vold.te - OpenGrok cross reference for /system/sepolicy/prebuilts/api/27.0/public/vold.te

Lines Matching refs:vold
2 type vold, domain;
6 allow vold cache_file:dir r_dir_perms;
7 allow vold cache_file:file { getattr read };
8 allow vold cache_file:lnk_file r_file_perms;
11 r_dir_file(vold, proc)
12 r_dir_file(vold, proc_net)
13 r_dir_file(vold, sysfs_type)
15 allow vold sysfs:file w_file_perms;
16 allow vold sysfs_usb:file w_file_perms;
17 allow vold sysfs_zram_uevent:file w_file_perms;
19 r_dir_file(vold, rootfs)
20 allow vold proc_meminfo:file r_file_perms;
23 allow vold file_contexts_file:file r_file_perms;
26 allow vold self:process setexec;
29 allow vold shell_exec:file rx_file_perms;
32 allow vold e2fs_exec:file rx_file_perms;
34 typeattribute vold mlstrustedsubject;
35 allow vold self:process setfscreate;
36 allow vold system_file:file x_file_perms;
37 not_full_treble(`allow vold vendor_file:file x_file_perms;')
38 allow vold block_device:dir create_dir_perms;
39 allow vold device:dir write;
40 allow vold devpts:chr_file rw_file_perms;
41 allow vold rootfs:dir mounton;
42 allow vold sdcard_type:dir mounton; # TODO: deprecated in M
43 allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M
44 allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M
45 allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
48 allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
49 allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;
52 allow vold media_rw_data_file:dir create_dir_perms;
53 allow vold media_rw_data_file:file create_file_perms;
56 allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr …
59 allow vold mnt_user_file:dir create_dir_perms;
60 allow vold mnt_user_file:lnk_file create_file_perms;
63 allow vold mnt_expand_file:dir { create_dir_perms mounton };
64 allow vold apk_data_file:dir { create getattr setattr };
65 allow vold shell_data_file:dir { create getattr setattr };
67 allow vold tmpfs:filesystem { mount unmount };
68 allow vold tmpfs:dir create_dir_perms;
69 allow vold tmpfs:dir mounton;
70 allow vold self:capability { net_admin dac_override mknod sys_admin chown fowner fsetid };
71 allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
72 allow vold app_data_file:dir search;
73 allow vold app_data_file:file rw_file_perms;
74 allow vold loop_control_device:chr_file rw_file_perms;
75 allow vold loop_device:blk_file { create setattr unlink rw_file_perms };
76 allow vold vold_device:blk_file { create setattr unlink rw_file_perms };
77 allow vold dm_device:chr_file rw_file_perms;
78 allow vold dm_device:blk_file rw_file_perms;
79 # For vold Process::killProcessesWithOpenFiles function.
80 allow vold domain:dir r_dir_perms;
81 allow vold domain:{ file lnk_file } r_file_perms;
82 allow vold domain:process { signal sigkill };
83 allow vold self:capability { sys_ptrace kill };
86 allow vold sysfs:file rw_file_perms;
88 allow vold kmsg_device:chr_file rw_file_perms;
91 allow vold fsck_exec:file { r_file_perms execute };
94 allow vold fscklogs:dir rw_dir_perms;
95 allow vold fscklogs:file create_file_perms;
102 allow vold labeledfs:filesystem { mount unmount };
106 allow vold efs_file:file rw_file_perms;
109 allow vold system_data_file:dir { create rw_dir_perms mounton setattr rmdir };
112 allow vold kernel:process setsched;
115 set_prop(vold, vold_prop)
116 set_prop(vold, powerctl_prop)
117 set_prop(vold, ctl_fuse_prop)
118 set_prop(vold, restorecon_prop)
121 allow vold asec_image_file:file create_file_perms;
122 allow vold asec_image_file:dir rw_dir_perms;
123 allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto };
124 allow vold asec_public_file:dir { relabelto setattr };
125 allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto };
126 allow vold asec_public_file:file { relabelto setattr };
128 allow vold unlabeled:dir { r_dir_perms setattr relabelfrom };
129 allow vold unlabeled:file { r_file_perms setattr relabelfrom };
132 wakelock_use(vold)
135 binder_use(vold)
136 binder_call(vold, healthd)
139 hal_client_domain(vold, hal_keymaster)
142 allow vold userdata_block_device:blk_file rw_file_perms;
145 allow vold metadata_block_device:blk_file rw_file_perms;
147 # Allow vold to manipulate /data/unencrypted
148 allow vold unencrypted_data_file:{ file } create_file_perms;
149 allow vold unencrypted_data_file:dir create_dir_perms;
152 allow vold proc_drop_caches:file w_file_perms;
154 # Give vold a place where only vold can store files; everyone else is off limits
155 allow vold vold_data_file:dir create_dir_perms;
156 allow vold vold_data_file:file create_file_perms;
159 allow vold init:key { write search setattr };
160 allow vold vold:key { write search setattr };
162 # vold temporarily changes its priority when running benchmarks
163 allow vold self:capability sys_nice;
165 # vold needs to chroot into app namespaces to remount when runtime permissions change
166 allow vold self:capability sys_chroot;
167 allow vold storage_file:dir mounton;
170 allow vold fuse_device:chr_file rw_file_perms;
171 allow vold fuse:filesystem { relabelfrom };
172 allow vold app_fusefs:filesystem { relabelfrom relabelto };
173 allow vold app_fusefs:filesystem { mount unmount };
176 allow vold toolbox_exec:file rx_file_perms;
179 allow vold user_profile_data_file:dir create_dir_perms;
182 allow vold misc_block_device:blk_file w_file_perms;
184 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto…
185 neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
186 neverallow { domain -vold -init } vold_data_file:dir *;
187 neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
188 neverallow { domain -vold -init } restorecon_prop:property_service set;
190 neverallow vold fsck_exec:file execute_no_trans;