1###################################### 2# Attribute declarations 3# 4 5# All types used for devices. 6# On change, update CHECK_FC_ASSERT_ATTRS 7# in tools/checkfc.c 8attribute dev_type; 9 10# All types used for processes. 11attribute domain; 12 13# All types used for filesystems. 14# On change, update CHECK_FC_ASSERT_ATTRS 15# definition in tools/checkfc.c. 16attribute fs_type; 17 18# All types used for context= mounts. 19attribute contextmount_type; 20 21# All types used for files that can exist on a labeled fs. 22# Do not use for pseudo file types. 23# On change, update CHECK_FC_ASSERT_ATTRS 24# definition in tools/checkfc.c. 25attribute file_type; 26 27# All types used for domain entry points. 28attribute exec_type; 29 30# All types used for /data files. 31attribute data_file_type; 32expandattribute data_file_type false; 33# All types in /data, not in /data/vendor 34attribute core_data_file_type; 35expandattribute core_data_file_type false; 36 37# All types in /system 38attribute system_file_type; 39 40# All types in /vendor 41attribute vendor_file_type; 42 43# All types used for procfs files. 44attribute proc_type; 45expandattribute proc_type false; 46 47# Types in /proc/net, excluding qtaguid types. 48# TODO(b/9496886) Lock down access to /proc/net. 49# This attribute is used to audit access to proc_net. it is temporary and will 50# be removed. 51attribute proc_net_type; 52expandattribute proc_net_type true; 53 54# All types used for sysfs files. 55attribute sysfs_type; 56 57# All types use for debugfs files. 58attribute debugfs_type; 59 60# Attribute used for all sdcards 61attribute sdcard_type; 62 63# All types used for nodes/hosts. 64attribute node_type; 65 66# All types used for network interfaces. 67attribute netif_type; 68 69# All types used for network ports. 70attribute port_type; 71 72# All types used for property service 73# On change, update CHECK_PC_ASSERT_ATTRS 74# definition in tools/checkfc.c. 75attribute property_type; 76 77# All properties defined in core SELinux policy. Should not be 78# used by device specific properties 79attribute core_property_type; 80 81# All properties used to configure log filtering. 82attribute log_property_type; 83 84# All properties that are not specific to device but are added from 85# outside of AOSP. (e.g. OEM-specific properties) 86# These properties are not accessible from device-specific domains 87attribute extended_core_property_type; 88 89# All service_manager types created by system_server 90attribute system_server_service; 91 92# services which should be available to all but isolated apps 93attribute app_api_service; 94 95# services which should be available to all ephemeral apps 96attribute ephemeral_app_api_service; 97 98# services which export only system_api 99attribute system_api_service; 100 101# All types used for services managed by servicemanager. 102# On change, update CHECK_SC_ASSERT_ATTRS 103# definition in tools/checkfc.c. 104attribute service_manager_type; 105 106# All types used for services managed by hwservicemanager 107attribute hwservice_manager_type; 108 109# All HwBinder services guaranteed to be passthrough. These services always run 110# in the process of their clients, and thus operate with the same access as 111# their clients. 112attribute same_process_hwservice; 113 114# All HwBinder services guaranteed to be offered only by core domain components 115attribute coredomain_hwservice; 116 117# All types used for services managed by vndservicemanager 118attribute vndservice_manager_type; 119 120 121# All domains that can override MLS restrictions. 122# i.e. processes that can read up and write down. 123attribute mlstrustedsubject; 124 125# All types that can override MLS restrictions. 126# i.e. files that can be read by lower and written by higher 127attribute mlstrustedobject; 128 129# All domains used for apps. 130attribute appdomain; 131 132# All third party apps. 133attribute untrusted_app_all; 134 135# All domains used for apps with network access. 136attribute netdomain; 137 138# All domains used for apps with bluetooth access. 139attribute bluetoothdomain; 140 141# All domains used for binder service domains. 142attribute binderservicedomain; 143 144# update_engine related domains that need to apply an update and run 145# postinstall. This includes the background daemon and the sideload tool from 146# recovery for A/B devices. 147attribute update_engine_common; 148 149# All core domains (as opposed to vendor/device-specific domains) 150attribute coredomain; 151 152# All socket devices owned by core domain components 153attribute coredomain_socket; 154expandattribute coredomain_socket false; 155 156# All vendor domains which violate the requirement of not using Binder 157# TODO(b/35870313): Remove this once there are no violations 158attribute binder_in_vendor_violators; 159expandattribute binder_in_vendor_violators false; 160 161# All vendor domains which violate the requirement of not using sockets for 162# communicating with core components 163# TODO(b/36577153): Remove this once there are no violations 164attribute socket_between_core_and_vendor_violators; 165expandattribute socket_between_core_and_vendor_violators false; 166 167# All vendor domains which violate the requirement of not executing 168# system processes 169# TODO(b/36463595) 170attribute vendor_executes_system_violators; 171expandattribute vendor_executes_system_violators false; 172 173# All domains which violate the requirement of not sharing files by path 174# between between vendor and core domains. 