Lines Matching refs:apps

25 # Do not allow untrusted apps to register services.
30 # Do not allow untrusted apps to use VendorBinder
34 # Do not allow untrusted apps to connect to the property service
40 # net.dns properties are not a public API. Temporarily exempt pre-Oreo apps,
41 # but otherwise disallow untrusted apps from reading this property.
44 # Do not allow untrusted apps to be assigned mlstrustedsubject.
54 # Do not allow untrusted apps to hard link to any files.
58 # bugs, so we want to ensure untrusted apps never have this
62 # Do not allow untrusted apps to access network MAC address file
85 # Do not allow untrusted apps access to /cache
89 # Do not allow untrusted apps to create/unlink files outside of its sandbox,
98   -app_data_file            # The apps sandbox itself
99   -media_rw_data_file       # Internal storage. Known that apps can
111 # Do not allow untrusted apps to directly open tun_device
139 # Do not allow untrusted apps access to preloads data files
146 # Do not permit untrusted apps to perform actions on HwBinder service_manager
150 # Do not permit access from apps which host arbitrary code to HwBinder services,
151 # except those considered sufficiently safe for access from such apps.
155 #    HwBinder services either operate at a level below that of apps (e.g., HALs)
173 #   by surfaceflinger Binder service, which apps are permitted to access
175 #   Binder service which apps were permitted to access.
242 # SELinux is not an API for untrusted apps to use
245 # Restrict *Binder access from apps to HAL domains. We can only do this on full
246 # Treble devices where *Binder communications between apps and HALs are tightly
261 # Untrusted apps are not allowed to find mediaextractor update service.