ueventd.te - OpenGrok cross reference for /system/sepolicy/public/ueventd.te

Lines Matching full:ueventd
1 # ueventd seclabel is specified in init.rc since
3 type ueventd, domain;
7 allow ueventd kmsg_device:chr_file rw_file_perms;
9 allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_…
10 allow ueventd device:file create_file_perms;
12 r_dir_file(ueventd, rootfs)
14 # ueventd needs write access to files in /sys to regenerate uevents
15 allow ueventd sysfs_type:file w_file_perms;
16 r_dir_file(ueventd, sysfs_type)
17 allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
18 allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
19 allow ueventd tmpfs:chr_file rw_file_perms;
20 allow ueventd dev_type:dir create_dir_perms;
21 allow ueventd dev_type:lnk_file { create unlink };
22 allow ueventd dev_type:chr_file { getattr create setattr unlink };
23 allow ueventd dev_type:blk_file { getattr relabelfrom relabelto create setattr unlink };
24 allow ueventd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
25 allow ueventd efs_file:dir search;
26 allow ueventd efs_file:file r_file_perms;
29 r_dir_file(ueventd, selinuxfs)
31 # Access for /vendor/ueventd.rc and /vendor/firmware
32 r_dir_file(ueventd, { vendor_file_type -vendor_app_file -vendor_overlay_file })
35 allow ueventd file_contexts_file:file r_file_perms;
38 allow ueventd self:process setfscreate;
40 # Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
41 allow ueventd proc_cmdline:file r_file_perms;
43 # Everything is labeled as rootfs in recovery mode. ueventd has to execute
46   allow ueventd rootfs:file { r_file_perms execute };
49 # Suppress denials for ueventd to getattr /postinstall. This occurs when the
51 dontaudit ueventd postinstall_mnt_dir:dir getattr;
53 # ueventd loads modules in response to modalias events.
54 allow ueventd self:global_capability_class_set sys_module;
55 allow ueventd vendor_file:system module_load;
56 allow ueventd kernel:key search;
58 # ueventd is using bootstrap bionic
59 allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
60 allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
62 # Allow ueventd to run shell scripts from vendor
63 allow ueventd vendor_shell_exec:file execute;
69 # Restrict ueventd access on block devices to maintenence operations.
70 neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
73 neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabelto };
75 # Nobody should be able to ptrace ueventd
76 neverallow * ueventd:process ptrace;
78 # ueventd should never execute a program without changing to another domain.
79 neverallow ueventd { file_type fs_type }:file execute_no_trans;