Searched refs:allow (Results 1 – 25 of 604) sorted by relevance
12345678910>>...25
20 <allow own="org.chromium.UpdateEngine" />21 <allow send_destination="org.chromium.UpdateEngine" />24 <allow send_destination="org.chromium.UpdateEngine"27 <allow send_destination="org.chromium.UpdateEngine"30 <allow send_destination="org.chromium.UpdateEngine"33 <allow send_destination="org.chromium.UpdateEngine"36 <allow send_destination="org.chromium.UpdateEngine"39 <allow send_destination="org.chromium.UpdateEngine"42 <allow send_destination="org.chromium.UpdateEngine"45 <allow send_destination="org.chromium.UpdateEngine"[all …]
5 allow mediaserver appdomain_tmpfs:file { getattr map read write };26 allow mediaserver sdk_sandbox_data_file:file { getattr read };29 allow mediaserver stats_service:service_manager find;30 allow mediaserver statsmanager_service:service_manager find;47 allow mediaserver proc:lnk_file getattr;50 allow mediaserver system_file:dir r_dir_perms;54 allow mediaserver self:process ptrace;62 allow mediaserver media_data_file:dir create_dir_perms;63 allow mediaserver media_data_file:file create_file_perms;64 allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read wri…[all …]
14 allow platform_app shell_data_file:dir search;15 allow platform_app shell_data_file:file { open getattr read };16 allow platform_app icon_file:file { open getattr read };19 allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms;20 allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms;21 allow platform_app apk_private_data_file:dir search;23 allow platform_app asec_apk_file:dir create_dir_perms;24 allow platform_app asec_apk_file:file create_file_perms;27 allow platform_app media_rw_data_file:dir create_dir_perms;28 allow platform_app media_rw_data_file:file create_file_perms;[all …]
5 allow sdcardd cgroup:dir create_dir_perms;6 allow sdcardd cgroup_v2:dir create_dir_perms;7 allow sdcardd fuse_device:chr_file rw_file_perms;8 allow sdcardd rootfs:dir mounton; # TODO: deprecated in M9 allow sdcardd sdcardfs:filesystem remount;10 allow sdcardd tmpfs:dir r_dir_perms;11 allow sdcardd mnt_media_rw_file:dir r_dir_perms;12 allow sdcardd storage_file:dir search;13 allow sdcardd storage_stub_file:dir { search mounton };14 allow sdcardd { sdcard_type fuse }:filesystem { mount unmount };[all …]
7 allow cameraserver gpu_device:chr_file rw_file_perms;8 allow cameraserver gpu_device:dir r_dir_perms;9 allow cameraserver virtual_camera:binder call;20 allow cameraserver ion_device:chr_file rw_file_perms;21 allow cameraserver dmabuf_system_heap_device:chr_file r_file_perms;24 allow cameraserver hal_graphics_composer:fd use;30 allow cameraserver activity_service:service_manager find;31 allow cameraserver appops_service:service_manager find;32 allow cameraserver audioserver_service:service_manager find;33 allow cameraserver batterystats_service:service_manager find;[all …]
3 # The allow rules are only included in the recovery policy.28 allow fastbootd node:tcp_socket node_bind;29 allow fastbootd port:tcp_socket name_bind;30 allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };36 allow fastbootd snapuserd_socket:sock_file write;37 allow fastbootd snapuserd:unix_stream_socket connectto;38 allow fastbootd dm_user_device:dir r_dir_perms;44 allow fastbootd labeledfs:filesystem { mount unmount };48 allow fastbootd proc_bootconfig:file r_file_perms;62 allow fastbootd functionfs:dir search;[all …]
11 allow adbd self:process setcurrent;12 allow adbd su:process dyntransition;20 allow adbd shell:process dyntransition;27 # Needed to allow port forwarding directly to traced.32 allow adbd shell:process { noatsecure signal };35 allow adbd self:global_capability_class_set { setuid setgid };38 allow adbd self:global_capability_class_set setpcap;48 allow adbd self:vsock_socket { create_socket_perms_no_ioctl listen accept };56 allow adbd functionfs:dir search;57 allow adbd functionfs:file rw_file_perms;[all …]
20 # allow telephony to access platform compat to log permission denials21 allow radio platform_compat_service:service_manager find;23 allow radio uce_service:service_manager find;26 allow radio emergency_data_file:dir r_dir_perms;27 allow radio emergency_data_file:file r_file_perms;29 # allow telephony to access related cache properties32 # allow sending pulled atoms to statsd43 allow radio radio_data_file:dir create_dir_perms;44 allow radio radio_data_file:notdevfile_class_set create_file_perms;45 allow radio radio_core_data_file:dir r_dir_perms;[all …]
