vold.te - OpenGrok cross reference for /system/sepolicy/prebuilts/api/26.0/public/vold.te

Lines Matching full:vold
2 type vold, domain;
6 allow vold cache_file:dir r_dir_perms;
7 allow vold cache_file:file { getattr read };
8 allow vold cache_file:lnk_file r_file_perms;
11 r_dir_file(vold, proc)
12 r_dir_file(vold, proc_net)
13 r_dir_file(vold, sysfs_type)
15 allow vold sysfs:file w_file_perms;
16 allow vold sysfs_usb:file w_file_perms;
17 allow vold sysfs_zram_uevent:file w_file_perms;
19 r_dir_file(vold, rootfs)
20 allow vold proc_meminfo:file r_file_perms;
23 allow vold file_contexts_file:file r_file_perms;
26 allow vold self:process setexec;
29 allow vold shell_exec:file rx_file_perms;
31 typeattribute vold mlstrustedsubject;
32 allow vold self:process setfscreate;
33 allow vold system_file:file x_file_perms;
34 not_full_treble(`allow vold vendor_file:file x_file_perms;')
35 allow vold block_device:dir create_dir_perms;
36 allow vold device:dir write;
37 allow vold devpts:chr_file rw_file_perms;
38 allow vold rootfs:dir mounton;
39 allow vold sdcard_type:dir mounton; # TODO: deprecated in M
40 allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M
41 allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M
42 allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
45 allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
46 allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;
49 allow vold media_rw_data_file:dir create_dir_perms;
50 allow vold media_rw_data_file:file create_file_perms;
53 allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr …
56 allow vold mnt_user_file:dir create_dir_perms;
57 allow vold mnt_user_file:lnk_file create_file_perms;
60 allow vold mnt_expand_file:dir { create_dir_perms mounton };
61 allow vold apk_data_file:dir { create getattr setattr };
62 allow vold shell_data_file:dir { create getattr setattr };
64 allow vold tmpfs:filesystem { mount unmount };
65 allow vold tmpfs:dir create_dir_perms;
66 allow vold tmpfs:dir mounton;
67 allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
68 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
69 allow vold app_data_file:dir search;
70 allow vold app_data_file:file rw_file_perms;
71 allow vold loop_control_device:chr_file rw_file_perms;
72 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
73 allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
74 allow vold dm_device:chr_file rw_file_perms;
75 allow vold dm_device:blk_file rw_file_perms;
76 # For vold Process::killProcessesWithOpenFiles function.
77 allow vold domain:dir r_dir_perms;
78 allow vold domain:{ file lnk_file } r_file_perms;
79 allow vold domain:process { signal sigkill };
80 allow vold self:capability { sys_ptrace kill };
83 allow vold sysfs:file rw_file_perms;
85 allow vold kmsg_device:chr_file rw_file_perms;
88 allow vold fsck_exec:file { r_file_perms execute };
91 allow vold fscklogs:dir rw_dir_perms;
92 allow vold fscklogs:file create_file_perms;
99 allow vold labeledfs:filesystem { mount unmount };
103 allow vold efs_file:file rw_file_perms;
106 allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
109 allow vold kernel:process setsched;
112 set_prop(vold, vold_prop)
113 set_prop(vold, powerctl_prop)
114 set_prop(vold, ctl_fuse_prop)
115 set_prop(vold, restorecon_prop)
118 allow vold asec_image_file:file create_file_perms;
119 allow vold asec_image_file:dir rw_dir_perms;
120 allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto };
121 allow vold asec_public_file:dir { relabelto setattr };
122 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto };
123 allow vold asec_public_file:file { relabelto setattr };
125 allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
126 allow vold unlabeled:file { r_file_perms setattr relabelfrom };
129 wakelock_use(vold)
132 binder_use(vold)
133 binder_call(vold, healthd)
136 hal_client_domain(vold, hal_keymaster)
139 allow vold userdata_block_device:blk_file rw_file_perms;
142 allow vold metadata_block_device:blk_file rw_file_perms;
144 # Allow vold to manipulate /data/unencrypted
145 allow vold unencrypted_data_file:{ file } create_file_perms;
146 allow vold unencrypted_data_file:dir create_dir_perms;
149 allow vold proc_drop_caches:file w_file_perms;
151 # Give vold a place where only vold can store files; everyone else is off limits
152 allow vold vold_data_file:dir create_dir_perms;
153 allow vold vold_data_file:file create_file_perms;
156 allow vold init:key { write search setattr };
157 allow vold vold:key { write search setattr };
159 # vold temporarily changes its priority when running benchmarks
160 allow vold self:capability sys_nice;
162 # vold needs to chroot into app namespaces to remount when runtime permissions change
163 allow vold self:capability sys_chroot;
164 allow vold storage_file:dir mounton;
167 allow vold fuse_device:chr_file rw_file_perms;
168 allow vold fuse:filesystem { relabelfrom };
169 allow vold app_fusefs:filesystem { relabelfrom relabelto };
170 allow vold app_fusefs:filesystem { mount unmount };
173 allow vold toolbox_exec:file rx_file_perms;
176 allow vold user_profile_data_file:dir create_dir_perms;
179 allow vold misc_block_device:blk_file w_file_perms;
181 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto…
182 neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
183 neverallow { domain -vold -init } vold_data_file:dir *;
184 neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
185 neverallow { domain -vold -init } restorecon_prop:property_service set;
187 neverallow vold fsck_exec:file execute_no_trans;