Lines Matching refs:domain
10 # Old domain may exec the file and transition to the new domain.
13 # New domain is entered by executing the file.
15 # New domain can send SIGCHLD to its caller.
36 # file_type_trans(domain, dir_type, file_type)
37 # Allow domain to create a file labeled file_type in a
44 # Allow the domain to add entries to the directory.
46 # Allow the domain to create the file.
52 # file_type_auto_trans(domain, dir_type, file_type)
54 # they are created by domain in directories labeled dir_type.
65 # r_dir_file(domain, type)
66 # Allow the specified domain to read directories, files
74 # tmpfs_domain(domain)
76 # this domain when creating tmpfs / shmem / ashmem files.
113 # Mark the server domain as a PDX server.
117 # Allow the server domain to use the endpoint socket and accept connections on it.
121 # Allow the server domain to apply security context label to the channel socket pair (allow process…
123 # Allow the server domain to create a client channel socket.
126 neverallow {domain -$1} pdx_$2_endpoint_socket_type:unix_stream_socket { listen accept };
162 # init_daemon_domain(domain)
163 # Set up a transition from init to the daemon domain
171 # app_domain(domain)
179 neverallow { $1 -shell } { domain -$1 }:file no_rw_file_perms;
184 # untrusted_app_domain(domain)
191 # net_domain(domain)
198 # bluetooth_domain(domain)
216 neverallow { hal_$1_server -halserverdomain } domain:process fork;
220 # hal_server_domain(domain, hal_type)
221 # Allow a base set of permissions required for a domain to offer a
225 # type hal_foo_default, domain;
235 # hal_client_domain(domain, hal_type)
236 # Allow a base set of permissions required for a domain to be a
259 # passthrough_hal_client_domain(domain, hal_type)
260 # Allow a base set of permissions required for a domain to be a
297 # Allows source domain to set the
308 # Allows source domain to read the
325 # binder_use(domain)
326 # Allow domain to use Binder IPC.
335 # all domains in domain.te.
339 # hwbinder_use(domain)
340 # Allow domain to use HwBinder IPC.
351 # all domains in domain.te.
355 # vndbinder_use(domain)
356 # Allow domain to use Binder IPC.
372 # Call the server domain and optionally transfer references to it.
381 # binder_service(domain)
382 # Mark a domain as being a Binder service domain.
389 # wakelock_use(domain)
390 # Allow domain to manage wake locks
399 # selinux_check_access(domain)
400 # Allow domain to check SELinux permissions via selinuxfs.
409 # selinux_check_context(domain)
410 # Allow domain to check SELinux contexts via selinuxfs.
418 # create_pty(domain)
419 # Allow domain to create and use a pty, isolated from any other domain ptys.
421 # Each domain gets a unique devpts type.
433 # allowed to everyone via domain.te.
520 # write_logd(domain)
529 # read_logd(domain)
538 # read_runtime_log_tags(domain)
545 # control_logd(domain)
555 # use_keystore(domain)
569 # use_drmservice(domain)
579 # add_service(domain, service)
580 # Ability for domain to add a service to service_manager
585 neverallow { domain -$1 } $2:service_manager add;
589 # add_hwservice(domain, service)
590 # Ability for domain to add a service to hwservice_manager
596 neverallow { domain -$1 } $2:hwservice_manager add;