4 allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write…5 allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write…10 allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;13 allow hal_graphics_composer gpu_device:chr_file rw_file_perms;14 allow hal_graphics_composer gpu_device:dir r_dir_perms;15 allow hal_graphics_composer ion_device:chr_file r_file_perms;16 allow hal_graphics_composer dmabuf_system_heap_device:chr_file r_file_perms;17 allow hal_graphics_composer hal_graphics_allocator:fd use;20 allow hal_graphics_composer graphics_device:dir search;21 allow hal_graphics_composer graphics_device:chr_file rw_file_perms;[all …]
17 allow bluetooth bluetooth_data_file:dir create_dir_perms;18 allow bluetooth bluetooth_data_file:notdevfile_class_set { create_file_perms link };19 allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;20 allow bluetooth bluetooth_logs_data_file:file create_file_perms;23 allow bluetooth bluetooth_socket:sock_file create_file_perms;25 allow bluetooth self:global_capability_class_set net_admin;26 allow bluetooth self:global_capability2_class_set wake_alarm;29 allow bluetooth self:packet_socket create_socket_perms_no_ioctl;30 allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service };31 allow bluetooth self:tun_socket create_socket_perms_no_ioctl;[all …]
32 # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng33 allow init su:process transition;35 allow init su:process { siginh rlimitinh };42 allow init sysfs_dm:file read;45 allow init sysfs_loop:dir r_dir_perms;46 allow init sysfs_loop:file rw_file_perms;49 allow init sysfs_type:file { getattr read };51 allow init dev_type:dir r_dir_perms;52 allow init dev_type:blk_file getattr;55 allow init proc_drop_caches:file rw_file_perms;[all …]
14 allow dumpstate system_file:file lock;16 allow dumpstate storaged_exec:file rx_file_perms;20 allow dumpstate accessibility_trace_data_file:dir r_dir_perms;21 allow dumpstate accessibility_trace_data_file:file r_file_perms;26 allow dumpstate wm_trace_data_file:dir r_dir_perms;27 allow dumpstate wm_trace_data_file:file r_file_perms;32 allow dumpstate dropbox_data_file:dir r_dir_perms;33 allow dumpstate dropbox_data_file:file r_file_perms;40 allow dumpstate incident:process { signal sigkill };74 allow dumpstate {[all …]
7 allow installd shell_exec:file rx_file_perms;22 allow installd dumpstate:fd use;23 allow installd dumpstate:fifo_file r_file_perms;26 allow installd app_exec_data_file:file unlink;30 allow installd rollback_data_file:dir create_dir_perms;31 allow installd rollback_data_file:file create_file_perms;44 allow installd staging_data_file:file unlink;45 allow installd staging_data_file:dir { open read add_name remove_name rename rmdir search write get…47 allow installd { dex2oat dexoptanalyzer }:process signal;50 allow installd { dex2oat dexoptanalyzer profman }:process sigkill;[all …]
25 allow system_server zygote_tmpfs:file { map read };26 allow system_server appdomain_tmpfs:file { getattr map read write };29 allow system_server proc_filesystems:file r_file_perms;32 allow system_server incremental_control_file:file { ioctl r_file_perms };65 allow system_server sysfs_fs_incfs_metrics:file r_file_perms;68 allow system_server sysfs_fs_f2fs:dir r_dir_perms;69 allow system_server sysfs_fs_f2fs:file r_file_perms;72 allow system_server sdk_sandbox_system_data_file:dir create_dir_perms;75 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;76 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;[all …]
3 # The allow rules are only included in the recovery policy.28 # These are needed to allow recovery to manage network29 allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read };30 allow recovery self:global_capability_class_set net_admin;31 allow recovery self:tcp_socket { create ioctl };38 allow recovery snapuserd_socket:sock_file write;39 allow recovery snapuserd:unix_stream_socket connectto;40 allow recovery dm_user_device:dir r_dir_perms;49 allow recovery proc_bootconfig:file r_file_perms;60 allow recovery self:global_capability_class_set {[all …]
13 allow aconfigd metadata_file:dir search;15 allow aconfigd {20 allow aconfigd {25 allow aconfigd aconfigd_socket:unix_stream_socket { accept listen getattr read write };26 allow aconfigd aconfigd_socket:sock_file rw_file_perms;28 # allow aconfigd to access shell_data_file for atest30 allow aconfigd shell_data_file:dir search;31 allow aconfigd shell_data_file:file { getattr read open map };34 # allow aconfigd to log to the kernel.35 allow aconfigd kmsg_device:chr_file w_file_perms;[all …]
