1###################################### 2# Attribute declarations 3# 4 5# All types used for devices. 6# On change, update CHECK_FC_ASSERT_ATTRS 7# in tools/checkfc.c 8attribute dev_type; 9 10# All types used for processes. 11attribute domain; 12 13# All types used for filesystems. 14# On change, update CHECK_FC_ASSERT_ATTRS 15# definition in tools/checkfc.c. 16attribute fs_type; 17 18# All types used for context= mounts. 19attribute contextmount_type; 20 21# All types used for files that can exist on a labeled fs. 22# Do not use for pseudo file types. 23# On change, update CHECK_FC_ASSERT_ATTRS 24# definition in tools/checkfc.c. 25attribute file_type; 26 27# All types used for domain entry points. 28attribute exec_type; 29 30# All types used for /data files. 31attribute data_file_type; 32expandattribute data_file_type false; 33# All types in /data, not in /data/vendor 34attribute core_data_file_type; 35expandattribute core_data_file_type false; 36# All types in /vendor 37attribute vendor_file_type; 38 39# All types used for procfs files. 40attribute proc_type; 41expandattribute proc_type false; 42 43# All types used for sysfs files. 44attribute sysfs_type; 45 46# All types use for debugfs files. 47attribute debugfs_type; 48 49# Attribute used for all sdcards 50attribute sdcard_type; 51 52# All types used for nodes/hosts. 53attribute node_type; 54 55# All types used for network interfaces. 56attribute netif_type; 57 58# All types used for network ports. 59attribute port_type; 60 61# All types used for property service 62# On change, update CHECK_PC_ASSERT_ATTRS 63# definition in tools/checkfc.c. 64attribute property_type; 65 66# All properties defined in core SELinux policy. Should not be 67# used by device specific properties 68attribute core_property_type; 69 70# All properties used to configure log filtering. 71attribute log_property_type; 72 73# All properties that are not specific to device but are added from 74# outside of AOSP. (e.g. OEM-specific properties) 75# These properties are not accessible from device-specific domains 76attribute extended_core_property_type; 77 78# All service_manager types created by system_server 79attribute system_server_service; 80 81# services which should be available to all but isolated apps 82attribute app_api_service; 83 84# services which should be available to all ephemeral apps 85attribute ephemeral_app_api_service; 86 87# services which export only system_api 88attribute system_api_service; 89 90# All types used for services managed by servicemanager. 91# On change, update CHECK_SC_ASSERT_ATTRS 92# definition in tools/checkfc.c. 93attribute service_manager_type; 94 95# All types used for services managed by hwservicemanager 96attribute hwservice_manager_type; 97 98# All HwBinder services guaranteed to be passthrough. These services always run 99# in the process of their clients, and thus operate with the same access as 100# their clients. 101attribute same_process_hwservice; 102 103# All HwBinder services guaranteed to be offered only by core domain components 104attribute coredomain_hwservice; 105 106# All types used for services managed by vndservicemanager 107attribute vndservice_manager_type; 108 109 110# All domains that can override MLS restrictions. 111# i.e. processes that can read up and write down. 112attribute mlstrustedsubject; 113 114# All types that can override MLS restrictions. 115# i.e. files that can be read by lower and written by higher 116attribute mlstrustedobject; 117 118# All domains used for apps. 119attribute appdomain; 120 121# All third party apps. 122attribute untrusted_app_all; 123 124# All domains used for apps with network access. 125attribute netdomain; 126 127# All domains used for apps with bluetooth access. 128attribute bluetoothdomain; 129 130# All domains used for binder service domains. 131attribute binderservicedomain; 132 133# update_engine related domains that need to apply an update and run 134# postinstall. This includes the background daemon and the sideload tool from 135# recovery for A/B devices. 136attribute update_engine_common; 137 138# All core domains (as opposed to vendor/device-specific domains) 139attribute coredomain; 140 141# All socket devices owned by core domain components 142attribute coredomain_socket; 143expandattribute coredomain_socket false; 144 145# All vendor domains which violate the requirement of not using Binder 146# TODO(b/35870313): Remove this once there are no violations 147attribute binder_in_vendor_violators; 148expandattribute binder_in_vendor_violators false; 149 150# All vendor domains which violate the requirement of not using sockets for 151# communicating with core components 152# TODO(b/36577153): Remove this once there are no violations 153attribute socket_between_core_and_vendor_violators; 154expandattribute socket_between_core_and_vendor_violators false; 155 156# All vendor domains which violate the requirement of not executing 157# system processes 158# TODO(b/36463595) 159attribute vendor_executes_system_violators; 160expandattribute vendor_executes_system_violators false; 161 162# All domains which violate the requirement of not sharing files by path 163# between between vendor and core domains. 