1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type, proc_type; 7type binderfs, fs_type; 8type binderfs_logs, fs_type; 9type binderfs_logs_proc, fs_type; 10type binderfs_logs_stats, fs_type; 11 12starting_at_board_api(202504, ` 13 type binderfs_logs_transactions, fs_type; 14 type binderfs_logs_transaction_history, fs_type; 15') 16 17type binderfs_features, fs_type; 18# Security-sensitive proc nodes that should not be writable to most. 19type proc_security, fs_type, proc_type; 20type proc_drop_caches, fs_type, proc_type; 21type proc_overcommit_memory, fs_type, proc_type; 22type proc_min_free_order_shift, fs_type, proc_type; 23type proc_kpageflags, fs_type, proc_type; 24type proc_watermark_boost_factor, fs_type, proc_type; 25type proc_percpu_pagelist_high_fraction, fs_type, proc_type; 26# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 27type usermodehelper, fs_type, proc_type; 28type sysfs_usermodehelper, fs_type, sysfs_type; 29type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; 30type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; 31type proc_bluetooth_writable, fs_type, proc_type; 32type proc_abi, fs_type, proc_type; 33type proc_asound, fs_type, proc_type; 34type proc_bootconfig, fs_type, proc_type; 35type proc_bpf, fs_type, proc_type; 36type proc_buddyinfo, fs_type, proc_type; 37starting_at_board_api(202504, ` 38 type proc_cgroups, fs_type, proc_type; 39') 40type proc_cmdline, fs_type, proc_type; 41type proc_cpu_alignment, fs_type, proc_type; 42type proc_cpuinfo, fs_type, proc_type; 43type proc_dirty, fs_type, proc_type; 44type proc_diskstats, fs_type, proc_type; 45type proc_extra_free_kbytes, fs_type, proc_type; 46type proc_filesystems, fs_type, proc_type; 47type proc_fs_verity, fs_type, proc_type; 48type proc_hostname, fs_type, proc_type; 49type proc_hung_task, fs_type, proc_type; 50type proc_interrupts, fs_type, proc_type; 51type proc_iomem, fs_type, proc_type; 52type proc_kallsyms, fs_type, proc_type; 53type proc_keys, fs_type, proc_type; 54type proc_kmsg, fs_type, proc_type; 55type proc_loadavg, fs_type, proc_type; 56type proc_locks, fs_type, proc_type; 57type proc_lowmemorykiller, fs_type, proc_type; 58type proc_max_map_count, fs_type, proc_type; 59type proc_meminfo, fs_type, proc_type; 60type proc_misc, fs_type, proc_type; 61type proc_modules, fs_type, proc_type; 62type proc_mounts, fs_type, proc_type; 63type proc_net, fs_type, proc_type, proc_net_type; 64type proc_net_tcp_udp, fs_type, proc_type; 65type proc_page_cluster, fs_type, proc_type; 66type proc_pagetypeinfo, fs_type, proc_type; 67type proc_panic, fs_type, proc_type; 68type proc_perf, fs_type, proc_type; 69type proc_pid_max, fs_type, proc_type; 70type proc_pipe_conf, fs_type, proc_type; 71type proc_pressure_cpu, fs_type, proc_type; 72type proc_pressure_io, fs_type, proc_type; 73type proc_pressure_mem, fs_type, proc_type; 74type proc_random, fs_type, proc_type; 75type proc_sched, fs_type, proc_type; 76type proc_slabinfo, fs_type, proc_type; 77type proc_stat, fs_type, proc_type; 78type proc_swaps, fs_type, proc_type; 79type proc_sysrq, fs_type, proc_type; 80type proc_timer, fs_type, proc_type; 81type proc_tty_drivers, fs_type, proc_type; 82type proc_uid_cputime_showstat, fs_type, proc_type; 83type proc_uid_cputime_removeuid, fs_type, proc_type; 84type proc_uid_io_stats, fs_type, proc_type; 85type proc_uid_procstat_set, fs_type, proc_type; 86type proc_uid_time_in_state, fs_type, proc_type; 87type proc_uid_concurrent_active_time, fs_type, proc_type; 88type proc_uid_concurrent_policy_time, fs_type, proc_type; 89type proc_uid_cpupower, fs_type, proc_type; 90type proc_uptime, fs_type, proc_type; 91type proc_version, fs_type, proc_type; 92type proc_vmallocinfo, fs_type, proc_type; 93type proc_vmstat, fs_type, proc_type; 94type proc_watermark_scale_factor, fs_type, proc_type; 95type proc_zoneinfo, fs_type, proc_type; 96type proc_vendor_sched, proc_type, fs_type; 97type selinuxfs, fs_type, mlstrustedobject; 98type fusectlfs, fs_type; 99type cgroup, fs_type, mlstrustedobject; 100type cgroup_v2, fs_type; 101type sysfs, fs_type, sysfs_type, mlstrustedobject; 102type sysfs_android_usb, fs_type, sysfs_type; 103type sysfs_uio, sysfs_type, fs_type; 104type sysfs_batteryinfo, fs_type, sysfs_type; 105type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 106 107starting_at_board_api(202504, ` 108 type sysfs_cma, fs_type, sysfs_type; 109') 110 111type sysfs_devfreq_cur, fs_type, sysfs_type; 112type sysfs_devfreq_dir, fs_type, sysfs_type; 113type sysfs_devices_block, fs_type, sysfs_type; 