xref: /aosp_15_r20/system/sepolicy/prebuilts/api/30.0/public/attributes (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1######################################
2# Attribute declarations
3#
4
5# All types used for devices.
6# On change, update CHECK_FC_ASSERT_ATTRS
7# in tools/checkfc.c
8attribute dev_type;
9
10# All types used for processes.
11attribute domain;
12
13# All types used for filesystems.
14# On change, update CHECK_FC_ASSERT_ATTRS
15# definition in tools/checkfc.c.
16attribute fs_type;
17
18# All types used for context= mounts.
19attribute contextmount_type;
20
21# All types used for files that can exist on a labeled fs.
22# Do not use for pseudo file types.
23# On change, update CHECK_FC_ASSERT_ATTRS
24# definition in tools/checkfc.c.
25attribute file_type;
26
27# All types used for domain entry points.
28attribute exec_type;
29
30# All types used for /data files.
31attribute data_file_type;
32expandattribute data_file_type false;
33# All types in /data, not in /data/vendor
34attribute core_data_file_type;
35expandattribute core_data_file_type false;
36
37# All types in /system
38attribute system_file_type;
39
40# All types in /vendor
41attribute vendor_file_type;
42
43# All types used for procfs files.
44attribute proc_type;
45expandattribute proc_type false;
46
47# Types in /proc/net, excluding qtaguid types.
48# TODO(b/9496886) Lock down access to /proc/net.
49# This attribute is used to audit access to proc_net. it is temporary and will
50# be removed.
51attribute proc_net_type;
52expandattribute proc_net_type true;
53
54# All types used for sysfs files.
55attribute sysfs_type;
56
57# All types use for debugfs files.
58attribute debugfs_type;
59
60# Attribute used for all sdcards
61attribute sdcard_type;
62
63# All types used for nodes/hosts.
64attribute node_type;
65
66# All types used for network interfaces.
67attribute netif_type;
68
69# All types used for network ports.
70attribute port_type;
71
72# All types used for property service
73# On change, update CHECK_PC_ASSERT_ATTRS
74# definition in tools/checkfc.c.
75attribute property_type;
76
77# All properties defined in core SELinux policy. Should not be
78# used by device specific properties
79attribute core_property_type;
80
81# All properties used to configure log filtering.
82attribute log_property_type;
83
84# All properties that are not specific to device but are added from
85# outside of AOSP. (e.g. OEM-specific properties)
86# These properties are not accessible from device-specific domains
87attribute extended_core_property_type;
88
89# Properties used for representing ownership. All properties should have one
90# of: system_property_type, product_property_type, or vendor_property_type.
91
92# All properties defined by /system.
93attribute system_property_type;
94expandattribute system_property_type false;
95
96# All /system-defined properties used only in /system.
97attribute system_internal_property_type;
98expandattribute system_internal_property_type false;
99
100# All /system-defined properties which can't be written outside /system.
101attribute system_restricted_property_type;
102expandattribute system_restricted_property_type false;
103
104# All /system-defined properties with no restrictions.
105attribute system_public_property_type;
106expandattribute system_public_property_type false;
107
108# All properties defined by /product.
109# Currently there are no enforcements between /system and /product, so for now
110# /product attributes are just replaced to /system attributes.
111define(`product_property_type',   `system_property_type')
112define(`product_internal_type',   `system_internal_property_type')
113define(`product_restricted_type', `system_restricted_property_type')
114define(`product_public_type',     `system_public_property_type')
115
116# All properties defined by /vendor.
117attribute vendor_property_type;
118expandattribute vendor_property_type false;
119
120# All /vendor-defined properties used only in /vendor.
121attribute vendor_internal_property_type;
122expandattribute vendor_internal_property_type false;
123
124# All /vendor-defined properties which can't be written outside /vendor.
125attribute vendor_restricted_property_type;
126expandattribute vendor_restricted_property_type false;
127
128# All /vendor-defined properties with no restrictions.
