1######################################
2# Attribute declarations
3#
4
5# All types used for devices.
6# On change, update CHECK_FC_ASSERT_ATTRS
7# in tools/checkfc.c
8attribute dev_type;
9
10# All types used for processes.
11attribute domain;
12
13# All types used for filesystems.
14# On change, update CHECK_FC_ASSERT_ATTRS
15# definition in tools/checkfc.c.
16attribute fs_type;
17
18# All types used for context= mounts.
19attribute contextmount_type;
20
21# All types used for files that can exist on a labeled fs.
22# Do not use for pseudo file types.
23# On change, update CHECK_FC_ASSERT_ATTRS
24# definition in tools/checkfc.c.
25attribute file_type;
26
27# All types used for domain entry points.
28attribute exec_type;
29
30# All types used for /data files.
31attribute data_file_type;
32expandattribute data_file_type false;
33# All types in /data, not in /data/vendor
34attribute core_data_file_type;
35expandattribute core_data_file_type false;
36
37# All types in /system
38attribute system_file_type;
39
40# All types in /vendor
41attribute vendor_file_type;
42
43# All types used for procfs files.
44attribute proc_type;
45expandattribute proc_type false;
46
47# Types in /proc/net, excluding qtaguid types.
48# TODO(b/9496886) Lock down access to /proc/net.
49# This attribute is used to audit access to proc_net. it is temporary and will
50# be removed.
51attribute proc_net_type;
52expandattribute proc_net_type true;
53
54# All types used for sysfs files.
55attribute sysfs_type;
56
57# All types use for debugfs files.
58attribute debugfs_type;
59
60# Attribute used for all sdcards
61attribute sdcard_type;
62
63# All types used for nodes/hosts.
64attribute node_type;
65
66# All types used for network interfaces.
67attribute netif_type;
68
69# All types used for network ports.
70attribute port_type;
71
72# All types used for property service
73# On change, update CHECK_PC_ASSERT_ATTRS
74# definition in tools/checkfc.c.
75attribute property_type;
76
77# All properties defined in core SELinux policy. Should not be
78# used by device specific properties
79attribute core_property_type;
80
81# All properties used to configure log filtering.
82attribute log_property_type;
83
84# All properties that are not specific to device but are added from
85# outside of AOSP. (e.g. OEM-specific properties)
86# These properties are not accessible from device-specific domains
87attribute extended_core_property_type;
88
89# All service_manager types created by system_server
90attribute system_server_service;
91
92# services which should be available to all but isolated apps
93attribute app_api_service;
94
95# services which should be available to all ephemeral apps
96attribute ephemeral_app_api_service;
97
98# services which export only system_api
99attribute system_api_service;
100
101# All types used for services managed by servicemanager.
102# On change, update CHECK_SC_ASSERT_ATTRS
103# definition in tools/checkfc.c.
104attribute service_manager_type;
105
106# All types used for services managed by hwservicemanager
107attribute hwservice_manager_type;
108
109# All HwBinder services guaranteed to be passthrough. These services always run
110# in the process of their clients, and thus operate with the same access as
111# their clients.
112attribute same_process_hwservice;
113
114# All HwBinder services guaranteed to be offered only by core domain components
115attribute coredomain_hwservice;
116
117# All types used for services managed by vndservicemanager
118attribute vndservice_manager_type;
119
120
121# All domains that can override MLS restrictions.
122# i.e. processes that can read up and write down.
123attribute mlstrustedsubject;
124
125# All types that can override MLS restrictions.
126# i.e. files that can be read by lower and written by higher
127attribute mlstrustedobject;
128
129# All domains used for apps.
130attribute appdomain;
131
132# All third party apps.
133attribute untrusted_app_all;
134
135# All domains used for apps with network access.
136attribute netdomain;
137
138# All domains used for apps with bluetooth access.
139attribute bluetoothdomain;
140
141# All domains used for binder service domains.
142attribute binderservicedomain;
143
144# update_engine related domains that need to apply an update and run
145# postinstall. This includes the background daemon and the sideload tool from
146# recovery for A/B devices.
147attribute update_engine_common;
148
149# All core domains (as opposed to vendor/device-specific domains)
150attribute coredomain;
151
152# All socket devices owned by core domain components
153attribute coredomain_socket;
154expandattribute coredomain_socket false;
155
156# All vendor domains which violate the requirement of not using Binder
157# TODO(b/35870313): Remove this once there are no violations
158attribute binder_in_vendor_violators;
159expandattribute binder_in_vendor_violators false;
160
161# All vendor domains which violate the requirement of not using sockets for
162# communicating with core components
163# TODO(b/36577153): Remove this once there are no violations
164attribute socket_between_core_and_vendor_violators;
165expandattribute socket_between_core_and_vendor_violators false;
166
167# All vendor domains which violate the requirement of not executing
168# system processes
169# TODO(b/36463595)
170attribute vendor_executes_system_violators;
171expandattribute vendor_executes_system_violators false;
172
173# All domains which violate the requirement of not sharing files by path
174# between between vendor and core domains.
175# TODO(b/34980020)
176attribute data_between_core_and_vendor_violators;
177expandattribute data_between_core_and_vendor_violators false;
178
179# All system domains which violate the requirement of not executing vendor
180# binaries/libraries.