114type sysfs_dm, fs_type, sysfs_type; 115type sysfs_dm_verity, fs_type, sysfs_type; 116type sysfs_dma_heap, fs_type, sysfs_type; 117type sysfs_dmabuf_stats, fs_type, sysfs_type; 118type sysfs_dt_firmware_android, fs_type, sysfs_type; 119type sysfs_extcon, fs_type, sysfs_type; 120type sysfs_ion, fs_type, sysfs_type; 121type sysfs_ipv4, fs_type, sysfs_type; 122type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; 123type sysfs_leds, fs_type, sysfs_type; 124type sysfs_loop, fs_type, sysfs_type; 125type sysfs_gpu, fs_type, sysfs_type; 126type sysfs_hwrandom, fs_type, sysfs_type; 127type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 128type sysfs_wake_lock, fs_type, sysfs_type; 129type sysfs_net, fs_type, sysfs_type; 130type sysfs_power, fs_type, sysfs_type; 131type sysfs_rtc, fs_type, sysfs_type; 132 133starting_at_board_api(202504, ` 134 type sysfs_mem_sleep, fs_type, sysfs_type; 135') 136 137type sysfs_suspend_stats, fs_type, sysfs_type; 138type sysfs_switch, fs_type, sysfs_type; 139type sysfs_sync_on_suspend, fs_type, sysfs_type; 140type sysfs_transparent_hugepage, fs_type, sysfs_type; 141type sysfs_lru_gen_enabled, fs_type, sysfs_type; 142type sysfs_usb, fs_type, sysfs_type; 143type sysfs_wakeup, fs_type, sysfs_type; 144type sysfs_wakeup_reasons, fs_type, sysfs_type; 145type sysfs_fs_ext4_features, sysfs_type, fs_type; 146type sysfs_fs_f2fs, sysfs_type, fs_type; 147type sysfs_fs_fuse_bpf, sysfs_type, fs_type; 148type sysfs_fs_fuse_features, sysfs_type, fs_type; 149type sysfs_fs_incfs_features, sysfs_type, fs_type; 150type sysfs_fs_incfs_metrics, sysfs_type, fs_type; 151type sysfs_vendor_sched, sysfs_type, fs_type; 152userdebug_or_eng(` 153 typeattribute sysfs_vendor_sched mlstrustedobject; 154') 155type fs_bpf, fs_type, bpffs_type; 156# TODO: S+ fs_bpf_tethering (used by mainline) should be private 157type fs_bpf_tethering, fs_type, bpffs_type; 158type fs_bpf_vendor, fs_type, bpffs_type; 159 160type configfs, fs_type; 161# /sys/devices/cs_etm 162type sysfs_devices_cs_etm, fs_type, sysfs_type; 163# /sys/devices/system/cpu 164type sysfs_devices_system_cpu, fs_type, sysfs_type; 165# /sys/module/lowmemorykiller 166type sysfs_lowmemorykiller, fs_type, sysfs_type; 167# /sys/module/wlan/parameters/fwpath 168type sysfs_wlan_fwpath, fs_type, sysfs_type; 169type sysfs_vibrator, fs_type, sysfs_type; 170type sysfs_uhid, fs_type, sysfs_type; 171type sysfs_thermal, sysfs_type, fs_type; 172 173type sysfs_zram, fs_type, sysfs_type; 174type sysfs_zram_uevent, fs_type, sysfs_type; 175type inotify, fs_type, mlstrustedobject; 176type devpts, fs_type, mlstrustedobject; 177type tmpfs, fs_type; 178type shm, fs_type; 179type mqueue, fs_type; 180type fuse, fusefs_type, fs_type, mlstrustedobject; 181type fuseblk, sdcard_type, fusefs_type, fs_type, mlstrustedobject; 182type sdcardfs, sdcard_type, fs_type, mlstrustedobject; 183type vfat, sdcard_type, fs_type, mlstrustedobject; 184type exfat, sdcard_type, fs_type, mlstrustedobject; 185type debugfs, fs_type, debugfs_type; 186type debugfs_kprobes, fs_type, debugfs_type; 187type debugfs_mmc, fs_type, debugfs_type; 188type debugfs_mm_events_tracing, fs_type, debugfs_type, tracefs_type; 189type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 190type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 191type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 192type debugfs_tracing_instances, fs_type, debugfs_type, tracefs_type; 193type debugfs_tracing_printk_formats, fs_type, debugfs_type, tracefs_type; 194type debugfs_wakeup_sources, fs_type, debugfs_type; 195type debugfs_wifi_tracing, fs_type, debugfs_type, tracefs_type; 196type securityfs, fs_type; 197 198type pstorefs, fs_type; 199type functionfs, fs_type, mlstrustedobject; 200type oemfs, fs_type, contextmount_type; 201type usbfs, fs_type; 202type binfmt_miscfs, fs_type; 203type app_fusefs, fs_type, fusefs_type, contextmount_type; 204 205# File types 206type unlabeled, file_type; 207 208# Default type for anything under /system. 209type system_file, system_file_type, file_type; 210# Default type for /system/asan.options 211type system_asan_options_file, system_file_type, file_type; 212# Type for /system/etc/event-log-tags (liblog implementation detail) 213type system_event_log_tags_file, system_file_type, file_type; 214# Default type for anything under /system/lib[64]. 215type system_lib_file, system_file_type, file_type; 216# system libraries that are available only to bootstrap processes 217type system_bootstrap_lib_file, system_file_type, file_type; 218# Default type for the group file /system/etc/group. 