Skip to content

Instantly share code, notes, and snippets.

@invisiblek

invisiblek/sepo

Created February 2, 2017 13:34
Show Gist options
  • Save invisiblek/57270d578b71d35e9d037241dc47dfa7 to your computer and use it in GitHub Desktop.
Save invisiblek/57270d578b71d35e9d037241dc47dfa7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sepo
allow init block_device : dir { search };
allow dumpstate dumpstate : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init qmuxd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sockfs : dir { read setattr search open };
allow init proc_security : dir { read setattr search open };
allowxperm untrusted_app untrusted_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm untrusted_app untrusted_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm untrusted_app untrusted_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow untrusted_app untrusted_app : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow drmserver mediaserver : fd { use };
allow dumpstate su : process { transition sigchld siginh rlimitinh };
dontaudit dumpstate su : process { noatsecure };
allow init otapreopt_slot_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init drm_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager netd : file { read open };
allow init bluetooth_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app ramdump_data_file : file { ioctl read getattr lock open };
allow adbd adbd : file { ioctl read write getattr lock append open };
allow appdomain binderservicedomain : binder { call transfer };
allow shared_relro webviewupdate_service : service_manager { find };
allow domain su : unix_stream_socket { read write getattr getopt shutdown connectto };
allow fsck tmpfs : chr_file { ioctl read write };
type_transition dumpstate vdc_exec : process vdc;
allow priv_app apk_tmp_file : file { ioctl read getattr lock open };
allow init_foreground init_foreground : dir { ioctl read getattr lock search open };
allow init tee_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init dumpstate_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server mediaserver : process { getsched setsched };
allow adbd adb_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition init keystore_exec : process keystore;
allow init nanoapp_cmd_tmpfs : chr_file { relabelto };
allow system_app misc_user_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow nanoapp_cmd nanoapp_cmd_tmpfs : file { read write };
allow lmkd appdomain : lnk_file { ioctl read getattr lock open };
allow port-bridge port-bridge : fd { use };
allow healthd healthd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow logd domain : lnk_file { ioctl read getattr lock open };
allow toolbox toolbox_exec : file { read getattr execute entrypoint open };
allow init untrusted_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow ueventd security_file : file { ioctl read getattr lock open };
allow shell misc_logd_file : dir { ioctl read getattr lock search open };
allow port-bridge sysfs : dir { ioctl read getattr lock search open };
allow sysfs_fingerprint sysfs_fingerprint : filesystem { associate };
allow camera camera : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dnsmasq sysfs : dir { ioctl read getattr lock search open };
allow ims sysfs_type : lnk_file { ioctl read getattr lock open };
allow init rild_debug_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow wpa sysfs : lnk_file { ioctl read getattr lock open };
allow init dev_type : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init bluetooth_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow radio radio_prop : property_service { set };
allow healthd healthd : lnk_file { ioctl read getattr lock open };
allow healthd healthd : fifo_file { ioctl read write getattr lock append open };
allow init mm-pp-daemon_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow imscm sysfs : dir { ioctl read getattr lock search open };
allow cnd system_prop : property_service { set };
allow netd radio_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow update_engine app_data_file : file { ioctl read getattr lock open };
allow system_server unlabeled : file { ioctl read getattr lock open };
allow init zoneinfo_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app mediaextractor_service : service_manager { find };
allow init gps_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server shortcut_manager_icons : file { ioctl read write create getattr setattr lock append unlink rename open };
allow mediacodec video_device : dir { search };
allow init nativetest_data_file : blk_file { relabelto };
allow mediacodec sysfs_soc : file { ioctl read getattr lock open };
allow system_server nfc_data_file : dir { read getattr search };
allow init google_camera_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init ota_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow keystore binderservicedomain : binder { transfer };
allow mediacodec binderservicedomain : binder { call transfer };
allow init backup_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init debuggerd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sysfs_zram sysfs_zram : filesystem { associate };
type_transition vold tmpfs : file vold_tmpfs;
allow system_server system_server : tun_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init update_engine_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_server asec_apk_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init lmkd_tmpfs : blk_file { relabelto };
allow per_mgr servicemanager : binder { call transfer };
allow servicemanager mediadrmserver : file { read open };
allow cnd cnd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow keystore su : dir { search };
allow init_mid init_mid : fd { use };
allow cppreopts toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow adsprpcd init : process { sigchld };
allow port-bridge sysfs_soc : file { ioctl read getattr lock open };
allow init icon_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow watchdogd watchdogd : file { ioctl read write getattr lock append open };
allow netmgrd netd_socket : sock_file { write };
allow gpsd gpsd : file { ioctl read write getattr lock append open };
allow otapreopt_slot ota_data_file : file { getattr };
allow system_server system_server : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm system_server system_server : socket ioctl { 0xc300-0xc305 };
allow domain_deprecated adbd : fd { use };
allow rild rild : fifo_file { ioctl read write getattr lock append open };
allow servicemanager postinstall : process { getattr };
allow installd installd : file { ioctl read write getattr lock append open };
dontaudit su kernel : security { compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy };
allow netd netd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow autoplay_app system_data_file : file { read getattr };
allow init camera : process { transition siginh rlimitinh };
dontaudit init camera : process { noatsecure };
allow init debugfs : lnk_file { getattr relabelfrom };
allow init shell_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm mediaserver mediaserver : udp_socket ioctl { 0x5411 0x5451 };
allowxperm mediaserver mediaserver : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediaserver mediaserver : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediaserver mediaserver : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow vold mnt_media_rw_stub_file : dir { ioctl read create getattr setattr lock mounton search rmdir open };
allow dumpstate netpolicy_service : service_manager { find };
allow system_app scheduling_policy_service : service_manager { find };
allow cnd cnd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow hci_attach su : fd { use };
allow installd oemfs : file { ioctl read getattr lock open };
allow vold efs_file : file { ioctl read write getattr lock append open };
allow init sysfs_batteryinfo : dir { read setattr search open };
allow init bluetooth_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init_foreground init : process { sigchld };
allow init vpn_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow preloads_copy shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
type_transition drmserver tmpfs : file drmserver_tmpfs;
allow adbd adbd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow atfwd atfwd : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm atfwd atfwd : socket ioctl { 0xc300-0xc305 };
allow system_server asec_apk_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init installd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sysinit sysinit : fifo_file { ioctl read write getattr lock append open };
allow system_server dumpstate : fd { use };
allow init postinstall_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm domain domain : packet_socket ioctl { 0x0 };
allow adbd profman_dump_data_file : dir { ioctl read getattr lock search open };
dontaudit su domain : netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow shell uce_service : service_manager { find };
allow rild rild : dir { ioctl read getattr lock search open };
allow hci_attach sysfs : file { ioctl read getattr lock open };
allow system_server drmserver : debuggerd { dump_backtrace };
allow tee tee : fifo_file { ioctl read write getattr lock append open };
type_transition nanohub_slpi tmpfs : file nanohub_slpi_tmpfs;
allow init tty_device : chr_file { ioctl read write getattr setattr lock append open };
allow init audio_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain null_device : chr_file { ioctl read write getattr lock append open };
allow perfprofd domain : file { ioctl read getattr lock open };
type_transition radio tmpfs : file radio_tmpfs;
allow shared_relro sysfs : dir { ioctl read getattr lock search open };
allow ims radio : fd { use };
allow mtp mtp_exec : file { read getattr execute entrypoint open };
dontaudit init_foreground init_foreground : capability { sys_module };
allow subsystem_ramdump sysfs_type : dir { ioctl read getattr lock search open };
allow system_server persist_property_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow priv_app keystore : fd { use };
allow init irqbalance_socket : chr_file { relabelto };
allow untrusted_app superuser_device : sock_file { write };
allow healthd sysfs : file { ioctl read write getattr lock open };
allow radio qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition mediadrmserver tmpfs : file mediadrmserver_tmpfs;
allow mediaextractor sysfs : lnk_file { ioctl read getattr lock open };
allow init debugfs_type : file { relabelto };
allow init sysfs_writable : dir { read setattr search open };
allow zygote resourcecache_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init irqbalance_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager netd : binder { transfer };
allow debuggerd netd : process { ptrace getattr };
allow racoon servicemanager : binder { call transfer };
allow otapreopt_slot otapreopt_slot : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow nfc sysfs : dir { ioctl read getattr lock search open };
allow tee tee : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow dumpstate surfaceflinger : binder { transfer };
type_transition su tmpfs : file su_tmpfs;
allow qmuxd qmuxd : fd { use };
allow subsystem_ramdump ssr_prop : file { ioctl read getattr lock open };
allow recovery_refresh recovery_refresh : fd { use };
allow servicemanager ssr_setup : binder { transfer };
