1# /proc/config.gz 2type config_gz, fs_type, proc_type; 3 4# /sys/fs/bpf/<dir> for mainline tethering use 5# TODO: move S+ fs_bpf_tethering here from public/file.te 6type fs_bpf_net_private, fs_type, bpffs_type; 7type fs_bpf_net_shared, fs_type, bpffs_type; 8type fs_bpf_netd_readonly, fs_type, bpffs_type; 9type fs_bpf_netd_shared, fs_type, bpffs_type; 10type fs_bpf_loader, fs_type, bpffs_type; 11 12# /data/misc/storaged 13type storaged_data_file, file_type, data_file_type, core_data_file_type; 14 15# /data/misc/wmtrace for wm traces 16type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 17 18# /data/misc/a11ytrace for accessibility traces 19type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type; 20 21# /data/misc/perfetto-traces for perfetto traces 22type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type; 23 24# /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports. 25type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type; 26 27# /data/misc/perfetto-configs for perfetto configs 28type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type; 29 30# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes 31type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type; 32# /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes 33type sdk_sandbox_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 34 35# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds. 36type debugfs_kcov, fs_type, debugfs_type; 37 38# App executable files in /data/data directories 39type app_exec_data_file, file_type, data_file_type, core_data_file_type; 40typealias app_exec_data_file alias rs_data_file; 41 42# /data/misc_[ce|de]/rollback : Used by installd to store snapshots 43# of application data. 44type rollback_data_file, file_type, data_file_type, core_data_file_type; 45 46# /data/misc_ce/checkin for checkin apps. 47type checkin_data_file, file_type, data_file_type, core_data_file_type; 48 49# /data/gsi/ota 50type ota_image_data_file, file_type, data_file_type, core_data_file_type; 51 52# /data/gsi_persistent_data 53type gsi_persistent_data_file, file_type, data_file_type, core_data_file_type; 54 55# /data/misc/emergencynumberdb 56type emergency_data_file, file_type, data_file_type, core_data_file_type; 57 58# /data/misc/profcollectd 59type profcollectd_data_file, file_type, data_file_type, core_data_file_type; 60 61# /data/misc/apexdata/com.android.art 62type apex_art_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 63 64# /data/misc/apexdata/com.android.art/staging 65type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type; 66 67# /data/misc/apexdata/com.android.compos 68type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 69 70# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained 71# for backward compatibility b/217581286 72type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 73type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 74type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 75type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 76type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 77 78# /data/font/files 79type font_data_file, file_type, data_file_type, core_data_file_type; 80 81# /data/misc/dmesgd 82type dmesgd_data_file, file_type, data_file_type, core_data_file_type; 83 84# /data/misc/odrefresh 85type odrefresh_data_file, file_type, data_file_type, core_data_file_type; 86 87# /data/misc/odsign 88type odsign_data_file, file_type, data_file_type, core_data_file_type; 89 90# /data/misc/odsign_metrics 91type odsign_metrics_file, file_type, data_file_type, core_data_file_type; 92 93# /data/misc/virtualizationservice 94# The type needs to be mlstrustedobject to allow for being accessed from 95# virtualizationmanager, which runs at a more constrained MLS level. 96type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 97 98# /data/system/environ 99type environ_system_data_file, file_type, data_file_type, core_data_file_type; 100 101# /data/bootanim 102type bootanim_data_file, file_type, data_file_type, core_data_file_type; 103 104# /dev/kvm 105# The type needs to be mlstrustedobject to allow for being accessed from 106# crosvm, which runs at a more constrained MLS level. 107type kvm_device, dev_type, mlstrustedobject, vm_manager_device_type; 108 109# /apex/com.android.virt/bin/fd_server 110type fd_server_exec, system_file_type, exec_type, file_type; 111 112# /apex/com.android.compos/bin/compsvc 113type compos_exec, exec_type, file_type, system_file_type; 114# /apex/com.android.compos/bin/compos_key_helper 115type compos_key_helper_exec, exec_type, file_type, system_file_type; 116 117# /metadata/sepolicy 118type sepolicy_metadata_file, file_type; 119 120# /dev/selinux/test - used to verify that apex sepolicy is loaded and 121# property labeled. 122type sepolicy_test_file, file_type; 123 124# /apex/com.android.art/bin/art_exec 125# This executable does not have its own domain because it is executed in the caller's domain. For 126# example, it is executed in the `artd` domain when artd calls it. 127type art_exec_exec, system_file_type, exec_type, file_type; 128 129# Filesystem entry for for PRNG seeder socket. Processes require 130# write permission on this to connect, and needs to be mlstrustedobject 131# in to satisfy MLS constraints for trusted domains. 132type prng_seeder_socket, file_type, coredomain_socket, mlstrustedobject; 133 134# /sys/firmware/devicetree/base/avf 135type sysfs_dt_avf, fs_type, sysfs_type; 136