1# Filesystem types 2type labeledfs, fs_type; 3type pipefs, fs_type; 4type sockfs, fs_type; 5type rootfs, fs_type; 6type proc, fs_type, proc_type; 7type binderfs, fs_type; 8type binderfs_logs, fs_type; 9type binderfs_logs_proc, fs_type; 10type binderfs_logs_stats, fs_type; 11 12starting_at_board_api(202504, ` 13 type binderfs_logs_transactions, fs_type; 14 type binderfs_logs_transaction_history, fs_type; 15') 16 17type binderfs_features, fs_type; 18# Security-sensitive proc nodes that should not be writable to most. 19type proc_security, fs_type, proc_type; 20type proc_drop_caches, fs_type, proc_type; 21type proc_overcommit_memory, fs_type, proc_type; 22type proc_min_free_order_shift, fs_type, proc_type; 23type proc_kpageflags, fs_type, proc_type; 24type proc_watermark_boost_factor, fs_type, proc_type; 25type proc_percpu_pagelist_high_fraction, fs_type, proc_type; 26# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. 27type usermodehelper, fs_type, proc_type; 28type sysfs_usermodehelper, fs_type, sysfs_type; 29type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; 30type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; 31type proc_bluetooth_writable, fs_type, proc_type; 32type proc_abi, fs_type, proc_type; 33type proc_asound, fs_type, proc_type; 34type proc_bootconfig, fs_type, proc_type; 35type proc_bpf, fs_type, proc_type; 36type proc_buddyinfo, fs_type, proc_type; 37starting_at_board_api(202504, ` 38 type proc_cgroups, fs_type, proc_type; 39') 40type proc_cmdline, fs_type, proc_type; 41type proc_cpu_alignment, fs_type, proc_type; 42type proc_cpuinfo, fs_type, proc_type; 43type proc_dirty, fs_type, proc_type; 44type proc_diskstats, fs_type, proc_type; 45type proc_extra_free_kbytes, fs_type, proc_type; 46type proc_filesystems, fs_type, proc_type; 47type proc_fs_verity, fs_type, proc_type; 48type proc_hostname, fs_type, proc_type; 49type proc_hung_task, fs_type, proc_type; 50type proc_interrupts, fs_type, proc_type; 51type proc_iomem, fs_type, proc_type; 52type proc_kallsyms, fs_type, proc_type; 53type proc_keys, fs_type, proc_type; 54type proc_kmsg, fs_type, proc_type; 55type proc_loadavg, fs_type, proc_type; 56type proc_locks, fs_type, proc_type; 57type proc_lowmemorykiller, fs_type, proc_type; 58type proc_max_map_count, fs_type, proc_type; 59type proc_meminfo, fs_type, proc_type; 60type proc_misc, fs_type, proc_type; 61type proc_modules, fs_type, proc_type; 62type proc_mounts, fs_type, proc_type; 63type proc_net, fs_type, proc_type, proc_net_type; 64type proc_net_tcp_udp, fs_type, proc_type; 65type proc_page_cluster, fs_type, proc_type; 66type proc_pagetypeinfo, fs_type, proc_type; 67type proc_panic, fs_type, proc_type; 68type proc_perf, fs_type, proc_type; 69type proc_pid_max, fs_type, proc_type; 70type proc_pipe_conf, fs_type, proc_type; 71type proc_pressure_cpu, fs_type, proc_type; 72type proc_pressure_io, fs_type, proc_type; 73type proc_pressure_mem, fs_type, proc_type; 74type proc_random, fs_type, proc_type; 75type proc_sched, fs_type, proc_type; 76type proc_slabinfo, fs_type, proc_type; 77type proc_stat, fs_type, proc_type; 78type proc_swaps, fs_type, proc_type; 79type proc_sysrq, fs_type, proc_type; 80type proc_timer, fs_type, proc_type; 81type proc_tty_drivers, fs_type, proc_type; 82type proc_uid_cputime_showstat, fs_type, proc_type; 83type proc_uid_cputime_removeuid, fs_type, proc_type; 84type proc_uid_io_stats, fs_type, proc_type; 85type proc_uid_procstat_set, fs_type, proc_type; 86type proc_uid_time_in_state, fs_type, proc_type; 87type proc_uid_concurrent_active_time, fs_type, proc_type; 88type proc_uid_concurrent_policy_time, fs_type, proc_type; 89type proc_uid_cpupower, fs_type, proc_type; 90type proc_uptime, fs_type, proc_type; 91type proc_version, fs_type, proc_type; 92type proc_vmallocinfo, fs_type, proc_type; 93type proc_vmstat, fs_type, proc_type; 94type proc_watermark_scale_factor, fs_type, proc_type; 95type proc_zoneinfo, fs_type, proc_type; 96type