Searched refs:allow (Results 1 – 25 of 1337) sorted by relevance
12345678910>>...54
11 allow system_server self:process execmem;12 allow system_server ashmem_device:chr_file execute;13 allow system_server system_server_tmpfs:file execute;16 allow system_server dalvikcache_data_file:file execute;19 allow system_server resourcecache_data_file:file r_file_perms;20 allow system_server resourcecache_data_file:dir r_dir_perms;23 allow system_server self:process ptrace;26 allow system_server zygote:fd use;27 allow system_server zygote:process sigchld;28 allow system_server zygote_tmpfs:file read;[all …]
8 allow vold system_file:file x_file_perms;9 allow vold block_device:dir create_dir_perms;10 allow vold block_device:blk_file create_file_perms;11 allow vold device:dir write;12 allow vold devpts:chr_file rw_file_perms;13 allow vold rootfs:dir mounton;14 allow vold sdcard_type:dir mounton;15 allow vold sdcard_type:filesystem { mount remount unmount };16 allow vold sdcard_type:dir create_dir_perms;17 allow vold sdcard_type:file create_file_perms;[all …]
7 allow rild self:netlink_route_socket nlmsg_write;8 allow rild kernel:system module_request;10 allow rild self:capability { setuid net_admin net_raw };11 allow rild alarm_device:chr_file rw_file_perms;12 allow rild cgroup:dir create_dir_perms;13 allow rild radio_device:chr_file rw_file_perms;14 allow rild radio_device:blk_file r_file_perms;15 allow rild mtd_device:dir search;16 allow rild efs_file:dir create_dir_perms;17 allow rild efs_file:file create_file_perms;[all …]
7 # But the allow rules are only included in the recovery policy.10 …allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin …13 allow recovery self:capability2 mac_admin;16 allow recovery rootfs:file execute_no_trans;17 allow recovery system_file:file execute_no_trans;20 allow recovery rootfs:dir mounton;21 allow recovery fs_type:filesystem ~relabelto;22 allow recovery unlabeled:filesystem ~relabelto;23 allow recovery contextmount_type:filesystem relabelto;26 allow recovery exec_type:{ file lnk_file } { create_file_perms relabelfrom relabelto };[all …]
6 allow adbd self:process setcurrent;7 allow adbd su:process dyntransition;13 allow adbd shell:process noatsecure;16 allow adbd self:capability { setuid setgid };19 allow adbd self:capability setpcap;25 allow adbd adb_device:chr_file rw_file_perms;26 allow adbd functionfs:dir search;27 allow adbd functionfs:file rw_file_perms;30 allow adbd devpts:chr_file rw_file_perms;33 allow adbd shell_data_file:dir create_dir_perms;[all …]
18 allow mediaserver self:process execmem;19 allow mediaserver kernel:system module_request;20 allow mediaserver media_data_file:dir create_dir_perms;21 allow mediaserver media_data_file:file create_file_perms;22 allow mediaserver app_data_file:dir search;23 allow mediaserver app_data_file:file rw_file_perms;24 allow mediaserver sdcard_type:file write;25 allow mediaserver gpu_device:chr_file rw_file_perms;26 allow mediaserver video_device:dir r_dir_perms;27 allow mediaserver video_device:chr_file rw_file_perms;[all …]
19 allow unconfineddomain self:capability ~{ sys_ptrace sys_rawio mknod sys_module audit_write audit_c…20 allow unconfineddomain self:capability2 ~{ mac_override mac_admin };21 allow unconfineddomain kernel:security ~{ load_policy setenforce setcheckreqprot setbool setsecpara…22 allow unconfineddomain kernel:system ~{ syslog_read syslog_mod syslog_console };23 allow unconfineddomain domain:fd *;24 allow unconfineddomain domain:dir r_dir_perms;25 allow unconfineddomain domain:lnk_file r_file_perms;26 allow unconfineddomain domain:{ fifo_file file } rw_file_perms;27 allow unconfineddomain domain:{45 allow unconfineddomain domain:ipc_class_set *;[all …]
8 allow zygote self:capability { dac_override setgid setuid fowner chown };10 allow zygote self:capability setpcap;12 allow zygote self:process setcurrent;13 allow zygote system_server:process dyntransition;14 allow zygote appdomain:process dyntransition;16 allow zygote appdomain:dir { getattr search };17 allow zygote appdomain:file { r_file_perms };19 allow zygote system_server:process { getpgid setpgid };20 allow zygote appdomain:process { getpgid setpgid };22 allow zygote system_data_file:dir r_dir_perms;[all …]
