domain (reference) in projects: system - OpenGrok search results

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched refs:domain (Results 1 – 25 of 1252) sorted by relevance

12 3 4 5 6 7 8 9 10 >>...51

/system/sepolicy/prebuilts/api/30.0/private/
D	domain.te	3 # We do not apply this to the su domain to avoid interfering with 5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); 6 allow domain crash_dump:process sigchld; 12 get_prop(domain, heapprofd_prop); 15 domain 35 domain 53 allow domain cgroup:dir search; 54 allow { domain -appdomain -rs } cgroup:dir w_dir_perms; 55 allow { domain -appdomain -rs } cgroup:file w_file_perms; 57 allow domain cgroup_rc_file:dir search; [all …]
D	bpfloader.te	2 type bpfloader, domain; 20 neverallow { domain -init -vendor_init } fs_bpf:dir setattr; 21 neverallow { domain -bpfloader } fs_bpf:dir { write add_name }; 22 neverallow domain fs_bpf:dir { reparent rename rmdir }; 25 neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr; 26 neverallow { domain -bpfloader } fs_bpf:file create; 27 neverallow domain fs_bpf:file { rename unlink }; 29 neverallow { domain -bpfloader } :bpf { map_create prog_load }; 30 neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } :bpf prog_run; 31 neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write }; [all …]
D	seapp_contexts	74 # domain (string) 79 # domain= determines the label to be used for the app process; entries 80 # without domain= are ignored for this purpose. 108 # only the system server can be in system_server domain 109 neverallow isSystemServer=false domain=system_server 110 neverallow isSystemServer="" domain=system_server 113 neverallow user=((?!system).)* domain=system_app 121 # neverallow shared relro to any other domain 123 neverallow user=shared_relro domain=((?!shared_relro).)* 124 neverallow user=((?!shared_relro).)* domain=shared_relro [all …]
/system/sepolicy/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net_type:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
/system/sepolicy/prebuilts/api/29.0/private/
D	domain.te	3 # We do not apply this to the su domain to avoid interfering with 5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); 6 allow domain crash_dump:process sigchld; 12 get_prop(domain, heapprofd_prop); 15 domain 32 allow domain cgroup:dir search; 33 allow { domain -appdomain -rs } cgroup:dir w_dir_perms; 34 allow { domain -appdomain -rs } cgroup:file w_file_perms; 36 allow domain cgroup_rc_file:dir search; 37 allow domain cgroup_rc_file:file r_file_perms; [all …]
D	seapp_contexts	74 # domain (string) 79 # domain= determines the label to be used for the app process; entries 80 # without domain= are ignored for this purpose. 108 # only the system server can be in system_server domain 109 neverallow isSystemServer=false domain=system_server 110 neverallow isSystemServer="" domain=system_server 113 neverallow user=((?!system).)* domain=system_app 120 # neverallow shared relro to any other domain 122 neverallow user=shared_relro domain=((?!shared_relro).)* 123 neverallow user=((?!shared_relro).)* domain=shared_relro [all …]
D	bpfloader.te	2 type bpfloader, domain; 20 neverallow { domain -bpfloader } :bpf { map_create prog_load }; 21 neverallow { domain -bpfloader -netd -netutils_wrapper } :bpf prog_run; 22 neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans }; 23 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } ; 25 neverallow { domain -system_server -netd -bpfloader} :bpf { map_read map_write }; 27 # No domain should be allowed to ptrace bpfloader 28 neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
/system/sepolicy/private/
D	domain.te	3 # We do not apply this to the su domain to avoid interfering with 5 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); 6 allow domain crash_dump:process sigchld; 12 get_prop(domain, heapprofd_prop); 15 domain 35 domain 53 allow domain cgroup:dir search; 54 allow { domain -appdomain -rs } cgroup:dir w_dir_perms; 55 allow { domain -appdomain -rs } cgroup:file w_file_perms; 57 allow domain cgroup_rc_file:dir search; [all …]
D	bpfloader.te	2 type bpfloader, domain; 20 neverallow { domain -init -vendor_init } fs_bpf:dir setattr; 21 neverallow { domain -bpfloader } fs_bpf:dir { write add_name }; 22 neverallow domain fs_bpf:dir { reparent rename rmdir }; 25 neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr; 26 neverallow { domain -bpfloader } fs_bpf:file create; 27 neverallow domain fs_bpf:file { rename unlink }; 29 neverallow { domain -bpfloader } :bpf { map_create prog_load }; 30 neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -system_server } :bpf prog_run; 31 neverallow { domain -bpfloader -gpuservice -netd -system_server } *:bpf { map_read map_write }; [all …]
D	seapp_contexts	74 # domain (string) 79 # domain= determines the label to be used for the app process; entries 80 # without domain= are ignored for this purpose. 108 # only the system server can be in system_server domain 109 neverallow isSystemServer=false domain=system_server 110 neverallow isSystemServer="" domain=system_server 113 neverallow user=((?!system).)* domain=system_app 121 # neverallow shared relro to any other domain 123 neverallow user=shared_relro domain=((?!shared_relro).)* 124 neverallow user=((?!shared_relro).)* domain=shared_relro [all …]
D	property.te	`28 # neverallow domain { 35 neverallow { domain -coredomain } { 42 neverallow { domain -coredomain } { 67 neverallow domain property_type:file { ioctl lock }; 99 domain 106 dontaudit domain { 118 domain 123 domain 132 domain 152 domain [all …]`
/system/sepolicy/prebuilts/api/30.0/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net_type:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
