gsid.te - OpenGrok cross reference for /system/sepolicy/private/gsid.te

Lines Matching refs:gsid
1 # gsid - Manager for GSI Installation
3 type gsid, domain;
5 typeattribute gsid coredomain;
7 init_daemon_domain(gsid)
9 binder_use(gsid)
10 binder_service(gsid)
11 add_service(gsid, gsi_service)
12 set_prop(gsid, gsid_prop)
15 allow gsid dm_device:chr_file rw_file_perms;
16 allow gsid dm_device:blk_file rw_file_perms;
17 allow gsid self:global_capability_class_set sys_admin;
18 dontaudit gsid self:global_capability_class_set dac_override;
20 # On FBE devices (not using dm-default-key), gsid will use loop devices to map
22 allow gsid loop_control_device:chr_file rw_file_perms;
23 allow gsid loop_device:blk_file rw_file_perms;
24 allowxperm gsid loop_device:blk_file ioctl {
37 r_dir_file(gsid, sysfs_dm)
41 r_dir_file(gsid, sysfs_fs_f2fs)
46 allow gsid proc_cmdline:file r_file_perms;
47 allow gsid sysfs_dt_firmware_android:dir r_dir_perms;
48 allow gsid sysfs_dt_firmware_android:file r_file_perms;
51 allow gsid block_device:dir r_dir_perms;
54 allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl {
59 # When installing images to an sdcard, gsid needs to be able to stat() the
60 # block device. gsid also calls realpath() to remove symlinks.
61 allow gsid mnt_media_rw_file:dir r_dir_perms;
63 # When installing images to an sdcard, gsid must bypass sdcardfs and install
65 allow gsid vfat:dir rw_dir_perms;
66 allow gsid vfat:file create_file_perms;
67 allow gsid sdcard_block_device:blk_file r_file_perms;
70 allow gsid self:global_capability_class_set sys_rawio;
73 allow gsid adbd:fd use;
75 allow gsid adbd:unix_stream_socket rw_socket_perms;
79   -gsid
86 # gsid needs to store images on /data, but cannot use file I/O. If it did, the
98 allow gsid userdata_block_device:blk_file r_file_perms;
100 # gsid uses /metadata/gsi to communicate GSI boot information to first-stage
104 # gsid uses /metadata/gsi to store three files:
111 allow gsid metadata_file:dir { search getattr };
112 allow gsid {
116 allow gsid {
120 allow gsid {
125 allow gsid {
129 allow gsid {
133 allowxperm gsid {
138 allow gsid system_server:binder call;
143     -gsid
152     -gsid
160     -gsid
167     -gsid
174     -gsid
179     -gsid