entrypoint)))
2779. (dontaudit init llkd (process (noatsecure)))
2780. (allow init llkd (process (siginh rlimitinh)))
2781. (typetransition init llkd_exec process llkd)
2782. (allow llkd llkd_prop (file (read getattr map open)))
2783. (allow llkd self (capability (kill)))
2784. (allow llkd self (cap_userns (kill)))
2785. (allow llkd self (capability (ipc_lock)))
2786. (allow llkd self (cap_userns (ipc_lock)))
2787. (allow llkd domain (process (sigkill)))
2788. (allow llkd domain (dir (ioctl read getattr lock open watch watch_reads search)))
2789. (allow llkd domain (file (ioctl read getattr lock map open watch watch_reads)))
2790. (allow llkd domain (lnk_file (read)))
2791. (allow llkd proc_hung_task (file (ioctl read write getattr lock append map open watch watch_reads)))
2792. (allow llkd proc_sysrq (file (write lock append map open)))
2793. (allow llkd kmsg_device (chr_file (write lock append map open)))
2794. ;;* lmx 49 system/sepolicy/private/llkd.te
2795.  
2796. (neverallow base_typeattr_181 llkd (process (transition dyntransition)))
2797. ;;* lme
2798.  
2799. ;;* lmx 50 system/sepolicy/private/llkd.te
2800.  
2801. (neverallow domain llkd (process (ptrace)))
2802. ;;* lme
2803.  
2804. ;;* lmx 53 system/sepolicy/private/llkd.te
2805.  
2806. (neverallow base_typeattr_182 llkd (process (noatsecure)))
2807. ;;* lme
2808.  
2809. (allow init lmkd_exec (file (read getattr map execute open)))
2810. (allow init lmkd (process (transition)))
2811. (allow lmkd lmkd_exec (file (read getattr map execute open entrypoint)))
2812. (dontaudit init lmkd (process (noatsecure)))
2813. (allow init lmkd (process (siginh rlimitinh)))
2814. (typetransition init lmkd_exec process lmkd)
2815. (allow lmkd property_socket (sock_file (write)))
2816. (allow lmkd init (unix_stream_socket (connectto)))
2817. (allow lmkd lmkd_prop (property_service (set)))
2818. (allow lmkd lmkd_prop (file (read getattr map open)))
2819. ;;* lmx 8 system/sepolicy/private/lmkd.te
2820.  
2821. (neverallow base_typeattr_638 lmkd_prop (property_service (set)))
2822. ;;* lme
2823.  
2824. (allow init logd_exec (file (read getattr map execute open)))
2825. (allow init logd (process (transition)))
2826. (allow logd logd_exec (file (read getattr map execute open entrypoint)))
2827. (dontaudit init logd (process (noatsecure)))
2828. (allow init logd (process (siginh rlimitinh)))
2829. (typetransition init logd_exec process logd)
2830. ;;* lmx 12 system/sepolicy/private/logd.te
2831.  
2832. (neverallow logd base_typeattr_639 (file (write create append)))
2833. ;;* lme
2834.  
2835. ;;* lmx 27 system/sepolicy/private/logd.te
2836.  
2837. (neverallow base_typeattr_640 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2838. ;;* lme
2839.  
2840. ;;* lmx 38 system/sepolicy/private/logd.te
2841.  
2842. (neverallow base_typeattr_641 runtime_event_log_tags_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2843. ;;* lme
2844.  
2845. ;;* lmx 26 system/sepolicy/private/logpersist.te
2846.  
2847. (neverallow logpersist file_type (file (write create append)))
2848. ;;* lme
2849.  
2850. ;;* lmx 27 system/sepolicy/private/logpersist.te
2851.  
2852. (neverallow base_typeattr_642 misc_logd_file (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2853. ;;* lme
2854.  
2855. ;;* lmx 28 system/sepolicy/private/logpersist.te
2856.  
2857. (neverallow base_typeattr_181 misc_logd_file (file (write create setattr relabelfrom append unlink link rename)))
2858. ;;* lme
2859.  
2860. ;;* lmx 29 system/sepolicy/private/logpersist.te
2861.  
2862. (neverallow base_typeattr_181 misc_logd_file (dir (write relabelfrom link rename add_name remove_name reparent rmdir)))
2863. ;;* lme
2864.  
2865. (allow init lpdumpd_exec (file (read getattr map execute open)))
2866. (allow init lpdumpd (process (transition)))
2867. (allow lpdumpd lpdumpd_exec (file (read getattr map execute open entrypoint)))
2868. (dontaudit init lpdumpd (process (noatsecure)))
2869. (allow init lpdumpd (process (siginh rlimitinh)))
2870. (typetransition init lpdumpd_exec process lpdumpd)
2871. (allow lpdumpd servicemanager (binder (call transfer)))
2872. (allow servicemanager lpdumpd (binder (call transfer)))
2873. (allow servicemanager lpdumpd (dir (search)))
2874. (allow servicemanager lpdumpd (file (read open)))
2875. (allow servicemanager lpdumpd (process (getattr)))
2876. (allow lpdumpd lpdump_service (service_manager (add find)))
2877. ;;* lmx 8 system/sepolicy/private/lpdumpd.te
2878.  
2879. (neverallow base_typeattr_643 lpdump_service (service_manager (add)))
2880. ;;* lme
2881.  
2882. (allow lpdumpd block_device (dir (ioctl read getattr lock open watch watch_reads search)))
2883. (allow lpdumpd super_block_device_type (blk_file (ioctl read getattr lock map open watch watch_reads)))
2884. (allow lpdumpd sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
2885. (allow lpdumpd sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
2886. (dontaudit lpdumpd metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
2887. (dontaudit lpdumpd metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
2888. (dontaudit lpdumpd gsi_metadata_file (dir (ioctl read getattr lock open watch watch_reads search)))
2889. (dontaudit lpdumpd gsi_metadata_file (file (ioctl read getattr lock map open watch watch_reads)))
2890. ;;* lmx 34 system/sepolicy/private/lpdumpd.te
2891.  
2892. (neverallow base_typeattr_644 lpdump_service (service_manager (find)))
2893. ;;* lme
2894.  
2895. ;;* lmx 42 system/sepolicy/private/lpdumpd.te
2896.  
2897. (neverallow base_typeattr_645 lpdumpd (binder (call)))
2898. ;;* lme
2899.  
2900. (allow init mdnsd_exec (file (read getattr map execute open)))
2901. (allow init mdnsd (process (transition)))
2902. (allow mdnsd mdnsd_exec (file (read getattr map execute open entrypoint)))
2903. (dontaudit init mdnsd (process (noatsecure)))
2904. (allow init mdnsd (process (siginh rlimitinh)))
2905. (typetransition init mdnsd_exec process mdnsd)
2906. (allow mdnsd proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
2907. (allow mdnsd proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
2908. (allow mdnsd proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
2909. (allow init mediadrmserver_exec (file (read getattr map execute open)))
2910. (allow init mediadrmserver (process (transition)))
2911. (allow mediadrmserver mediadrmserver_exec (file (read getattr map execute open entrypoint)))
2912. (dontaudit init mediadrmserver (process (noatsecure)))
2913. (allow init mediadrmserver (process (siginh rlimitinh)))
2914. (typetransition init mediadrmserver_exec process mediadrmserver)
2915. (auditallow mediadrmserver hal_graphics_allocator_server (binder (call)))
2916. (allow init mediaextractor_exec (file (read getattr map execute open)))
2917. (allow init mediaextractor (process (transition)))
2918. (allow mediaextractor mediaextractor_exec (file (read getattr map execute open entrypoint)))
2919. (dontaudit init mediaextractor (process (noatsecure)))
2920. (allow init mediaextractor (process (siginh rlimitinh)))
2921. (typetransition init mediaextractor_exec process mediaextractor)
2922. (typetransition mediaextractor tmpfs file mediaextractor_tmpfs)
2923. (allow mediaextractor mediaextractor_tmpfs (file (read write getattr map)))
2924. (allow mediaextractor appdomain_tmpfs (file (read write getattr map)))
2925. (allow mediaextractor mediaserver_tmpfs (file (read write getattr map)))
2926. (allow mediaextractor system_server_tmpfs (file (read write getattr map)))
2927. (allow init mediametrics_exec (file (read getattr map execute open)))
2928. (allow init mediametrics (process (transition)))
2929. (allow mediametrics mediametrics_exec (file (read getattr map execute open entrypoint)))
2930. (dontaudit init mediametrics (process (noatsecure)))
2931. (allow init mediametrics (process (siginh rlimitinh)))
2932. (typetransition init mediametrics_exec process mediametrics)
2933. (typetransition mediaprovider tmpfs file appdomain_tmpfs)
2934. (allow mediaprovider appdomain_tmpfs (file (read write getattr map execute)))
2935. ;;* lmx 7 system/sepolicy/private/mediaprovider.te
2936.  
2937. (neverallow base_typeattr_646 base_typeattr_647 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2938. ;;* lme
2939.  
2940. ;;* lmx 7 system/sepolicy/private/mediaprovider.te
2941.  
2942. (neverallow base_typeattr_648 mediaprovider (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2943. ;;* lme
2944.  
2945. ;;* lmx 7 system/sepolicy/private/mediaprovider.te
2946.  
2947. (neverallow base_typeattr_649 mediaprovider (process (ptrace)))
2948. ;;* lme
2949.  
2950. (allow mediaprovider cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
2951. (allow mediaprovider cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
2952. (allow mediaprovider cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
2953. (dontaudit mediaprovider cache_private_backup_file (dir (getattr)))
2954. (dontaudit mediaprovider cache_recovery_file (dir (getattr)))
2955. (allow mediaprovider mnt_media_rw_file (dir (search)))
2956. (allow mediaprovider app_api_service (service_manager (find)))
2957. (allow mediaprovider audioserver_service (service_manager (find)))
2958. (allow mediaprovider drmserver_service (service_manager (find)))
2959. (allow mediaprovider mediaextractor_service (service_manager (find)))
2960. (allow mediaprovider mediaserver_service (service_manager (find)))
2961. (allow mediaprovider ringtone_file (file (read write getattr)))
2962. (allow mediaprovider mtp_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
2963. (allow mediaprovider functionfs (dir (search)))
2964. (allow mediaprovider functionfs (file (ioctl read write getattr lock append map open watch watch_reads)))
2965. (allowx mediaprovider functionfs (ioctl file (0x6782)))
2966. (allow mediaprovider property_socket (sock_file (write)))
2967. (allow mediaprovider init (unix_stream_socket (connectto)))
2968. (allow mediaprovider ffs_prop (property_service (set)))
2969. (allow mediaprovider ffs_prop (file (read getattr map open)))
2970. (allow mediaprovider property_socket (sock_file (write)))
2971. (allow mediaprovider init (unix_stream_socket (connectto)))
2972. (allow mediaprovider exported_ffs_prop (property_service (set)))
2973. (allow mediaprovider exported_ffs_prop (file (read getattr map open)))
2974. (typetransition mediaprovider_app tmpfs file appdomain_tmpfs)
2975. (allow mediaprovider_app appdomain_tmpfs (file (read write getattr map execute)))
2976. ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
2977.  