219type system_group_file, system_file_type, file_type; 220# Default type for linker executable /system/bin/linker[64]. 221type system_linker_exec, system_file_type, file_type; 222# Default type for linker config /system/etc/ld.config.*. 223type system_linker_config_file, system_file_type, file_type; 224# Default type for the passwd file /system/etc/passwd. 225type system_passwd_file, system_file_type, file_type; 226# Default type for linker config /system/etc/seccomp_policy/*. 227type system_seccomp_policy_file, system_file_type, file_type; 228# Default type for cacerts in /system/etc/security/cacerts/*. 229type system_security_cacerts_file, system_file_type, file_type; 230# Default type for /system/bin/tcpdump. 231type tcpdump_exec, system_file_type, exec_type, file_type; 232# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. 233type system_zoneinfo_file, system_file_type, file_type; 234# Cgroups description file under /system/etc/cgroups.json or 235# API file under /system/etc/task_profiles/cgroups_*.json 236type cgroup_desc_file, system_file_type, file_type; 237until_board_api(202504, ` 238 # Cgroups description file under /system/etc/task_profiles/cgroups_*.json 239 type cgroup_desc_api_file, system_file_type, file_type; 240') 241# Vendor cgroups description file under /vendor/etc/cgroups.json 242type vendor_cgroup_desc_file, vendor_file_type, file_type; 243# Task profiles file under /system/etc/task_profiles.json or 244# API file under /system/etc/task_profiles/task_profiles_*.json 245type task_profiles_file, system_file_type, file_type; 246until_board_api(202504, ` 247 # Task profiles file under /system/etc/task_profiles/task_profiles_*.json 248 type task_profiles_api_file, system_file_type, file_type; 249') 250# Vendor task profiles file under /vendor/etc/task_profiles.json 251type vendor_task_profiles_file, vendor_file_type, file_type; 252# Type for /system/apex/com.android.art 253type art_apex_dir, system_file_type, file_type; 254# /linkerconfig(/.*)? 255type linkerconfig_file, file_type; 256# Control files under /data/incremental 257type incremental_control_file, file_type, data_file_type, core_data_file_type; 258# /oem/media/bootanimation.zip|shutdownanimation.zip|userspace-reboot.zip 259type bootanim_oem_file, file_type, system_file_type; 260 261# Default type for directories search for 262# HAL implementations 263type vendor_hal_file, vendor_file_type, file_type; 264# Default type for under /vendor or /system/vendor 265type vendor_file, vendor_file_type, file_type; 266# Default type for everything in /vendor/app 267type vendor_app_file, vendor_file_type, file_type; 268# Default type for everything under /vendor/etc/ 269type vendor_configs_file, vendor_file_type, file_type; 270# Default type for all *same process* HALs and their lib/bin dependencies. 271# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so 272type same_process_hal_file, vendor_file_type, file_type; 273# Default type for vndk-sp libs. /vendor/lib/vndk-sp 274type vndk_sp_file, vendor_file_type, file_type; 275# Default type for everything in /vendor/framework 276type vendor_framework_file, vendor_file_type, file_type; 277# Default type for everything in /vendor/overlay 278type vendor_overlay_file, vendor_file_type, file_type; 279# Type for all vendor public libraries. These libs should only be exposed to 280# apps. ABI stability of these libs is vendor's responsibility. 281type vendor_public_lib_file, vendor_file_type, file_type; 282# Type for all vendor public libraries for system. These libs should only be exposed to 283# system. ABI stability of these libs is vendor's responsibility. 284type vendor_public_framework_file, vendor_file_type, file_type; 285# Type for all microdroid related files in the vendor partition. 286# Files having this type should be read-only. 287type vendor_microdroid_file, vendor_file_type, file_type; 288 289starting_at_board_api(202504, ` 290 # boot otas for 16KB developer option 291 type vendor_boot_ota_file, vendor_file_type, file_type; 292') 293 294# Input configuration 295type vendor_keylayout_file, vendor_file_type, file_type; 296type vendor_keychars_file, vendor_file_type, file_type; 297type vendor_idc_file, vendor_file_type, file_type; 298 299# Type for vendor uuid mapping config file 300type vendor_uuid_mapping_config_file, vendor_file_type, file_type; 301 302# SoC-specific virtual machine disk files 303type vendor_vm_file, vendor_file_type, file_type; 304# SoC-specific virtual machine disk files that are mutable 305type vendor_vm_data_file, vendor_file_type, file_type; 306 307# /metadata partition itself 308type metadata_file, file_type; 309# Vold files within /metadata 310type vold_metadata_file, file_type; 311# GSI files within /metadata 312type gsi_metadata_file, gsi_metadata_file_type, file_type; 313# DSU (GSI) files within /metadata that are globally readable. 