181# TODO(b/62041836)
182attribute system_executes_vendor_violators;
183expandattribute system_executes_vendor_violators false;
184
185# All system domains which violate the requirement of not writing vendor
186# properties.
187# TODO(b/78598545): Remove this once there are no violations
188attribute system_writes_vendor_properties_violators;
189expandattribute system_writes_vendor_properties_violators false;
190
191# All system domains which violate the requirement of not writing to
192# /mnt/vendor/*. Must not be used on devices launched with P or later.
193attribute system_writes_mnt_vendor_violators;
194expandattribute system_writes_mnt_vendor_violators false;
195
196# hwservices that are accessible from untrusted applications
197# WARNING: Use of this attribute should be avoided unless
198# absolutely necessary.  It is a temporary allowance to aid the
199# transition to treble and will be removed in a future platform
200# version, requiring all hwservices that are labeled with this
201# attribute to be submitted to AOSP in order to maintain their
202# app-visibility.
203attribute untrusted_app_visible_hwservice_violators;
204expandattribute untrusted_app_visible_hwservice_violators false;
205
206# halserver domains that are accessible to untrusted applications.  These
207# domains are typically those hosting  hwservices attributed by the
208# untrusted_app_visible_hwservice_violators.
209# WARNING: Use of this attribute should be avoided unless absolutely necessary.
210# It is a temporary allowance to aid the transition to treble and will be
211# removed in the future platform version, requiring all halserver domains that
212# are labeled with this attribute to be submitted to AOSP in order to maintain
213# their app-visibility.
214attribute untrusted_app_visible_halserver_violators;
215expandattribute untrusted_app_visible_halserver_violators false;
216
217# PDX services
218attribute pdx_endpoint_dir_type;
219attribute pdx_endpoint_socket_type;
220expandattribute pdx_endpoint_socket_type false;
221attribute pdx_channel_socket_type;
222expandattribute pdx_channel_socket_type false;
223
224pdx_service_attributes(display_client)
225pdx_service_attributes(display_manager)
226pdx_service_attributes(display_screenshot)
227pdx_service_attributes(display_vsync)
228pdx_service_attributes(performance_client)
229pdx_service_attributes(bufferhub_client)
230
231# All HAL servers
232attribute halserverdomain;
233# All HAL clients
234attribute halclientdomain;
235expandattribute halclientdomain true;
236
237# Exempt for halserverdomain to access sockets. Only builds for automotive
238# device types are allowed to use this attribute (enforced by CTS).
239# Unlike phone, in a car many modules are external from Android perspective and
240# HALs should be able to communicate with those devices through sockets.
241attribute hal_automotive_socket_exemption;
242
243# HALs
244hal_attribute(allocator);
245hal_attribute(atrace);
246hal_attribute(audio);
247hal_attribute(audiocontrol);
248hal_attribute(authsecret);
249hal_attribute(bluetooth);
250hal_attribute(bootctl);
251hal_attribute(bufferhub);
252hal_attribute(broadcastradio);
253hal_attribute(camera);
254hal_attribute(cas);
255hal_attribute(codec2);
256hal_attribute(configstore);
257hal_attribute(confirmationui);
258hal_attribute(contexthub);
259hal_attribute(drm);
260hal_attribute(dumpstate);
261hal_attribute(evs);
262hal_attribute(face);
263hal_attribute(fingerprint);
264hal_attribute(gatekeeper);
265hal_attribute(gnss);
266hal_attribute(graphics_allocator);
267hal_attribute(graphics_composer);
268hal_attribute(health);
269hal_attribute(health_storage);
270hal_attribute(input_classifier);
271hal_attribute(ir);
272hal_attribute(keymaster);
273hal_attribute(light);
274hal_attribute(lowpan);
275hal_attribute(memtrack);
276hal_attribute(neuralnetworks);
277hal_attribute(nfc);
278hal_attribute(oemlock);
279hal_attribute(omx);
280hal_attribute(power);
281hal_attribute(power_stats);
282hal_attribute(secure_element);
283hal_attribute(sensors);
284hal_attribute(telephony);
285hal_attribute(tetheroffload);
286hal_attribute(thermal);
287hal_attribute(tv_cec);
288hal_attribute(tv_input);
289hal_attribute(usb);
290hal_attribute(usb_gadget);
291hal_attribute(vehicle);
292hal_attribute(vibrator);
293hal_attribute(vr);
294hal_attribute(weaver);
295hal_attribute(wifi);
296hal_attribute(wifi_hostapd);
297hal_attribute(wifi_offload);
298hal_attribute(wifi_supplicant);
299
300# HwBinder services offered across the core-vendor boundary
301#
302# We annotate server domains with x_server  to loosen the coupling between
303# system and vendor images. For example, it should be possible to move a service
304# from one core domain to another, without having to update the vendor image
305# which contains clients of this service.
306
307attribute camera_service_server;
308attribute display_service_server;
309attribute scheduler_service_server;
310attribute sensor_service_server;
311attribute stats_service_server;
312attribute system_suspend_server;
313attribute wifi_keystore_service_server;
314
315# All types used for super partition block devices.
316attribute super_block_device_type;
317