apexd.te - OpenGrok cross reference for /system/sepolicy/private/apexd.te

Lines Matching +full:post +full:- +full:fs +full:- +full:data
5 # Allow creating, reading and writing of APEX files/dirs in the APEX data dir
14 # Allow apexd to create files and directories for snapshots of apex data
24 # Allow apexd to read directories under /data/misc_de in order to snapshot and
25 # restore apex data for all users.
28 # allow apexd to create loop devices with /dev/loop-control
44 # allow apexd to access /dev/block/dm-* (device-mapper entries)
48 # sys_admin is required to access the device-mapper and mount
67 # allow apexd to create /apex/apex-info-list.xml and relabel to apex_info_file
70 # allow apexd to unlink apex files in /data/apex/active
71 # note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
75 # allow apexd to read files from /data/app-staging and hardlink them to /data/apex.
88 # Configure read-ahead of dm-verity and loop devices
89 # for dm-X
106 # Find the vold service, and call into vold to manage FS checkpoints
110 # Apex pre- & post-install permission.
112 # Allow self-execute for the fork mount helper.
119 # Allow to execute shell for pre- and postinstall scripts. A transition
150 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
151 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
152 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
153 neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms;
154 neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms;
156 neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms;
157 neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms;
159 neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms;
160 neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_per…
164 neverallow { domain -apexd -init } apexd_prop:property_service set;
166 # only apexd can write apex-info-list.xml
167 neverallow { domain -apexd } apex_info_file:file no_w_file_perms;