175# TODO(b/34980020) 176attribute data_between_core_and_vendor_violators; 177expandattribute data_between_core_and_vendor_violators false; 178 179# All system domains which violate the requirement of not executing vendor 180# binaries/libraries. 181# TODO(b/62041836) 182attribute system_executes_vendor_violators; 183expandattribute system_executes_vendor_violators false; 184 185# All system domains which violate the requirement of not writing vendor 186# properties. 187# TODO(b/78598545): Remove this once there are no violations 188attribute system_writes_vendor_properties_violators; 189expandattribute system_writes_vendor_properties_violators false; 190 191# All system domains which violate the requirement of not writing to 192# /mnt/vendor/*. Must not be used on devices launched with P or later. 193attribute system_writes_mnt_vendor_violators; 194expandattribute system_writes_mnt_vendor_violators false; 195 196# hwservices that are accessible from untrusted applications 197# WARNING: Use of this attribute should be avoided unless 198# absolutely necessary. It is a temporary allowance to aid the 199# transition to treble and will be removed in a future platform 200# version, requiring all hwservices that are labeled with this 201# attribute to be submitted to AOSP in order to maintain their 202# app-visibility. 203attribute untrusted_app_visible_hwservice_violators; 204expandattribute untrusted_app_visible_hwservice_violators false; 205 206# halserver domains that are accessible to untrusted applications. These 207# domains are typically those hosting hwservices attributed by the 208# untrusted_app_visible_hwservice_violators. 209# WARNING: Use of this attribute should be avoided unless absolutely necessary. 210# It is a temporary allowance to aid the transition to treble and will be 211# removed in the future platform version, requiring all halserver domains that 212# are labeled with this attribute to be submitted to AOSP in order to maintain 213# their app-visibility. 214attribute untrusted_app_visible_halserver_violators; 215expandattribute untrusted_app_visible_halserver_violators false; 216 217# PDX services 218attribute pdx_endpoint_dir_type; 219attribute pdx_endpoint_socket_type; 220expandattribute pdx_endpoint_socket_type false; 221attribute pdx_channel_socket_type; 222expandattribute pdx_channel_socket_type false; 223 224pdx_service_attributes(display_client) 225pdx_service_attributes(display_manager) 226pdx_service_attributes(display_screenshot) 227pdx_service_attributes(display_vsync) 228pdx_service_attributes(performance_client) 229pdx_service_attributes(bufferhub_client) 230 231# All HAL servers 232attribute halserverdomain; 233# All HAL clients 234attribute halclientdomain; 235expandattribute halclientdomain true; 236 237# Exempt for halserverdomain to access sockets. Only builds for automotive 238# device types are allowed to use this attribute (enforced by CTS). 239# Unlike phone, in a car many modules are external from Android perspective and 240# HALs should be able to communicate with those devices through sockets. 241attribute hal_automotive_socket_exemption; 242 243# HALs 244hal_attribute(allocator); 245hal_attribute(atrace); 246hal_attribute(audio); 247hal_attribute(audiocontrol); 248hal_attribute(authsecret); 249hal_attribute(bluetooth); 250hal_attribute(bootctl); 251hal_attribute(bufferhub); 252hal_attribute(broadcastradio); 253hal_attribute(camera); 254hal_attribute(cas); 255hal_attribute(codec2); 256hal_attribute(configstore); 257hal_attribute(confirmationui); 258hal_attribute(contexthub); 259hal_attribute(drm); 260hal_attribute(dumpstate); 261hal_attribute(evs); 262hal_attribute(face); 263hal_attribute(fingerprint); 264hal_attribute(gatekeeper); 265hal_attribute(gnss); 266hal_attribute(graphics_allocator); 267hal_attribute(graphics_composer); 268hal_attribute(health); 269hal_attribute(health_storage); 270hal_attribute(input_classifier); 271hal_attribute(ir); 272hal_attribute(keymaster); 273hal_attribute(light); 274hal_attribute(lowpan); 275hal_attribute(memtrack); 276hal_attribute(neuralnetworks); 277hal_attribute(nfc); 278hal_attribute(oemlock); 279hal_attribute(omx); 280hal_attribute(power); 281hal_attribute(power_stats); 282hal_attribute(secure_element); 283hal_attribute(sensors); 284hal_attribute(telephony); 285hal_attribute(tetheroffload); 286hal_attribute(thermal); 287hal_attribute(tv_cec); 288hal_attribute(tv_input); 289hal_attribute(usb); 290hal_attribute(usb_gadget); 291hal_attribute(vehicle); 292hal_attribute(vibrator); 293hal_attribute(vr); 294hal_attribute(weaver); 295hal_attribute(wifi); 296hal_attribute(wifi_hostapd); 297hal_attribute(wifi_offload); 298hal_attribute(wifi_supplicant); 299 300# HwBinder services offered across the core-vendor boundary 301# 302# We annotate server domains with x_server to loosen the coupling between 303# system and vendor images. For example, it should be possible to move a service 304# from one core domain to another, without having to update the vendor image 305# which contains clients of this service. 306 307attribute camera_service_server; 308attribute display_service_server; 309attribute scheduler_service_server; 310attribute sensor_service_server; 311attribute stats_service_server; 312attribute system_suspend_server; 313attribute wifi_keystore_service_server; 314 315# All types used for super partition block devices. 316attribute super_block_device_type; 317