2978. (neverallow base_typeattr_650 base_typeattr_651 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2979. ;;* lme
2980.  
2981. ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
2982.  
2983. (neverallow base_typeattr_652 mediaprovider_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
2984. ;;* lme
2985.  
2986. ;;* lmx 6 system/sepolicy/private/mediaprovider_app.te
2987.  
2988. (neverallow base_typeattr_653 mediaprovider_app (process (ptrace)))
2989. ;;* lme
2990.  
2991. (allow mediaprovider_app mnt_pass_through_file (dir (ioctl read getattr lock open watch watch_reads search)))
2992. (allow mediaprovider_app mnt_pass_through_file (file (ioctl read getattr lock map open watch watch_reads)))
2993. (allow mediaprovider_app mnt_pass_through_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
2994. (allow mediaprovider_app fuse_device (chr_file (ioctl read write getattr)))
2995. (allow mediaprovider_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
2996. (allow mediaprovider_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
2997. (allow mediaprovider_app drmserver_service (service_manager (find)))
2998. (allow mediaprovider_app mediaserver_service (service_manager (find)))
2999. (allow mediaprovider_app app_api_service (service_manager (find)))
3000. (allow mediaprovider_app gpuservice (binder (call transfer)))
3001. (allow gpuservice mediaprovider_app (binder (transfer)))
3002. (allow mediaprovider_app gpuservice (fd (use)))
3003. (allow mediaprovider_app proc_pipe_conf (file (ioctl read getattr lock map open watch watch_reads)))
3004. (allowx mediaprovider_app media_rw_data_file (ioctl file ((range 0x581f 0x5820))))
3005. (allowx mediaprovider_app media_rw_data_file (ioctl dir ((range 0x581f 0x5820))))
3006. (allowx mediaprovider_app media_rw_data_file (ioctl file ((range 0x6601 0x6602))))
3007. (allowx mediaprovider_app media_rw_data_file (ioctl dir ((range 0x6601 0x6602))))
3008. (allow mediaprovider_app proc_filesystems (file (ioctl read getattr lock map open watch watch_reads)))
3009. (allow mediaprovider_app storage_config_prop (file (read getattr map open)))
3010. (allow init mediaserver_exec (file (read getattr map execute open)))
3011. (allow init mediaserver (process (transition)))
3012. (allow mediaserver mediaserver_exec (file (read getattr map execute open entrypoint)))
3013. (dontaudit init mediaserver (process (noatsecure)))
3014. (allow init mediaserver (process (siginh rlimitinh)))
3015. (typetransition init mediaserver_exec process mediaserver)
3016. (typetransition mediaserver tmpfs file mediaserver_tmpfs)
3017. (allow mediaserver mediaserver_tmpfs (file (read write getattr map)))
3018. (allow mediaserver appdomain_tmpfs (file (read write getattr map)))
3019. (allow mediaserver mediatranscoding_service (service_manager (find)))
3020. (allow init mediaswcodec_exec (file (read getattr map execute open)))
3021. (allow init mediaswcodec (process (transition)))
3022. (allow mediaswcodec mediaswcodec_exec (file (read getattr map execute open entrypoint)))
3023. (dontaudit init mediaswcodec (process (noatsecure)))
3024. (allow init mediaswcodec (process (siginh rlimitinh)))
3025. (typetransition init mediaswcodec_exec process mediaswcodec)
3026. (allow init mediatranscoding_exec (file (read getattr map execute open)))
3027. (allow init mediatranscoding (process (transition)))
3028. (allow mediatranscoding mediatranscoding_exec (file (read getattr map execute open entrypoint)))
3029. (dontaudit init mediatranscoding (process (noatsecure)))
3030. (allow init mediatranscoding (process (siginh rlimitinh)))
3031. (typetransition init mediatranscoding_exec process mediatranscoding)
3032. (allow migrate_legacy_obb_data media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3033. (allow migrate_legacy_obb_data media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3034. (allow migrate_legacy_obb_data shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3035. (allow migrate_legacy_obb_data toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3036. (allow migrate_legacy_obb_data self (capability (chown dac_override dac_read_search fowner fsetid)))
3037. (allow migrate_legacy_obb_data mnt_user_file (dir (search)))
3038. (allow migrate_legacy_obb_data mnt_user_file (lnk_file (read)))
3039. (allow migrate_legacy_obb_data storage_file (dir (search)))
3040. (allow migrate_legacy_obb_data storage_file (lnk_file (read)))
3041. (allow migrate_legacy_obb_data sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3042. (allow migrate_legacy_obb_data sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3043. (allow migrate_legacy_obb_data installd (fd (use)))
3044. (allow migrate_legacy_obb_data installd (file (read)))
3045. (allow init mtp_exec (file (read getattr map execute open)))
3046. (allow init mtp (process (transition)))
3047. (allow mtp mtp_exec (file (read getattr map execute open entrypoint)))
3048. (dontaudit init mtp (process (noatsecure)))
3049. (allow init mtp (process (siginh rlimitinh)))
3050. (typetransition init mtp_exec process mtp)
3051. (allow init netd_exec (file (read getattr map execute open)))
3052. (allow init netd (process (transition)))
3053. (allow netd netd_exec (file (read getattr map execute open entrypoint)))
3054. (dontaudit init netd (process (noatsecure)))
3055. (allow init netd (process (siginh rlimitinh)))
3056. (typetransition init netd_exec process netd)
3057. (allow netd dnsmasq_exec (file (read getattr map execute open)))
3058. (allow netd dnsmasq (process (transition)))
3059. (allow dnsmasq dnsmasq_exec (file (read getattr map execute open entrypoint)))
3060. (allow dnsmasq netd (process (sigchld)))
3061. (dontaudit netd dnsmasq (process (noatsecure)))
3062. (allow netd dnsmasq (process (siginh rlimitinh)))
3063. (typetransition netd dnsmasq_exec process dnsmasq)
3064. (allow netd clatd_exec (file (read getattr map execute open)))
3065. (allow netd clatd (process (transition)))
3066. (allow clatd clatd_exec (file (read getattr map execute open entrypoint)))
3067. (allow clatd netd (process (sigchld)))
3068. (dontaudit netd clatd (process (noatsecure)))
3069. (allow netd clatd (process (siginh rlimitinh)))
3070. (typetransition netd clatd_exec process clatd)
3071. (allow netd clatd (process (signal)))
3072. (allow netd bpfloader (bpf (map_read map_write prog_run)))
3073. (allow netd self (key_socket (create)))
3074. (allow netd adbd_config_prop (file (read getattr map open)))
3075. (allow netd bpf_progs_loaded_prop (file (read getattr map open)))
3076. (allow netd statsdw_socket (sock_file (write)))
3077. (allow netd statsd (unix_dgram_socket (sendto)))
3078. (allow netd network_stack (binder (call transfer)))
3079. (allow network_stack netd (binder (transfer)))
3080. (allow netd network_stack (fd (use)))
3081. (allow netd dumpstate (fd (use)))
3082. (allow netd dumpstate (fifo_file (write getattr)))
3083. (allow netutils_wrapper system_file (dir (ioctl read getattr lock open watch watch_reads search)))
3084. (allow netutils_wrapper system_file (file (ioctl read getattr lock map open watch watch_reads)))
3085. (allow netutils_wrapper system_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3086. (allow netutils_wrapper self (capability (net_raw)))
3087. (allow netutils_wrapper self (cap_userns (net_raw)))
3088. (allow netutils_wrapper system_file (file (execute execute_no_trans)))
3089. (allow netutils_wrapper proc_net_type (file (read getattr open)))
3090. (allow netutils_wrapper self (rawip_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
3091. (allow netutils_wrapper self (udp_socket (ioctl read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
3092. (allow netutils_wrapper self (capability (net_admin)))
3093. (allow netutils_wrapper self (cap_userns (net_admin)))
3094. (allow netutils_wrapper self (netlink_route_socket (read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write nlmsg_readpriv)))
3095. (allow netutils_wrapper self (netlink_xfrm_socket (read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind nlmsg_read nlmsg_write)))
3096. (allow netutils_wrapper netd_service (service_manager (find)))
3097. (allow netutils_wrapper dnsresolver_service (service_manager (find)))
3098. (allow netutils_wrapper servicemanager (binder (call transfer)))
3099. (allow servicemanager netutils_wrapper (binder (call transfer)))
3100. (allow servicemanager netutils_wrapper (dir (search)))
3101. (allow servicemanager netutils_wrapper (file (read open)))
3102. (allow servicemanager netutils_wrapper (process (getattr)))
3103. (allow netutils_wrapper netd (binder (call transfer)))
3104. (allow netd netutils_wrapper (binder (transfer)))
3105. (allow netutils_wrapper netd (fd (use)))
3106. (allow netutils_wrapper fs_bpf (dir (search)))
3107. (allow netutils_wrapper fs_bpf (file (read write)))
3108. (allow netutils_wrapper bpfloader (bpf (prog_run)))
3109. (allow netutils_wrapper net_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3110. (allow netutils_wrapper net_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3111. (allow netutils_wrapper net_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3112. (allow base_typeattr_591 netutils_wrapper_exec (file (read getattr map execute open)))
3113. (allow base_typeattr_591 netutils_wrapper (process (transition)))
3114. (allow netutils_wrapper netutils_wrapper_exec (file (read getattr map execute open entrypoint)))
3115. (allow netutils_wrapper base_typeattr_591 (process (sigchld)))
3116. (dontaudit base_typeattr_591 netutils_wrapper (process (noatsecure)))
3117. (allow base_typeattr_591 netutils_wrapper (process (siginh rlimitinh)))
3118. (typetransition base_typeattr_591 netutils_wrapper_exec process netutils_wrapper)
3119. (dontaudit netutils_wrapper self (capability (sys_resource)))
3120. (dontaudit netutils_wrapper self (cap_userns (sys_resource)))
3121. (dontaudit netutils_wrapper sysfs_type (file (read)))
3122. ;;* lmx 44 system/sepolicy/private/netutils_wrapper.te
3123.  
3124. (neverallow netutils_wrapper self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
3125. (neverallow netutils_wrapper self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
3126. ;;* lme
3127.  
