1# /proc/config.gz 2type config_gz, fs_type, proc_type; 3 4# /sys/fs/bpf/<dir> for mainline tethering use 5# TODO: move S+ fs_bpf_tethering here from public/file.te 6type fs_bpf_net_private, fs_type, bpffs_type; 7type fs_bpf_net_shared, fs_type, bpffs_type; 8type fs_bpf_netd_readonly, fs_type, bpffs_type; 9type fs_bpf_netd_shared, fs_type, bpffs_type; 10type fs_bpf_loader, fs_type, bpffs_type; 11type fs_bpf_uprobestats, fs_type, bpffs_type; 12 13# /data/misc/storaged 14type storaged_data_file, file_type, data_file_type, core_data_file_type; 15 16# /data/misc/wmtrace for wm traces 17type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 18 19# /data/misc/a11ytrace for accessibility traces 20type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type; 21 22# /data/misc/perfetto-traces for perfetto traces 23type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type; 24 25# /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports. 26type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type; 27 28# /data/misc/perfetto-traces/profiling for perfetto traces from profiling apis. 29type perfetto_traces_profiling_data_file, file_type, data_file_type, core_data_file_type; 30 31# /data/misc/perfetto-configs for perfetto configs 32type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type; 33 34# /data/misc/uprobestats-configs for uprobestats configs 35type uprobestats_configs_data_file, file_type, data_file_type, core_data_file_type; 36 37# /apex/com.android.art/bin/oatdump 38type oatdump_exec, system_file_type, exec_type, file_type; 39 40# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes 41type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type; 42# /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes 43type sdk_sandbox_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 44 45# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds. 46type debugfs_kcov, fs_type, debugfs_type; 47 48# App executable files in /data/data directories 49type app_exec_data_file, file_type, data_file_type, core_data_file_type; 50typealias app_exec_data_file alias rs_data_file; 51 52# /data/misc_[ce|de]/rollback : Used by installd to store snapshots 53# of application data. 54type rollback_data_file, file_type, data_file_type, core_data_file_type; 55 56# /data/misc_ce/checkin for checkin apps. 57type checkin_data_file, file_type, data_file_type, core_data_file_type; 58 59# /data/gsi/ota 60type ota_image_data_file, file_type, data_file_type, core_data_file_type; 61 62# /data/gsi_persistent_data 63type gsi_persistent_data_file, file_type, data_file_type, core_data_file_type; 64 65# /data/misc/emergencynumberdb 66type emergency_data_file, file_type, data_file_type, core_data_file_type; 67 68# /data/misc/profcollectd 69type profcollectd_data_file, file_type, data_file_type, core_data_file_type; 70 71# /data/misc/apexdata/com.android.art 72type apex_art_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 73 74# /data/misc/apexdata/com.android.art/staging 75type apex_art_staging_data_file, file_type, data_file_type, core_data_file_type; 76 77# /data/misc/apexdata/com.android.compos 78type apex_compos_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 79 80# /data/misc/apexdata/com.android.virt 81type apex_virt_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 82 83# /data/misc/apexdata/com.android.tethering 84type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 85 86# legacy labels for various /data/misc[_ce|_de]/*/apexdata directories - retained 87# for backward compatibility b/217581286 88type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 89type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 90type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 91type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 92 93# /data/font/files 94type font_data_file, file_type, data_file_type, core_data_file_type; 95 96# /data/misc/dmesgd 97type dmesgd_data_file, file_type, data_file_type, core_data_file_type; 98 99# /data/misc/odrefresh 100type odrefresh_data_file, file_type, data_file_type, core_data_file_type; 101 102# /data/misc/odsign 103type odsign_data_file, file_type, data_file_type, core_data_file_type; 104 105# /data/misc/odsign_metrics 106type odsign_metrics_file, file_type, data_file_type, core_data_file_type; 107 108# /data/misc/virtualizationservice 109# The type needs to be mlstrustedobject to allow for being accessed from 110# virtualizationmanager, which runs at a more constrained MLS level. 111type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 112 113# /data/system/environ 114type environ_system_data_file, file_type, data_file_type, core_data_file_type; 115 116# /data/misc/bootanim 117type bootanim_data_file, file_type, data_file_type, core_data_file_type; 118 119# /dev/kvm 120# The type needs to be mlstrustedobject to allow for being accessed from 121# crosvm, which runs at a more constrained MLS level. 122type kvm_device, dev_type, mlstrustedobject, vm_manager_device_type; 123 124# /apex/com.android.virt/bin/fd_server 125type fd_server_exec, system_file_type, exec_type, file_type; 126 127# /apex/com.android.compos/bin/compsvc 128type compos_exec, exec_type, file_type, system_file_type; 129# /apex/com.android.compos/bin/compos_key_helper 130type compos_key_helper_exec, exec_type, file_type, system_file_type; 131 132# /apex/com.android.art/bin/art_exec 133# This executable does not have its own domain because it is executed in the caller's domain. For 134# example, it is executed in the `artd` domain when artd calls it. 135type art_exec_exec, system_file_type, exec_type, file_type; 136 137# Filesystem entry for for PRNG seeder socket. Processes require 138# write permission on this to connect, and needs to be mlstrustedobject 139# in to satisfy MLS constraints for trusted domains. 140type prng_seeder_socket, file_type, coredomain_socket, mlstrustedobject; 141 142# /proc/device-tree/avf and /sys/firmware/devicetree/base/avf 143type sysfs_dt_avf, fs_type, sysfs_type; 144type proc_dt_avf, fs_type, proc_type; 145 146# Type for /system/fonts/font_fallback.xm 147type system_font_fallback_file, system_file_type, file_type; 148 149# Type for /sys/devices/uprobe. 150type sysfs_uprobe, fs_type, sysfs_type; 151 152# Type for aconfig daemon socket 153type aconfigd_socket, file_type, coredomain_socket; 154 155# Type for /(system|system_ext|product)/etc/aconfig 156type system_aconfig_storage_file, system_file_type, file_type; 157 158# Type for /vendor/etc/aconfig 159type vendor_aconfig_storage_file, vendor_file_type, file_type; 160