• Home
  • Raw
  • Download

Lines Matching refs:allow

4 allow domain init:process sigchld;
7 allow domain kernel:fd use;
8 allow domain tmpfs:file { read getattr };
9 allow domain tmpfs:lnk_file { read getattr };
12 allow domain tmpfs:dir r_dir_perms;
15 allow domain self:process {
32 allow domain self:fd use;
33 allow domain self:dir r_dir_perms;
34 allow domain self:lnk_file r_file_perms;
35 allow domain self:{ fifo_file file } rw_file_perms;
36 allow domain self:unix_dgram_socket { create_socket_perms sendto };
37 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
38 allow domain domain:{ unix_dgram_socket unix_stream_socket } unpriv_unix_sock_ioctls;
41 allow domain init:fd use;
42 allow domain system_server:fd use;
46 allow domain adbd:unix_stream_socket connectto;
47 allow domain adbd:fd use;
48 allow domain adbd:unix_stream_socket { getattr getopt read write shutdown };
51   # Same as adbd rules above, except allow su to do the same thing
52   allow domain su:unix_stream_socket connectto;
53   allow domain su:fd use;
54   allow domain su:unix_stream_socket { getattr getopt read write shutdown };
60   allow domain su:fifo_file { write getattr };
62   # allow "gdbserver --attach" to work for su.
63   allow domain su:process sigchld;
66   allow domain coredump_file:file create_file_perms;
67   allow domain coredump_file:dir ra_dir_perms;
73 allow domain debuggerd:process sigchld;
74 allow domain debuggerd:unix_stream_socket connectto;
77 allow domain rootfs:dir r_dir_perms;
78 allow domain rootfs:file r_file_perms;
79 allow domain rootfs:lnk_file r_file_perms;
82 allow domain device:dir search;
83 allow domain dev_type:lnk_file r_file_perms;
84 allow domain devpts:dir search;
85 allow domain device:file read;
86 allow domain socket_device:dir r_dir_perms;
87 allow domain owntty_device:chr_file rw_file_perms;
88 allow domain null_device:chr_file rw_file_perms;
89 allow domain zero_device:chr_file rw_file_perms;
90 allow domain ashmem_device:chr_file rw_file_perms;
91 allow domain binder_device:chr_file rw_file_perms;
92 allow domain ptmx_device:chr_file rw_file_perms;
93 allow domain alarm_device:chr_file r_file_perms;
94 allow domain urandom_device:chr_file rw_file_perms;
95 allow domain random_device:chr_file rw_file_perms;
96 allow domain properties_device:file r_file_perms;
97 allow domain init:key search;
98 allow domain vold:key search;
104 allow domain fs_type:filesystem getattr;
105 allow domain fs_type:dir getattr;
108 allow domain system_file:dir r_dir_perms;
109 allow domain system_file:file r_file_perms;
110 allow domain system_file:file execute;
111 allow domain system_file:lnk_file r_file_perms;
115 allow { domain -kernel -init } toolbox_exec:file rx_file_perms;
118 allow domain system_data_file:dir { search getattr };
119 allow domain system_data_file:file { getattr read };
120 allow domain system_data_file:lnk_file r_file_perms;
123 allow domain apk_data_file:dir { getattr search };
124 allow domain apk_data_file:file r_file_perms;
125 allow domain apk_data_file:lnk_file r_file_perms;
128 allow domain dalvikcache_data_file:dir { search getattr };
129 allow domain dalvikcache_data_file:file r_file_perms;
132 allow domain cache_file:dir r_dir_perms;
133 allow domain cache_file:file { getattr read };
134 allow domain cache_file:lnk_file r_file_perms;
140 allow domain cgroup:dir { search write };
141 allow domain cgroup:file w_file_perms;
144 allow domain ion_device:chr_file rw_file_perms;
153 allow domain proc_cpuinfo:file r_file_perms;
156 allow domain debugfs:dir r_dir_perms;
157 allow domain debugfs:file w_file_perms;
160 allow domain selinuxfs:dir r_dir_perms;
161 allow domain selinuxfs:file r_file_perms;
164 allow domain security_file:dir { search getattr };
165 allow domain security_file:file getattr;
166 allow domain security_file:lnk_file r_file_perms;
169 allow domain asec_public_file:file r_file_perms;
170 allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
176 # Do not allow any domain other than init or recovery to create unlabeled files.
272 # Don't allow raw read/write/open access to block_device
276 # Don't allow raw read/write/open access to generic devices.
315 # Don't allow mounting on top of /system files or directories
331 # Do not allow service_manager add for default_android_service.
338 # Require that domains explicitly label unknown properties, and do not allow
402 # Do not allow the introduction of new execmod rules. Text relocations
423 # in the domain attribute, so that all allow and neverallow rules