allow keystore obdm_app : binder { transfer };
allow init cnss_diag_tmpfs : blk_file { relabelto };
allow bluetooth bluetooth : capability { net_bind_service net_admin net_raw };
dontaudit bluetooth bluetooth : capability { sys_module };
allow init audioserver_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow atrace healthd : binder { call };
allow platform_app sysfs : lnk_file { ioctl read getattr lock open };
allow keystore wpa : dir { search };
allow installd installd : lnk_file { ioctl read getattr lock open };
allow init imscm_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow appdomain dumpstate : fd { use };
allow autoplay_app zygote : process { sigchld };
allow runas system_data_file : file { ioctl read getattr lock open };
allow appdomain resourcecache_data_file : file { ioctl read getattr lock open };
allow system_server fingerprint_prop : file { ioctl read getattr lock open };
allow init shared_relro_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init ota_package_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow hostapd hostapd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow shell mediaserver_service : service_manager { find };
allow clatd netd : fd { use };
allow radio radio : lnk_file { ioctl read getattr lock open };
allow tee tee : dir { ioctl read getattr lock search open };
allow init property_contexts : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow vold proc_net : file { ioctl read getattr lock open };
allow nfc audioserver_service : service_manager { find };
allow bluetooth tun_device : chr_file { ioctl read write getattr lock append open };
allow labeledfs labeledfs : filesystem { associate };
allow init vold_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow binfmt_miscfs binfmt_miscfs : filesystem { associate };
dontaudit su port_type : netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow themeservice_app themeservice_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow location system_server : fd { use };
allow dumpstate torch_service : service_manager { find };
allow debuggerd port-bridge : process { ptrace getattr };
allow debugfs_rmt_storage debugfs_rmt_storage : filesystem { associate };
type_transition subsystem_ramdump tmpfs : file subsystem_ramdump_tmpfs;
allow debuggerd init_foreground : process { ptrace getattr };
allow init sysfs_devices_system_cpu : dir { read setattr search open };
allow init sysfs_type : dir { ioctl read getattr lock relabelto search open };
allow subsystem_ramdump su : fd { use };
allow init mnt_expand_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow camera su : fd { use };
dontaudit su domain : netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow netd wifi_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow hostapd netd : unix_dgram_socket { read write sendto };
allow system_server dhcp_data_file : file { ioctl read getattr lock open };
allow installd system_data_file : lnk_file { create getattr setattr relabelfrom unlink };
allow audioserver su : fd { use };
allow audioserver sysfs_soc : lnk_file { ioctl read getattr lock open };
allow shell app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow healthd kmsg_device : chr_file { ioctl read write getattr lock append open };
allow keystore fingerprintd : dir { search };
allow init init_exec : file { read getattr execute entrypoint open };
allow init debugfs_rmt_storage : dir { read setattr search open };
dontaudit su port_type : netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow vdc dumpstate : fd { use };
allow dumpstate gpu_device : chr_file { ioctl read write getattr lock append open };
allow init property_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init qmuxd : process { transition siginh rlimitinh };
dontaudit init qmuxd : process { noatsecure };
allow appdomain method_trace_data_file : file { write create lock append open };
allow cnss-daemon sysfs_type : dir { ioctl read getattr lock search open };
allow init gatekeeperd_tmpfs : chr_file { relabelto };
allow hostapd hostapd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm hostapd hostapd : udp_socket ioctl { 0x6900 0x6902 };
allowxperm hostapd hostapd : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm hostapd hostapd : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow postinstall kernel : process { setsched };
allow hci_attach hci_attach : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mediadrmserver system_file : file { ioctl read getattr lock open };
allow dex2oat postinstall_dexopt : fd { use };
type_transition cameraserver tmpfs : file cameraserver_tmpfs;
allow init obdm_app_tmpfs : blk_file { relabelto };
allow uncrypt uncrypt : file { ioctl read write getattr lock append open };
allow system_app hardware_service : service_manager { find };
allow appdomain logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_server system_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow otapreopt_slot otapreopt_slot : dir { ioctl read getattr lock search open };
allow platform_app platform_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow kernel sysfs : file { ioctl read getattr lock open };
allow google_camera_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename execute execute_no_trans open };
dontaudit blkid blkid : capability { sys_module };
allow init recovery_refresh_exec : file { read getattr execute open };
allow init keychain_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold proc : dir { ioctl read getattr lock search open };
type_transition init location_exec : process location;
allow sdcardd media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition installd idmap_exec : process idmap;
allow untrusted_app superuser_device : dir { ioctl read getattr lock search open };
allow untrusted_app drmserver_service : service_manager { find };
allow init recovery_persist_tmpfs : chr_file { relabelto };
allow logd logd_exec : file { read getattr execute entrypoint open };
allow priv_app sysfs_zram : dir { search };
allow install_recovery sysfs : file { ioctl read getattr lock open };
allow init cgroup : file { read setattr open };
allow netmgrd netmgrd : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init init_mid_exec : file { read getattr execute open };
allow init netd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore bluetooth : file { read open };
allow init su_exec : file { read getattr execute open };
type_transition init mediaserver_exec : process mediaserver;
allow appdomain system_server : fifo_file { ioctl read write getattr lock append open };
allow dnsmasq dnsmasq : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm dnsmasq dnsmasq : udp_socket ioctl { 0x6900 0x6902 };
allowxperm dnsmasq dnsmasq : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm dnsmasq dnsmasq : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow init inputflinger_exec : file { read getattr execute open };
allow slideshow sysfs : file { ioctl read getattr lock open };
allow shared_relro shared_relro_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_app net_radio_prop : file { ioctl read getattr lock open };
allow healthd rootfs : file { read getattr execute entrypoint open };
allow shell ctl_dumpstate_prop : file { ioctl read getattr lock open };
allow init cameraserver_tmpfs : chr_file { relabelto };
dontaudit sudaemon port_type : key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow preloads_copy init : process { sigchld };
dontaudit sudaemon domain : unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom };
allow untrusted_app proc : file { ioctl read getattr lock open };
allow binderservicedomain shell_data_file : file { write getattr };
allow sysfs_zram_uevent sysfs_zram_uevent : filesystem { associate };
allow init uncrypt_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow surfaceflinger persist_file : dir { search };
allow fsck_untrusted vold_device : blk_file { ioctl read write getattr lock append open };
allow init port-bridge_tmpfs : chr_file { relabelto };
allow init hci_attach_tmpfs : blk_file { relabelto };
allow debuggerd surfaceflinger : debuggerd { dump_backtrace };
allow init mdnsd_socket : chr_file { relabelto };
allow blkid blkid : fd { use };
allow idmap idmap : dir { ioctl read getattr lock search open };
allow rild ssr_device : chr_file { read open };
allow servicemanager toolbox : binder { transfer };
allow netd wpa_socket : dir { ioctl read write getattr lock add_name remove_name search open };
allow debuggerd atfwd : process { ptrace getattr };
allow init bootstat_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init init-qcom-qseecomd-sh_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild cgroup : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow boot_control_hal sg_device : chr_file { ioctl read write getattr lock append open };
allow system_server vold : unix_stream_socket { connectto };
allow keystore keystore : fifo_file { ioctl read write getattr lock append open };
allow init heapdump_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold restorecon_prop : file { ioctl read getattr lock open };
allow recovery_persist recovery_persist : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init dnsproxyd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit imscm imscm : capability { sys_module };
allow runas runas_exec : file { read getattr execute entrypoint open };
allow installd sdcard_type : file { getattr };
allow init tombstone_data_file : blk_file { relabelto };
allow shell servicediscovery_service : service_manager { find };
allow init debuggerd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init system_server_tmpfs : blk_file { relabelto };
type_transition init cameraserver_exec : process cameraserver;
allow appdomain anr_data_file : dir { search };
dontaudit irsc_util irsc_util : capability { sys_module };
allow init properties_serial : chr_file { read setattr open };
allow system_server sysfs_nfc_power_writable : file { ioctl read write getattr lock append open };
allow init asec_image_file : blk_file { relabelto };
allow logd logd : fd { use };
allow autoplay_app autoplay_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow vdc vold_socket : sock_file { write };
allow zygote mnt_user_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init preloads_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow perfd sysfs_perf : file { write };
allow drmserver drmserver_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate storage_file : dir { getattr search };
allow init coredump_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow binderservicedomain permission_service : service_manager { find };
allow su app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init fingerprintd_data_file : blk_file { relabelto };
allow init logdr_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow gpsd gpsd : dir { ioctl read getattr lock search open };
allow system_server autoplay_app : fifo_file { read write getattr };
allow system_app contexthub_service : service_manager { find };
allow shell dumpstate_prop : property_service { set };
allow init_mid su : fd { use };
allow priv_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm priv_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm priv_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow ueventd init_exec : file { read getattr execute entrypoint open };
allow cnss-daemon su : fd { use };
allow dumpstate audioserver_service : service_manager { find };