proc_vendor_sched, proc_type, fs_type; 97type selinuxfs, fs_type, mlstrustedobject; 98type fusectlfs, fs_type; 99type cgroup, fs_type, mlstrustedobject; 100type cgroup_v2, fs_type; 101type sysfs, fs_type, sysfs_type, mlstrustedobject; 102type sysfs_android_usb, fs_type, sysfs_type; 103type sysfs_uio, sysfs_type, fs_type; 104type sysfs_batteryinfo, fs_type, sysfs_type; 105type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; 106type sysfs_devfreq_cur, fs_type, sysfs_type; 107type sysfs_devfreq_dir, fs_type, sysfs_type; 108type sysfs_devices_block, fs_type, sysfs_type; 109type sysfs_dm, fs_type, sysfs_type; 110type sysfs_dm_verity, fs_type, sysfs_type; 111type sysfs_dma_heap, fs_type, sysfs_type; 112type sysfs_dmabuf_stats, fs_type, sysfs_type; 113type sysfs_dt_firmware_android, fs_type, sysfs_type; 114type sysfs_extcon, fs_type, sysfs_type; 115type sysfs_ion, fs_type, sysfs_type; 116type sysfs_ipv4, fs_type, sysfs_type; 117type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; 118type sysfs_leds, fs_type, sysfs_type; 119type sysfs_loop, fs_type, sysfs_type; 120type sysfs_gpu, fs_type, sysfs_type; 121type sysfs_hwrandom, fs_type, sysfs_type; 122type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; 123type sysfs_wake_lock, fs_type, sysfs_type; 124type sysfs_net, fs_type, sysfs_type; 125type sysfs_power, fs_type, sysfs_type; 126type sysfs_rtc, fs_type, sysfs_type; 127type sysfs_suspend_stats, fs_type, sysfs_type; 128type sysfs_switch, fs_type, sysfs_type; 129type sysfs_sync_on_suspend, fs_type, sysfs_type; 130type sysfs_transparent_hugepage, fs_type, sysfs_type; 131type sysfs_lru_gen_enabled, fs_type, sysfs_type; 132type sysfs_usb, fs_type, sysfs_type; 133type sysfs_wakeup, fs_type, sysfs_type; 134type sysfs_wakeup_reasons, fs_type, sysfs_type; 135type sysfs_fs_ext4_features, sysfs_type, fs_type; 136type sysfs_fs_f2fs, sysfs_type, fs_type; 137type sysfs_fs_fuse_bpf, sysfs_type, fs_type; 138type sysfs_fs_fuse_features, sysfs_type, fs_type; 139type sysfs_fs_incfs_features, sysfs_type, fs_type; 140type sysfs_fs_incfs_metrics, sysfs_type, fs_type; 141type sysfs_vendor_sched, sysfs_type, fs_type; 142userdebug_or_eng(` 143 typeattribute sysfs_vendor_sched mlstrustedobject; 144') 145type fs_bpf, fs_type, bpffs_type; 146# TODO: S+ fs_bpf_tethering (used by mainline) should be private 147type fs_bpf_tethering, fs_type, bpffs_type; 148type fs_bpf_vendor, fs_type, bpffs_type; 149 150type configfs, fs_type; 151# /sys/devices/cs_etm 152type sysfs_devices_cs_etm, fs_type, sysfs_type; 153# /sys/devices/system/cpu 154type sysfs_devices_system_cpu, fs_type, sysfs_type; 155# /sys/module/lowmemorykiller 156type sysfs_lowmemorykiller, fs_type, sysfs_type; 157# /sys/module/wlan/parameters/fwpath 158type sysfs_wlan_fwpath, fs_type, sysfs_type; 159type sysfs_vibrator, fs_type, sysfs_type; 160type sysfs_uhid, fs_type, sysfs_type; 161type sysfs_thermal, sysfs_type, fs_type; 162 163type sysfs_zram, fs_type, sysfs_type; 164type sysfs_zram_uevent, fs_type, sysfs_type; 165type inotify, fs_type, mlstrustedobject; 166type devpts, fs_type, mlstrustedobject; 167type tmpfs, fs_type; 168type shm, fs_type; 169type mqueue, fs_type; 170type fuse, fusefs_type, fs_type, mlstrustedobject; 171type fuseblk, sdcard_type, fusefs_type, fs_type, mlstrustedobject; 172type sdcardfs, sdcard_type, fs_type, mlstrustedobject; 173type vfat, sdcard_type, fs_type, mlstrustedobject; 174type exfat, sdcard_type, fs_type, mlstrustedobject; 175type debugfs, fs_type, debugfs_type; 176type debugfs_kprobes, fs_type, debugfs_type; 177type debugfs_mmc, fs_type, debugfs_type; 178type debugfs_mm_events_tracing, fs_type, debugfs_type, tracefs_type; 179type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 180type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 181type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject, tracefs_type; 182type debugfs_tracing_instances, fs_type, debugfs_type, tracefs_type; 183type debugfs_tracing_printk_formats, fs_type, debugfs_type, tracefs_type; 184type debugfs_wakeup_sources, fs_type, debugfs_type; 185type debugfs_wifi_tracing, fs_type, debugfs_type, tracefs_type; 186type securityfs, fs_type; 187 188type pstorefs, fs_type; 189type functionfs, fs_type, mlstrustedobject; 190type oemfs, fs_type, contextmount_type; 191type usbfs, fs_type; 192type binfmt_miscfs, fs_type; 193type app_fusefs, fs_type, fusefs_type, contextmount_type; 194 195# File types 196type unlabeled, file_type; 197 198# Default type for anything under /system. 