7 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };8 allow installd apk_data_file:file rename;9 allow installd apk_data_file:dir create_dir_perms;10 allow installd apk_data_file:lnk_file { create read unlink };11 allow installd asec_apk_file:file r_file_perms;12 allow installd apk_tmp_file:file r_file_perms;13 allow installd oemfs:dir r_dir_perms;14 allow installd oemfs:file r_file_perms;15 allow installd system_file:file x_file_perms;16 allow installd cgroup:dir create_dir_perms;[all …]
17 allow shell anr_data_file:dir r_dir_perms;18 allow shell anr_data_file:file r_file_perms;21 allow shell shell_data_file:dir create_dir_perms;22 allow shell shell_data_file:file create_file_perms;23 allow shell shell_data_file:file rx_file_perms;24 allow shell shell_data_file:lnk_file create_file_perms;29 allow shell devpts:chr_file rw_file_perms;30 allow shell tty_device:chr_file rw_file_perms;31 allow shell console_device:chr_file rw_file_perms;32 allow shell input_device:dir r_dir_perms;[all …]
10 allow dumpstate self:capability { setuid setgid };16 allow dumpstate self:capability kill;22 allow dumpstate system_file:file execute_no_trans;25 allow dumpstate self:capability { dac_override chown fowner fsetid };26 allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };27 allow dumpstate anr_data_file:file create_file_perms;28 allow dumpstate system_data_file:dir { create_dir_perms relabelfrom };32 allow dumpstate system_data_file:file r_file_perms;35 allow dumpstate self:capability2 syslog;36 allow dumpstate kernel:system syslog_read;[all …]
7 allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };8 allow debuggerd self:capability2 { syslog };9 allow debuggerd domain:dir r_dir_perms;10 allow debuggerd domain:file r_file_perms;11 allow debuggerd domain:lnk_file read;12 allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace;14 allow debuggerd system_data_file:dir create_dir_perms;15 allow debuggerd system_data_file:dir relabelfrom;16 allow debuggerd tombstone_data_file:dir relabelto;17 allow debuggerd tombstone_data_file:dir create_dir_perms;[all …]
4 allow domain init:process sigchld;7 allow domain kernel:fd use;8 allow domain tmpfs:file { read getattr };11 allow domain tmpfs:dir r_dir_perms;14 allow domain self:process {31 allow domain self:fd use;32 allow domain self:dir r_dir_perms;33 allow domain self:lnk_file r_file_perms;34 allow domain self:{ fifo_file file } rw_file_perms;35 allow domain self:unix_dgram_socket { create_socket_perms sendto };[all …]
7 allow ueventd init:process sigchld;8 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };9 allow ueventd device:file create_file_perms;10 allow ueventd device:chr_file rw_file_perms;11 allow ueventd sysfs:file rw_file_perms;12 allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };13 allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };14 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;15 allow ueventd tmpfs:chr_file rw_file_perms;16 allow ueventd dev_type:dir create_dir_perms;[all …]
7 allow hostapd self:capability { net_admin net_raw setuid setgid };8 allow hostapd self:netlink_socket create_socket_perms;9 allow hostapd self:packet_socket create_socket_perms;10 allow hostapd self:netlink_route_socket nlmsg_write;12 allow hostapd wifi_data_file:file rw_file_perms;13 allow hostapd wifi_data_file:dir create_dir_perms;16 allow hostapd wpa_socket:dir create_dir_perms;17 allow hostapd wpa_socket:sock_file create_file_perms;18 allow hostapd netd:fd use;19 allow hostapd netd:udp_socket { read write };[all …]
7 allow init self:capability { sys_rawio mknod };12 allow init rootfs:file execute_no_trans;13 allow init system_file:file execute_no_trans;16 allow init dev_type:blk_file rw_file_perms;19 # Only allow relabelto for types used in context= mount options,23 allow init fs_type:filesystem ~relabelto;24 allow init unlabeled:filesystem ~relabelto;25 allow init contextmount_type:filesystem relabelto;28 allow init contextmount_type:dir r_dir_perms;29 allow init contextmount_type:notdevfile_class_set r_file_perms;[all …]
8 allow dhcp cgroup:dir { create write add_name };9 allow dhcp self:capability { setgid setuid net_admin net_raw net_bind_service };10 allow dhcp self:packet_socket create_socket_perms;11 allow dhcp self:netlink_route_socket nlmsg_write;12 allow dhcp shell_exec:file rx_file_perms;13 allow dhcp system_file:file rx_file_perms;15 allow dhcp proc_net:file write;16 allow dhcp dhcp_prop:property_service set;17 allow dhcp pan_result_prop:property_service set;21 allow dhcp dhcp_data_file:dir create_dir_perms;[all …]