allow ueventd device : file { ioctl read write create getattr setattr lock append unlink rename open };
allow subsystem_ramdump subsystem_ramdump : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mediaserver system_file : dir { ioctl read getattr lock search open };
dontaudit per_proxy per_proxy : capability { sys_module };
allow init persist_property_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow mdnsd mdnsd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow installd dex2oat_exec : file { read getattr execute open };
allow su su : file { ioctl read write getattr lock append open };
allow installd system_app_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow fsck userdata_block_device : blk_file { ioctl read write getattr lock append open };
allow dex2oat dex2oat : fd { use };
allow init drm_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver cameraserver : file { ioctl read write getattr lock append open };
allow runas runas : dir { ioctl read getattr lock search open };
allow mediaserver sysfs : file { ioctl read getattr lock open };
allow system_app gfxinfo_service : service_manager { find };
allow surfaceflinger mediaserver_service : service_manager { find };
allow init per_mgr_exec : file { read getattr execute open };
allow init htc_ramdump_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sdcardfs sdcardfs : filesystem { associate };
allow init init_radio_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_msm_subsys : dir { read setattr search open };
allow untrusted_app keystore : keystore_key { get_state get insert delete exist list sign verify };
allow netd netdomain : tcp_socket { read write getattr setattr getopt setopt };
allow surfaceflinger su : binder { call transfer };
allow cameraserver binderservicedomain : fd { use };
allow otapreopt_slot otapreopt_slot : file { ioctl read write getattr lock append open };
allow system_app system_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow perfd sysfs_type : dir { ioctl read getattr lock search open };
allow mediaserver mediaserver : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow dumpstate power_service : service_manager { find };
allow keystore untrusted_app : process { getattr };
allow init perfd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow postinstall_dexopt selinuxfs : file { ioctl read write getattr lock append open };
allow servicemanager qmuxd : binder { transfer };
allow init cnss-daemon_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init shortcut_manager_icons : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server sdcard_type : dir { getattr search };
allow irsc_util irsc_util : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow cnd diag_device : chr_file { ioctl read write getattr lock append open };
allow system_server wifi_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow perfd perfd_tmpfs : file { read write };
allow shell netstats_service : service_manager { find };
allow system_server keystore : keystore_key { get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed };
allow debuggerd init-qcom-qseecomd-sh : process { ptrace getattr };
allow dumpstate user_profile_foreign_dex_data_file : file { ioctl read getattr lock open };
type_transition update_engine postinstall_file : process postinstall;
allow servicemanager bootanim : process { getattr };
allow hostapd hostapd : fd { use };
allow init display_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell debugfs_tracing : file { ioctl read write getattr lock append open };
allow dumpstate mount_service : service_manager { find };
allow dumpstate cameraproxy_service : service_manager { find };
allow per_proxy per_proxy : fd { use };
dontaudit su file_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow selinuxfs selinuxfs : filesystem { associate };
allow init livedisplay_sysfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app devicestoragemonitor_service : service_manager { find };
allow vold powerctl_prop : file { ioctl read getattr lock open };
allow servicemanager hostapd : binder { transfer };
allow dumpstate sysfs : lnk_file { ioctl read getattr lock open };
allow init audioserver_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init subsystem_ramdump_tmpfs : blk_file { relabelto };
allowxperm domain domain : unix_dgram_socket ioctl { 0x5401 0x5411 0x5413-0x5414 0x541b 0x5451 };
allow adbd shell_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow ppp ppp_device : chr_file { ioctl read write getattr lock append open };
allow vold domain : dir { ioctl read getattr lock search open };
allow ims su : fd { use };
allow mtp mtp : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init cache_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition uncrypt tmpfs : file uncrypt_tmpfs;
allow healthd healthd : file { ioctl read write getattr lock append open };
allow init property_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow recovery_refresh init : process { sigchld };
allow init usbfs : dir { read setattr search open };
allow dumpstate autoplay_app : process { signal };
allow idmap sysfs : file { ioctl read getattr lock open };
allow mtp mtp_tmpfs : file { read write };
allow system_app account_service : service_manager { find };
allow appdomain mnt_user_file : dir { ioctl read getattr lock search open };
allow dumpstate devicestoragemonitor_service : service_manager { find };
allow domain_deprecated tmpfs : lnk_file { read getattr };
allow servicemanager per_mgr : process { getattr };
allow obdm_app proc : file { ioctl read getattr lock open };
allow install_recovery shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init shell_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow nfc nfc_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow zygote appdomain : dir { getattr search };
allow system_server binderservicedomain : binder { call transfer };
allow init tee_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate logd : unix_stream_socket { connectto };
allow init keystore_data_file : lnk_file { relabelto };
allow update_engine su : binder { call transfer };
allow init atrace_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cnss_diag sysfs_type : file { ioctl read getattr lock open };
allow gatekeeperd gatekeeperd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow servicemanager idmap : binder { transfer };
allow sudaemon gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm sudaemon gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm sudaemon gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow system_app rttmanager_service : service_manager { find };
allow init dhcp_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow cppreopts cppreopts : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init_radio firmware_file : file { ioctl read getattr lock open };
allow init app_fuse_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow audioserver audioserver_tmpfs : file { read write };
allow runas sysfs : dir { ioctl read getattr lock search open };
allow init atrace_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow adbd shell_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init asec_image_file : chr_file { relabelto };
allow init method_trace_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow hostapd su : fd { use };
allow init qtaguid_device : chr_file { read setattr open };
allow ueventd sysfs_nanoapp_cmd : file { write lock append open };
allow init unlabeled : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init qmuxd_socket : blk_file { relabelto };
allow init persist_display_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su fs_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow system_server system_file : file { getattr execute execute_no_trans };
allow rild qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition mediaextractor tmpfs : file mediaextractor_tmpfs;
allow init cnd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init system_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init atrace_tmpfs : chr_file { relabelto };
allow system_app input_service : service_manager { find };
allow platform_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow sgdisk vold : fifo_file { read write getattr };
allow irsc_util irsc_util : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow fingerprintd fingerprintd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow postinstall postinstall : capability { dac_override sys_rawio };
dontaudit postinstall postinstall : capability { sys_module };
allow device device : filesystem { associate };
type_transition zygote tmpfs : file zygote_tmpfs;
allow init qtaguid_proc : file { read setattr open };
allow init keystore_data_file : chr_file { relabelto };
allow init postinstall_file : chr_file { relabelto };
allow radio net_data_file : dir { search };
allow location location_tmpfs : file { read write };
allow dumpstate logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow inputflinger inputflinger : dir { ioctl read getattr lock search open };
allow gatekeeperd keystore : keystore_key { add_auth };
allow vold su : fd { use };
allow platform_app diag_logs : dir { ioctl read write getattr lock add_name remove_name search open };
allow init sysfs_nanoapp_cmd : dir { read setattr search open };
allow nfc sysfs_usb : file { write };
allow init icon_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow appdomain keychain_data_file : file { ioctl read getattr lock open };
allow idmap idmap : file { ioctl read write getattr lock append open };
allow update_verifier update_verifier : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow netd netdomain : dccp_socket { read write getattr setattr getopt setopt };
allow init mnt_media_rw_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow radio alarm_device : chr_file { ioctl read write getattr lock append open };
allow surfaceflinger ctl_bootanim_prop : property_service { set };
allow init_foreground proc_sysrq : file { getattr };
allow surfaceflinger surfaceflinger : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow platform_app platform_app : file { ioctl read write getattr lock append open };
allow init dumpstate_tmpfs : blk_file { relabelto };
allow netd netd_tmpfs : file { read write };
allow init location_tmpfs : chr_file { relabelto };
allow nfc nfc : fifo_file { ioctl read write getattr lock append open };
allow installd kernel : security { check_context };
allow autoplay_app autoplay_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
dontaudit su su : capability2 { mac_override mac_admin syslog wake_alarm block_suspend audit_read };
allow su shell : process { sigchld };
allow init netd : process { transition siginh rlimitinh };
dontaudit init netd : process { noatsecure };
allow radio surfaceflinger_service : service_manager { find };
allow init bluetooth_efs_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm mediaserver mediaserver : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm mediaserver mediaserver : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediaserver mediaserver : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediaserver mediaserver : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow update_engine_common block_device : dir { search };
allow init adb_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow untrusted_app sudaemon : unix_stream_socket { ioctl read write setopt connectto };
