Lines Matching refs:apps
25 # Do not allow untrusted apps to register services.
30 # Do not allow untrusted apps to use VendorBinder
34 # Do not allow untrusted apps to connect to the property service
40 # net.dns properties are not a public API. Temporarily exempt pre-Oreo apps,
41 # but otherwise disallow untrusted apps from reading this property.
50 # Block calling execve() on files in an apps home directory.
61 # Do not allow untrusted apps to invoke dex2oat. This was historically required
63 # Exempt legacy apps (targetApi<=28) for compatibility.
70 # Do not allow untrusted apps to be assigned mlstrustedsubject.
80 # Do not allow untrusted apps to hard link to any files.
84 # bugs, so we want to ensure untrusted apps never have this
88 # Do not allow untrusted apps to access network MAC address file
115 # Do not allow untrusted apps access to /cache
119 # Do not allow untrusted apps to create/unlink files outside of its sandbox,
128 -app_data_file # The apps sandbox itself
131 -media_rw_data_file # Internal storage. Known that apps can
143 # Do not allow untrusted apps to directly open the tun_device
197 # Do not allow untrusted apps access to preloads data files
204 # Do not permit untrusted apps to perform actions on HwBinder service_manager
208 # Do not permit access from apps which host arbitrary code to HwBinder services,
209 # except those considered sufficiently safe for access from such apps.
213 # HwBinder services either operate at a level below that of apps (e.g., HALs)
231 # by surfaceflinger Binder service, which apps are permitted to access
233 # Binder service which apps were permitted to access.
304 # SELinux is not an API for untrusted apps to use
307 # Restrict *Binder access from apps to HAL domains. We can only do this on full
308 # Treble devices where *Binder communications between apps and HALs are tightly
325 # Access to /proc/tty/drivers, to allow apps to determine if they
333 # Untrusted apps are not allowed to use cgroups.
336 # Untrusted apps targetting >= Q are not allowed to open /dev/ashmem directly.