199type system_file, system_file_type, file_type; 200# Default type for /system/asan.options 201type system_asan_options_file, system_file_type, file_type; 202# Type for /system/etc/event-log-tags (liblog implementation detail) 203type system_event_log_tags_file, system_file_type, file_type; 204# Default type for anything under /system/lib[64]. 205type system_lib_file, system_file_type, file_type; 206# system libraries that are available only to bootstrap processes 207type system_bootstrap_lib_file, system_file_type, file_type; 208# Default type for the group file /system/etc/group. 209type system_group_file, system_file_type, file_type; 210# Default type for linker executable /system/bin/linker[64]. 211type system_linker_exec, system_file_type, file_type; 212# Default type for linker config /system/etc/ld.config.*. 213type system_linker_config_file, system_file_type, file_type; 214# Default type for the passwd file /system/etc/passwd. 215type system_passwd_file, system_file_type, file_type; 216# Default type for linker config /system/etc/seccomp_policy/*. 217type system_seccomp_policy_file, system_file_type, file_type; 218# Default type for cacerts in /system/etc/security/cacerts/*. 219type system_security_cacerts_file, system_file_type, file_type; 220# Default type for /system/bin/tcpdump. 221type tcpdump_exec, system_file_type, exec_type, file_type; 222# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. 223type system_zoneinfo_file, system_file_type, file_type; 224# Cgroups description file under /system/etc/cgroups.json or 225# API file under /system/etc/task_profiles/cgroups_*.json 226type cgroup_desc_file, system_file_type, file_type; 227until_board_api(202504, ` 228 # Cgroups description file under /system/etc/task_profiles/cgroups_*.json 229 type cgroup_desc_api_file, system_file_type, file_type; 230') 231# Vendor cgroups description file under /vendor/etc/cgroups.json 232type vendor_cgroup_desc_file, vendor_file_type, file_type; 233# Task profiles file under /system/etc/task_profiles.json or 234# API file under /system/etc/task_profiles/task_profiles_*.json 235type task_profiles_file, system_file_type, file_type; 236until_board_api(202504, ` 237 # Task profiles file under /system/etc/task_profiles/task_profiles_*.json 238 type task_profiles_api_file, system_file_type, file_type; 239') 240# Vendor task profiles file under /vendor/etc/task_profiles.json 241type vendor_task_profiles_file, vendor_file_type, file_type; 242# Type for /system/apex/com.android.art 243type art_apex_dir, system_file_type, file_type; 244# /linkerconfig(/.*)? 245type linkerconfig_file, file_type; 246# Control files under /data/incremental 247type incremental_control_file, file_type, data_file_type, core_data_file_type; 248# /oem/media/bootanimation.zip|shutdownanimation.zip|userspace-reboot.zip 249type bootanim_oem_file, file_type, system_file_type; 250 251# Default type for directories search for 252# HAL implementations 253type vendor_hal_file, vendor_file_type, file_type; 254# Default type for under /vendor or /system/vendor 255type vendor_file, vendor_file_type, file_type; 256# Default type for everything in /vendor/app 257type vendor_app_file, vendor_file_type, file_type; 258# Default type for everything under /vendor/etc/ 259type vendor_configs_file, vendor_file_type, file_type; 260# Default type for all *same process* HALs and their lib/bin dependencies. 