allow perfd perfd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init adb_keys_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow priv_app ion_device : chr_file { ioctl read write getattr lock append open };
allow sudaemon keystore : fd { use };
allow init mtpd_socket : blk_file { relabelto };
allow init thermal-engine_exec : file { read getattr execute open };
allow init profman_dump_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init dm_device : chr_file { ioctl read write getattr setattr lock append open };
allow nanohub_slpi nanohub_slpi : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow tee persist_file : file { ioctl read getattr lock open };
allow devpts devpts : filesystem { associate };
allow cameraserver batterystats_service : service_manager { find };
dontaudit sudaemon domain : netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow dumpstate per_mgr_service : service_manager { find };
allow dumpstate input_service : service_manager { find };
allow bluetooth bluetooth_tmpfs : file { read write execute };
allow fingerprintd fingerprintd : lnk_file { ioctl read getattr lock open };
allow domain cgroup : dir { write search };
allow netmgrd netmgrd_tmpfs : file { read write };
allow gatekeeperd gatekeeperd_tmpfs : file { read write };
allow system_app kill_switch_service : service_manager { find };
allow update_engine ota_package_file : file { ioctl read getattr lock open };
allow system_server system_server : fifo_file { ioctl read write getattr lock append open };
allow per_mgr sysfs_msm_subsys : file { ioctl read getattr lock open };
allow blkid shell_exec : file { read getattr execute entrypoint open };
allow keystore nfc : dir { search };
allow bluetooth bluetooth : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow perfprofd su : fd { use };
allow init sysfs : dir { ioctl read getattr setattr lock relabelfrom mounton search open };
allow init_mid toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init obdm_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnss-daemon diag_device : chr_file { ioctl read write getattr lock append open };
allow bluetooth ion_device : chr_file { ioctl read write getattr lock append open };
allow init postinstall_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow zygote themeservice_app_data_file : dir { ioctl read getattr lock search open };
allow init wpa_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow otapreopt_slot otapreopt_slot_tmpfs : file { read write };
allow isolated_app su : fd { use };
allow google_camera_app google_camera_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dhcp dhcp : file { ioctl read write getattr lock append open };
allow priv_app apk_private_tmp_file : file { ioctl read getattr lock open };
allow install_recovery block_device : dir { search };
allow mediaserver servicemanager : binder { call transfer };
allow ueventd audio_data_file : dir { ioctl read getattr lock search open };
allow adbd adbd : capability { setgid setuid setpcap };
dontaudit adbd adbd : capability { sys_module };
allow init mdnsd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow su keystore : binder { call transfer };
allow racoon racoon_tmpfs : file { read write };
allow system_server autoplay_app : fd { use };
allow priv_app mediaserver_service : service_manager { find };
allow system_server system_server : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mdnsd su : binder { call transfer };
allow logd logcat_exec : file { read getattr execute entrypoint open };
allow ueventd ueventd : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server system_app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell keystore : binder { call transfer };
allow vdc vdc : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow ims ims : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow vold kmsg_device : chr_file { ioctl read write getattr lock append open };
allow bluetooth hci_attach_dev : chr_file { ioctl read write getattr lock append open };
allow init priv_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init mm-pp-daemon_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init postinstall_mnt_dir : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit fsck_untrusted fsck_untrusted : capability { sys_module };
allow fsck_untrusted fsck_untrusted : capability { sys_admin };
allow init adsprpcd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager nanohub_slpi : binder { transfer };
allow bluetooth bluetooth : dir { ioctl read getattr lock search open };
allow system_server radio_device : chr_file { ioctl read getattr lock open };
type_transition per_mgr tmpfs : file per_mgr_tmpfs;
allow radio qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow system_app task_service : service_manager { find };
allow ims ims : lnk_file { ioctl read getattr lock open };
allow vold proc : file { ioctl read getattr lock open };
allow toolbox toolbox : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init irqbalance_tmpfs : chr_file { relabelto };
allow untrusted_app untrusted_app : file { ioctl read write getattr lock append open };
allow dex2oat ota_data_file : lnk_file { read create };
type_transition perfprofd tmpfs : file perfprofd_tmpfs;
allow htc_ramdump debug_prop : file { ioctl read getattr lock open };
allow init update_engine_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain zygote_tmpfs : file { read };
allow init tzdatacheck_exec : file { read getattr execute open };
allow init bluetooth_tmpfs : chr_file { relabelto };
allow cnd socket_device : dir { ioctl read write getattr lock add_name remove_name search open };
type_transition cnd socket_device : dir cnd_socket;
allow shell per_mgr_service : service_manager { find };
allow domain_deprecated rootfs : dir { ioctl read getattr lock search open };
allow init labeledfs : dir { read setattr search open };
allow init port-bridge : process { transition siginh rlimitinh };
dontaudit init port-bridge : process { noatsecure };
allow postinstall postinstall : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
dontaudit su su : capability { sys_module };
allow init mnt_media_rw_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell user_service : service_manager { find };
allow init time_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition mtp tmpfs : file mtp_tmpfs;
allow init mediaextractor_tmpfs : chr_file { relabelto };
allow init lmkd_socket : blk_file { relabelto };
allow init_power init : process { sigchld };
allow sdcardd tmpfs : dir { ioctl read getattr lock search open };
allow uncrypt block_device : dir { ioctl read getattr lock search open };
allow init app_data_file : dir { relabelto };
allow init fingerprintd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sysinit devpts : chr_file { ioctl read write getattr lock append open };
allow system_app wallpaper_file : file { ioctl read getattr lock open };
allow dumpstate themes_service : service_manager { find };
allow priv_app priv_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow rild sysfs_type : dir { ioctl read getattr lock search open };
allow init sysfs_usb : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app sudaemon : unix_stream_socket { ioctl read write setopt connectto };
allow system_server input_device : chr_file { ioctl read write getattr lock append open };
allow priv_app sysfs_type : file { ioctl read getattr lock open };
allow vold block_device : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow mtp mtp : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init nanohub_slpi_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dhcp dhcp : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow debuggerd uncrypt : process { ptrace getattr };
allow domain alarm_device : chr_file { ioctl read getattr lock open };
allow per_proxy per_proxy : file { ioctl read write getattr lock append open };
allow themeservice_app themeservice_app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow subsystem_ramdump subsystem_ramdump_tmpfs : file { read write };
allow init unencrypted_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allowxperm google_camera_app google_camera_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm google_camera_app google_camera_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm google_camera_app google_camera_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow google_camera_app ion_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager vold : dir { search };
allow subsystem_ramdump subsystem_ramdump : dir { ioctl read getattr lock search open };
allow init port-bridge_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd security_file : dir { ioctl read getattr lock search open };
allow update_verifier su : binder { call transfer };
allow servicemanager surfaceflinger : binder { transfer };
allow system_server system_server_service : service_manager { add find };
allow debuggerd runas : process { ptrace getattr };
allow dumpstate mediadrmserver_service : service_manager { find };
allow init sudaemon_tmpfs : chr_file { relabelto };
allow init adsprpcd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell dbinfo_service : service_manager { find };
allow init security_file : dir { ioctl read create getattr setattr lock relabelto search open };
allow untrusted_app cm_weather_service : service_manager { find };
allow system_app vibrator_service : service_manager { find };
allow shell gfxinfo_service : service_manager { find };
allow shared_relro su : fd { use };
allow preloads_copy preloads_copy_exec : file { read getattr execute entrypoint open };
allow htc_ramdump ramdump_block_device : blk_file { read open };
allow init racoon_tmpfs : blk_file { relabelto };
allow atfwd init : process { sigchld };
allow isolated_app isolated_app : lnk_file { ioctl read getattr lock open };
allow system_server system_radio_prop : file { ioctl read getattr lock open };
allow sdcardd sdcardd : fd { use };
allow dumpstate recovery_data_file : dir { ioctl read getattr lock search open };
allow domain proc : dir { ioctl read getattr lock search open };
allow rild init : unix_stream_socket { connectto };
allow ueventd dev_type : blk_file { create setattr relabelfrom relabelto unlink };
allow userinit_exec userinit_prop : property_service { set };
allow installd autoplay_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow logd logd : fifo_file { ioctl read write getattr lock append open };
allow system_app system_app_tmpfs : file { read write execute };
allow netd netd : netlink_netfilter_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow shared_relro app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow google_camera_app mediaextractor_service : service_manager { find };
allow dumpstate appops_service : service_manager { find };
allow adsprpcd adsprpcd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow postinstall_dexopt postinstall_dexopt : dir { ioctl read getattr lock search open };
allow init init : key { write search setattr };
allow vold vold : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow bluetooth sap_uim_socket : sock_file { write };
dontaudit sudaemon domain : netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
allow servicemanager ims : binder { transfer };
allow update_engine update_engine : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow cnd init : process { sigchld };
type_transition otapreopt_slot tmpfs : file otapreopt_slot_tmpfs;
