Searched full:system_server (Results 1 – 25 of 357) sorted by relevance
12345678910>>...15
| /system/sepolicy/prebuilts/api/26.0/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server domain_deprecated;
8 typeattribute system_server mlstrustedsubject;
11 tmpfs_domain(system_server)
14 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
16 allow system_server zygote_tmpfs:file read;
19 allow system_server dalvikcache_data_file:dir r_dir_perms;
20 allow system_server dalvikcache_data_file:file { r_file_perms execute };
23 auditallow system_server dalvikcache_data_file:file execute;
[all …]
|
| D | domain_deprecated.te | 12 -system_server
19 allow domain_deprecated system_server:fd use;
21 auditallow { domain_deprecated -appdomain -netd -surfaceflinger } system_server:fd use;
28 auditallow { domain_deprecated -appdomain -system_server } adbd:fd use;
42 -system_server
53 -system_server
65 -system_server
83 -system_server
98 -system_server
104 -system_server
[all …]
|
| D | incidentd.te | 35 # TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
90 # only system_server, system_app and incident command can find the incident service
91 neverallow { domain -system_server -system_app -incident -incidentd } incident_service:service_mana…
106 # read is also allowed by system_server, for when the file is handed to dropbox
107 neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms;
|
| /system/sepolicy/prebuilts/api/30.0/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server mlstrustedsubject;
8 typeattribute system_server scheduler_service_server;
9 typeattribute system_server sensor_service_server;
10 typeattribute system_server stats_service_server;
13 tmpfs_domain(system_server)
16 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
19 type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesock…
21 allow system_server zygote_tmpfs:file read;
[all …]
|
| D | coredomain.te | 32 -system_server
49 -system_server
67 -system_server
87 -system_server
128 -system_server
139 -system_server
163 -system_server
170 -system_server
179 -system_server
|
| D | bug_map | 27 system_server crash_dump process b/73128755
28 system_server overlayfs_file file b/142390309
29 system_server sdcardfs file b/77856826
30 system_server storage_stub_file dir b/145267097
31 system_server zygote process b/77856826
|
| D | domain.te | 133 -system_server
146 # System_server owns dropbox data, and init creates/restorecons the directory
148 neverallow { domain -init -system_server } dropbox_data_file:dir *;
149 neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
173 -system_server
209 # do not change between system_server staging the files and apexd processing
211 neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file…
212 neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename…
213 neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
216 neverallow { domain -init -system_server } staging_data_file:file
[all …]
|
| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server mlstrustedsubject;
10 tmpfs_domain(system_server)
13 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
15 allow system_server zygote_tmpfs:file read;
18 allow system_server dalvikcache_data_file:dir r_dir_perms;
19 allow system_server dalvikcache_data_file:file r_file_perms;
23 with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;')
26 allow system_server resourcecache_data_file:file r_file_perms;
[all …]
|
| D | domain.te | 14 -system_server
59 -system_server
94 -system_server
101 -system_server
110 -system_server
|
| D | bug_map | 38 system_server crash_dump process 73128755
39 system_server logd_socket sock_file 64734187
40 system_server sdcardfs file 77856826
41 system_server zygote process 77856826
|
| D | statsd.te | 37 binder_call(statsd, system_server)
91 unix_socket_send(system_server, statsdw, statsd)
97 # Only system_server, system_app, traceur_app, and stats command can find the stats service.