261# e.g. libEGL_xxx.so, [email protected] 262type same_process_hal_file, vendor_file_type, file_type; 263# Default type for vndk-sp libs. /vendor/lib/vndk-sp 264type vndk_sp_file, vendor_file_type, file_type; 265# Default type for everything in /vendor/framework 266type vendor_framework_file, vendor_file_type, file_type; 267# Default type for everything in /vendor/overlay 268type vendor_overlay_file, vendor_file_type, file_type; 269# Type for all vendor public libraries. These libs should only be exposed to 270# apps. ABI stability of these libs is vendor's responsibility. 271type vendor_public_lib_file, vendor_file_type, file_type; 272# Type for all vendor public libraries for system. These libs should only be exposed to 273# system. ABI stability of these libs is vendor's responsibility. 274type vendor_public_framework_file, vendor_file_type, file_type; 275# Type for all microdroid related files in the vendor partition. 276# Files having this type should be read-only. 277type vendor_microdroid_file, vendor_file_type, file_type; 278 279starting_at_board_api(202504, ` 280 # boot otas for 16KB developer option 281 type vendor_boot_ota_file, vendor_file_type, file_type; 282') 283 284# Input configuration 285type vendor_keylayout_file, vendor_file_type, file_type; 286type vendor_keychars_file, vendor_file_type, file_type; 287type vendor_idc_file, vendor_file_type, file_type; 288 289# Type for vendor uuid mapping config file 290type vendor_uuid_mapping_config_file, vendor_file_type, file_type; 291 292# SoC-specific virtual machine disk files 293type vendor_vm_file, vendor_file_type, file_type; 294# SoC-specific virtual machine disk files that are mutable 295type vendor_vm_data_file, vendor_file_type, file_type; 296 297# /metadata partition itself 298type metadata_file, file_type; 299# Vold files within /metadata 300type vold_metadata_file, file_type; 301# GSI files within /metadata 302type gsi_metadata_file, gsi_metadata_file_type, file_type; 303# DSU (GSI) files within /metadata that are globally readable. 304type gsi_public_metadata_file, gsi_metadata_file_type, file_type; 305# system_server shares Weaver slot information in /metadata 306type password_slot_metadata_file, file_type; 307# APEX files within /metadata 308type apex_metadata_file, file_type; 309# libsnapshot files within /metadata 310type ota_metadata_file, file_type; 311# property files within /metadata/bootstat 312type metadata_bootstat_file, file_type; 313# userspace reboot files within /metadata/userspacereboot 314type userspace_reboot_metadata_file, file_type; 315# Staged install files within /metadata/staged-install 316type staged_install_file, file_type; 317# Metadata information within /metadata/watchdog 318type watchdog_metadata_file, file_type; 319# Repair mode files within /metadata/repair-mode 320type repair_mode_metadata_file, file_type; 321# Aconfig storage file 322type aconfig_storage_metadata_file, file_type; 323# Aconfig storage flag value persistent copy 324type aconfig_storage_flags_metadata_file, file_type; 325 326# Type for /dev/cpu_variant:.*. 327type dev_cpu_variant, file_type; 328# Speedup access for trusted applications to the runtime event tags 329type runtime_event_log_tags_file, file_type; 330# Type for /system/bin/logcat. 331type logcat_exec, system_file_type, exec_type, file_type; 332# Speedup access to cgroup map file 333type cgroup_rc_file, file_type; 334# /cores for coredumps on userdebug / eng builds 335type coredump_file, file_type; 336# Type of /data itself 337type system_data_root_file, file_type, data_file_type, core_data_file_type; 338# Default type for anything under /data. 339type system_data_file, file_type, data_file_type, core_data_file_type; 340# Default type for directories containing per-user encrypted directories, such 341# as /data/user and /data/user_de. 342type system_userdir_file, file_type, data_file_type, core_data_file_type; 343# Type for /data/system/packages.list. 344# TODO(b/129332765): Narrow down permissions to this. 345# Find out users of system_data_file that should be granted only this. 346type packages_list_file, file_type, data_file_type, core_data_file_type; 347type game_mode_intervention_list_file, file_type, data_file_type, core_data_file_type; 348# Default type for anything inside /data/vendor_{ce,de}. 