Lines Matching +full:early +full:- +full:boot
5 # allow bpfloader to write to the kernel log (starts early)
12 allow { bpffs_type -fs_bpf } fs_bpf:filesystem associate;
33 neverallow { domain -bpfloader } bpffs_type:dir { add_name create open read remove_name setattr wri…
36 neverallow { domain -bpfloader } bpffs_type:file { create map open rename setattr };
37 neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -netutils_wrapper …
38 neverallow { domain -bpfloader …
39 neverallow { domain -bpfloader -networ…
40 neverallow { domain -bpfloader -networ…
41 neverallow { domain -bpfloader -netd -networ…
42 neverallow { domain -bpfloader -netd -netutils_wrapper -networ…
43 neverallow { domain -bpfloader -networ…
44 neverallow { domain -bpfloader …
45 …w { domain -bpfloader -gpuservice -lmkd -netd -netutils_wrapper -network_stack …
47 neverallow { domain -bpfloader } bpffs_type:lnk_file ~read;
48 neverallow { domain -bpfdomain } bpffs_type:lnk_file read;
50 neverallow { domain -bpfloader } *:bpf prog_load;
51 neverallow { domain -bpfdomain } *:bpf { map_create map_read map_write prog_run };
53 # 'fs_bpf_loader' is for internal use of the BpfLoader oneshot boot time process.
54 neverallow { domain -bpfloader } fs_bpf_loader:bpf *;
55 neverallow { domain -bpfloader } fs_bpf_loader:file *;
57 neverallow { domain -bpfloader -init userdebug_or_eng(`-overlay_remounter') } bpfloader_exec:file {…
59 neverallow { coredomain -bpfloader -netd -netutils_wrapper } fs_bpf_vendor:file *;
64 neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
66 neverallow { domain -bpfloader } proc_bpf:file write;