12 allow system_app system_app_data_file:dir create_dir_perms;13 allow system_app system_app_data_file:file create_file_perms;16 allow system_app keychain_data_file:dir r_dir_perms;17 allow system_app keychain_data_file:file r_file_perms;21 allow system_app system_data_file:dir create_dir_perms;22 allow system_app system_data_file:file create_file_perms;23 allow system_app misc_user_data_file:dir create_dir_perms;24 allow system_app misc_user_data_file:file create_file_perms;31 allow system_app wallpaper_file:file r_file_perms;35 allow system_app debug_prop:property_service set;[all …]
8 allow healthd tmpfs:chr_file { read write };10 allow healthd self:capability { net_admin mknod sys_tty_config };12 allow healthd self:netlink_kobject_uevent_socket create_socket_perms;19 allow healthd sysfs:file write;28 allow healthd pstorefs:dir r_dir_perms;29 allow healthd pstorefs:file r_file_perms;31 allow healthd graphics_device:dir r_dir_perms;32 allow healthd graphics_device:chr_file rw_file_perms;33 allow healthd input_device:dir r_dir_perms;34 allow healthd input_device:chr_file r_file_perms;[all …]
11 allow $1 $2:file { getattr open read execute };12 allow $1 $3:process transition;14 allow $3 $2:file { entrypoint open read execute getattr };16 allow $3 $1:process sigchld;20 allow $1 $3:process { siginh rlimitinh };45 allow $1 $2:dir ra_dir_perms;47 allow $1 $3:notdevfile_class_set create_file_perms;48 allow $1 $3:dir create_dir_perms;69 allow $1 $2:dir r_dir_perms;70 allow $1 $2:{ file lnk_file } r_file_perms;[all …]
19 allow drmserver sdcard_type:dir search;20 allow drmserver drm_data_file:dir create_dir_perms;21 allow drmserver drm_data_file:file create_file_perms;22 allow drmserver tee_device:chr_file rw_file_perms;23 allow drmserver app_data_file:file { read write getattr };24 allow drmserver sdcard_type:file { read write getattr };31 allow drmserver apk_data_file:dir rw_dir_perms;33 allow drmserver drmserver_socket:sock_file create_file_perms;34 allow drmserver tee:unix_stream_socket connectto;36 allow drmserver apk_data_file:sock_file unlink;[all …]
8 allow netd self:capability { net_admin net_raw kill };18 allow netd self:netlink_kobject_uevent_socket create_socket_perms;19 allow netd self:netlink_route_socket nlmsg_write;20 allow netd self:netlink_nflog_socket create_socket_perms;21 allow netd shell_exec:file rx_file_perms;22 allow netd system_file:file x_file_perms;23 allow netd devpts:chr_file rw_file_perms;26 allow netd proc_net:file write;30 allow netd sysfs:file write;34 allow netd dhcp_prop:property_service set;[all …]
8 allow clatd netd:fd use;9 allow clatd netd:fifo_file { read write };11 allow clatd netd:netlink_kobject_uevent_socket { read write };12 allow clatd netd:netlink_nflog_socket { read write };13 allow clatd netd:netlink_route_socket { read write };14 allow clatd netd:udp_socket { read write };15 allow clatd netd:unix_stream_socket { read write };16 allow clatd netd:unix_dgram_socket { read write };18 allow clatd self:capability { net_admin net_raw setuid setgid };20 allow clatd self:netlink_route_socket nlmsg_write;[all …]
11 allow appdomain self:process execmem;12 allow appdomain ashmem_device:chr_file execute;15 allow appdomain zygote:fd use;19 allow appdomain zygote_exec:file rx_file_perms;22 allow appdomain self:process ptrace;25 allow appdomain zygote_tmpfs:file read;28 allow appdomain zygote:process sigchld;31 allow appdomain shell:process sigchld;32 allow appdomain adbd:process sigchld;35 allow appdomain devpts:chr_file { getattr read write ioctl };[all …]
977 allow bin_t fs_t:filesystem associate;978 allow bin_t noxattrfs:filesystem associate;980 allow sbin_t fs_t:filesystem associate;981 allow sbin_t noxattrfs:filesystem associate;983 allow ls_exec_t fs_t:filesystem associate;984 allow ls_exec_t noxattrfs:filesystem associate;987 allow shell_exec_t fs_t:filesystem associate;988 allow shell_exec_t noxattrfs:filesystem associate;990 allow chroot_exec_t fs_t:filesystem associate;991 allow chroot_exec_t noxattrfs:filesystem associate;[all …]