3128. (typetransition network_stack tmpfs file appdomain_tmpfs)
3129. (allow network_stack appdomain_tmpfs (file (read write getattr map execute)))
3130. ;;* lmx 4 system/sepolicy/private/network_stack.te
3131.  
3132. (neverallow base_typeattr_654 base_typeattr_655 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3133. ;;* lme
3134.  
3135. ;;* lmx 4 system/sepolicy/private/network_stack.te
3136.  
3137. (neverallow base_typeattr_656 network_stack (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3138. ;;* lme
3139.  
3140. ;;* lmx 4 system/sepolicy/private/network_stack.te
3141.  
3142. (neverallow base_typeattr_657 network_stack (process (ptrace)))
3143. ;;* lme
3144.  
3145. (allow network_stack self (capability (net_bind_service net_broadcast net_admin net_raw)))
3146. (allow network_stack self (cap_userns (net_bind_service net_broadcast net_admin net_raw)))
3147. (allowx network_stack self (ioctl udp_socket (0x6900 0x6902)))
3148. (allowx network_stack self (ioctl udp_socket ((range 0x890b 0x890d) 0x8911 0x8914 0x8916 0x8918 0x891a (range 0x891c 0x8920) (range 0x8922 0x8927) 0x8929 (range 0x8930 0x8932) (range 0x8934 0x8937) 0x8939 (range 0x8940 0x8941) 0x8943 (range 0x8946 0x894b) (range 0x8953 0x8955) (range 0x8960 0x8962) (range 0x8970 0x8971) (range 0x8980 0x8983) (range 0x8990 0x8995) (range 0x89a0 0x89a3) 0x89b0 (range 0x89e0 0x89ff))))
3149. (allowx network_stack self (ioctl udp_socket (0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 (range 0x8b14 0x8b1d) 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 (range 0x8b2a 0x8b2c) (range 0x8b30 0x8b36) (range 0x8be0 0x8bff))))
3150. (allow network_stack self (packet_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
3151. (allow network_stack self (netlink_route_socket (nlmsg_write)))
3152. (allow network_stack app_api_service (service_manager (find)))
3153. (allow network_stack dnsresolver_service (service_manager (find)))
3154. (allow network_stack netd_service (service_manager (find)))
3155. (allow network_stack radio_service (service_manager (find)))
3156. (allow network_stack radio_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3157. (allow network_stack radio_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3158. (allow network_stack netd (binder (call transfer)))
3159. (allow netd network_stack (binder (transfer)))
3160. (allow network_stack netd (fd (use)))
3161. (allow network_stack self (netlink_tcpdiag_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown nlmsg_read nlmsg_write)))
3162. (allow network_stack self (netlink_netfilter_socket (read write create getattr setattr lock append map bind connect getopt setopt shutdown)))
3163. (allow network_stack network_stack_service (service_manager (find)))
3164. (typetransition nfc tmpfs file appdomain_tmpfs)
3165. (allow nfc appdomain_tmpfs (file (read write getattr map execute)))
3166. ;;* lmx 3 system/sepolicy/private/nfc.te
3167.  
3168. (neverallow base_typeattr_658 base_typeattr_659 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3169. ;;* lme
3170.  
3171. ;;* lmx 3 system/sepolicy/private/nfc.te
3172.  
3173. (neverallow base_typeattr_660 nfc (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3174. ;;* lme
3175.  
3176. ;;* lmx 3 system/sepolicy/private/nfc.te
3177.  
3178. (neverallow base_typeattr_661 nfc (process (ptrace)))
3179. ;;* lme
3180.  
3181. (allow nfc nfc_service (service_manager (add find)))
3182. ;;* lmx 7 system/sepolicy/private/nfc.te
3183.  
3184. (neverallow base_typeattr_659 nfc_service (service_manager (add)))
3185. ;;* lme
3186.  
3187. (allow nfc nfc_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3188. (allow nfc nfc_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3189. (allow nfc nfc_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3190. (allow nfc nfc_data_file (sock_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3191. (allow nfc nfc_data_file (fifo_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3192. (allow nfc audioserver_service (service_manager (find)))
3193. (allow nfc drmserver_service (service_manager (find)))
3194. (allow nfc mediametrics_service (service_manager (find)))
3195. (allow nfc mediaextractor_service (service_manager (find)))
3196. (allow nfc mediaserver_service (service_manager (find)))
3197. (allow nfc radio_service (service_manager (find)))
3198. (allow nfc app_api_service (service_manager (find)))
3199. (allow nfc system_api_service (service_manager (find)))
3200. (allow nfc vr_manager_service (service_manager (find)))
3201. (allow nfc secure_element_service (service_manager (find)))
3202. (allow nfc property_socket (sock_file (write)))
3203. (allow nfc init (unix_stream_socket (connectto)))
3204. (allow nfc nfc_prop (property_service (set)))
3205. (allow nfc nfc_prop (file (read getattr map open)))
3206. (allow nfc shell_data_file (file (read)))
3207. (allow init notify_traceur_exec (file (read getattr map execute open)))
3208. (allow init notify_traceur (process (transition)))
3209. (allow notify_traceur notify_traceur_exec (file (read getattr map execute open entrypoint)))
3210. (dontaudit init notify_traceur (process (noatsecure)))
3211. (allow init notify_traceur (process (siginh rlimitinh)))
3212. (typetransition init notify_traceur_exec process notify_traceur)
3213. (allow notify_traceur servicemanager (binder (call transfer)))
3214. (allow servicemanager notify_traceur (binder (call transfer)))
3215. (allow servicemanager notify_traceur (dir (search)))
3216. (allow servicemanager notify_traceur (file (read open)))
3217. (allow servicemanager notify_traceur (process (getattr)))
3218. (allow notify_traceur activity_service (service_manager (find)))
3219. (allow notify_traceur shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3220. (allow notify_traceur system_file (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3221. (allow notify_traceur system_server (binder (call transfer)))
3222. (allow system_server notify_traceur (binder (transfer)))
3223. (allow notify_traceur system_server (fd (use)))
3224. (allow otapreopt_chroot postinstall_file (dir (mounton search)))
3225. (allow otapreopt_chroot self (capability (sys_chroot sys_admin)))
3226. (allow otapreopt_chroot self (cap_userns (sys_chroot sys_admin)))
3227. (allow otapreopt_chroot block_device (dir (search)))
3228. (allow otapreopt_chroot labeledfs (filesystem (mount unmount)))
3229. (allow otapreopt_chroot dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
3230. (allow otapreopt_chroot postinstall_file (filesystem (unmount)))
3231. (dontaudit otapreopt_chroot kernel (process (setsched)))
3232. (allow otapreopt_chroot file_contexts_file (file (ioctl read getattr lock map open watch watch_reads)))
3233. (allow otapreopt_chroot postinstall_file (dir (ioctl read getattr lock open watch watch_reads search)))
3234. (allow otapreopt_chroot apexd_prop (file (read getattr map open)))
3235. (allow otapreopt_chroot postinstall (fd (use)))
3236. (allow otapreopt_chroot update_engine (fd (use)))
3237. (allow otapreopt_chroot update_engine (fifo_file (write)))
3238. (allow otapreopt_chroot postinstall_file (file (read getattr map execute open)))
3239. (allow otapreopt_chroot postinstall_dexopt (process (transition)))
3240. (allow postinstall_dexopt postinstall_file (file (read getattr map execute open entrypoint)))
3241. (allow postinstall_dexopt otapreopt_chroot (process (sigchld)))
3242. (dontaudit otapreopt_chroot postinstall_dexopt (process (noatsecure)))
3243. (allow otapreopt_chroot postinstall_dexopt (process (siginh rlimitinh)))
3244. (typetransition otapreopt_chroot postinstall_file process postinstall_dexopt)
3245. (allow otapreopt_chroot loop_control_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
3246. (allow otapreopt_chroot loop_device (blk_file (ioctl read write getattr lock append map open watch watch_reads)))
3247. (allowx otapreopt_chroot loop_device (ioctl blk_file (0x1261)))
3248. (allowx otapreopt_chroot loop_device (ioctl blk_file ((range 0x4c00 0x4c01) (range 0x4c04 0x4c05) (range 0x4c08 0x4c09))))
3249. (allow otapreopt_chroot sysfs_loop (dir (ioctl read getattr lock open watch watch_reads search)))
3250. (allow otapreopt_chroot sysfs_loop (file (ioctl read write getattr lock append map open watch watch_reads)))
3251. (allow otapreopt_chroot tmpfs (filesystem (mount)))
3252. (allow otapreopt_chroot tmpfs (dir (relabelfrom)))
3253. (allow otapreopt_chroot postinstall_apex_mnt_dir (dir (relabelto)))
3254. (allow otapreopt_chroot postinstall_apex_mnt_dir (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3255. (allow otapreopt_chroot postinstall_apex_mnt_dir (dir (mounton)))
3256. (allow otapreopt_chroot block_device (dir (ioctl read getattr lock open watch watch_reads search)))
3257. (allow otapreopt_chroot postinstall_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3258. (allow init otapreopt_slot_exec (file (read getattr map execute open)))
3259. (allow init otapreopt_slot (process (transition)))
3260. (allow otapreopt_slot otapreopt_slot_exec (file (read getattr map execute open entrypoint)))
3261. (dontaudit init otapreopt_slot (process (noatsecure)))
3262. (allow init otapreopt_slot (process (siginh rlimitinh)))
3263. (typetransition init otapreopt_slot_exec process otapreopt_slot)
3264. (allow otapreopt_slot ota_data_file (dir (ioctl read write getattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3265. (allow otapreopt_slot ota_data_file (file (getattr)))
3266. (allow otapreopt_slot ota_data_file (lnk_file (getattr)))
3267. (allow otapreopt_slot ota_data_file (lnk_file (read)))
3268. (allow otapreopt_slot dalvikcache_data_file (dir (read write getattr open add_name remove_name search rmdir)))
3269. (allow otapreopt_slot dalvikcache_data_file (file (getattr unlink)))
3270. (allow otapreopt_slot dalvikcache_data_file (lnk_file (read getattr unlink)))
3271. (allow otapreopt_slot shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3272. (allow otapreopt_slot toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3273. (typetransition perfetto tmpfs file perfetto_tmpfs)
3274. (allow perfetto perfetto_tmpfs (file (read write getattr map)))
3275. (allow perfetto traced_consumer_socket (sock_file (write)))
3276. (allow perfetto traced (unix_stream_socket (connectto)))
3277. (allow perfetto traced (fd (use)))
3278. (allow perfetto traced_tmpfs (file (read write getattr map)))
3279. (allow perfetto traced_producer_socket (sock_file (write)))
3280. (allow perfetto traced (unix_stream_socket (connectto)))
3281. (allow traced perfetto (fd (use)))
3282. (allow perfetto perfetto_traces_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
3283. (allow perfetto perfetto_traces_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3284. (allow perfetto servicemanager (binder (call transfer)))
3285. (allow servicemanager perfetto (binder (call transfer)))
3286. (allow servicemanager perfetto (dir (search)))
3287. (allow servicemanager perfetto (file (read open)))
3288. (allow servicemanager perfetto (process (getattr)))
3289. (allow perfetto system_server (binder (call transfer)))
3290. (allow system_server perfetto (binder (transfer)))
3291. (allow perfetto system_server (fd (use)))
3292. (allow perfetto dropbox_service (service_manager (find)))
3293. (allow perfetto shell (fd (use)))
3294. (allow perfetto statsd (fd (use)))
3295. (allow perfetto su (fd (use)))
3296. (allow perfetto shell (fifo_file (read write getattr)))
3297. (allow perfetto statsd (fifo_file (read write getattr)))
3298. (allow perfetto su (fifo_file (read write getattr)))
3299. (allow perfetto adbd (fd (use)))
3300. (allow perfetto adbd (unix_stream_socket (read write)))
3301. (allow perfetto adbd (process (sigchld)))
3302. (allow perfetto statsdw_socket (sock_file (write)))
3303. (allow perfetto statsd (unix_dgram_socket (sendto)))
3304. (allow perfetto devpts (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
3305. (allow perfetto incident_service (service_manager (find)))
3306. (allow perfetto incidentd (binder (call transfer)))
3307. (allow incidentd perfetto (binder (transfer)))
3308. (allow perfetto incidentd (fd (use)))
3309. (dontaudit perfetto adbd (unix_stream_socket (getattr)))
3310. (dontauditx perfetto adbd (ioctl unix_stream_socket ((range 0x5401 0x5403) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
3311. (dontauditx perfetto su (ioctl unix_stream_socket ((range 0x5401 0x5403) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
3312. (dontauditx perfetto shell (ioctl fifo_file ((range 0x5401 0x5403) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
3313. ;;* lmx 67 system/sepolicy/private/perfetto.te
3314.  