allow nanoapp_cmd sysfs_nanoapp_cmd : file { ioctl read write getattr lock append open };
allow mediaextractor mediaextractor : lnk_file { ioctl read getattr lock open };
allow servicemanager rild : binder { transfer };
allow init init : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow qmuxd qmuxd : dir { ioctl read getattr lock search open };
allow watchdogd watchdogd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager atrace : process { getattr };
allow hostapd hostapd : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow wcnss_filter su : fd { use };
allow init persist_property_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ueventd sysfs_camera : file { write lock append open };
allow installd su : fd { use };
allow init adsprpcd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su domain : netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow recovery recovery : fifo_file { ioctl read write getattr lock append open };
allow init media_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app proc_net : file { ioctl read getattr lock open };
allow sysinit userinit_prop : property_service { set };
allow vdc vdc : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow netd netd : fifo_file { ioctl read write getattr lock append open };
allow obdm_app su : fd { use };
allow system_server app_data_file : dir { read getattr search };
allow keystore shell : binder { transfer };
allow obdm_app obdm_app_tmpfs : file { read write execute };
allow init ssr_setup_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow installd unlabeled : lnk_file { getattr setattr relabelfrom unlink rename };
allow init mnt_media_rw_stub_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init nfc_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init property_socket : sock_file { read write create getattr setattr relabelfrom relabelto unlink open };
allow appdomain mediadrmserver : binder { transfer };
allow shell wifi_service : service_manager { find };
allow debuggerd autoplay_app : process { ptrace getattr };
allow system_server system_server : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow fsck_untrusted sysfs : file { ioctl read getattr lock open };
allow themeservice_app keystore : fd { use };
allow shell ethernet_service : service_manager { find };
allow nfc nfc : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init bluetooth_data_file : blk_file { relabelto };
allow servicemanager imscm : file { read open };
allow init diag_logs : blk_file { relabelto };
dontaudit su domain : netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow surfaceflinger appdomain : fd { use };
allow update_engine_common system_block_device : blk_file { ioctl read write getattr lock append open };
allow init uncrypt_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate task_service : service_manager { find };
allow init shortcut_manager_icons : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su port_type : key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow installd unlabeled : file { ioctl read getattr setattr lock relabelfrom unlink rename open };
allow init racoon_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow time rtc_device : chr_file { ioctl read getattr lock open };
allow system_server domain : dir { ioctl read getattr lock search open };
allow adbd system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow rmt rmt : lnk_file { ioctl read getattr lock open };
allow init mnt_expand_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init rild_tmpfs : blk_file { relabelto };
allow init untrusted_app_tmpfs : chr_file { relabelto };
allow init shared_relro_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow inputflinger inputflinger_exec : file { read getattr execute entrypoint open };
allow init cache_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app logd_prop : property_service { set };
allow system_server netd : binder { call transfer };
allow init persist_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init tee_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init keystore_data_file : blk_file { relabelto };
allow fingerprintd sysfs : dir { ioctl read getattr lock search open };
allow init postinstall_mnt_dir : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow domain_deprecated security_file : dir { getattr search };
allow irqbalance proc_irq : dir { ioctl read getattr lock search open };
allow init unlabeled : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow atrace debug_prop : file { ioctl read getattr lock open };
dontaudit otapreopt_slot otapreopt_slot : capability { sys_module };
allow servicemanager dumpstate : process { getattr };
allow debuggerd mediacodec : debuggerd { dump_backtrace };
allow kernel system_data_file : file { open };
allow init cache_private_backup_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init bluetooth_efs_file : chr_file { relabelto };
allow hostapd hostapd : file { ioctl read write getattr lock append open };
allow init persist_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init keychain_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init fingerprintd_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow fsck fsck_exec : file { read getattr execute entrypoint open };
allow system_server security_file : file { ioctl read getattr lock open };
allow htc_ramdump htc_ramdump : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init init_radio_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow surfaceflinger bootanim : fd { use };
allow nfc nfc : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow cnss-daemon sysfs_wifi : file { write };
allow init adbd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow appdomain mnt_user_file : lnk_file { ioctl read getattr lock open };
allow servicemanager surfaceflinger : dir { search };
allow nfc shell_data_file : file { read };
allow netd ctl_mdnsd_prop : property_service { set };
allow per_mgr per_mgr : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm per_mgr per_mgr : socket ioctl { 0xc300-0xc305 };
allow keystore keystore_exec : file { read getattr execute entrypoint open };
allow init adbd : process { transition siginh rlimitinh };
dontaudit init adbd : process { noatsecure };
allow update_verifier update_verifier : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
type_transition init mtp_exec : process mtp;
allow init priv_app_devpts : file { read setattr open };
allow init audioserver_data_file : chr_file { relabelto };
allow system_server netd_socket : sock_file { write };
allow shell torch_service : service_manager { find };
allow init sysfs_zram_uevent : file { read setattr open };
allow init_mid init_mid : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow camera camera_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow shell atrace_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow servicemanager untrusted_app : binder { transfer };
allow netmgrd netmgrd_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init bootanim_tmpfs : blk_file { relabelto };
allow racoon init : process { sigchld };
type_transition init init_power_exec : process init_power;
dontaudit su port_type : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow domain_deprecated adbd : unix_stream_socket { ioctl read write getattr getopt shutdown connectto };
allow servicemanager keystore : dir { search };
allow dumpstate voiceinteraction_service : service_manager { find };
allow recovery sysfs : dir { ioctl read getattr lock search open };
allow bootstat bootstat_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow healthd graphics_device : chr_file { ioctl read write getattr lock append open };
allow init bootchart_data_file : blk_file { relabelto };
allow init shm : file { read setattr open };
allow rmt modem_block_device : blk_file { ioctl read write getattr lock append open };
allow install_recovery install_recovery : dir { ioctl read getattr lock search open };
allow init sysfs_usb : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init klog_device : chr_file { read setattr open };
allow surfaceflinger appdomain : binder { call transfer };
allow shell cm_weather_service : service_manager { find };
allow preloads_copy su : fd { use };
allow servicemanager rmt : binder { transfer };
allow init ringtone_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow ppp ppp : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow dumpstate backup_service : service_manager { find };
allow system_server zygote_tmpfs : file { read };
allow init user_profile_foreign_dex_data_file : chr_file { relabelto };
allow racoon racoon : fifo_file { ioctl read write getattr lock append open };
allow shell shell : dir { ioctl read getattr lock search open };
allow nanoapp_cmd su : fd { use };
allow init racoon_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow untrusted_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init net_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init inputflinger_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow adbd app_data_file : sock_file { write };
allow init installd_socket : chr_file { relabelto };
allow vold vold : capability { chown dac_override fowner fsetid kill setgid setuid net_admin sys_chroot sys_ptrace sys_admin sys_nice mknod };
dontaudit vold vold : capability { sys_module };
allow otapreopt_chroot otapreopt_chroot : fd { use };
allow init gpsd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow gpsd gps_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition gpsd gps_data_file : sock_file gps_socket;
allow system_server alarm_device : chr_file { ioctl read write getattr lock append open };
allow recovery_persist recovery_persist : file { ioctl read write getattr lock append open };
allow init cnss_diag_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition cnd socket_device : lnk_file cnd_socket;
type_transition servicemanager tmpfs : file servicemanager_tmpfs;
allow recovery_persist recovery_persist_tmpfs : file { read write };
allow tee persist_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit init_mid init_mid : capability { sys_module };
allow perfd perfd : fd { use };
allow binderservicedomain appdomain : fd { use };
allow netmgrd netmgrd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow runas adbd : process { sigchld };
type_transition init uncrypt_exec : process uncrypt;
allow google_camera_app mediaserver_service : service_manager { find };
allow init_radio shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
dontaudit su domain : binder { impersonate call set_context_mgr transfer };
allow servicemanager keystore : process { getattr };
allow debuggerd domain : process { sigkill sigstop signal };
allow drmserver drmserver_service : service_manager { add find };
allow dumpstate surfaceflinger : debuggerd { dump_backtrace };
allow init racoon : process { transition siginh rlimitinh };
dontaudit init racoon : process { noatsecure };
allow per_mgr rild : binder { call transfer };
allow vold fscklogs : dir { ioctl read write getattr lock add_name remove_name search open };
allow system_server update_engine : fifo_file { write };
allow zygote autoplay_app : file { ioctl read getattr lock open };
allowxperm shared_relro shared_relro : udp_socket ioctl { 0x5411 0x5451 };