129attribute vendor_public_property_type;
130expandattribute vendor_public_property_type false;
131
132# All service_manager types created by system_server
133attribute system_server_service;
134
135# services which should be available to all but isolated apps
136attribute app_api_service;
137
138# services which should be available to all ephemeral apps
139attribute ephemeral_app_api_service;
140
141# services which export only system_api
142attribute system_api_service;
143
144# services which served by vendor and also using the copy of libbinder on
145# system (for instance via libbinder_ndk). services using a different copy
146# of libbinder currently need their own context manager (e.g.
147# vndservicemanager)
148attribute vendor_service;
149
150# All types used for services managed by servicemanager.
151# On change, update CHECK_SC_ASSERT_ATTRS
152# definition in tools/checkfc.c.
153attribute service_manager_type;
154
155# All types used for services managed by hwservicemanager
156attribute hwservice_manager_type;
157
158# All HwBinder services guaranteed to be passthrough. These services always run
159# in the process of their clients, and thus operate with the same access as
160# their clients.
161attribute same_process_hwservice;
162
163# All HwBinder services guaranteed to be offered only by core domain components
164attribute coredomain_hwservice;
165
166# All HwBinder services that untrusted apps can't directly access
167attribute protected_hwservice;
168
169# All types used for services managed by vndservicemanager
170attribute vndservice_manager_type;
171
172
173# All domains that can override MLS restrictions.
174# i.e. processes that can read up and write down.
175attribute mlstrustedsubject;
176
177# All types that can override MLS restrictions.
178# i.e. files that can be read by lower and written by higher
179attribute mlstrustedobject;
180
181# All domains used for apps.
182attribute appdomain;
183
184# All third party apps.
185attribute untrusted_app_all;
186
187# All domains used for apps with network access.
188attribute netdomain;
189
190# All domains used for apps with bluetooth access.
191attribute bluetoothdomain;
192
193# All domains used for binder service domains.
194attribute binderservicedomain;
195
196# update_engine related domains that need to apply an update and run
197# postinstall. This includes the background daemon and the sideload tool from
198# recovery for A/B devices.
199attribute update_engine_common;
200
201# All core domains (as opposed to vendor/device-specific domains)
202attribute coredomain;
203
204# All socket devices owned by core domain components
205attribute coredomain_socket;
206expandattribute coredomain_socket false;
207
208# All vendor domains which violate the requirement of not using Binder
209# TODO(b/35870313): Remove this once there are no violations
210attribute binder_in_vendor_violators;
211expandattribute binder_in_vendor_violators false;
212
213# All vendor domains which violate the requirement of not using sockets for
214# communicating with core components
215# TODO(b/36577153): Remove this once there are no violations
216attribute socket_between_core_and_vendor_violators;
217expandattribute socket_between_core_and_vendor_violators false;
218
219# All vendor domains which violate the requirement of not executing
220# system processes
221# TODO(b/36463595)
222attribute vendor_executes_system_violators;
223expandattribute vendor_executes_system_violators false;
224
225# All domains which violate the requirement of not sharing files by path
226# between between vendor and core domains.
227# TODO(b/34980020)
228attribute data_between_core_and_vendor_violators;
229expandattribute data_between_core_and_vendor_violators false;
230
231# All system domains which violate the requirement of not executing vendor
232# binaries/libraries.
233# TODO(b/62041836)
234attribute system_executes_vendor_violators;
235expandattribute system_executes_vendor_violators false;
236
237# All system domains which violate the requirement of not writing vendor
238# properties.
239# TODO(b/78598545): Remove this once there are no violations
240attribute system_writes_vendor_properties_violators;
241expandattribute system_writes_vendor_properties_violators false;
242
243# All system domains which violate the requirement of not writing to
244# /mnt/vendor/*. Must not be used on devices launched with P or later.
245attribute system_writes_mnt_vendor_violators;
246expandattribute system_writes_mnt_vendor_violators false;
247
248# hwservices that are accessible from untrusted applications
249# WARNING: Use of this attribute should be avoided unless
250# absolutely necessary.  It is a temporary allowance to aid the
251# transition to treble and will be removed in a future platform
252# version, requiring all hwservices that are labeled with this
253# attribute to be submitted to AOSP in order to maintain their
254# app-visibility.
255attribute untrusted_app_visible_hwservice_violators;
256expandattribute untrusted_app_visible_hwservice_violators false;
257
258# halserver domains that are accessible to untrusted applications.  These
259# domains are typically those hosting  hwservices attributed by the
260# untrusted_app_visible_hwservice_violators.