/system/sepolicy/prebuilts/api/29.0/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net_type:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
/system/sepolicy/prebuilts/api/28.0/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
D	te_macros	10 # Old domain may exec the file and transition to the new domain. 13 # New domain is entered by executing the file. 15 # New domain can send SIGCHLD to its caller. 36 # file_type_trans(domain, dir_type, file_type) 37 # Allow domain to create a file labeled file_type in a 44 # Allow the domain to add entries to the directory. 46 # Allow the domain to create the file. 52 # file_type_auto_trans(domain, dir_type, file_type) 54 # they are created by domain in directories labeled dir_type. 65 # r_dir_file(domain, type) [all …]
/system/sepolicy/prebuilts/api/27.0/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
D	su.te	`3 type su, domain; 10 # after performing an adb root command. The domain definition is 24 dontaudit su domain:process ; 25 dontaudit su domain:fd ; 26 dontaudit su domain:dir ; 27 dontaudit su domain:lnk_file ; 28 dontaudit su domain:{ fifo_file file } ; 29 dontaudit su domain:socket_class_set ; 30 dontaudit su domain:ipc_class_set ; 31 dontaudit su domain:key ; [all …]`
D	te_macros	10 # Old domain may exec the file and transition to the new domain. 13 # New domain is entered by executing the file. 15 # New domain can send SIGCHLD to its caller. 36 # file_type_trans(domain, dir_type, file_type) 37 # Allow domain to create a file labeled file_type in a 44 # Allow the domain to add entries to the directory. 46 # Allow the domain to create the file. 52 # file_type_auto_trans(domain, dir_type, file_type) 54 # they are created by domain in directories labeled dir_type. 65 # r_dir_file(domain, type) [all …]
/system/sepolicy/prebuilts/api/26.0/public/
D	domain.te	`4 allow domain init:process sigchld; 6 # Intra-domain accesses. 7 allow domain self:process { 24 allow domain self:fd use; 25 allow domain proc:dir r_dir_perms; 26 allow domain proc_net:dir search; 27 r_dir_file(domain, self) 28 allow domain self:{ fifo_file file } rw_file_perms; 29 allow domain self:unix_dgram_socket { create_socket_perms sendto }; 30 allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; [all …]`
D	su.te	`3 type su, domain; 10 # after performing an adb root command. The domain definition is 24 dontaudit su domain:process ; 25 dontaudit su domain:fd ; 26 dontaudit su domain:dir ; 27 dontaudit su domain:lnk_file ; 28 dontaudit su domain:{ fifo_file file } ; 29 dontaudit su domain:socket_class_set ; 30 dontaudit su domain:ipc_class_set ; 31 dontaudit su domain:key ; [all …]`
D	te_macros	10 # Old domain may exec the file and transition to the new domain. 13 # New domain is entered by executing the file. 15 # New domain can send SIGCHLD to its caller. 36 # file_type_trans(domain, dir_type, file_type) 37 # Allow domain to create a file labeled file_type in a 44 # Allow the domain to add entries to the directory. 46 # Allow the domain to create the file. 52 # file_type_auto_trans(domain, dir_type, file_type) 54 # they are created by domain in directories labeled dir_type. 65 # r_dir_file(domain, type) [all …]
/system/sepolicy/prebuilts/api/28.0/private/
D	seapp_contexts	48 # domain (string) 52 # Only entries that specify domain= will be used for app process labeling. 68 # only the system server can be in system_server domain 69 neverallow isSystemServer=false domain=system_server 70 neverallow isSystemServer="" domain=system_server 73 neverallow user=((?!system).)* domain=system_app 80 # neverallow shared relro to any other domain 82 neverallow user=shared_relro domain=((?!shared_relro).)* 83 neverallow user=((?!shared_relro).)* domain=shared_relro 85 # neverallow non-isolated uids into isolated_app domain [all …]
/system/sepolicy/prebuilts/api/26.0/private/
D	seapp_contexts	48 # domain (string) 52 # Only entries that specify domain= will be used for app process labeling. 68 # only the system server can be in system_server domain 69 neverallow isSystemServer=false domain=system_server 70 neverallow isSystemServer="" domain=system_server 73 neverallow user=((?!system).)* domain=system_app 80 # neverallow shared relro to any other domain 82 neverallow user=shared_relro domain=((?!shared_relro).)* 83 neverallow user=((?!shared_relro).)* domain=shared_relro 85 # neverallow non-isolated uids into isolated_app domain [all …]
/system/sepolicy/prebuilts/api/27.0/private/
D	seapp_contexts	48 # domain (string) 52 # Only entries that specify domain= will be used for app process labeling. 68 # only the system server can be in system_server domain 69 neverallow isSystemServer=false domain=system_server 70 neverallow isSystemServer="" domain=system_server 73 neverallow user=((?!system).)* domain=system_app 80 # neverallow shared relro to any other domain 82 neverallow user=shared_relro domain=((?!shared_relro).)* 83 neverallow user=((?!shared_relro).)* domain=shared_relro 85 # neverallow non-isolated uids into isolated_app domain [all …]
/system/sepolicy/tests/
D	treble_sepolicy_tests.py	`88 domain = alldomains[d] 91 if "coredomain" in domain.attributes: 92 domain.coredomain = True 104 if not domain.entrypointpaths: 107 for path in domain.entrypointpaths: 120 domain.error += "Unrecognized entrypoint for " + d + " at " + path + "\n" 122 domain.fromSystem = domain.fromSystem or system 123 domain.fromVendor = domain.fromVendor or vendor 149 for domain in alldomains: 150 for result in pol.QueryTypeAttribute(domain, False): [all …]`

12 3 4 5 6 7 8 9 10 >>...51

art
bionic
bootable
build
compatibility
cts
dalvik
developers
development
device
frameworks
hardware
kernel
libcore
libnativehelper
packages
pdk
platform_testing
sdk
system
test
toolchain
tools