3315. (neverallow perfetto self (process (execmem)))
3316. ;;* lme
3317.  
3318. ;;* lmx 70 system/sepolicy/private/perfetto.te
3319.  
3320. (neverallow perfetto dev_type (blk_file (read write)))
3321. ;;* lme
3322.  
3323. ;;* lmx 73 system/sepolicy/private/perfetto.te
3324.  
3325. (neverallow perfetto domain (process (ptrace)))
3326. ;;* lme
3327.  
3328. ;;* lmx 86 system/sepolicy/private/perfetto.te
3329.  
3330. (neverallow perfetto base_typeattr_662 (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
3331. ;;* lme
3332.  
3333. ;;* lmx 87 system/sepolicy/private/perfetto.te
3334.  
3335. (neverallow perfetto base_typeattr_663 (dir (ioctl read write create setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent rmdir)))
3336. ;;* lme
3337.  
3338. ;;* lmx 88 system/sepolicy/private/perfetto.te
3339.  
3340. (neverallow perfetto zoneinfo_data_file (dir (write create setattr relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm add_name remove_name reparent rmdir)))
3341. ;;* lme
3342.  
3343. ;;* lmx 89 system/sepolicy/private/perfetto.te
3344.  
3345. (neverallow perfetto base_typeattr_664 (lnk_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads)))
3346. ;;* lme
3347.  
3348. ;;* lmx 95 system/sepolicy/private/perfetto.te
3349.  
3350. (neverallow perfetto base_typeattr_664 (file (ioctl read create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
3351. ;;* lme
3352.  
3353. (allow init performanced_exec (file (read getattr map execute open)))
3354. (allow init performanced (process (transition)))
3355. (allow performanced performanced_exec (file (read getattr map execute open entrypoint)))
3356. (dontaudit init performanced (process (noatsecure)))
3357. (allow init performanced (process (siginh rlimitinh)))
3358. (typetransition init performanced_exec process performanced)
3359. (typetransition permissioncontroller_app tmpfs file appdomain_tmpfs)
3360. (allow permissioncontroller_app appdomain_tmpfs (file (read write getattr map execute)))
3361. ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
3362.  
3363. (neverallow base_typeattr_665 base_typeattr_666 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3364. ;;* lme
3365.  
3366. ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
3367.  
3368. (neverallow base_typeattr_667 permissioncontroller_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3369. ;;* lme
3370.  
3371. ;;* lmx 6 system/sepolicy/private/permissioncontroller_app.te
3372.  
3373. (neverallow base_typeattr_668 permissioncontroller_app (process (ptrace)))
3374. ;;* lme
3375.  
3376. (allow permissioncontroller_app gpuservice (binder (call transfer)))
3377. (allow gpuservice permissioncontroller_app (binder (transfer)))
3378. (allow permissioncontroller_app gpuservice (fd (use)))
3379. (allow permissioncontroller_app gpu_service (service_manager (find)))
3380. (allow permissioncontroller_app role_service (service_manager (find)))
3381. (allow permissioncontroller_app usagestats_service (service_manager (find)))
3382. (allow permissioncontroller_app activity_service (service_manager (find)))
3383. (allow permissioncontroller_app activity_task_service (service_manager (find)))
3384. (allow permissioncontroller_app audio_service (service_manager (find)))
3385. (allow permissioncontroller_app autofill_service (service_manager (find)))
3386. (allow permissioncontroller_app content_capture_service (service_manager (find)))
3387. (allow permissioncontroller_app device_policy_service (service_manager (find)))
3388. (allow permissioncontroller_app incidentcompanion_service (service_manager (find)))
3389. (allow permissioncontroller_app IProxyService_service (service_manager (find)))
3390. (allow permissioncontroller_app location_service (service_manager (find)))
3391. (allow permissioncontroller_app media_session_service (service_manager (find)))
3392. (allow permissioncontroller_app radio_service (service_manager (find)))
3393. (allow permissioncontroller_app surfaceflinger_service (service_manager (find)))
3394. (allow permissioncontroller_app telecom_service (service_manager (find)))
3395. (allow permissioncontroller_app trust_service (service_manager (find)))
3396. (allow permissioncontroller_app incident_service (service_manager (find)))
3397. (allow permissioncontroller_app incidentd (binder (call transfer)))
3398. (allow incidentd permissioncontroller_app (binder (transfer)))
3399. (allow permissioncontroller_app incidentd (fd (use)))
3400. (allow permissioncontroller_app incidentd (fifo_file (read write)))
3401. (typetransition platform_app tmpfs file appdomain_tmpfs)
3402. (allow platform_app appdomain_tmpfs (file (read write getattr map execute)))
3403. ;;* lmx 7 system/sepolicy/private/platform_app.te
3404.  
3405. (neverallow base_typeattr_669 base_typeattr_670 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3406. ;;* lme
3407.  
3408. ;;* lmx 7 system/sepolicy/private/platform_app.te
3409.  
3410. (neverallow base_typeattr_671 platform_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3411. ;;* lme
3412.  
3413. ;;* lmx 7 system/sepolicy/private/platform_app.te
3414.  
3415. (neverallow base_typeattr_672 platform_app (process (ptrace)))
3416. ;;* lme
3417.  
3418. (allow platform_app shell_data_file (dir (search)))
3419. (allow platform_app shell_data_file (file (read getattr open)))
3420. (allow platform_app icon_file (file (read getattr open)))
3421. (allow platform_app apk_tmp_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
3422. (allow platform_app apk_private_tmp_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
3423. (allow platform_app apk_tmp_file (file (ioctl read write getattr lock append map open watch watch_reads)))
3424. (allow platform_app apk_private_tmp_file (file (ioctl read write getattr lock append map open watch watch_reads)))
3425. (allow platform_app apk_private_data_file (dir (search)))
3426. (allow platform_app asec_apk_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3427. (allow platform_app asec_apk_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3428. (allow platform_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3429. (allow platform_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3430. (allow platform_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3431. (allow platform_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3432. (allow platform_app mnt_media_rw_file (dir (ioctl read getattr lock open watch watch_reads search)))
3433. (allow platform_app sdcard_type (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3434. (allow platform_app sdcard_type (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3435. (allow platform_app rootfs (dir (getattr)))
3436. (allow platform_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
3437. (allow platform_app proc_net_type (dir (ioctl read getattr lock open watch watch_reads search)))
3438. (allow platform_app proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
3439. (allow platform_app proc_net_type (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3440. (allow platform_app audioserver_service (service_manager (find)))
3441. (allow platform_app cameraserver_service (service_manager (find)))
3442. (allow platform_app drmserver_service (service_manager (find)))
3443. (allow platform_app mediaserver_service (service_manager (find)))
3444. (allow platform_app mediametrics_service (service_manager (find)))
3445. (allow platform_app mediaextractor_service (service_manager (find)))
3446. (allow platform_app mediadrmserver_service (service_manager (find)))
3447. (allow platform_app persistent_data_block_service (service_manager (find)))
3448. (allow platform_app radio_service (service_manager (find)))
3449. (allow platform_app thermal_service (service_manager (find)))
3450. (allow platform_app timezone_service (service_manager (find)))
3451. (allow platform_app app_api_service (service_manager (find)))
3452. (allow platform_app system_api_service (service_manager (find)))
3453. (allow platform_app vr_manager_service (service_manager (find)))
3454. (allow platform_app gpu_service (service_manager (find)))
3455. (allow platform_app stats_service (service_manager (find)))
3456. (allow platform_app gpuservice (binder (call transfer)))
3457. (allow gpuservice platform_app (binder (transfer)))
3458. (allow platform_app gpuservice (fd (use)))
3459. (allow platform_app statsd (binder (call transfer)))
3460. (allow statsd platform_app (binder (transfer)))
3461. (allow platform_app statsd (fd (use)))
3462. (allow platform_app preloads_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3463. (allow platform_app preloads_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3464. (allow platform_app preloads_media_file (file (ioctl read getattr lock map open watch watch_reads)))
3465. (allow platform_app preloads_media_file (dir (ioctl read getattr lock open watch watch_reads search)))
3466. (allow platform_app runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
3467. (allow platform_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
3468. (allow platform_app property_socket (sock_file (write)))
3469. (allow platform_app init (unix_stream_socket (connectto)))
3470. (allow platform_app test_boot_reason_prop (property_service (set)))
3471. (allow platform_app test_boot_reason_prop (file (read getattr map open)))
3472. (allow platform_app app_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3473. ;;* lmx 102 system/sepolicy/private/platform_app.te
3474.  
