xref: /aosp_15_r20/system/sepolicy/public/device.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1# Device types
2type device, dev_type, fs_type;
3type ashmem_device, dev_type, mlstrustedobject;
4type ashmem_libcutils_device, dev_type, mlstrustedobject;
5type audio_device, dev_type;
6type binder_device, dev_type, mlstrustedobject;
7type hwbinder_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
8type vndbinder_device, dev_type;
9type block_device, dev_type;
10type bt_device, dev_type;
11type camera_device, dev_type;
12type dm_device, dev_type;
13type ublk_block_device, dev_type;
14type dm_user_device, dev_type;
15type ublk_control_device, dev_type;
16type keychord_device, dev_type;
17type loop_control_device, dev_type;
18type loop_device, dev_type;
19type pmsg_device, dev_type, mlstrustedobject;
20type radio_device, dev_type;
21type ram_device, dev_type;
22type rtc_device, dev_type;
23type vd_device, dev_type;
24type vold_device, dev_type;
25type console_device, dev_type;
26type fscklogs, dev_type;
27# GPU (used by most UI apps)
28type gpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
29type graphics_device, dev_type;
30type hw_random_device, dev_type;
31type input_device, dev_type;
32type port_device, dev_type;
33type lowpan_device, dev_type;
34type mtp_device, dev_type, mlstrustedobject;
35type nfc_device, dev_type;
36type ptmx_device, dev_type, mlstrustedobject;
37type kmsg_device, dev_type, mlstrustedobject;
38type kmsg_debug_device, dev_type;
39type null_device, dev_type, mlstrustedobject;
40type random_device, dev_type, mlstrustedobject;
41type secure_element_device, dev_type;
42type sensors_device, dev_type;
43type serial_device, dev_type;
44type socket_device, dev_type;
45type owntty_device, dev_type, mlstrustedobject;
46type tty_device, dev_type;
47type video_device, dev_type;
48type zero_device, dev_type, mlstrustedobject;
49type fuse_device, dev_type, mlstrustedobject;
50type iio_device, dev_type;
51type ion_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
52type dmabuf_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
53type dmabuf_system_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject, isolated_compute_allowed_device;
54type dmabuf_system_secure_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
55type qtaguid_device, dev_type;
56type watchdog_device, dev_type;
57type uhid_device, dev_type, mlstrustedobject;
58type uio_device, dev_type;
59type tun_device, dev_type, mlstrustedobject;
60type usbaccessory_device, dev_type, mlstrustedobject;
61type usb_device, dev_type, mlstrustedobject;
62type usb_serial_device, dev_type;
63type gnss_device, dev_type;
64type properties_device, dev_type;
65type properties_serial, dev_type;
66type property_info, dev_type;
67type hidraw_device, dev_type;
68
69# All devices have a uart for the hci
70# attach service. The uart dev node
71# varies per device. This type
72# is used in per device policy
73type hci_attach_dev, dev_type;
74
75# All devices have a rpmsg device for
76# achieving remoteproc and rpmsg modules
77type rpmsg_device, dev_type;
78
79# Partition layout block device
80type root_block_device, dev_type;
81
82# factory reset protection block device
83type frp_block_device, dev_type;
84
85# System block device mounted on /system.
86# Documented at https://source.android.com/devices/bootloader/partitions
87type system_block_device, dev_type;
88
89# Recovery block device.
90# Documented at https://source.android.com/devices/bootloader/partitions
91type recovery_block_device, dev_type;
92
93# boot block device.
94# Documented at https://source.android.com/devices/bootloader/partitions
95type boot_block_device, dev_type;
96
97# dtbo block device, type used for getting DTBO information for AVF.
98# Documented at https://source.android.com/docs/core/architecture/dto/partitions
99type dtbo_block_device, dev_type;
100
101# Userdata block device mounted on /data.
102# Documented at https://source.android.com/devices/bootloader/partitions
103type userdata_block_device, dev_type;
104
105# Zoned block device.
106type zoned_block_device, dev_type;
107
108# Cache block device mounted on /cache.
109# Documented at https://source.android.com/devices/bootloader/partitions
110type cache_block_device, dev_type;
111
112# Block device for any swap partition.
113type swap_block_device, dev_type;
114
115# Metadata block device mounted on /metadata, used for encryption metadata and
116# various other purposes.
117# Documented at https://source.android.com/devices/bootloader/partitions
118type metadata_block_device, dev_type;
119
120# The 'misc' partition used by recovery and A/B.
121# Documented at https://source.android.com/devices/bootloader/partitions
122type misc_block_device, dev_type;
123
124# 'super' partition to be used for logical partitioning.
125type super_block_device, super_block_device_type, dev_type;
126
127# sdcard devices; normally vold uses the vold_block_device label and creates a
128# separate device node. gsid, however, accesses the original devide node
129# created through uevents, so we use a separate label.
130type sdcard_block_device, dev_type;
131
132# Userdata device file for filesystem tunables
133type userdata_sysdev, dev_type;
134
135# Root disk file for disk tunables
136type rootdisk_sysdev, dev_type;
137
138# vfio device
139type vfio_device, dev_type;
140
141# system/sepolicy/public is for vendor-facing type and attribute definitions.
142# DO NOT ADD allow, neverallow, or dontaudit statements here.
143# Instead, add such policy rules to system/sepolicy/private/*.te.
144