Lines Matching refs:domain
3 # We do not apply this to the su domain to avoid interfering with
5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
6 allow domain crash_dump:process sigchld;
12 get_prop(domain, heapprofd_prop);
16 domain
57 r_dir_file(domain, sysfs_fs_incfs_features);
60 r_dir_file(domain, sysfs_fs_fuse_features);
63 allow domain cgroup:dir search;
64 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
65 allow { domain -appdomain -rs } cgroup:file w_file_perms;
67 allow domain cgroup_v2:dir search;
68 allow { domain -appdomain -rs } cgroup_v2:dir w_dir_perms;
69 allow { domain -appdomain -rs } cgroup_v2:file w_file_perms;
71 allow domain cgroup_rc_file:dir search;
72 allow domain cgroup_rc_file:file r_file_perms;
73 allow domain task_profiles_file:file r_file_perms;
74 allow domain task_profiles_api_file:file r_file_perms;
75 allow domain vendor_task_profiles_file:file r_file_perms;
79 get_prop(domain, use_memfd_prop);
82 get_prop(domain, module_sdkextensions_prop)
85 get_prop(domain, bq_config_prop);
88 get_prop(domain, permissive_mte_prop);
93 get_prop(domain, device_config_memory_safety_native_boot_prop);
94 get_prop(domain, device_config_memory_safety_native_prop);
95 get_prop(domain, device_config_runtime_native_boot_prop);
96 get_prop(domain, device_config_runtime_native_prop);
102 get_prop(domain, core_property_type)
103 get_prop(domain, exported3_system_prop)
104 get_prop(domain, vendor_default_prop)
114 get_prop({domain -coredomain -appdomain}, vendor_default_prop)
118 get_prop(domain, aaudio_config_prop)
119 get_prop(domain, apexd_select_prop)
120 get_prop(domain, arm64_memtag_prop)
121 get_prop(domain, bluetooth_config_prop)
122 get_prop(domain, bootloader_prop)
123 get_prop(domain, build_odm_prop)
124 get_prop(domain, build_prop)
125 get_prop(domain, build_vendor_prop)
126 get_prop(domain, debug_prop)
127 get_prop(domain, exported_config_prop)
128 get_prop(domain, exported_default_prop)
129 get_prop(domain, exported_dumpstate_prop)
130 get_prop(domain, exported_secure_prop)
131 get_prop(domain, exported_system_prop)
132 get_prop(domain, fingerprint_prop)
133 get_prop(domain, framework_status_prop)
134 get_prop(domain, gwp_asan_prop)
135 get_prop(domain, hal_instrumentation_prop)
136 get_prop(domain, hw_timeout_multiplier_prop)
137 get_prop(domain, init_service_status_prop)
138 get_prop(domain, libc_debug_prop)
139 get_prop(domain, locale_prop)
140 get_prop(domain, logd_prop)
141 get_prop(domain, mediadrm_config_prop)
142 get_prop(domain, property_service_version_prop)
143 get_prop(domain, soc_prop)
144 get_prop(domain, socket_hook_prop)
145 get_prop(domain, surfaceflinger_prop)
146 get_prop(domain, telephony_status_prop)
147 get_prop(domain, timezone_prop)
148 get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app }, userdebug_or_eng_prop)
149 get_prop(domain, vendor_socket_hook_prop)
150 get_prop(domain, vndk_prop)
151 get_prop(domain, vold_status_prop)
152 get_prop(domain, vts_config_prop)
155 get_prop(domain, binder_cache_bluetooth_server_prop)
156 get_prop(domain, binder_cache_system_server_prop)
157 get_prop(domain, binder_cache_telephony_server_prop)
160 allow domain kernel:key search;
162 allow domain fsverity_init:key search;
165 allow domain su:key search;
169 allow domain linkerconfig_file:dir search;
170 allow domain linkerconfig_file:file r_file_perms;
173 allow domain boringssl_self_test_marker:dir search;
177 get_prop(domain, log_file_logger_prop)
180 unix_socket_connect(domain, prng_seeder, prng_seeder)
187 domain
188 userdebug_or_eng(`-domain') # exclude debuggable builds
205 domain
217 neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id;
218 neverallow { domain -priv_app -gmscore_app } *:keystore2_key gen_unique_id;
219 neverallow { domain -system_server } *:keystore2_key use_dev_id;
220 neverallow { domain -system_server } keystore:keystore2 { clear_ns lock reset unlock };
223 domain
226 userdebug_or_eng(`-domain')
232 domain
238 domain
247 domain
256 domain
274 domain
282 domain
291 domain
298 domain
308 domain
317 domain
330 neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
333 neverallow { domain -init -system_server } staging_data_file:file
337 domain
351 domain
374 domain
381 domain
393 domain
407 domain
420 domain
434 domain
445 # Instead of granting them it is usually better to add the domain to
486 domain
503 domain userdebug_or_eng(`-init')
509 domain
510 userdebug_or_eng(`-domain')
524 domain
532 neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set;
533 neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read;
536 neverallow { domain -init -system_server } pm_prop:property_service set;
537 neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
540 neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
544 neverallow { domain -art_boot -init -vendor_init } dalvik_config_prop:property_service set;
547 neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
567 # Vendor domains are not permitted to initiate communications to core domain sockets
570 domain
576 -logd # Logging by writing to logd Unix domain socket is public API
628 # images, and should not be granted to any domain in current policy.
629 # (Every domain is allowed self:fork, so this will trigger if the
630 # intsersection of domain & mlsvendorcompat is not empty.)
631 neverallow domain mlsvendorcompat:process fork;
635 neverallow { domain -init -otapreopt_chroot } { system_file_type vendor_file_type }:dir_file_class_…
640 domain
650 domain
665 domain
678 neverallow { domain -ueventd -vendor_init } sysfs_devices_cs_etm:file no_w_file_perms;
688 domain
708 domain
719 domain
732 domain
748 domain
765 neverallow { domain -init } mtectrl:process { dyntransition transition };
768 neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;