3475. (neverallow platform_app fuse_device (chr_file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
3476. ;;* lme
3477.  
3478. (allow postinstall otapreopt_chroot_exec (file (read getattr map execute open)))
3479. (allow postinstall otapreopt_chroot (process (transition)))
3480. (allow otapreopt_chroot otapreopt_chroot_exec (file (read getattr map execute open entrypoint)))
3481. (allow otapreopt_chroot postinstall (process (sigchld)))
3482. (dontaudit postinstall otapreopt_chroot (process (noatsecure)))
3483. (allow postinstall otapreopt_chroot (process (siginh rlimitinh)))
3484. (typetransition postinstall otapreopt_chroot_exec process otapreopt_chroot)
3485. (allow postinstall_dexopt dex2oat_exec (file (read getattr map execute open)))
3486. (allow postinstall_dexopt dex2oat (process (transition)))
3487. (allow dex2oat dex2oat_exec (file (read getattr map execute open entrypoint)))
3488. (allow dex2oat postinstall_dexopt (process (sigchld)))
3489. (dontaudit postinstall_dexopt dex2oat (process (noatsecure)))
3490. (allow postinstall_dexopt dex2oat (process (siginh rlimitinh)))
3491. (typetransition postinstall_dexopt dex2oat_exec process dex2oat)
3492. (allow postinstall_dexopt postinstall_file (file (read getattr map execute open)))
3493. (allow postinstall_dexopt dex2oat (process (transition)))
3494. (allow dex2oat postinstall_file (file (read getattr map execute open entrypoint)))
3495. (allow dex2oat postinstall_dexopt (process (sigchld)))
3496. (dontaudit postinstall_dexopt dex2oat (process (noatsecure)))
3497. (allow postinstall_dexopt dex2oat (process (siginh rlimitinh)))
3498. (typetransition postinstall_dexopt postinstall_file process dex2oat)
3499. (allow postinstall_dexopt self (capability (chown dac_override dac_read_search fowner fsetid setgid setuid)))
3500. (allow postinstall_dexopt self (cap_userns (chown dac_override dac_read_search fowner fsetid setgid setuid)))
3501. (allow postinstall_dexopt postinstall_file (filesystem (getattr)))
3502. (allow postinstall_dexopt postinstall_file (dir (read getattr search)))
3503. (allow postinstall_dexopt postinstall_file (lnk_file (read getattr)))
3504. (allow postinstall_dexopt proc_filesystems (file (read getattr open)))
3505. (allow postinstall_dexopt tmpfs (file (read)))
3506. (allow postinstall_dexopt postinstall_apex_mnt_dir (dir (getattr search)))
3507. (allow postinstall_dexopt apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3508. (allow postinstall_dexopt apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3509. (allow postinstall_dexopt apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3510. (allow postinstall_dexopt vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
3511. (allow postinstall_dexopt vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
3512. (allow postinstall_dexopt vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3513. (allow postinstall_dexopt vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
3514. (allow postinstall_dexopt vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
3515. (allow postinstall_dexopt vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3516. (allow postinstall_dexopt dalvikcache_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3517. (allow postinstall_dexopt dalvikcache_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3518. (allow postinstall_dexopt dalvikcache_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3519. (allow postinstall_dexopt user_profile_data_file (dir (getattr search)))
3520. (allow postinstall_dexopt user_profile_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3521. (dontaudit postinstall_dexopt user_profile_data_file (file (write)))
3522. (allow postinstall_dexopt ota_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3523. (allow postinstall_dexopt ota_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3524. (allow postinstall_dexopt ota_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3525. (allow postinstall_dexopt dalvikcache_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
3526. (allow postinstall_dexopt dalvikcache_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3527. (allow postinstall_dexopt dalvikcache_data_file (dir (relabelto)))
3528. (allow postinstall_dexopt dalvikcache_data_file (file (relabelto link)))
3529. (allow postinstall_dexopt selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
3530. (allow postinstall_dexopt selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
3531. (allow postinstall_dexopt selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3532. (allow postinstall_dexopt selinuxfs (file (write lock append map open)))
3533. (allow postinstall_dexopt kernel (security (check_context)))
3534. (allow postinstall_dexopt selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
3535. (allow postinstall_dexopt selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
3536. (allow postinstall_dexopt selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3537. (allow postinstall_dexopt selinuxfs (file (write lock append map open)))
3538. (allow postinstall_dexopt kernel (security (compute_av)))
3539. (allow postinstall_dexopt self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
3540. (allow postinstall_dexopt postinstall (process (sigchld)))
3541. (allow postinstall_dexopt otapreopt_chroot (fd (use)))
3542. (allow postinstall_dexopt device_config_runtime_native_prop (file (read getattr map open)))
3543. (allow postinstall_dexopt device_config_runtime_native_boot_prop (file (read getattr map open)))
3544. (allow mtp ppp_exec (file (read getattr map execute open)))
3545. (allow mtp ppp (process (transition)))
3546. (allow ppp ppp_exec (file (read getattr map execute open entrypoint)))
3547. (allow ppp mtp (process (sigchld)))
3548. (dontaudit mtp ppp (process (noatsecure)))
3549. (allow mtp ppp (process (siginh rlimitinh)))
3550. (typetransition mtp ppp_exec process ppp)
3551. (allow init preloads_copy_exec (file (read getattr map execute open)))
3552. (allow init preloads_copy (process (transition)))
3553. (allow preloads_copy preloads_copy_exec (file (read getattr map execute open entrypoint)))
3554. (dontaudit init preloads_copy (process (noatsecure)))
3555. (allow init preloads_copy (process (siginh rlimitinh)))
3556. (typetransition init preloads_copy_exec process preloads_copy)
3557. (allow preloads_copy shell_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3558. (allow preloads_copy toolbox_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3559. (allow preloads_copy preloads_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3560. (allow preloads_copy preloads_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3561. (allow preloads_copy preloads_media_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3562. (allow preloads_copy preloads_media_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3563. (allow preloads_copy system_file (dir (ioctl read getattr lock open watch watch_reads search)))
3564. (dontaudit preloads_copy postinstall_mnt_dir (dir (search)))
3565. (allow preopt2cachename cppreopts (fd (use)))
3566. (allow preopt2cachename cppreopts (fifo_file (read write getattr)))
3567. (allow preopt2cachename proc_net_type (file (ioctl read getattr lock map open watch watch_reads)))
3568. (typetransition priv_app tmpfs file appdomain_tmpfs)
3569. (allow priv_app appdomain_tmpfs (file (read write getattr map execute)))
3570. ;;* lmx 6 system/sepolicy/private/priv_app.te
3571.  
3572. (neverallow base_typeattr_673 base_typeattr_674 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3573. ;;* lme
3574.  
3575. ;;* lmx 6 system/sepolicy/private/priv_app.te
3576.  
3577. (neverallow base_typeattr_675 priv_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3578. ;;* lme
3579.  
3580. ;;* lmx 6 system/sepolicy/private/priv_app.te
3581.  
3582. (neverallow base_typeattr_676 priv_app (process (ptrace)))
3583. ;;* lme
3584.  
3585. (typetransition priv_app devpts chr_file priv_app_devpts)
3586. (allow priv_app priv_app_devpts (chr_file (ioctl read write getattr open)))
3587. (allowx priv_app priv_app_devpts (ioctl chr_file ((range 0x5401 0x5403) 0x540b (range 0x540e 0x5411) (range 0x5413 0x5414) (range 0x5450 0x5451))))
3588. ;;* lmx 15 system/sepolicy/private/priv_app.te
3589.  
3590. (neverallowx base_typeattr_182 priv_app_devpts (ioctl chr_file (0x5412)))
3591. ;;* lme
3592.  