11 allow dhcp cgroup:dir { create write add_name };12 allow dhcp cgroup_v2:dir { create write add_name };13 allow dhcp self:global_capability_class_set { setgid setuid net_admin net_raw net_bind_service };14 allow dhcp self:packet_socket create_socket_perms_no_ioctl;15 allow dhcp self:netlink_route_socket nlmsg_write;16 allow dhcp shell_exec:file rx_file_perms;17 allow dhcp system_file:file rx_file_perms;18 not_full_treble(`allow dhcp vendor_file:file rx_file_perms;')21 allow dhcp toolbox_exec:file rx_file_perms;24 allow dhcp proc_net_type:file write;[all …]
43 allow vold vold_key:keystore2_key {55 allow vold keystore:binder call;58 allow vold keystore_service:service_manager find;59 allow vold keystore_maintenance_service:service_manager find;62 allow vold keystore:keystore2 early_boot_ended;63 allow vold keystore:keystore2 delete_all_keys;66 allow vold storage_area_app_dir:dir search;69 allow vold storage_area_dir:dir {80 allow vold storage_area_key_file:file create_file_perms;81 allow vold storage_area_key_file:dir create_dir_perms;[all …]
10 allow hal_telephony_server self:netlink_route_socket nlmsg_write;11 allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_r…12 allow hal_telephony_server cgroup:dir create_dir_perms;13 allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;14 allow hal_telephony_server cgroup_v2:dir create_dir_perms;15 allow hal_telephony_server cgroup_v2:{ file lnk_file } r_file_perms;16 allow hal_telephony_server radio_device:chr_file rw_file_perms;17 allow hal_telephony_server radio_device:blk_file r_file_perms;18 allow hal_telephony_server efs_file:dir create_dir_perms;19 allow hal_telephony_server efs_file:file create_file_perms;[all …]
13 allow init sysfs_dm:file read;18 allow init self:perf_event { open cpu };19 allow init self:global_capability2_class_set perfmon;24 allow init vd_device:blk_file relabelto;27 allow init {33 allow init tmpfs:chr_file { create setattr unlink rw_file_perms };36 allow init properties_device:dir relabelto;37 allow init properties_serial:file { write relabelto };38 allow init property_type:file { append create getattr map open read relabelto rename setattr unlink…40 allow init properties_device:file create_file_perms;[all …]
4 allow shell rootfs:dir r_dir_perms;7 allow shell shell_data_file:dir create_dir_perms;8 allow shell shell_data_file:file create_file_perms;9 allow shell shell_data_file:file rx_file_perms;10 allow shell shell_data_file:lnk_file create_file_perms;12 allow shell devpts:chr_file rw_file_perms;13 allow shell tty_device:chr_file rw_file_perms;14 allow shell console_device:chr_file rw_file_perms;17 allow shell system_file:file x_file_perms;18 allow shell toolbox_exec:file rx_file_perms;[all …]
2 allow vendor_init init:unix_stream_socket { read write };5 allow vendor_init kmsg_device:chr_file { open getattr write };8 allow vendor_init device:dir mounton;11 allow vendor_init rootfs:lnk_file { create unlink };14 allow vendor_init cgroup:dir create_dir_perms;15 allow vendor_init cgroup:file w_file_perms;16 allow vendor_init cgroup_v2:dir create_dir_perms;17 allow vendor_init cgroup_v2:file w_file_perms;20 allow vendor_init configfs:dir mounton;21 allow vendor_init configfs:dir create_dir_perms;[all …]
10 allow kernel tmpfs:blk_file { getattr relabelfrom };11 allow kernel tmpfs:chr_file { getattr relabelfrom };12 allow kernel tmpfs:lnk_file { getattr relabelfrom };13 allow kernel tmpfs:dir { open read relabelfrom };15 allow kernel block_device:blk_file relabelto;16 allow kernel block_device:lnk_file relabelto;17 allow kernel dm_device:chr_file relabelto;18 allow kernel dm_device:blk_file relabelto;19 allow kernel dm_user_device:dir { read open search relabelto };20 allow kernel dm_user_device:chr_file relabelto;[all …]
5 # allow apexd to create loop devices with /dev/loop-control6 allow apexd loop_control_device:chr_file rw_file_perms;7 # allow apexd to access loop devices8 allow apexd loop_device:blk_file rw_file_perms;20 allow apexd dev_type:dir r_dir_perms;21 allow apexd dev_type:blk_file getattr;23 #allow apexd to access virtual disks24 allow apexd vd_device:blk_file r_file_perms;26 # allow apexd to access /dev/block/dm-* (device-mapper entries)27 allow apexd dm_device:chr_file rw_file_perms;[all …]
5 # allow init to launch processes in this context9 # allow to use a graphic buffer14 # allow to use automotive display service16 allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;17 allow hal_evs_default fwk_automotive_display_service:service_manager find;19 # allow to use hidl token service to retrieve HGBP object20 allow hal_evs_default hidl_token_hwservice:hwservice_manager find;22 # allow to access data from surfaceflinger23 allow hal_evs_default surfaceflinger:fd use;25 # allow to access EGL[all …]