allowxperm shared_relro shared_relro : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shared_relro shared_relro : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allowxperm shell shell : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm shell shell : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shell shell : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow shell shell : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow bootstat bootstat : lnk_file { ioctl read getattr lock open };
allow dumpstate inputflinger : process { signal };
allow bluetooth bluetooth : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow wpa wpa : fifo_file { ioctl read write getattr lock append open };
allow blkid_untrusted blkid_untrusted : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server ringtone_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow autoplay_app gpu_device : chr_file { ioctl read write getattr lock append open };
allow cnd cnd_socket : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow domain debugfs : dir { search };
allow untrusted_app untrusted_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow proc_uid_cputime_removeuid proc_uid_cputime_removeuid : filesystem { associate };
allow vold shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow keystore keystore : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow dumpstate batteryproperties_service : service_manager { find };
allow init property_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
type_transition vdc tmpfs : file vdc_tmpfs;
allow radio app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow clatd clatd : tun_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow debuggerd installd : process { ptrace getattr };
allow init bootanim_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init gps_control : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init persist_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sysinit shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_app media_router_service : service_manager { find };
allow fsck swap_block_device : blk_file { getattr };
allow lmkd autoplay_app : file { ioctl read write getattr lock open };
allow sdcardd sysfs : dir { ioctl read getattr lock search open };
allow priv_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init mdnsd_exec : file { read getattr execute open };
allowxperm themeservice_app themeservice_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm themeservice_app themeservice_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm themeservice_app themeservice_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow netd netd : capability { chown dac_override fowner kill setgid setuid net_admin net_raw sys_module };
dontaudit netd netd : capability { fsetid sys_module };
allow autoplay_app drmserver : binder { transfer };
allow init adbd_socket : blk_file { relabelto };
allow init netd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger window_service : service_manager { find };
allow servicemanager bootanim : binder { transfer };
allow tee tee_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow kernel su : fd { use };
allow init app_data_file : fifo_file { relabelto };
allow shared_relro sysfs : lnk_file { ioctl read getattr lock open };
type_transition system_server wifi_data_file : sock_file system_wpa_socket;
allow nfc app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow autoplay_app mediaserver : binder { transfer };
allow obdm_app proc : lnk_file { ioctl read getattr lock open };
allow slideshow kmsg_device : chr_file { ioctl read write getattr lock append open };
allow drmserver drmserver_exec : file { read getattr execute entrypoint open };
allow appdomain sysfs_soc : file { ioctl read getattr lock open };
allow keystore binderservicedomain : process { getattr };
allow init system_file : dir { mounton };
allow qmuxd init : process { sigchld };
dontaudit su file_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow mediacodec mediacodec_tmpfs : file { read write };
allow per_proxy per_proxy : fifo_file { ioctl read write getattr lock append open };
allow ssr_setup ssr_setup_exec : file { read getattr execute entrypoint open };
allow appdomain resourcecache_data_file : dir { ioctl read getattr lock search open };
allow shell tv_input_service : service_manager { find };
allow init rootfs : lnk_file { create unlink };
allow ppp ppp : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init shell_data_file : fifo_file { relabelto };
allow domain_deprecated dalvikcache_data_file : file { ioctl read getattr lock open };
allowxperm isolated_app isolated_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm isolated_app isolated_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm isolated_app isolated_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow init wallpaper_file : blk_file { relabelto };
allow su gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm su gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm su gpu_device : chr_file ioctl { 0x5411 0x5451 };
dontaudit sudaemon fs_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow fsck_untrusted fsck_untrusted : dir { ioctl read getattr lock search open };
allow init vold_data_file : blk_file { relabelto };
dontaudit su port_type : netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow postinstall_dexopt dalvikcache_data_file : file { ioctl read write create getattr setattr lock relabelto append unlink link rename open };
allow postinstall_dexopt su : binder { call transfer };
allow init efs_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ppp mtp : process { sigchld };
dontaudit sudaemon file_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow perfd perfd : lnk_file { ioctl read getattr lock open };
allow rmt rmt : file { ioctl read write getattr lock append open };
allow init proc_sysrq : file { read write setattr lock append open };
allow keystore wpa : binder { transfer };
allow system_app icon_file : file { ioctl read getattr lock open };
allow init nfc_tmpfs : blk_file { relabelto };
allow surfaceflinger adbd : binder { call transfer };
allow per_mgr per_mgr_service : service_manager { add };
allow slideshow slideshow : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow inputflinger su : binder { call transfer };
allow init vold_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate devpts : chr_file { ioctl read write getattr lock append open };
allow bluetooth app_api_service : service_manager { find };
allow surfaceflinger sysfs : dir { ioctl read getattr lock search open };
allow appdomain system_file : lnk_file { ioctl read getattr lock open };
allow system_server safemode_prop : property_service { set };
allow obdm_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm obdm_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm obdm_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow init adsprpcd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su dev_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow vold fuse : filesystem { relabelfrom };
allow dumpstate procstats_service : service_manager { find };
allow obdm_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init gpsd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init logcat_exec : process logd;
allow init mkfs_tmpfs : blk_file { relabelto };
allow init keystore_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init audioserver_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init logd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow location system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow vold healthd : binder { call transfer };
allow shell proc_net : file { ioctl read getattr lock open };
allow system_server system_radio_prop : property_service { set };
allow per_proxy per_proxy : lnk_file { ioctl read getattr lock open };
type_transition init mediadrmserver_exec : process mediadrmserver;
allow init adb_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow untrusted_app mediaserver_service : service_manager { find };
allow init thermal_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cppreopts_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow mediaserver sdcard_type : dir { ioctl read getattr lock search open };
allow shell launcherapps_service : service_manager { find };
allow init sysfs_camera : file { read setattr open };
allow blkid sysfs : file { ioctl read getattr lock open };
allow system_server asec_public_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init userinit_data_exec : blk_file { relabelto };
allow update_engine init : process { sigchld };
allow debuggerd system_server : process { ptrace getattr };
allow init lmkd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow rmt sysfs : dir { ioctl read getattr lock search open };
allow install_recovery install_recovery : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
type_transition cnd tmpfs : file cnd_tmpfs;
allow cameraserver cameraserver_exec : file { read getattr execute entrypoint open };
allow dumpstate tombstone_data_file : file { ioctl read getattr lock open };
allow init adb_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow tee sysfs : dir { ioctl read getattr lock search open };
type_transition init otapreopt_slot_exec : process otapreopt_slot;
allow system_server tombstone_data_file : dir { ioctl read getattr lock search open };
allow init shared_relro_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow platform_app platform_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dumpstate debugfs : file { ioctl read getattr lock open };
allow init recovery_refresh_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd powerctl_prop : file { ioctl read getattr lock open };
allow init themeservice_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app proc_net : lnk_file { ioctl read getattr lock open };
allow imscm imscm : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server system_server_tmpfs : file { read write };
allow zygote dalvikcache_data_file : file { ioctl read write create getattr setattr lock append unlink rename execute open };
allow adbd init : unix_stream_socket { connectto };
allow rild rild : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow vold rootfs : lnk_file { ioctl read getattr lock open };
allow init otapreopt_slot : process { transition siginh rlimitinh };
dontaudit init otapreopt_slot : process { noatsecure };
allow init rmt_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init location_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm shared_relro shared_relro : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm shared_relro shared_relro : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shared_relro shared_relro : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediadrmserver su : binder { call transfer };
allow drmserver mediaserver : file { read open };
allow cnd qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell nfc_service : service_manager { find };
allow debuggerd google_camera_app : process { ptrace getattr };
allow radio radio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow untrusted_app nfc_service : service_manager { find };
allow autoplay_app dalvikcache_data_file : file { ioctl read getattr lock execute open };
allow init resourcecache_data_file : chr_file { relabelto };
allow surfaceflinger display_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init bt_firmware_file : chr_file { relabelto };
allow su ion_device : chr_file { ioctl read write getattr lock append open };
allow dumpstate servicemanager : service_manager { list };