314type gsi_public_metadata_file, gsi_metadata_file_type, file_type; 315# system_server shares Weaver slot information in /metadata 316type password_slot_metadata_file, file_type; 317# APEX files within /metadata 318type apex_metadata_file, file_type; 319# libsnapshot files within /metadata 320type ota_metadata_file, file_type; 321# property files within /metadata/bootstat 322type metadata_bootstat_file, file_type; 323# userspace reboot files within /metadata/userspacereboot 324type userspace_reboot_metadata_file, file_type; 325# Staged install files within /metadata/staged-install 326type staged_install_file, file_type; 327# Metadata information within /metadata/watchdog 328type watchdog_metadata_file, file_type; 329# Repair mode files within /metadata/repair-mode 330type repair_mode_metadata_file, file_type; 331# Aconfig storage file 332type aconfig_storage_metadata_file, file_type; 333# Aconfig storage flag value persistent copy 334type aconfig_storage_flags_metadata_file, file_type; 335 336# Type for /dev/cpu_variant:.*. 337type dev_cpu_variant, file_type; 338# Speedup access for trusted applications to the runtime event tags 339type runtime_event_log_tags_file, file_type; 340# Type for /system/bin/logcat. 341type logcat_exec, system_file_type, exec_type, file_type; 342# Speedup access to cgroup map file 343type cgroup_rc_file, file_type; 344# /cores for coredumps on userdebug / eng builds 345type coredump_file, file_type; 346# Type of /data itself 347type system_data_root_file, file_type, data_file_type, core_data_file_type; 348# Default type for anything under /data. 349type system_data_file, file_type, data_file_type, core_data_file_type; 350# Default type for directories containing per-user encrypted directories, such 351# as /data/user and /data/user_de. 352type system_userdir_file, file_type, data_file_type, core_data_file_type; 353# Type for /data/system/packages.list. 354# TODO(b/129332765): Narrow down permissions to this. 355# Find out users of system_data_file that should be granted only this. 356type packages_list_file, file_type, data_file_type, core_data_file_type; 357type game_mode_intervention_list_file, file_type, data_file_type, core_data_file_type; 358# Default type for anything inside /data/vendor_{ce,de}. 359type vendor_data_file, file_type, data_file_type; 360# Type for /data/vendor_{ce,de} themselves. This has core_data_file_type 361# because these directories themselves are platform-managed; only the files 362# *inside* them are vendor data. (Somewhat similar to system_data_root_file.) 363type vendor_userdir_file, file_type, data_file_type, core_data_file_type; 364# Unencrypted data 365type unencrypted_data_file, file_type, data_file_type, core_data_file_type; 366# installd-create files in /data/misc/installd such as layout_version 367type install_data_file, file_type, data_file_type, core_data_file_type; 368# /data/drm - DRM plugin data 369type drm_data_file, file_type, data_file_type, core_data_file_type; 370# /data/adb - adb debugging files 371type adb_data_file, file_type, data_file_type, core_data_file_type; 372# /data/anr - ANR traces 373type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 374# /data/tombstones - core dumps 375type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 376# /data/vendor/tombstones/wifi - vendor wifi dumps 377type tombstone_wifi_data_file, file_type, data_file_type; 378# /data/apex - APEX data files 379type apex_data_file, file_type, data_file_type, core_data_file_type; 380# /data/app - user-installed apps 381type apk_data_file, file_type, data_file_type, core_data_file_type; 382type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 383# /data/app-private - forward-locked apps 384type apk_private_data_file, file_type, data_file_type, core_data_file_type; 385type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 386# /data/dalvik-cache 387type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; 388# /data/ota 389type ota_data_file, file_type, data_file_type, core_data_file_type; 390# /data/ota_package 391type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 392# /data/misc/profiles 