Home
last modified time | relevance | path

Searched refs:rule (Results 1 – 25 of 118) sorted by relevance

12345

/system/logging/logd/
DPruneList.cpp176 for (const auto& rule : low_priority_prune_) { in Format() local
177 prune_rules.emplace_back(rule.Format()); in Format()
179 for (const auto& rule : high_priority_prune_) { in Format() local
180 prune_rules.emplace_back("~" + rule.Format()); in Format()
186 for (const auto& rule : high_priority_prune_) { in IsHighPriority() local
187 if (rule.Matches(element)) { in IsHighPriority()
195 for (const auto& rule : low_priority_prune_) { in IsLowPriority() local
196 if (rule.Matches(element)) { in IsLowPriority()
/system/sepolicy/build/soong/
Dselinux_contexts.go280 rule := android.NewRuleBuilder(pctx, ctx)
282 rule.Command().
290 rule.Temporary(ret)
294 rule.Command().
303 rule.Temporary(ret)
307 rule.Command().
315 rule.Build("selinux_contexts", "building contexts: "+m.Name())
317 rule.DeleteTemporaryFiles()
327 rule := android.NewRuleBuilder(pctx, ctx)
342 rule.Command().
[all …]
Dpolicy.go147 rule := android.NewRuleBuilder(pctx, ctx)
148 rule.Command().Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
169 rule.Build("conf", "Transform policy to conf: "+ctx.ModuleName())
267 rule := android.NewRuleBuilder(pctx, ctx)
268 rule.Command().BuiltTool("checkpolicy").
276 rule.Command().Text("cat").
282 rule.Command().BuiltTool("build_sepolicy").
290 rule.Command().Text("grep -v").
301 secilcCmd := rule.Command().BuiltTool("secilc").
316 rule.Build("cil", "Building cil for "+ctx.ModuleName())
Dversioned_policy.go105 rule := android.NewRuleBuilder(pctx, ctx)
112 versionCmd := rule.Command().BuiltTool("version_policy").
132 rule.Command().BuiltTool("build_sepolicy").
140 rule.Command().BuiltTool("secilc").
152 rule.Build("mapping", "Versioning mapping file "+ctx.ModuleName())
Dsepolicy_vers.go81 rule := android.NewRuleBuilder(pctx, ctx)
82 rule.Command().Text("echo").Text(ver).Text(">").Output(out)
83 rule.Build("sepolicy_vers", v.Name())
/system/netd/server/
DFirewallController.cpp182 int FirewallController::setInterfaceRule(const char* iface, FirewallRule rule) { in setInterfaceRule() argument
197 if (rule == ALLOW && mIfaceRules.find(iface) == mIfaceRules.end()) { in setInterfaceRule()
200 } else if (rule == DENY && mIfaceRules.find(iface) != mIfaceRules.end()) { in setInterfaceRule()
233 int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) { in setUidRule() argument
240 op = (rule == ALLOW)? "-I" : "-D"; in setUidRule()
244 op = (rule == DENY)? "-A" : "-D"; in setUidRule()
269 return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType); in setUidRule()
DTrafficController.cpp497 Status TrafficController::updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule, in updateOwnerMapEntry() argument
500 if ((rule == ALLOW && type == ALLOWLIST) || (rule == DENY && type == DENYLIST)) { in updateOwnerMapEntry()
502 } else if ((rule == ALLOW && type == DENYLIST) || (rule == DENY && type == ALLOWLIST)) { in updateOwnerMapEntry()
516 .rule = static_cast<uint8_t>(oldMatch.value().rule & ~match), in removeRule()
518 if (newMatch.rule == 0) { in removeRule()
540 .rule = static_cast<uint8_t>(oldMatch.value().rule | match), in addRule()
546 .rule = static_cast<uint8_t>(match), in addRule()
570 int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallRule rule, in changeUidOwnerRule() argument
575 res = updateOwnerMapEntry(DOZABLE_MATCH, uid, rule, type); in changeUidOwnerRule()
578 res = updateOwnerMapEntry(STANDBY_MATCH, uid, rule, type); in changeUidOwnerRule()
[all …]