3593. (allow priv_app privapp_data_file (file (execute)))
3594. (allow priv_app privapp_data_file (lnk_file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3595. (allow priv_app app_api_service (service_manager (find)))
3596. (allow priv_app system_api_service (service_manager (find)))
3597. (allow priv_app audioserver_service (service_manager (find)))
3598. (allow priv_app cameraserver_service (service_manager (find)))
3599. (allow priv_app drmserver_service (service_manager (find)))
3600. (allow priv_app mediadrmserver_service (service_manager (find)))
3601. (allow priv_app mediaextractor_service (service_manager (find)))
3602. (allow priv_app mediametrics_service (service_manager (find)))
3603. (allow priv_app mediaserver_service (service_manager (find)))
3604. (allow priv_app network_watchlist_service (service_manager (find)))
3605. (allow priv_app nfc_service (service_manager (find)))
3606. (allow priv_app oem_lock_service (service_manager (find)))
3607. (allow priv_app persistent_data_block_service (service_manager (find)))
3608. (allow priv_app radio_service (service_manager (find)))
3609. (allow priv_app recovery_service (service_manager (find)))
3610. (allow priv_app stats_service (service_manager (find)))
3611. (allow priv_app gpuservice (binder (call transfer)))
3612. (allow gpuservice priv_app (binder (transfer)))
3613. (allow priv_app gpuservice (fd (use)))
3614. (allow priv_app gpu_service (service_manager (find)))
3615. (allow priv_app cache_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3616. (allow priv_app cache_recovery_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3617. (allow priv_app cache_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3618. (allow priv_app cache_recovery_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3619. (allow priv_app cache_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3620. (allow priv_app media_rw_data_file (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir)))
3621. (allow priv_app media_rw_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3622. (allow priv_app shell_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3623. (allow priv_app shell_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3624. (allow priv_app trace_data_file (file (read getattr)))
3625. (allow priv_app apk_tmp_file (dir (ioctl read getattr lock open watch watch_reads search)))
3626. (allow priv_app apk_private_tmp_file (dir (ioctl read getattr lock open watch watch_reads search)))
3627. (allow priv_app apk_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
3628. (allow priv_app apk_private_tmp_file (file (ioctl read getattr lock map open watch watch_reads)))
3629. (allow priv_app vold (fd (use)))
3630. (allow priv_app fuse_device (chr_file (read write)))
3631. (allow priv_app proc_vmstat (file (ioctl read getattr lock map open watch watch_reads)))
3632. (allow priv_app sysfs_type (dir (search)))
3633. (allow priv_app sysfs_net (dir (ioctl read getattr lock open watch watch_reads search)))
3634. (allow priv_app sysfs_net (file (ioctl read getattr lock map open watch watch_reads)))
3635. (allow priv_app sysfs_net (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3636. (allow priv_app sysfs_zram (dir (ioctl read getattr lock open watch watch_reads search)))
3637. (allow priv_app sysfs_zram (file (ioctl read getattr lock map open watch watch_reads)))
3638. (allow priv_app sysfs_zram (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3639. (allow priv_app rootfs (dir (ioctl read getattr lock open watch watch_reads search)))
3640. (allow priv_app rootfs (file (ioctl read getattr lock map open watch watch_reads)))
3641. (allow priv_app rootfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3642. (allowx priv_app self (ioctl udp_socket (0x8927)))
3643. (allow priv_app statsd (binder (call transfer)))
3644. (allow statsd priv_app (binder (transfer)))
3645. (allow priv_app statsd (fd (use)))
3646. (allow priv_app ringtone_file (file (read write getattr)))
3647. (allow priv_app preloads_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3648. (allow priv_app preloads_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3649. (allow priv_app preloads_media_file (file (ioctl read getattr lock map open watch watch_reads)))
3650. (allow priv_app preloads_media_file (dir (ioctl read getattr lock open watch watch_reads search)))
3651. (allow priv_app runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
3652. (allow priv_app traced (fd (use)))
3653. (allow priv_app traced_tmpfs (file (read write getattr map)))
3654. (allow priv_app traced_producer_socket (sock_file (write)))
3655. (allow priv_app traced (unix_stream_socket (connectto)))
3656. (allow traced priv_app (fd (use)))
3657. (allow priv_app incident_service (service_manager (find)))
3658. (allow priv_app incidentd (binder (call transfer)))
3659. (allow incidentd priv_app (binder (transfer)))
3660. (allow priv_app incidentd (fd (use)))
3661. (allow priv_app incidentd (fifo_file (read write)))
3662. (allow heapprofd priv_app (process (signal)))
3663. (allow priv_app heapprofd_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3664. (allow heapprofd priv_app (file (ioctl read getattr lock map open watch watch_reads)))
3665. (allow heapprofd priv_app (dir (ioctl read getattr lock open watch watch_reads search)))
3666. (allow traced_perf priv_app (file (ioctl read getattr lock map open watch watch_reads)))
3667. (allow traced_perf priv_app (dir (ioctl read getattr lock open watch watch_reads search)))
3668. (allow traced_perf priv_app (process (signal)))
3669. (allow priv_app traced_perf_socket (sock_file (write)))
3670. (allow priv_app traced_perf (unix_stream_socket (connectto)))
3671. (allow traced_perf priv_app (fd (use)))
3672. (allow priv_app dynamic_system_prop (file (read getattr map open)))
3673. (dontaudit priv_app exec_type (file (getattr)))
3674. (dontaudit priv_app device (dir (read)))
3675. (dontaudit priv_app fs_bpf (dir (search)))
3676. (dontaudit priv_app net_dns_prop (file (read)))
3677. (dontaudit priv_app proc (file (read)))
3678. (dontaudit priv_app proc_interrupts (file (read)))
3679. (dontaudit priv_app proc_modules (file (read)))
3680. (dontaudit priv_app proc_net (file (read)))
3681. (dontaudit priv_app proc_stat (file (read)))
3682. (dontaudit priv_app proc_version (file (read)))
3683. (dontaudit priv_app sysfs (dir (read)))
3684. (dontaudit priv_app sysfs (file (read)))
3685. (dontaudit priv_app sysfs_android_usb (file (read)))
3686. (dontaudit priv_app sysfs_dm (file (ioctl read getattr lock map open watch watch_reads)))
3687. (dontaudit priv_app wifi_prop (file (read)))
3688. (dontaudit priv_app exported_wifi_prop (file (read)))
3689. (dontaudit priv_app wifi_prop (file (read)))
3690. (allow priv_app system_server (udp_socket (read write getattr connect getopt setopt recvfrom sendto)))
3691. (allowx priv_app apk_data_file (ioctl file ((range 0x671f 0x6720))))
3692. (allow priv_app incremental_control_file (file (ioctl read getattr)))
3693. (allowx priv_app incremental_control_file (ioctl file (0x6721)))
3694. (allow priv_app apex_data_file (dir (search)))
3695. (allow priv_app staging_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3696. ;;* lmx 169 system/sepolicy/private/priv_app.te
3697.  
3698. (neverallow priv_app domain (netlink_kobject_uevent_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
3699. ;;* lme
3700.  
3701. ;;* lmx 172 system/sepolicy/private/priv_app.te
3702.  
3703. (neverallow priv_app domain (netlink_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
3704. ;;* lme
3705.  
3706. ;;* lmx 176 system/sepolicy/private/priv_app.te
3707.  
3708. (neverallow priv_app debugfs (file (read)))
3709. ;;* lme
3710.  
3711. ;;* lmx 181 system/sepolicy/private/priv_app.te
3712.  
3713. (neverallow priv_app service_manager_type (service_manager (add)))
3714. ;;* lme
3715.  
3716. ;;* lmx 185 system/sepolicy/private/priv_app.te
3717.  
3718. (neverallow priv_app property_socket (sock_file (write)))
3719. ;;* lme
3720.  
3721. ;;* lmx 186 system/sepolicy/private/priv_app.te
3722.  
3723. (neverallow priv_app init (unix_stream_socket (connectto)))
3724. ;;* lme
3725.  
3726. ;;* lmx 187 system/sepolicy/private/priv_app.te
3727.  
3728. (neverallow priv_app property_type (property_service (set)))
3729. ;;* lme
3730.  
3731. ;;* lmx 197 system/sepolicy/private/priv_app.te
3732.  
3733. (neverallow priv_app mlstrustedsubject (process (fork)))
3734. ;;* lme
3735.  
3736. ;;* lmx 205 system/sepolicy/private/priv_app.te
3737.  
3738. (neverallow priv_app file_type (file (link)))
3739. ;;* lme
3740.  
3741. ;;* lmx 209 system/sepolicy/private/priv_app.te
3742.  
3743. (neverallow priv_app trace_data_file (dir (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir)))
3744. ;;* lme
3745.  
3746. ;;* lmx 210 system/sepolicy/private/priv_app.te
3747.  
3748. (neverallow priv_app trace_data_file (file (write create setattr relabelfrom append unlink link rename open)))
3749. ;;* lme
3750.  
3751. ;;* lmx 213 system/sepolicy/private/priv_app.te
3752.  
3753. (neverallow priv_app cgroup (file (ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads execute_no_trans entrypoint)))
3754. ;;* lme
3755.  
3756. ;;* lmx 219 system/sepolicy/private/priv_app.te
3757.  
3758. (neverallow priv_app app_data_file (file (execute execute_no_trans)))
3759. ;;* lme
3760.  
3761. ;;* lmx 222 system/sepolicy/private/priv_app.te
3762.  
3763. (neverallow priv_app app_data_file (lnk_file (read getattr open)))
3764. ;;* lme
3765.  
3766. (allow init racoon_exec (file (read getattr map execute open)))
3767. (allow init racoon (process (transition)))
3768. (allow racoon racoon_exec (file (read getattr map execute open entrypoint)))
3769. (dontaudit init racoon (process (noatsecure)))
3770. (allow init racoon (process (siginh rlimitinh)))
3771. (typetransition init racoon_exec process racoon)
3772. (typetransition radio tmpfs file appdomain_tmpfs)
3773. (allow radio appdomain_tmpfs (file (read write getattr map execute)))
3774. ;;* lmx 3 system/sepolicy/private/radio.te
3775.  
3776. (neverallow base_typeattr_677 base_typeattr_504 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3777. ;;* lme
3778.  
3779. ;;* lmx 3 system/sepolicy/private/radio.te
3780.  
3781. (neverallow base_typeattr_678 radio (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3782. ;;* lme
3783.  
3784. ;;* lmx 3 system/sepolicy/private/radio.te
3785.  
3786. (neverallow base_typeattr_679 radio (process (ptrace)))
3787. ;;* lme
3788.  
3789. (allow radio runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
3790. (allow radio time_prop (file (read getattr map open)))
3791. (allow radio platform_compat_service (service_manager (find)))
3792. (allow radio uce_service (service_manager (find)))
3793. (allow radio emergency_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3794. (allow radio emergency_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3795. (allow radio statsd (binder (call transfer)))
3796. (allow statsd radio (binder (transfer)))
3797. (allow radio statsd (fd (use)))
3798. (allow radio property_socket (sock_file (write)))
3799. (allow radio init (unix_stream_socket (connectto)))
3800. (allow radio binder_cache_telephony_server_prop (property_service (set)))
3801. (allow radio binder_cache_telephony_server_prop (file (read getattr map open)))
3802. ;;* lmx 25 system/sepolicy/private/radio.te
3803.  
3804. (neverallow base_typeattr_680 binder_cache_telephony_server_prop (property_service (set)))
3805. ;;* lme
3806.  
3807. (allow init recovery_persist_exec (file (read getattr map execute open)))
3808. (allow init recovery_persist (process (transition)))
3809. (allow recovery_persist recovery_persist_exec (file (read getattr map execute open entrypoint)))
3810. (dontaudit init recovery_persist (process (noatsecure)))
3811. (allow init recovery_persist (process (siginh rlimitinh)))
3812. (typetransition init recovery_persist_exec process recovery_persist)
3813. ;;* lmx 11 system/sepolicy/private/recovery_persist.te
3814.  
3815. (neverallow recovery_persist base_typeattr_681 (file (write)))
3816. ;;* lme
3817.  
3818. (allow init recovery_refresh_exec (file (read getattr map execute open)))
3819. (allow init recovery_refresh (process (transition)))
3820. (allow recovery_refresh recovery_refresh_exec (file (read getattr map execute open entrypoint)))
3821. (dontaudit init recovery_refresh (process (noatsecure)))
3822. (allow init recovery_refresh (process (siginh rlimitinh)))
3823. (typetransition init recovery_refresh_exec process recovery_refresh)
3824. ;;* lmx 10 system/sepolicy/private/recovery_refresh.te
3825.  
3826. (neverallow recovery_refresh file_type (file (write)))
3827. ;;* lme
3828.  