106 -system_server
113 neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
116 neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
|
| D | incidentd.te | 64 allow incidentd { appdomain ephemeral_app system_server }:process signal;
93 binder_call(incidentd, system_server)
139 # only system_server, system_app and incident command can find the incident service
146 -system_server
162 # read is also allowed by system_server, for when the file is handed to dropbox
163 neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms;
|
| /system/sepolicy/prebuilts/api/29.0/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server mlstrustedsubject;
8 typeattribute system_server scheduler_service_server;
9 typeattribute system_server sensor_service_server;
12 tmpfs_domain(system_server)
15 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
17 allow system_server zygote_tmpfs:file read;
18 allow system_server appdomain_tmpfs:file { getattr map read write };
21 allow system_server dalvikcache_data_file:dir r_dir_perms;
[all …]
|
| D | coredomain.te | 32 -system_server
48 -system_server
63 -system_server
80 -system_server
120 -system_server
155 -system_server
162 -system_server
171 -system_server
|
| D | bug_map | 25 system_server crash_dump process 73128755
26 system_server sdcardfs file 77856826
27 system_server storage_stub_file dir 112609936
28 system_server zygote process 77856826
|
| D | domain.te | 94 -system_server
108 # System_server owns dropbox data, and init creates/restorecons the directory
110 neverallow { domain -init -system_server } dropbox_data_file:dir *;
111 neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
134 -system_server
169 # do not change between system_server staging the files and apexd processing
171 neverallow { domain -init -system_server -apexd -installd} staging_data_file:dir *;
172 neverallow { domain -init -system_app -system_server -apexd -kernel -installd } staging_data_file:f…
173 neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
176 neverallow { domain -init -system_server } staging_data_file:file
|
| /system/sepolicy/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server mlstrustedsubject;
8 typeattribute system_server scheduler_service_server;
9 typeattribute system_server sensor_service_server;
10 typeattribute system_server stats_service_server;
13 tmpfs_domain(system_server)
16 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
19 type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesock…
21 allow system_server zygote_tmpfs:file read;
[all …]
|
| D | coredomain.te | 51 -system_server
68 -system_server
86 -system_server
106 -system_server
147 -system_server
159 -system_server
183 -system_server
190 -system_server
199 -system_server
|
| D | bug_map | 29 system_server crash_dump process b/73128755
30 system_server overlayfs_file file b/142390309
31 system_server sdcardfs file b/77856826
32 system_server storage_stub_file dir b/145267097
33 system_server zygote process b/77856826
|
| D | domain.te | 120 -system_server
133 # System_server owns dropbox data, and init creates/restorecons the directory
135 neverallow { domain -init -system_server } dropbox_data_file:dir *;
136 neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
160 -system_server
196 # do not change between system_server staging the files and apexd processing
198 neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file…
199 neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename…
200 neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
203 neverallow { domain -init -system_server } staging_data_file:file
[all …]
|
| D | property.te | 308 -system_server
314 # Only allow init and system_server to set system_adbd_prop
316 -system_server
339 -system_server
353 -system_server
359 -system_server
373 -system_server
|
| /system/sepolicy/prebuilts/api/27.0/private/ |
| D | system_server.te | 2 # System Server aka system_server spawned by zygote.
6 typeattribute system_server coredomain;
7 typeattribute system_server domain_deprecated;
8 typeattribute system_server mlstrustedsubject;
11 tmpfs_domain(system_server)
14 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
16 allow system_server zygote_tmpfs:file read;
19 allow system_server dalvikcache_data_file:dir r_dir_perms;
20 allow system_server dalvikcache_data_file:file r_file_perms;
24 with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;')
[all …]
|
| D | incidentd.te | 35 # TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
90 # only system_server, system_app and incident command can find the incident service
91 neverallow { domain -system_server -system_app -incident -incidentd } incident_service:service_mana…
106 # read is also allowed by system_server, for when the file is handed to dropbox
107 neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms;
|
| /system/sepolicy/prebuilts/api/26.0/public/ |
| D | netd.te | 10 allow netd system_server:fd use;
72 allow netd system_server:binder call;
107 # only system_server, dumpstate and netd may interact with netd over binder
108 neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
109 neverallow { domain -system_server -dumpstate } netd:binder call;
110 neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
|
| /system/sepolicy/prebuilts/api/29.0/public/ |
| D | iorapd.te | 20 binder_call(iorapd, system_server)
68 # Only system_server can interact with iorapd over binder
69 neverallow { domain -system_server -iorapd } iorapd_service:service_manager find;
74 -system_server
|
12345678910>>...15