164# TODO(b/34980020) 165attribute data_between_core_and_vendor_violators; 166expandattribute data_between_core_and_vendor_violators false; 167 168# All system domains which violate the requirement of not executing vendor 169# binaries/libraries. 170# TODO(b/62041836) 171attribute system_executes_vendor_violators; 172expandattribute system_executes_vendor_violators false; 173 174# All system domains which violate the requirement of not writing vendor 175# properties. 176# TODO(b/78598545): Remove this once there are no violations 177attribute system_writes_vendor_properties_violators; 178expandattribute system_writes_vendor_properties_violators false; 179 180# hwservices that are accessible from untrusted applications 181# WARNING: Use of this attribute should be avoided unless 182# absolutely necessary. It is a temporary allowance to aid the 183# transition to treble and will be removed in a future platform 184# version, requiring all hwservices that are labeled with this 185# attribute to be submitted to AOSP in order to maintain their 186# app-visibility. 187attribute untrusted_app_visible_hwservice; 188expandattribute untrusted_app_visible_hwservice false; 189 190# halserver domains that are accessible to untrusted applications. These 191# domains are typically those hosting hwservices attributed by the 192# untrusted_app_visible_hwservice. 193# WARNING: Use of this attribute should be avoided unless absolutely necessary. 194# It is a temporary allowance to aid the transition to treble and will be 195# removed in the future platform version, requiring all halserver domains that 196# are labeled with this attribute to be submitted to AOSP in order to maintain 197# their app-visibility. 198attribute untrusted_app_visible_halserver; 199expandattribute untrusted_app_visible_halserver false; 200 201# PDX services 202attribute pdx_endpoint_dir_type; 203attribute pdx_endpoint_socket_type; 204expandattribute pdx_endpoint_socket_type false; 205attribute pdx_channel_socket_type; 206expandattribute pdx_channel_socket_type false; 207 208pdx_service_attributes(display_client) 209pdx_service_attributes(display_manager) 210pdx_service_attributes(display_screenshot) 211pdx_service_attributes(display_vsync) 212pdx_service_attributes(performance_client) 213pdx_service_attributes(bufferhub_client) 214 215# All HAL servers 216attribute halserverdomain; 217# All HAL clients 218attribute halclientdomain; 219expandattribute halclientdomain true; 220 221# Exempt for halserverdomain to access sockets. Only builds for automotive 222# device types are allowed to use this attribute (enforced by CTS). 223# Unlike phone, in a car many modules are external from Android perspective and 224# HALs should be able to communicate with those devices through sockets. 225attribute hal_automotive_socket_exemption; 226 227# TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts 228# can be resolve. 229attribute hal_audio; 230attribute hal_audio_client; 231expandattribute hal_audio_client true; 232attribute hal_audio_server; 233expandattribute hal_audio_server false; 234 235attribute hal_bootctl; 236attribute hal_bootctl_client; 237expandattribute hal_bootctl_client true; 238attribute hal_bootctl_server; 239expandattribute hal_bootctl_server false; 240 241attribute hal_camera; 242attribute hal_camera_client; 243expandattribute hal_camera_client true; 244attribute hal_camera_server; 245expandattribute hal_camera_server false; 246 247attribute hal_drm; 248attribute hal_drm_client; 249expandattribute hal_drm_client true; 250attribute hal_drm_server; 251expandattribute hal_drm_server false; 252 253attribute hal_cas; 254attribute hal_cas_client; 255expandattribute hal_cas_client true; 256attribute hal_cas_server; 257expandattribute hal_cas_server false; 258 259# HALs 260hal_attribute(allocator); 261hal_attribute(audiocontrol); 262hal_attribute(authsecret); 263hal_attribute(bluetooth); 264hal_attribute(broadcastradio); 265hal_attribute(configstore); 266hal_attribute(confirmationui); 267hal_attribute(contexthub); 268hal_attribute(dumpstate); 269hal_attribute(evs); 270hal_attribute(fingerprint); 271hal_attribute(gatekeeper); 272hal_attribute(gnss); 273hal_attribute(graphics_allocator); 274hal_attribute(graphics_composer); 275hal_attribute(health); 276hal_attribute(ir); 277hal_attribute(keymaster); 278hal_attribute(light); 279hal_attribute(lowpan); 280hal_attribute(memtrack); 281hal_attribute(neuralnetworks); 282hal_attribute(nfc); 283hal_attribute(oemlock); 284hal_attribute(power); 285hal_attribute(secure_element); 286hal_attribute(sensors); 287hal_attribute(telephony); 288hal_attribute(tetheroffload); 289hal_attribute(thermal); 290hal_attribute(tv_cec); 291hal_attribute(tv_input); 292hal_attribute(usb); 293hal_attribute(usb_gadget); 294hal_attribute(vehicle); 295hal_attribute(vibrator); 296hal_attribute(vr); 297hal_attribute(weaver); 298hal_attribute(wifi); 299hal_attribute(wifi_hostapd); 300hal_attribute(wifi_offload); 301hal_attribute(wifi_supplicant); 302 303# HwBinder services offered across the core-vendor boundary 304# 305# We annotate server domains with x_server to loosen the coupling between 306# system and vendor images. For example, it should be possible to move a service 307# from one core domain to another, without having to update the vendor image 308# which contains clients of this service. 309 310attribute display_service_server; 311attribute wifi_keystore_service_server; 312