349type vendor_data_file, file_type, data_file_type; 350# Type for /data/vendor_{ce,de} themselves. This has core_data_file_type 351# because these directories themselves are platform-managed; only the files 352# *inside* them are vendor data. (Somewhat similar to system_data_root_file.) 353type vendor_userdir_file, file_type, data_file_type, core_data_file_type; 354# Unencrypted data 355type unencrypted_data_file, file_type, data_file_type, core_data_file_type; 356# installd-create files in /data/misc/installd such as layout_version 357type install_data_file, file_type, data_file_type, core_data_file_type; 358# /data/drm - DRM plugin data 359type drm_data_file, file_type, data_file_type, core_data_file_type; 360# /data/adb - adb debugging files 361type adb_data_file, file_type, data_file_type, core_data_file_type; 362# /data/anr - ANR traces 363type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 364# /data/tombstones - core dumps 365type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 366# /data/vendor/tombstones/wifi - vendor wifi dumps 367type tombstone_wifi_data_file, file_type, data_file_type; 368# /data/apex - APEX data files 369type apex_data_file, file_type, data_file_type, core_data_file_type; 370# /data/app - user-installed apps 371type apk_data_file, file_type, data_file_type, core_data_file_type; 372type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 373# /data/app-private - forward-locked apps 374type apk_private_data_file, file_type, data_file_type, core_data_file_type; 375type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 376# /data/dalvik-cache 377type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; 378# /data/ota 379type ota_data_file, file_type, data_file_type, core_data_file_type; 380# /data/ota_package 381type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 382# /data/misc/profiles 383type user_profile_root_file, file_type, data_file_type, core_data_file_type; 384type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 385# /data/misc/profman 386type profman_dump_data_file, file_type, data_file_type, core_data_file_type; 387# /data/misc/prereboot 388type prereboot_data_file, file_type, data_file_type, core_data_file_type; 389# /data/resource-cache 390type resourcecache_data_file, file_type, data_file_type, core_data_file_type; 391# /data/local - writable by shell 392type shell_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 393# /data/property 394type property_data_file, file_type, data_file_type, core_data_file_type; 395# /data/bootchart 396type bootchart_data_file, file_type, data_file_type, core_data_file_type; 397# /data/system/dropbox 398type dropbox_data_file, file_type, data_file_type, core_data_file_type; 399# /data/system/heapdump 400type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 401# /data/nativetest 402type nativetest_data_file, file_type, data_file_type, core_data_file_type; 403# /data/local/tests 404type shell_test_data_file, file_type, data_file_type, core_data_file_type; 405# /data/system_de/0/ringtones 406type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 407# /data/preloads 408type preloads_data_file, file_type, data_file_type, core_data_file_type; 409# /data/preloads/media 410type preloads_media_file, file_type, data_file_type, core_data_file_type; 411# /data/misc/dhcp and /data/misc/dhcp-6.8.2 412type dhcp_data_file, file_type, data_file_type, core_data_file_type; 413# /data/server_configurable_flags 414type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; 415# /data/app-staging 416type staging_data_file, file_type, data_file_type, core_data_file_type; 417# /vendor/apex 418type vendor_apex_file, vendor_file_type, file_type; 