xref: /aosp_15_r20/system/sepolicy/public/device.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290)

# Device types
type device, dev_type, fs_type;
type ashmem_device, dev_type, mlstrustedobject;
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
type hwbinder_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type vndbinder_device, dev_type;
type block_device, dev_type;
type bt_device, dev_type;
type camera_device, dev_type;
type dm_device, dev_type;
type ublk_block_device, dev_type;
type dm_user_device, dev_type;
type ublk_control_device, dev_type;
type keychord_device, dev_type;
type loop_control_device, dev_type;
type loop_device, dev_type;
type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type;
type ram_device, dev_type;
type rtc_device, dev_type;
type vd_device, dev_type;
type vold_device, dev_type;
type console_device, dev_type;
type fscklogs, dev_type;
# GPU (used by most UI apps)
type gpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type graphics_device, dev_type;
type hw_random_device, dev_type;
type input_device, dev_type;
type port_device, dev_type;
type lowpan_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
type ptmx_device, dev_type, mlstrustedobject;
type kmsg_device, dev_type, mlstrustedobject;
type kmsg_debug_device, dev_type;
type null_device, dev_type, mlstrustedobject;
type random_device, dev_type, mlstrustedobject;
type secure_element_device, dev_type;
type sensors_device, dev_type;
type serial_device, dev_type;
type socket_device, dev_type;
type owntty_device, dev_type, mlstrustedobject;
type tty_device, dev_type;
type video_device, dev_type;
type zero_device, dev_type, mlstrustedobject;
type fuse_device, dev_type, mlstrustedobject;
type iio_device, dev_type;
type ion_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type dmabuf_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
type dmabuf_system_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject, isolated_compute_allowed_device;
type dmabuf_system_secure_heap_device, dmabuf_heap_device_type, dev_type, mlstrustedobject;
type qtaguid_device, dev_type;
type watchdog_device, dev_type;
type uhid_device, dev_type, mlstrustedobject;
type uio_device, dev_type;
type tun_device, dev_type, mlstrustedobject;
type usbaccessory_device, dev_type, mlstrustedobject;
type usb_device, dev_type, mlstrustedobject;
type usb_serial_device, dev_type;
type gnss_device, dev_type;
type properties_device, dev_type;
type properties_serial, dev_type;
type property_info, dev_type;
type hidraw_device, dev_type;

# All devices have a uart for the hci
# attach service. The uart dev node
# varies per device. This type
# is used in per device policy
type hci_attach_dev, dev_type;

# All devices have a rpmsg device for
# achieving remoteproc and rpmsg modules
type rpmsg_device, dev_type;

# Partition layout block device
type root_block_device, dev_type;

# factory reset protection block device
type frp_block_device, dev_type;

# System block device mounted on /system.
# Documented at https://source.android.com/devices/bootloader/partitions
type system_block_device, dev_type;

# Recovery block device.
# Documented at https://source.android.com/devices/bootloader/partitions
type recovery_block_device, dev_type;

# boot block device.
# Documented at https://source.android.com/devices/bootloader/partitions
type boot_block_device, dev_type;

# dtbo block device, type used for getting DTBO information for AVF.
# Documented at https://source.android.com/docs/core/architecture/dto/partitions
type dtbo_block_device, dev_type;

# Userdata block device mounted on /data.
# Documented at https://source.android.com/devices/bootloader/partitions
type userdata_block_device, dev_type;

# Zoned block device.
type zoned_block_device, dev_type;

# Cache block device mounted on /cache.
# Documented at https://source.android.com/devices/bootloader/partitions
type cache_block_device, dev_type;

# Block device for any swap partition.
type swap_block_device, dev_type;

# Metadata block device mounted on /metadata, used for encryption metadata and
# various other purposes.
# Documented at https://source.android.com/devices/bootloader/partitions
type metadata_block_device, dev_type;

# The 'misc' partition used by recovery and A/B.
# Documented at https://source.android.com/devices/bootloader/partitions
type misc_block_device, dev_type;

# 'super' partition to be used for logical partitioning.
type super_block_device, super_block_device_type, dev_type;

# sdcard devices; normally vold uses the vold_block_device label and creates a
# separate device node. gsid, however, accesses the original devide node
# created through uevents, so we use a separate label.
type sdcard_block_device, dev_type;

# Userdata device file for filesystem tunables
type userdata_sysdev, dev_type;

# Root disk file for disk tunables
type rootdisk_sysdev, dev_type;

# vfio device
type vfio_device, dev_type;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.