393type user_profile_root_file, file_type, data_file_type, core_data_file_type; 394type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 395# /data/misc/profman 396type profman_dump_data_file, file_type, data_file_type, core_data_file_type; 397# /data/misc/prereboot 398type prereboot_data_file, file_type, data_file_type, core_data_file_type; 399# /data/resource-cache 400type resourcecache_data_file, file_type, data_file_type, core_data_file_type; 401# /data/local - writable by shell 402type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 403# /data/property 404type property_data_file, file_type, data_file_type, core_data_file_type; 405# /data/bootchart 406type bootchart_data_file, file_type, data_file_type, core_data_file_type; 407# /data/system/dropbox 408type dropbox_data_file, file_type, data_file_type, core_data_file_type; 409# /data/system/heapdump 410type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 411# /data/nativetest 412type nativetest_data_file, file_type, data_file_type, core_data_file_type; 413# /data/local/tests 414type shell_test_data_file, file_type, data_file_type, core_data_file_type; 415# /data/system_de/0/ringtones 416type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 417# /data/preloads 418type preloads_data_file, file_type, data_file_type, core_data_file_type; 419# /data/preloads/media 420type preloads_media_file, file_type, data_file_type, core_data_file_type; 421# /data/misc/dhcp and /data/misc/dhcp-6.8.2 422type dhcp_data_file, file_type, data_file_type, core_data_file_type; 423# /data/server_configurable_flags 424type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; 425# /data/app-staging 426type staging_data_file, file_type, data_file_type, core_data_file_type; 427# /vendor/apex 428type vendor_apex_file, vendor_file_type, file_type; 429# apex_manifest.pb in vendor apex 430type vendor_apex_metadata_file, vendor_file_type, file_type; 431# /data/system/shutdown-checkpoints 432type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type; 433 434# Mount locations managed by vold 435type mnt_media_rw_file, file_type; 436type mnt_user_file, file_type; 437type mnt_pass_through_file, file_type; 438type mnt_expand_file, file_type; 439type mnt_sdcard_file, file_type; 440type storage_file, file_type; 441 442# Label for storage dirs which are just mount stubs 443type mnt_media_rw_stub_file, file_type; 444type storage_stub_file, file_type; 445 446# Mount location for read-write vendor partitions. 447type mnt_vendor_file, file_type; 448 449# Mount location for read-write product partitions. 450type mnt_product_file, file_type; 451 452# Mount point used for APEX images 453type apex_mnt_dir, file_type; 454 455# /apex/apex-info-list.xml created by apexd 456type apex_info_file, file_type; 457 458# /postinstall: Mount point used by update_engine to run postinstall. 459type postinstall_mnt_dir, file_type; 460# Files inside the /postinstall mountpoint are all labeled as postinstall_file. 461type postinstall_file, file_type; 462# /postinstall/apex: Mount point used for APEX images within /postinstall. 463type postinstall_apex_mnt_dir, file_type; 464 465# /data_mirror: Contains mirror directory for storing all apps data. 466type mirror_data_file, file_type, core_data_file_type; 467 468# /data/misc subdirectories 469type adb_keys_file, file_type, data_file_type, core_data_file_type; 470type apex_system_server_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 471type apex_module_data_file, file_type, data_file_type, core_data_file_type; 472type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type; 473type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; 474type appcompat_data_file, file_type, data_file_type, core_data_file_type; 475type audio_data_file, file_type, data_file_type, core_data_file_type; 476type audioserver_data_file, file_type, data_file_type, core_data_file_type; 477type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 478type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; 479type bootstat_data_file, file_type, data_file_type, core_data_file_type; 480type boottrace_data_file, file_type, data_file_type, core_data_file_type; 481type camera_data_file, file_type, data_file_type, core_data_file_type; 482type credstore_data_file, file_type, data_file_type, core_data_file_type; 483type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; 484type incident_data_file, file_type, data_file_type, core_data_file_type; 485type keychain_data_file, file_type, data_file_type, core_data_file_type; 