DNetlinkCommands.cpp193 rtmsg rule = { in rtNetlinkFlush() local
198 { &rule, sizeof(rule) }, in rtNetlinkFlush()
DControllers.cpp143 std::string rule; in findExistingChildChains() local
144 while (std::getline(stream, rule, '\n')) { in findExistingChildChains()
145 if (std::regex_search(rule, matches, CHILD_CHAIN_REGEX) && matches[1] == parentChain) { in findExistingChildChains()
DTrafficController.h90 int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
97 netdutils::Status updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule,
DBandwidthController.cpp769 std::string rule; in parseAndFlushCostlyTables() local
774 while (std::getline(stream, rule, '\n')) { in parseAndFlushCostlyTables()
775 if (!StartsWith(rule, NEW_CHAIN_COMMAND)) continue; in parseAndFlushCostlyTables()
776 chainName = rule.substr(NEW_CHAIN_COMMAND.size()); in parseAndFlushCostlyTables()
777 ALOGV("parse chainName=<%s> orig line=<%s>", chainName.c_str(), rule.c_str()); in parseAndFlushCostlyTables()
/system/sepolicy/
Dprebuilt_policy.mk52 define policy-to-conf-rule
75 $(eval $(call policy-to-conf-rule,$(reqd_policy_mask_$(ver).conf)))
96 $(eval $(call policy-to-conf-rule,$(plat_pub_policy_$(ver).conf)))
126 $(eval $(call policy-to-conf-rule,$(plat_policy_$(ver).conf)))
154 $(eval $(call policy-to-conf-rule,$(system_ext_pub_policy_$(ver).conf)))
175 $(eval $(call policy-to-conf-rule,$(system_ext_policy_$(ver).conf)))
231 $(eval $(call policy-to-conf-rule,$(product_policy_$(ver).conf)))
266 $(eval $(call policy-to-conf-rule,$(pub_policy_$(ver).conf)))
/system/netd/tests/
Dtest_utils.cpp78 for (const auto& rule : rules) { in iptablesRuleExists() local
79 if (rule.find(expectedRule) != std::string::npos) { in iptablesRuleExists()
/system/hardware/interfaces/net/netd/testutils/
DVtsHalNetNetdTestUtils.cpp79 for (const auto& rule : rules) { in countMatchingIpRules() local
80 if (std::regex_search(rule, regex)) { in countMatchingIpRules()
/system/sepolicy/prebuilts/api/30.0/private/
Dstoraged.te33 # b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own doma…
34 # Remove after no logs are seen for this rule.
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
/system/sepolicy/prebuilts/api/28.0/private/
Dnetd.te14 # give netd permission to setup iptables rule with xt_bpf
/system/sepolicy/tools/sepolicy-analyze/
DREADME38 grant the same permissions where one allow rule is written
40 terms of attributes associated with those same types. The rule
41 with individual types is a candidate for removal. The rule with
87 quickly checking an individual expanded rule or group of rules. If there are
93 classes, or permissions from a neverallow rule that could not be resolved
/system/sepolicy/prebuilts/api/31.0/private/
Dstoraged.te35 # b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own doma…
36 # Remove after no logs are seen for this rule.
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
/system/sepolicy/private/
Dstoraged.te35 # b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own doma…
36 # Remove after no logs are seen for this rule.
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
/system/netd/bpf_progs/
Dnetd.c193 uint8_t uidRules = uidEntry ? uidEntry->rule : 0; in bpf_owner_match()
334 if (allowlistMatch) return allowlistMatch->rule & HAPPY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
342 if (denylistMatch) return denylistMatch->rule & PENALTY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
/system/sepolicy/prebuilts/api/29.0/private/
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
Dnetd.te11 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write

12345