xref: /aosp_15_r20/system/sepolicy/prebuilts/api/30.0/public/profman.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Worker# profman
2*e4a36f41SAndroid Build Coastguard Workertype profman, domain;
3*e4a36f41SAndroid Build Coastguard Workertype profman_exec, system_file_type, exec_type, file_type;
4*e4a36f41SAndroid Build Coastguard Worker
5*e4a36f41SAndroid Build Coastguard Workerallow profman user_profile_data_file:file { getattr read write lock map };
6*e4a36f41SAndroid Build Coastguard Worker
7*e4a36f41SAndroid Build Coastguard Worker# Dumping profile info opens the application APK file for pretty printing.
8*e4a36f41SAndroid Build Coastguard Workerallow profman asec_apk_file:file { read map };
9*e4a36f41SAndroid Build Coastguard Workerallow profman apk_data_file:file { getattr read map };
10*e4a36f41SAndroid Build Coastguard Workerallow profman apk_data_file:dir { getattr read search };
11*e4a36f41SAndroid Build Coastguard Worker
12*e4a36f41SAndroid Build Coastguard Workerallow profman oemfs:file { read map };
13*e4a36f41SAndroid Build Coastguard Worker# Reading an APK opens a ZipArchive, which unpack to tmpfs.
14*e4a36f41SAndroid Build Coastguard Workerallow profman tmpfs:file { read map };
15*e4a36f41SAndroid Build Coastguard Workerallow profman profman_dump_data_file:file { write map };
16*e4a36f41SAndroid Build Coastguard Worker
17*e4a36f41SAndroid Build Coastguard Workerallow profman installd:fd use;
18*e4a36f41SAndroid Build Coastguard Worker
19*e4a36f41SAndroid Build Coastguard Worker# Allow profman to analyze profiles for the secondary dex files. These
20*e4a36f41SAndroid Build Coastguard Worker# are application dex files reported back to the framework when using
21*e4a36f41SAndroid Build Coastguard Worker# BaseDexClassLoader.
22*e4a36f41SAndroid Build Coastguard Workerallow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
23*e4a36f41SAndroid Build Coastguard Workerallow profman { privapp_data_file app_data_file }:dir { getattr read search };
24*e4a36f41SAndroid Build Coastguard Worker
25*e4a36f41SAndroid Build Coastguard Worker###
26*e4a36f41SAndroid Build Coastguard Worker### neverallow rules
27*e4a36f41SAndroid Build Coastguard Worker###
28*e4a36f41SAndroid Build Coastguard Worker
29*e4a36f41SAndroid Build Coastguard Workerneverallow profman { privapp_data_file app_data_file }:notdevfile_class_set open;
30