486type keystore_data_file, file_type, data_file_type, core_data_file_type; 487type media_data_file, file_type, data_file_type, core_data_file_type; 488type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 489type media_userdir_file, file_type, data_file_type, core_data_file_type; 490type misc_user_data_file, file_type, data_file_type, core_data_file_type; 491type net_data_file, file_type, data_file_type, core_data_file_type; 492type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; 493type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 494type nfc_logs_data_file, file_type, data_file_type, core_data_file_type; 495type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 496type recovery_data_file, file_type, data_file_type, core_data_file_type; 497type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 498type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; 499type stats_config_data_file, file_type, data_file_type, core_data_file_type; 500type stats_data_file, file_type, data_file_type, core_data_file_type; 501type systemkeys_data_file, file_type, data_file_type, core_data_file_type; 502type textclassifier_data_file, file_type, data_file_type, core_data_file_type; 503type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 504type vpn_data_file, file_type, data_file_type, core_data_file_type; 505type wifi_data_file, file_type, data_file_type, core_data_file_type; 506type vold_data_file, file_type, data_file_type, core_data_file_type; 507type tee_data_file, file_type, data_file_type; 508type update_engine_data_file, file_type, data_file_type, core_data_file_type; 509type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; 510type snapuserd_log_data_file, file_type, data_file_type, core_data_file_type; 511# /data/misc/trace for method traces on userdebug / eng builds 512type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 513type gsi_data_file, file_type, data_file_type, core_data_file_type; 514type radio_core_data_file, file_type, data_file_type, core_data_file_type; 515 516# /data/data subdirectories - app sandboxes 517type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 518# /data/data subdirectories - priv-app sandboxes 519type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 520# /data/data subdirectory for system UID apps. 521type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 522# Compatibility with type name used in Android 4.3 and 4.4. 523# Default type for anything under /cache 524type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 525# Type for /cache/overlay /mnt/scratch/overlay 526type overlayfs_file, file_type, data_file_type, core_data_file_type; 527# Type for /cache/backup_stage/* (fd interchange with apps) 528type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 529# type for anything under /cache/backup (local transport storage) 530type cache_private_backup_file, file_type, data_file_type, core_data_file_type; 531# Type for anything under /cache/recovery 532type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 533# Default type for anything under /efs 534type efs_file, file_type; 535# Type for wallpaper file. 536type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 537# Type for shortcut manager icon file. 538type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; 539# Type for user icon file. 540type icon_file, file_type, data_file_type, core_data_file_type; 541# /mnt/asec 542type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 543# Elements of asec files (/mnt/asec) that are world readable 544type asec_public_file, file_type, data_file_type, core_data_file_type; 545# /data/app-asec 546type asec_image_file, file_type, data_file_type, core_data_file_type; 547# /data/backup and /data/secure/backup 548type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 549# All devices have bluetooth efs files. But they 550# vary per device, so this type is used in per 551# device policy 552type bluetooth_efs_file, file_type; 553# Type for fingerprint template file 554type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; 555# Type for _new_ fingerprint template file 556type fingerprint_vendor_data_file, file_type, data_file_type; 557# Type for appfuse file. 558type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 559# Type for face template file 560type face_vendor_data_file, file_type, data_file_type; 561# Type for iris template file 562type iris_vendor_data_file, file_type, data_file_type; 563 564# Socket types 565type adbd_socket, file_type, coredomain_socket; 