419# apex_manifest.pb in vendor apex 420type vendor_apex_metadata_file, vendor_file_type, file_type; 421# /data/system/shutdown-checkpoints 422type shutdown_checkpoints_system_data_file, file_type, data_file_type, core_data_file_type; 423 424# Mount locations managed by vold 425type mnt_media_rw_file, file_type; 426type mnt_user_file, file_type; 427type mnt_pass_through_file, file_type; 428type mnt_expand_file, file_type; 429type mnt_sdcard_file, file_type; 430type storage_file, file_type; 431 432# Label for storage dirs which are just mount stubs 433type mnt_media_rw_stub_file, file_type; 434type storage_stub_file, file_type; 435 436# Mount location for read-write vendor partitions. 437type mnt_vendor_file, file_type; 438 439# Mount location for read-write product partitions. 440type mnt_product_file, file_type; 441 442# Mount point used for APEX images 443type apex_mnt_dir, file_type; 444 445# /apex/apex-info-list.xml created by apexd 446type apex_info_file, file_type; 447 448# /postinstall: Mount point used by update_engine to run postinstall. 449type postinstall_mnt_dir, file_type; 450# Files inside the /postinstall mountpoint are all labeled as postinstall_file. 451type postinstall_file, file_type; 452# /postinstall/apex: Mount point used for APEX images within /postinstall. 453type postinstall_apex_mnt_dir, file_type; 454 455# /data_mirror: Contains mirror directory for storing all apps data. 456type mirror_data_file, file_type, core_data_file_type; 457 458# /data/misc subdirectories 459type adb_keys_file, file_type, data_file_type, core_data_file_type; 460type apex_system_server_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type; 461type apex_module_data_file, file_type, data_file_type, core_data_file_type; 462type apex_ota_reserved_file, file_type, data_file_type, core_data_file_type; 463type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; 464type appcompat_data_file, file_type, data_file_type, core_data_file_type; 465type audio_data_file, file_type, data_file_type, core_data_file_type; 466type audioserver_data_file, file_type, data_file_type, core_data_file_type; 467type bluetooth_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 468type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; 469type bootstat_data_file, file_type, data_file_type, core_data_file_type; 470type boottrace_data_file, file_type, data_file_type, core_data_file_type; 471type camera_data_file, file_type, data_file_type, core_data_file_type; 472type credstore_data_file, file_type, data_file_type, core_data_file_type; 473type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; 474type incident_data_file, file_type, data_file_type, core_data_file_type; 475type keychain_data_file, file_type, data_file_type, core_data_file_type; 476type keystore_data_file, file_type, data_file_type, core_data_file_type; 477type media_data_file, file_type, data_file_type, core_data_file_type; 478type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 479type media_userdir_file, file_type, data_file_type, core_data_file_type; 480type misc_user_data_file, file_type, data_file_type, core_data_file_type; 481type net_data_file, file_type, data_file_type, core_data_file_type; 482type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; 483type nfc_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 484type nfc_logs_data_file, file_type, data_file_type, core_data_file_type; 485type radio_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 486type recovery_data_file, file_type, data_file_type, core_data_file_type; 487type shared_relro_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 488type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; 489type stats_config_data_file, file_type, data_file_type, core_data_file_type; 490type stats_data_file, file_type, data_file_type, core_data_file_type; 491type systemkeys_data_file, file_type, data_file_type, core_data_file_type; 492type textclassifier_data_file, file_type, data_file_type, core_data_file_type; 