allow init otapreopt_slot_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver drmserver : unix_stream_socket { connectto };
allow domain_deprecated cgroup : dir { ioctl read getattr lock search open };
allow appdomain ringtone_file : file { read write getattr };
allow dumpstate media_router_service : service_manager { find };
type_transition init netd_exec : process netd;
allow bluetooth efs_file : dir { search };
allow init sysfs_usb : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app fingerprintd_service : service_manager { find };
allow init asec_public_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit ssr_setup ssr_setup : capability { sys_module };
allow sdcardd install_data_file : file { ioctl read getattr lock open };
allow audioserver bootanim : fd { use };
allow init mdnsd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow dnsmasq netd : fifo_file { read write };
allow cppreopts system_file : dir { read open };
allow audioserver audioserver : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow netd init : process { sigchld };
allow init init_power_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server system_server : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow dumpstate pinner_service : service_manager { find };
allow bluetooth property_socket : sock_file { write };
allow init cnss-daemon_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager audioserver : file { read open };
allow debuggerd mediaextractor : process { ptrace getattr };
allow postinstall postinstall : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init property_contexts : chr_file { relabelto };
allow thermal-engine thermal-engine_exec : file { read getattr execute entrypoint open };
allow time time : fifo_file { ioctl read write getattr lock append open };
allow init nfc_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow perfprofd perfprofd : fifo_file { ioctl read write getattr lock append open };
allow wcnss_filter property_socket : sock_file { write };
allow system_server system_server : capability { kill net_bind_service net_broadcast net_admin net_raw ipc_lock sys_boot sys_nice sys_resource sys_time sys_tty_config };
dontaudit system_server system_server : capability { sys_module sys_ptrace };
allow system_server net_radio_prop : property_service { set };
allow fsck_untrusted fsck_untrusted : fifo_file { ioctl read write getattr lock append open };
allow system_app system_app : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow cnss-daemon cnss-daemon : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init nanohub_slpi_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow zygote proc_cpuinfo : file { mounton };
allow init radio_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init devpts : file { read setattr open };
allow init apk_private_tmp_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dumpstate vibrator_service : service_manager { find };
allow system_app sysfs : file { ioctl read getattr lock open };
allow init camera_device : chr_file { read setattr open };
allow vold dm_device : blk_file { ioctl read write getattr lock append open };
allow adbd adbd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow healthd system_prop : property_service { set };
allow preopt2cachename su : fd { use };
allow surfaceflinger surfaceflinger : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init bt_firmware_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init update_verifier_tmpfs : chr_file { relabelto };
allow profman installd : process { sigchld };
allow system_server radio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow tee system_data_file : dir { ioctl read getattr lock search open };
allow init netd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain zoneinfo_data_file : dir { ioctl read getattr lock search open };
type_transition init debuggerd_exec : process debuggerd;
allow init mnt_expand_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow surfaceflinger surfaceflinger : capability { sys_nice };
dontaudit surfaceflinger surfaceflinger : capability { sys_module };
allow appdomain surfaceflinger : binder { transfer };
allow init netmgrd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mediacodec : process { transition siginh rlimitinh };
dontaudit init mediacodec : process { noatsecure };
allow mediadrmserver mediadrmserver_tmpfs : file { read write };
allow racoon racoon : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm racoon racoon : udp_socket ioctl { 0x8914 0x8916 };
allow system_server system_server : dir { ioctl read getattr lock search open };
allow system_server keychain_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dumpstate dumpstate : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow sysinit init : process { sigchld };
allow servicemanager fingerprintd : dir { search };
allow debuggerd hci_attach : process { ptrace getattr };
allow init fingerprintd_data_file : chr_file { relabelto };
allow cameraserver camera : binder { transfer };
allow shell runas_exec : file { read getattr execute open };
allow bootanim bootanim : fd { use };
allow vold app_data_file : file { ioctl read write getattr lock append open };
allow mediaextractor servicemanager : binder { call transfer };
allow drmserver tee_device : chr_file { ioctl read write getattr lock append open };
allow system_app ramdump_data_file : dir { ioctl read getattr lock search open };
allow debuggerd cppreopts : process { ptrace getattr };
allow dhcp dhcp : fd { use };
allow init user_profile_data_file : blk_file { relabelto };
allow servicemanager surfaceflinger : process { getattr };
allow adbd adbd : fd { use };
allow init net_data_file : chr_file { relabelto };
allow init su_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su domain : key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow perfprofd perfprofd : fd { use };
allow shell cgroup : lnk_file { ioctl read getattr lock open };
allow runas priv_app : process { dyntransition };
allow init radio_data_file : chr_file { relabelto };
allow system_app system_app_service : service_manager { find };
allow racoon keystore : binder { call transfer };
allow binderservicedomain keystore_service : service_manager { find };
allow per_proxy per_proxy : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager drmserver : process { getattr };
dontaudit sudaemon domain : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow hci_attach hci_attach_tmpfs : file { read write };
allow servicemanager init_foreground : binder { transfer };
allow nfc mediaserver_service : service_manager { find };
allow radio radio : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow netd netdomain : fd { use };
allow init keystore_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow location location : netlink_route_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow servicemanager vold : process { getattr };
allow system_server system_server : lnk_file { ioctl read getattr lock open };
allow system_server appdomain : process { sigkill signal getsched setsched };
allow init lmkd_tmpfs : chr_file { relabelto };
allow init time_tmpfs : chr_file { relabelto };
allow perfprofd toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow rild system_file : file { getattr execute execute_no_trans };
allow installd apk_data_file : file { ioctl read write create getattr setattr lock relabelfrom append unlink link rename open };
allow init dhcp_data_file : blk_file { relabelto };
allow atfwd sysfs_type : lnk_file { ioctl read getattr lock open };
dontaudit su domain : debuggerd { dump_tombstone dump_backtrace };
allow init recovery_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server preloads_data_file : dir { ioctl read write getattr lock remove_name search rmdir open };
allow system_server pstorefs : dir { ioctl read getattr lock search open };
allow init video_device : chr_file { read setattr open };
allow netmgrd net_radio_prop : file { ioctl read getattr lock open };
allow init asec_image_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init wcnss_filter_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mdnsd mdnsd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow healthd healthd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init imscm_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app clipboard_service : service_manager { find };
allow shell proc : file { ioctl read getattr lock open };
allow shell cm_livelockscreen_service : service_manager { find };
allow shell shell : file { ioctl read write getattr lock append open };
allow zygote sysfs : dir { ioctl read getattr lock search open };
allow init init_power_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init method_trace_data_file : chr_file { relabelto };
allow logd sysfs : dir { ioctl read getattr lock search open };
allow netd netd_service : service_manager { add };
allow zygote idmap_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init cnss_diag : process { transition siginh rlimitinh };
dontaudit init cnss_diag : process { noatsecure };
dontaudit sudaemon domain : netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow init hci_attach_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app content_service : service_manager { find };
allow su app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow inputflinger inputflinger : lnk_file { ioctl read getattr lock open };
allow init irsc_util_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app meminfo_service : service_manager { find };
allow system_app cm_themes_service : service_manager { find };
allow shell rootfs : dir { ioctl read getattr lock search open };
allow servicemanager per_proxy : binder { transfer };
allow system_server mediadrmserver : udp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow init user_profile_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init sysfs_msm_subsys_restart : dir { read setattr search open };
allow mediaserver drmserver_socket : sock_file { write };
allow init mediaserver_tmpfs : blk_file { relabelto };
allow init properties_serial : file { write relabelto };
allow bluetooth bluetooth : lnk_file { ioctl read getattr lock open };
dontaudit priv_app priv_app : capability { sys_module };
allow init init_foreground : process { transition siginh rlimitinh };
dontaudit init init_foreground : process { noatsecure };
allow init shell : process { transition siginh rlimitinh };
dontaudit init shell : process { noatsecure };
allow dumpstate uimode_service : service_manager { find };
allow fingerprintd fingerprintd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init init_foreground_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init rild_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init dalvikcache_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow cnss-daemon sysfs_pcie : file { write };
allow zygote method_trace_data_file : dir { write lock add_name remove_name search open };
allow init persist_display_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cpuctl_device : dir { create mounton };
allow init debugfs_msm_core : file { read setattr open };
allow init root_block_device : chr_file { read setattr open };
dontaudit su domain : netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow debuggerd sysfs : dir { ioctl read getattr lock search open };
allow init sudaemon_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow sysinit sysinit : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow racoon tun_device : chr_file { ioctl read getattr lock open };