3829. (allow rs app_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name search)))
3830. (allow rs app_exec_data_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
3831. (typetransition rs app_data_file file app_exec_data_file)
3832. (allow rs system_data_file (lnk_file (read)))
3833. (allow rs app_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3834. (allow rs app_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3835. (allow rs app_data_file (dir (remove_name)))
3836. (allow rs vendor_file (dir (ioctl read getattr lock open watch watch_reads search)))
3837. (allow rs vendor_overlay_file (dir (ioctl read getattr lock open watch watch_reads search)))
3838. (allow rs vendor_overlay_file (file (ioctl read getattr lock map open watch watch_reads)))
3839. (allow rs vendor_overlay_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3840. (allow rs vendor_app_file (dir (ioctl read getattr lock open watch watch_reads search)))
3841. (allow rs vendor_app_file (file (ioctl read getattr lock map open watch watch_reads)))
3842. (allow rs vendor_app_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3843. (allow rs apk_data_file (dir (ioctl read getattr lock open watch watch_reads search)))
3844. (allow rs apk_data_file (file (ioctl read getattr lock map open watch watch_reads)))
3845. (allow rs apk_data_file (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3846. (allow rs gpu_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
3847. (allow rs ion_device (chr_file (ioctl read getattr lock map open watch watch_reads)))
3848. (allow rs same_process_hal_file (file (ioctl read getattr lock map execute open watch watch_reads)))
3849. (allow rs untrusted_app_all (fd (use)))
3850. (allow rs ephemeral_app (fd (use)))
3851. ;;* lmx 34 system/sepolicy/private/rs.te
3852.  
3853. (neverallow rs rs (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
3854. (neverallow rs rs (capability2 (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
3855. (neverallow rs rs (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
3856. (neverallow rs rs (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read)))
3857. ;;* lme
3858.  
3859. ;;* lmx 35 system/sepolicy/private/rs.te
3860.  
3861. (neverallow base_typeattr_196 rs (process (transition dyntransition)))
3862. ;;* lme
3863.  
3864. ;;* lmx 36 system/sepolicy/private/rs.te
3865.  
3866. (neverallow rs base_typeattr_557 (process (transition dyntransition)))
3867. ;;* lme
3868.  
3869. ;;* lmx 37 system/sepolicy/private/rs.te
3870.  
3871. (neverallow rs app_data_file (file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
3872. (neverallow rs app_data_file (lnk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
3873. (neverallow rs app_data_file (chr_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm execute_no_trans entrypoint)))
3874. (neverallow rs app_data_file (blk_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
3875. (neverallow rs app_data_file (sock_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
3876. (neverallow rs app_data_file (fifo_file (write create setattr relabelfrom relabelto append unlink link rename execute quotaon mounton audit_access execmod watch_mount watch_sb watch_with_perm)))
3877. ;;* lme
3878.  
3879. ;;* lmx 39 system/sepolicy/private/rs.te
3880.  
3881. (neverallow rs base_typeattr_182 (tcp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind name_connect)))
3882. (neverallow rs base_typeattr_182 (udp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
3883. (neverallow rs base_typeattr_182 (rawip_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
3884. (neverallow rs base_typeattr_182 (icmp_socket (ioctl read write create getattr setattr lock relabelfrom relabelto append map bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind node_bind)))
3885. ;;* lme
3886.  
3887. (allow init rss_hwm_reset_exec (file (read getattr map execute open)))
3888. (allow init rss_hwm_reset (process (transition)))
3889. (allow rss_hwm_reset rss_hwm_reset_exec (file (read getattr map execute open entrypoint)))
3890. (dontaudit init rss_hwm_reset (process (noatsecure)))
3891. (allow init rss_hwm_reset (process (siginh rlimitinh)))
3892. (typetransition init rss_hwm_reset_exec process rss_hwm_reset)
3893. (allow rss_hwm_reset domain (dir (search)))
3894. (allow rss_hwm_reset self (capability (dac_override)))
3895. (allow rss_hwm_reset self (cap_userns (dac_override)))
3896. (allow rss_hwm_reset domain (file (write lock append map open)))
3897. (allow shell runas_exec (file (read getattr map execute open)))
3898. (allow shell runas (process (transition)))
3899. (allow runas runas_exec (file (read getattr map execute open entrypoint)))
3900. (allow runas shell (process (sigchld)))
3901. (dontaudit shell runas (process (noatsecure)))
3902. (allow shell runas (process (siginh rlimitinh)))
3903. (typetransition shell runas_exec process runas)
3904. (typetransition runas_app tmpfs file appdomain_tmpfs)
3905. (allow runas_app appdomain_tmpfs (file (read write getattr map execute)))
3906. ;;* lmx 3 system/sepolicy/private/runas_app.te
3907.  
3908. (neverallow base_typeattr_682 base_typeattr_683 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3909. ;;* lme
3910.  
3911. ;;* lmx 3 system/sepolicy/private/runas_app.te
3912.  
3913. (neverallow base_typeattr_684 runas_app (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3914. ;;* lme
3915.  
3916. ;;* lmx 3 system/sepolicy/private/runas_app.te
3917.  
3918. (neverallow base_typeattr_685 runas_app (process (ptrace)))
3919. ;;* lme
3920.  
3921. (allow runas_app app_data_file (file (execute_no_trans)))
3922. (allow runas_app untrusted_app_all (dir (ioctl read getattr lock open watch watch_reads search)))
3923. (allow runas_app untrusted_app_all (file (ioctl read getattr lock map open watch watch_reads)))
3924. (allow runas_app untrusted_app_all (lnk_file (ioctl read getattr lock map open watch watch_reads)))
3925. (allow runas_app untrusted_app_all (process (sigstop signal ptrace)))
3926. (allow runas_app untrusted_app_all (unix_stream_socket (connectto)))
3927. (allow runas_app simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3928. (dontaudit runas_app domain (dir (search)))
3929. (allow runas_app self (perf_event (open kernel read write)))
3930. ;;* lmx 32 system/sepolicy/private/runas_app.te
3931.  
3932. (neverallow runas_app self (perf_event (cpu tracepoint)))
3933. ;;* lme
3934.  
3935. (typetransition sdcardd system_data_file dir media_rw_data_file)
3936. (typetransition sdcardd system_data_file file media_rw_data_file)
3937. (typetransition secure_element tmpfs file appdomain_tmpfs)
3938. (allow secure_element appdomain_tmpfs (file (read write getattr map execute)))
3939. ;;* lmx 3 system/sepolicy/private/secure_element.te
3940.  
3941. (neverallow base_typeattr_686 base_typeattr_687 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3942. ;;* lme
3943.  
3944. ;;* lmx 3 system/sepolicy/private/secure_element.te
3945.  
3946. (neverallow base_typeattr_688 secure_element (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3947. ;;* lme
3948.  
3949. ;;* lmx 3 system/sepolicy/private/secure_element.te
3950.  
3951. (neverallow base_typeattr_689 secure_element (process (ptrace)))
3952. ;;* lme
3953.  
3954. (allow secure_element secure_element_service (service_manager (add find)))
3955. ;;* lmx 6 system/sepolicy/private/secure_element.te
3956.  
3957. (neverallow base_typeattr_687 secure_element_service (service_manager (add)))
3958. ;;* lme
3959.  
3960. (allow secure_element app_api_service (service_manager (find)))
3961. (allow secure_element shell_data_file (file (read)))
3962. (allow init servicemanager_exec (file (read getattr map execute open)))
3963. (allow init servicemanager (process (transition)))
3964. (allow servicemanager servicemanager_exec (file (read getattr map execute open entrypoint)))
3965. (dontaudit init servicemanager (process (noatsecure)))
3966. (allow init servicemanager (process (siginh rlimitinh)))
3967. (typetransition init servicemanager_exec process servicemanager)
3968. (allow servicemanager runtime_event_log_tags_file (file (ioctl read getattr lock map open watch watch_reads)))
3969. (allow servicemanager property_socket (sock_file (write)))
3970. (allow servicemanager init (unix_stream_socket (connectto)))
3971. (allow servicemanager ctl_interface_start_prop (property_service (set)))
3972. (allow servicemanager ctl_interface_start_prop (file (read getattr map open)))
3973. (typetransition shared_relro tmpfs file appdomain_tmpfs)
3974. (allow shared_relro appdomain_tmpfs (file (read write getattr map execute)))
3975. ;;* lmx 5 system/sepolicy/private/shared_relro.te
3976.  
3977. (neverallow base_typeattr_690 base_typeattr_691 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3978. ;;* lme
3979.  
3980. ;;* lmx 5 system/sepolicy/private/shared_relro.te
3981.  
3982. (neverallow base_typeattr_692 shared_relro (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
3983. ;;* lme
3984.  
3985. ;;* lmx 5 system/sepolicy/private/shared_relro.te
3986.  
3987. (neverallow base_typeattr_693 shared_relro (process (ptrace)))
3988. ;;* lme
3989.  
3990. (allow shell uhid_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
3991. (allow shell debugfs_tracing_debug (dir (ioctl read getattr lock open watch watch_reads search)))
3992. (allow shell debugfs_tracing (dir (ioctl read getattr lock open watch watch_reads search)))
3993. (allow shell debugfs_tracing (file (ioctl read write getattr lock append map open watch watch_reads)))
3994. (allow shell debugfs_trace_marker (file (getattr)))
3995. (allow shell atrace_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
3996. (allow shell config_gz (file (ioctl read getattr lock map open watch watch_reads)))
3997. (typetransition shell tmpfs file appdomain_tmpfs)
3998. (allow shell appdomain_tmpfs (file (read write getattr map execute)))
3999. ;;* lmx 22 system/sepolicy/private/shell.te
4000.  
4001. (neverallow base_typeattr_694 base_typeattr_695 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
4002. ;;* lme
4003.  
4004. ;;* lmx 22 system/sepolicy/private/shell.te
4005.  
4006. (neverallow base_typeattr_684 shell (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
4007. ;;* lme
4008.  
4009. ;;* lmx 22 system/sepolicy/private/shell.te
4010.  
4011. (neverallow base_typeattr_696 shell (process (ptrace)))
4012. ;;* lme
4013.  