493type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 494type vpn_data_file, file_type, data_file_type, core_data_file_type; 495type wifi_data_file, file_type, data_file_type, core_data_file_type; 496type vold_data_file, file_type, data_file_type, core_data_file_type; 497type tee_data_file, file_type, data_file_type; 498type update_engine_data_file, file_type, data_file_type, core_data_file_type; 499type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; 500type snapuserd_log_data_file, file_type, data_file_type, core_data_file_type; 501# /data/misc/trace for method traces on userdebug / eng builds 502type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 503type gsi_data_file, file_type, data_file_type, core_data_file_type; 504type radio_core_data_file, file_type, data_file_type, core_data_file_type; 505 506# /data/data subdirectories - app sandboxes 507type app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 508# /data/data subdirectories - priv-app sandboxes 509type privapp_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type; 510# /data/data subdirectory for system UID apps. 511type system_app_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type, mlstrustedobject; 512# Compatibility with type name used in Android 4.3 and 4.4. 513# Default type for anything under /cache 514type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 515# Type for /cache/overlay /mnt/scratch/overlay 516type overlayfs_file, file_type, data_file_type, core_data_file_type; 517# Type for /cache/backup_stage/* (fd interchange with apps) 518type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 519# type for anything under /cache/backup (local transport storage) 520type cache_private_backup_file, file_type, data_file_type, core_data_file_type; 521# Type for anything under /cache/recovery 522type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 523# Default type for anything under /efs 524type efs_file, file_type; 525# Type for wallpaper file. 526type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 527# Type for shortcut manager icon file. 528type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; 529# Type for user icon file. 530type icon_file, file_type, data_file_type, core_data_file_type; 531# /mnt/asec 532type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 533# Elements of asec files (/mnt/asec) that are world readable 534type asec_public_file, file_type, data_file_type, core_data_file_type; 535# /data/app-asec 536type asec_image_file, file_type, data_file_type, core_data_file_type; 537# /data/backup and /data/secure/backup 538type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 539# All devices have bluetooth efs files. But they 540# vary per device, so this type is used in per 541# device policy 542type bluetooth_efs_file, file_type; 543# Type for fingerprint template file 544type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; 545# Type for _new_ fingerprint template file 546type fingerprint_vendor_data_file, file_type, data_file_type; 547# Type for appfuse file. 548type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; 549# Type for face template file 550type face_vendor_data_file, file_type, data_file_type; 551# Type for iris template file 552type iris_vendor_data_file, file_type, data_file_type; 553 554# Socket types 555type adbd_socket, file_type, coredomain_socket; 556type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 557type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; 558type dumpstate_socket, file_type, coredomain_socket; 559type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; 560type lmkd_socket, file_type, coredomain_socket; 561type logd_socket, file_type, coredomain_socket, mlstrustedobject; 562type logdr_socket, file_type, coredomain_socket, mlstrustedobject; 563type logdw_socket, file_type, coredomain_socket, mlstrustedobject; 564type mdns_socket, file_type, coredomain_socket; 