566type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 567type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; 568type dumpstate_socket, file_type, coredomain_socket; 569type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; 570type lmkd_socket, file_type, coredomain_socket; 571type logd_socket, file_type, coredomain_socket, mlstrustedobject; 572type logdr_socket, file_type, coredomain_socket, mlstrustedobject; 573type logdw_socket, file_type, coredomain_socket, mlstrustedobject; 574type mdns_socket, file_type, coredomain_socket; 575type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; 576type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; 577type mtpd_socket, file_type, coredomain_socket; 578type ot_daemon_socket, file_type, coredomain_socket; 579type property_socket, file_type, coredomain_socket, mlstrustedobject; 580type racoon_socket, file_type, coredomain_socket; 581type recovery_socket, file_type, coredomain_socket; 582type rild_socket, file_type; 583type rild_debug_socket, file_type; 584type snapuserd_socket, file_type, coredomain_socket; 585type snapuserd_proxy_socket, file_type, coredomain_socket; 586type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; 587type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 588type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 589type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 590type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; 591type tombstoned_java_trace_socket, file_type, mlstrustedobject; 592type tombstoned_intercept_socket, file_type, coredomain_socket; 593type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; 594type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; 595type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; 596type uncrypt_socket, file_type, coredomain_socket; 597type wpa_socket, file_type, data_file_type, core_data_file_type; 598type zygote_socket, file_type, coredomain_socket; 599type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; 600# UART (for GPS) control proc file 601type gps_control, file_type; 602 603# PDX endpoint types 604type pdx_display_dir, pdx_endpoint_dir_type, file_type; 605type pdx_performance_dir, pdx_endpoint_dir_type, file_type; 606type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; 607 608pdx_service_socket_types(display_client, pdx_display_dir) 609pdx_service_socket_types(display_manager, pdx_display_dir) 610pdx_service_socket_types(display_screenshot, pdx_display_dir) 611pdx_service_socket_types(display_vsync, pdx_display_dir) 612pdx_service_socket_types(performance_client, pdx_performance_dir) 613pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) 614 615# file_contexts files 616type file_contexts_file, system_file_type, file_type; 617 618# mac_permissions file 619type mac_perms_file, system_file_type, file_type; 620 621# property_contexts file 622type property_contexts_file, system_file_type, file_type; 623 624# seapp_contexts file 625type seapp_contexts_file, system_file_type, file_type; 626 627# sepolicy files binary and others 628type sepolicy_file, system_file_type, file_type; 629 630# service_contexts file 631type service_contexts_file, system_file_type, file_type; 632 633# keystore2_key_contexts_file 634type keystore2_key_contexts_file, system_file_type, file_type; 635 636# vendor service_contexts file 637type vendor_service_contexts_file, vendor_file_type, file_type; 638 639# hwservice_contexts file 640type hwservice_contexts_file, system_file_type, file_type; 641 642# vndservice_contexts file 643type vndservice_contexts_file, file_type; 644 645# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions. 646type debugfs_bootreceiver_tracing, fs_type, debugfs_type, tracefs_type; 647 648# kernel modules 649type vendor_kernel_modules, vendor_file_type, file_type; 650 651# system_dlkm 652type system_dlkm_file, system_dlkm_file_type, file_type; 653 654# asanwrapper (run a sanitized app_process, to be used with wrap properties) 655with_asan(`type asanwrapper_exec, exec_type, file_type;') 656 657# Deprecated in SDK version 28 658type audiohal_data_file, file_type, data_file_type, core_data_file_type; 659 660starting_at_board_api(202504, ` 661 type sysfs_udc, fs_type, sysfs_type; 662 type tee_service_contexts_file, system_file_type, file_type; 663') 664 665# system/sepolicy/public is for vendor-facing type and attribute definitions. 666# DO NOT ADD allow, neverallow, or dontaudit statements here. 667# Instead, add such policy rules to system/sepolicy/private/*.te. 668