261# WARNING: Use of this attribute should be avoided unless absolutely necessary.
262# It is a temporary allowance to aid the transition to treble and will be
263# removed in the future platform version, requiring all halserver domains that
264# are labeled with this attribute to be submitted to AOSP in order to maintain
265# their app-visibility.
266attribute untrusted_app_visible_halserver_violators;
267expandattribute untrusted_app_visible_halserver_violators false;
268
269# PDX services
270attribute pdx_endpoint_dir_type;
271attribute pdx_endpoint_socket_type;
272expandattribute pdx_endpoint_socket_type false;
273attribute pdx_channel_socket_type;
274expandattribute pdx_channel_socket_type false;
275
276pdx_service_attributes(display_client)
277pdx_service_attributes(display_manager)
278pdx_service_attributes(display_screenshot)
279pdx_service_attributes(display_vsync)
280pdx_service_attributes(performance_client)
281pdx_service_attributes(bufferhub_client)
282
283# All HAL servers
284attribute halserverdomain;
285# All HAL clients
286attribute halclientdomain;
287expandattribute halclientdomain true;
288
289# Exempt for halserverdomain to access sockets. Only builds for automotive
290# device types are allowed to use this attribute (enforced by CTS).
291# Unlike phone, in a car many modules are external from Android perspective and
292# HALs should be able to communicate with those devices through sockets.
293attribute hal_automotive_socket_exemption;
294
295# HALs
296hal_attribute(allocator);
297hal_attribute(atrace);
298hal_attribute(audio);
299hal_attribute(audiocontrol);
300hal_attribute(authsecret);
301hal_attribute(bluetooth);
302hal_attribute(bootctl);
303hal_attribute(bufferhub);
304hal_attribute(broadcastradio);
305hal_attribute(camera);
306hal_attribute(can_bus);
307hal_attribute(can_controller);
308hal_attribute(cas);
309hal_attribute(codec2);
310hal_attribute(configstore);
311hal_attribute(confirmationui);
312hal_attribute(contexthub);
313hal_attribute(drm);
314hal_attribute(dumpstate);
315hal_attribute(evs);
316hal_attribute(face);
317hal_attribute(fingerprint);
318hal_attribute(gatekeeper);
319hal_attribute(gnss);
320hal_attribute(graphics_allocator);
321hal_attribute(graphics_composer);
322hal_attribute(health);
323hal_attribute(health_storage);
324hal_attribute(identity);
325hal_attribute(input_classifier);
326hal_attribute(ir);
327hal_attribute(keymaster);
328hal_attribute(light);
329hal_attribute(lowpan);
330hal_attribute(memtrack);
331hal_attribute(neuralnetworks);
332hal_attribute(nfc);
333hal_attribute(oemlock);
334hal_attribute(omx);
335hal_attribute(power);
336hal_attribute(power_stats);
337hal_attribute(rebootescrow);
338hal_attribute(secure_element);
339hal_attribute(sensors);
340hal_attribute(telephony);
341hal_attribute(tetheroffload);
342hal_attribute(thermal);
343hal_attribute(tv_cec);
344hal_attribute(tv_input);
345hal_attribute(tv_tuner);
346hal_attribute(usb);
347hal_attribute(usb_gadget);
348hal_attribute(vehicle);
349hal_attribute(vibrator);
350hal_attribute(vr);
351hal_attribute(weaver);
352hal_attribute(wifi);
353hal_attribute(wifi_hostapd);
354hal_attribute(wifi_supplicant);
355
356# HwBinder services offered across the core-vendor boundary
357#
358# We annotate server domains with x_server  to loosen the coupling between
359# system and vendor images. For example, it should be possible to move a service
360# from one core domain to another, without having to update the vendor image
361# which contains clients of this service.
362
363attribute automotive_display_service_server;
364attribute camera_service_server;
365attribute display_service_server;
366attribute scheduler_service_server;
367attribute sensor_service_server;
368attribute stats_service_server;
369attribute system_suspend_server;
370attribute wifi_keystore_service_server;
371
372# All types used for super partition block devices.
373attribute super_block_device_type;
374