565type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; 566type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; 567type mtpd_socket, file_type, coredomain_socket; 568type ot_daemon_socket, file_type, coredomain_socket; 569type property_socket, file_type, coredomain_socket, mlstrustedobject; 570type racoon_socket, file_type, coredomain_socket; 571type recovery_socket, file_type, coredomain_socket; 572type rild_socket, file_type; 573type rild_debug_socket, file_type; 574type snapuserd_socket, file_type, coredomain_socket; 575type snapuserd_proxy_socket, file_type, coredomain_socket; 576type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; 577type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; 578type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 579type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; 580type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; 581type tombstoned_java_trace_socket, file_type, mlstrustedobject; 582type tombstoned_intercept_socket, file_type, coredomain_socket; 583type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; 584type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; 585type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; 586type uncrypt_socket, file_type, coredomain_socket; 587type wpa_socket, file_type, data_file_type, core_data_file_type; 588type zygote_socket, file_type, coredomain_socket; 589type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; 590# UART (for GPS) control proc file 591type gps_control, file_type; 592 593# PDX endpoint types 594type pdx_display_dir, pdx_endpoint_dir_type, file_type; 595type pdx_performance_dir, pdx_endpoint_dir_type, file_type; 596type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; 597 598pdx_service_socket_types(display_client, pdx_display_dir) 599pdx_service_socket_types(display_manager, pdx_display_dir) 600pdx_service_socket_types(display_screenshot, pdx_display_dir) 601pdx_service_socket_types(display_vsync, pdx_display_dir) 602pdx_service_socket_types(performance_client, pdx_performance_dir) 603pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) 604 605# file_contexts files 606type file_contexts_file, system_file_type, file_type; 607 608# mac_permissions file 609type mac_perms_file, system_file_type, file_type; 610 611# property_contexts file 612type property_contexts_file, system_file_type, file_type; 613 614# seapp_contexts file 615type seapp_contexts_file, system_file_type, file_type; 616 617# sepolicy files binary and others 618type sepolicy_file, system_file_type, file_type; 619 620# service_contexts file 621type service_contexts_file, system_file_type, file_type; 622 623# keystore2_key_contexts_file 624type keystore2_key_contexts_file, system_file_type, file_type; 625 626# vendor service_contexts file 627type vendor_service_contexts_file, vendor_file_type, file_type; 628 629# hwservice_contexts file 630type hwservice_contexts_file, system_file_type, file_type; 631 632# vndservice_contexts file 633type vndservice_contexts_file, file_type; 634 635# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions. 636type debugfs_bootreceiver_tracing, fs_type, debugfs_type, tracefs_type; 637 638# kernel modules 639type vendor_kernel_modules, vendor_file_type, file_type; 640 641# system_dlkm 642type system_dlkm_file, system_dlkm_file_type, file_type; 643 644# asanwrapper (run a sanitized app_process, to be used with wrap properties) 645with_asan(`type asanwrapper_exec, exec_type, file_type;') 646 647# Deprecated in SDK version 28 648type audiohal_data_file, file_type, data_file_type, core_data_file_type; 649 650starting_at_board_api(202504, ` 651 type sysfs_udc, fs_type, sysfs_type; 652 type tee_service_contexts_file, system_file_type, file_type; 653') 654 655# system/sepolicy/public is for vendor-facing type and attribute definitions. 656# DO NOT ADD allow, neverallow, or dontaudit statements here. 657# Instead, add such policy rules to system/sepolicy/private/*.te. 658