4014. (allow shell storaged (binder (call transfer)))
4015. (allow storaged shell (binder (transfer)))
4016. (allow shell storaged (fd (use)))
4017. (allow shell selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
4018. (allow shell selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
4019. (allow shell selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
4020. (allow shell selinuxfs (file (write lock append map open)))
4021. (allow shell kernel (security (compute_av)))
4022. (allow shell self (netlink_selinux_socket (read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind)))
4023. (allow shell selinuxfs (dir (ioctl read getattr lock open watch watch_reads search)))
4024. (allow shell selinuxfs (file (ioctl read getattr lock map open watch watch_reads)))
4025. (allow shell selinuxfs (lnk_file (ioctl read getattr lock map open watch watch_reads)))
4026. (allow shell selinuxfs (file (write lock append map open)))
4027. (allow shell kernel (security (check_context)))
4028. (allow shell traced_consumer_socket (sock_file (write)))
4029. (allow shell traced (unix_stream_socket (connectto)))
4030. (allow shell traced (fd (use)))
4031. (allow shell traced_tmpfs (file (read write getattr map)))
4032. (allow shell traced_producer_socket (sock_file (write)))
4033. (allow shell traced (unix_stream_socket (connectto)))
4034. (allow traced shell (fd (use)))
4035. (allow shell vendor_shell_exec (file (read getattr map execute open)))
4036. (allow shell vendor_shell (process (transition)))
4037. (allow vendor_shell vendor_shell_exec (file (read getattr map execute open entrypoint)))
4038. (allow vendor_shell shell (process (sigchld)))
4039. (dontaudit shell vendor_shell (process (noatsecure)))
4040. (allow shell vendor_shell (process (siginh rlimitinh)))
4041. (typetransition shell vendor_shell_exec process vendor_shell)
4042. (allow shell perfetto_exec (file (read getattr map execute open)))
4043. (allow shell perfetto (process (transition)))
4044. (allow perfetto perfetto_exec (file (read getattr map execute open entrypoint)))
4045. (allow perfetto shell (process (sigchld)))
4046. (dontaudit shell perfetto (process (noatsecure)))
4047. (allow shell perfetto (process (siginh rlimitinh)))
4048. (typetransition shell perfetto_exec process perfetto)
4049. (allow shell perfetto (process (signal)))
4050. (allow shell statsd (binder (call transfer)))
4051. (allow statsd shell (binder (transfer)))
4052. (allow shell statsd (fd (use)))
4053. (allow shell perfetto_traces_data_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
4054. (allow shell perfetto_traces_data_file (file (ioctl read getattr lock map unlink open watch watch_reads)))
4055. (allow shell gpuservice (binder (call transfer)))
4056. (allow gpuservice shell (binder (transfer)))
4057. (allow shell gpuservice (fd (use)))
4058. (allow shell proc_net_tcp_udp (file (ioctl read getattr lock map open watch watch_reads)))
4059. (allow shell system_linker_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
4060. (allow shell rs_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
4061. (allow shell property_socket (sock_file (write)))
4062. (allow shell init (unix_stream_socket (connectto)))
4063. (allow shell lpdumpd_prop (property_service (set)))
4064. (allow shell lpdumpd_prop (file (read getattr map open)))
4065. (allow shell lpdumpd (binder (call transfer)))
4066. (allow lpdumpd shell (binder (transfer)))
4067. (allow shell lpdumpd (fd (use)))
4068. (allow shell property_socket (sock_file (write)))
4069. (allow shell init (unix_stream_socket (connectto)))
4070. (allow shell userspace_reboot_test_prop (property_service (set)))
4071. (allow shell userspace_reboot_test_prop (file (read getattr map open)))
4072. (allowx shell shell_data_file (ioctl dir ((range 0x6615 0x6616))))
4073. (allow shell simpleperf_exec (file (ioctl read getattr lock map execute open watch watch_reads execute_no_trans)))
4074. (allow shell self (perf_event (open kernel read write)))
4075. ;;* lmx 92 system/sepolicy/private/shell.te
4076.  
4077. (neverallow shell self (perf_event (cpu tracepoint)))
4078. ;;* lme
4079.  
4080. (allow shell graphics_config_prop (file (read getattr map open)))
4081. (allow base_typeattr_697 simpleperf_exec (file (read getattr map execute open)))
4082. (allow base_typeattr_697 simpleperf (process (transition)))
4083. (allow simpleperf simpleperf_exec (file (read getattr map execute open entrypoint)))
4084. (allow simpleperf base_typeattr_697 (process (sigchld)))
4085. (dontaudit base_typeattr_697 simpleperf (process (noatsecure)))
4086. (allow base_typeattr_697 simpleperf (process (siginh rlimitinh)))
4087. (typetransition base_typeattr_697 simpleperf_exec process simpleperf)
4088. (typetransition simpleperf tmpfs file appdomain_tmpfs)
4089. (allow simpleperf appdomain_tmpfs (file (read write getattr map execute)))
4090. ;;* lmx 14 system/sepolicy/private/simpleperf.te
4091.  
4092. (neverallow base_typeattr_698 base_typeattr_699 (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
4093. ;;* lme
4094.  
4095. ;;* lmx 14 system/sepolicy/private/simpleperf.te
4096.  
4097. (neverallow base_typeattr_684 simpleperf (file (ioctl read write create setattr lock relabelfrom append unlink link rename open watch watch_mount watch_sb watch_with_perm watch_reads)))
4098. ;;* lme
4099.  
4100. ;;* lmx 14 system/sepolicy/private/simpleperf.te
4101.  
4102. (neverallow base_typeattr_685 simpleperf (process (ptrace)))
4103. ;;* lme
4104.  
4105. (allow simpleperf untrusted_app_all (process (ptrace)))
4106. (allow simpleperf self (perf_event (open kernel read write)))
4107. (allow simpleperf untrusted_app_all (dir (ioctl read getattr lock open watch watch_reads search)))
4108. (allow simpleperf untrusted_app_all (file (ioctl read getattr lock map open watch watch_reads)))
4109. (allow simpleperf untrusted_app_all (lnk_file (ioctl read getattr lock map open watch watch_reads)))
4110. (dontaudit simpleperf domain (dir (search)))
4111. ;;* lmx 37 system/sepolicy/private/simpleperf.te
4112.  
4113. (neverallow simpleperf self (perf_event (cpu tracepoint)))
4114. ;;* lme
4115.  
4116. (allow shell simpleperf_app_runner_exec (file (read getattr map execute open)))
4117. (allow shell simpleperf_app_runner (process (transition)))
4118. (allow simpleperf_app_runner simpleperf_app_runner_exec (file (read getattr map execute open entrypoint)))
4119. (allow simpleperf_app_runner shell (process (sigchld)))
4120. (dontaudit shell simpleperf_app_runner (process (noatsecure)))
4121. (allow shell simpleperf_app_runner (process (siginh rlimitinh)))
4122. (typetransition shell simpleperf_app_runner_exec process simpleperf_app_runner)
4123. (allow init snapshotctl_exec (file (read getattr map execute open)))
4124. (allow init snapshotctl (process (transition)))
4125. (allow snapshotctl snapshotctl_exec (file (read getattr map execute open entrypoint)))
4126. (dontaudit init snapshotctl (process (noatsecure)))
4127. (allow init snapshotctl (process (siginh rlimitinh)))
4128. (typetransition init snapshotctl_exec process snapshotctl)
4129. (allow snapshotctl property_socket (sock_file (write)))
4130. (allow snapshotctl init (unix_stream_socket (connectto)))
4131. (allow snapshotctl ctl_gsid_prop (property_service (set)))
4132. (allow snapshotctl ctl_gsid_prop (file (read getattr map open)))
4133. (allow snapshotctl servicemanager (binder (call transfer)))
4134. (allow servicemanager snapshotctl (binder (call transfer)))
4135. (allow servicemanager snapshotctl (dir (search)))
4136. (allow servicemanager snapshotctl (file (read open)))
4137. (allow servicemanager snapshotctl (process (getattr)))
4138. (allow snapshotctl gsi_service (service_manager (find)))
4139. (allow snapshotctl gsid (binder (call transfer)))
4140. (allow gsid snapshotctl (binder (transfer)))
4141. (allow snapshotctl gsid (fd (use)))
4142. (allow snapshotctl metadata_file (dir (search)))
4143. (allow snapshotctl ota_metadata_file (dir (ioctl read write getattr lock open watch watch_reads add_name remove_name search)))
4144. (allow snapshotctl ota_metadata_file (file (ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads)))
4145. (allow snapshotctl sysfs_dt_firmware_android (dir (ioctl read getattr lock open watch watch_reads search)))
4146. (allow snapshotctl sysfs_dt_firmware_android (file (ioctl read getattr lock map open watch watch_reads)))
4147. (allow snapshotctl sysfs_dt_firmware_android (lnk_file (ioctl read getattr lock map open watch watch_reads)))
4148. (allow snapshotctl proc_cmdline (file (ioctl read getattr lock map open watch watch_reads)))
4149. (allow snapshotctl block_device (dir (ioctl read getattr lock open watch watch_reads search)))
4150. (allow snapshotctl super_block_device (blk_file (ioctl read getattr lock map open watch watch_reads)))
4151. (allow snapshotctl dm_device (chr_file (ioctl read write getattr lock append map open watch watch_reads)))
4152. (allow snapshotctl self (capability (sys_admin)))
4153. (allow snapshotctl self (cap_userns (sys_admin)))
4154. (allow snapshotctl hwservicemanager (binder (call transfer)))
4155. (allow hwservicemanager snapshotctl (binder (call transfer)))
4156. (allow hwservicemanager snapshotctl (dir (search)))
4157. (allow hwservicemanager snapshotctl (file (read map open)))
4158. (allow hwservicemanager snapshotctl (process (getattr)))
4159. (allow snapshotctl statsdw_socket (sock_file (write)))
4160. (allow snapshotctl statsd (unix_dgram_socket (sendto)))
4161. (allow shell stats_exec (file (read getattr map execute open)))
4162. (allow shell stats (process (transition)))
4163. (allow stats stats_exec (file (read getattr map execute open entrypoint)))
4164. (allow stats shell (process (sigchld)))
4165. (dontaudit shell stats (process (noatsecure)))
4166. (allow shell stats (process (siginh rlimitinh)))
4167. (typetransition shell stats_exec process stats)
4168. (allow stats shell (fd (use)))
4169. (allow stats adbd (fd (use)))
4170. (allow stats adbd (unix_stream_socket (read write)))
4171. (allow stats adbd (process (sigchld)))
4172. (allow stats servicemanager (binder (call transfer)))
4173. (allow servicemanager stats (binder (call transfer)))
4174. (allow servicemanager stats (dir (search)))
4175. (allow servicemanager stats (file (read open)))
4176. (allow servicemanager stats (process (getattr)))
4177. (allow stats stats_service (service_manager (find)))
4178. (allow stats statsd (binder (call transfer)))
4179. (allow statsd stats (binder (transfer)))
4180. (allow stats statsd (fd (use)))
4181. (allow stats statsd (fifo_file (write)))
4182. (allow statsd stats_service (service_manager (add find)))
4183. ;;* lmx 27 system/sepolicy/private/stats.te
4184.  
4185. (neverallow base_typeattr_700 stats_service (service_manager (add)))
4186. ;;* lme
4187.  
4188. (allow statsd stats (fd (use)))
4189. (allow statsd stats (fifo_file (write)))
4190. (allow statsd stats (binder (call transfer)))
4191. (allow stats statsd (binder (transfer)))
4192. (allow statsd stats (fd (use)))
4193. ;;* lmx 55 system/sepolicy/private/stats.te
4194.  
4195. (neverallow base_typeattr_701 stats_service (service_manager (find)))
4196. ;;* lme
4197.  
4198.