allow shell cm_hardware_service : service_manager { find };
allow priv_app anr_data_file : file { ioctl read getattr lock open };
allow vdc vold : unix_stream_socket { connectto };
dontaudit tzdatacheck tzdatacheck : capability { sys_module };
allow init ueventd : process { transition siginh rlimitinh };
dontaudit init ueventd : process { noatsecure };
allow dumpstate wallpaper_service : service_manager { find };
allow cnss_diag su : fd { use };
dontaudit su file_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
dontaudit su port_type : tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind attach_queue };
allow postinstall_dexopt postinstall_dexopt : fd { use };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : dir { ioctl read getattr lock search open };
allow platform_app platform_app : dir { ioctl read getattr lock search open };
type_transition init preloads_copy_exec : process preloads_copy;
allow mediaextractor sysfs : file { ioctl read getattr lock open };
allow init tombstone_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain su : process { sigchld };
allow clatd netd : unix_stream_socket { read write };
dontaudit su unlabeled : filesystem { mount remount unmount getattr relabelfrom relabelto transition associate quotamod quotaget };
allow cnd cnd : fifo_file { ioctl read write getattr lock append open };
allow system_server keychain_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init logdw_socket : blk_file { relabelto };
dontaudit sudaemon port_type : netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow bluetooth bluetooth_efs_file : dir { ioctl read getattr lock search open };
allow fsck_untrusted vold : fd { use };
allow system_server net_radio_prop : file { ioctl read getattr lock open };
allow init mdnsd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init toolbox_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild rild_exec : file { read getattr execute entrypoint open };
allow mediaextractor appdomain : fd { use };
allow audioserver appops_service : service_manager { find };
allow logd su : fd { use };
allow cnd sysfs_type : file { ioctl read getattr lock open };
allow appdomain devpts : chr_file { ioctl read write getattr };
allow debuggerd servicemanager : process { ptrace getattr };
allow kernel asec_image_file : file { read };
allow dumpstate su : fd { use };
allow init system_block_device : chr_file { read setattr open };
allow platform_app cameraserver_service : service_manager { find };
allow dumpstate sysfs_usb : file { write lock append open };
allow postinstall_dexopt user_profile_data_file : file { ioctl read getattr lock open };
allow init vdc_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init init_radio_tmpfs : chr_file { relabelto };
allow init mediaserver_exec : file { read getattr execute open };
allow init storage_stub_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger diag_device : chr_file { ioctl read write getattr lock append open };
allow perfprofd app_data_file : file { ioctl read getattr lock open };
allow system_server wifi_log_prop : property_service { set };
allow zygote init : process { sigchld };
allow servicemanager healthd : dir { search };
allow themeservice_app themeservice_app : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow idmap idmap : lnk_file { ioctl read getattr lock open };
allow autoplay_app dalvikcache_data_file : dir { getattr };
allow init init_power_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mdnsd su : fd { use };
dontaudit sudaemon port_type : unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow shell system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow init netmgrd_exec : file { read getattr execute open };
allow init zoneinfo_data_file : chr_file { relabelto };
type_transition ims tmpfs : file ims_tmpfs;
allow drmserver oemfs : dir { search };
allow system_server logd : unix_stream_socket { connectto };
allow postinstall postinstall : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init fs_type : filesystem { mount remount unmount getattr relabelfrom transition associate quotamod quotaget };
allow thermal-engine thermal-engine : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow install_recovery install_recovery_exec : file { read getattr execute entrypoint open };
allow init asec_public_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init mediacodec_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow gpsd gps_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow perfd cgroup : file { ioctl read getattr lock open };
allow bluetooth sysfs_bluetooth_writable : file { ioctl read write getattr lock append open };
allow init update_engine_tmpfs : blk_file { relabelto };
allow inputflinger inputflinger : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow radio app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow radio radio_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow mdnsd proc_net : dir { ioctl read getattr lock search open };
dontaudit sudaemon domain : key_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow vold unlabeled : dir { ioctl read getattr setattr lock relabelfrom search open };
allow bluetooth su : fd { use };
allow domain proc : lnk_file { read getattr };
allow priv_app mediacodec_service : service_manager { find };
allow kernel selinuxfs : dir { ioctl read getattr lock search open };
allow init nanoapp_cmd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow domain sysfs_usb : lnk_file { ioctl read getattr lock open };
allow system_server device_logging_prop : file { ioctl read getattr lock open };
allow keystore fingerprintd : file { read open };
allow init cnd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain sysfs_usb : file { ioctl read getattr lock open };
allow system_server vold : fd { use };
allow init_radio radio_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init rild_tmpfs : chr_file { relabelto };
allow system_server tty_device : chr_file { ioctl read write getattr lock append open };
dontaudit su domain : netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow drmserver efs_file : file { ioctl read getattr lock open };
allow google_camera_app nfc_service : service_manager { find };
allow init perfd_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow bootanim audioserver : binder { call transfer };
dontaudit dumpstate firmware_file : dir { search };
allow init rild_debug_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition logd tmpfs : file logd_tmpfs;
type_transition cppreopts tmpfs : file cppreopts_tmpfs;
allow shell dropbox_service : service_manager { find };
allowxperm isolated_app isolated_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm isolated_app isolated_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm isolated_app isolated_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow nfc nfc_prop : file { ioctl read getattr lock open };
allow kernel usbfs : filesystem { mount };
allow init ramdump_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sysinit init : unix_stream_socket { connectto };
allow wcnss_filter wcnss_filter : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init recovery_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init bt_firmware_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init sysinit_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow location location : fd { use };
allow clatd sysfs : file { ioctl read getattr lock open };
allow dnsmasq dnsmasq : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init userdata_block_device : chr_file { read setattr open };
type_transition port-bridge tmpfs : file port-bridge_tmpfs;
allow init autoplay_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall_dexopt postinstall_dexopt : capability { chown dac_override fowner setgid setuid };
dontaudit postinstall_dexopt postinstall_dexopt : capability { sys_module };
allow shell task_service : service_manager { find };
allow appdomain selinuxfs : file { ioctl read write getattr lock append open };
allow nfc tun_device : chr_file { ioctl read write getattr append };
allow init gps_device : chr_file { read setattr open };
allow domain zoneinfo_data_file : file { ioctl read getattr lock open };
allow netd netd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow logd proc_net : file { ioctl read getattr lock open };
allow update_engine update_engine : capability { dac_override dac_read_search fowner sys_admin };
dontaudit update_engine update_engine : capability { sys_module };
dontaudit sudaemon domain : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow debuggerd debuggerd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow toolbox toolbox : file { ioctl read write getattr lock append open };
allow appdomain dumpstate : unix_stream_socket { read write getattr getopt shutdown };
allow thermal-engine sysfs_type : file { ioctl read getattr lock open };
allow otapreopt_chroot otapreopt_chroot : fifo_file { ioctl read write getattr lock append open };
allow init recovery_persist : process { transition siginh rlimitinh };
dontaudit init recovery_persist : process { noatsecure };
allow init system_server_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow time time : dir { ioctl read getattr lock search open };
allowxperm su su : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm su su : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm su su : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow su su : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow audioserver rild : fd { use };
allow system_app logpersistd_logging_prop : property_service { set };
allow binderservicedomain dumpstate : fifo_file { write getattr };
allow mtp mtp : fd { use };
allow system_server fingerprintd : binder { call transfer };
dontaudit priv_app firmware_file : dir { search };
allow init system_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow racoon sysfs : file { ioctl read getattr lock open };
allow servicemanager audioserver : dir { search };
allow system_app tv_input_service : service_manager { find };
allow init security_file : blk_file { relabelto };
dontaudit sudaemon dev_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allowxperm shell shell : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm shell shell : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shell shell : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow shell shell : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init custom_ab_block_device : chr_file { read setattr open };
allow zygote debugfs_trace_marker : file { getattr };
allow healthd healthd : capability { dac_override dac_read_search net_admin sys_boot sys_tty_config };
dontaudit healthd healthd : capability { sys_module };
allow init_radio init_radio_exec : file { read getattr execute entrypoint open };
type_transition init wpa_exec : process wpa;
allow adsprpcd adsprpcd : dir { ioctl read getattr lock search open };
type_transition priv_app tmpfs : file priv_app_tmpfs;
allow init cnd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mdnsd mdnsd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow imscm imscm_exec : file { read getattr execute entrypoint open };
allow init pstorefs : file { ioctl read getattr setattr lock open };
allow sdcardd sdcardd : capability { dac_override setgid setuid sys_admin sys_resource };
dontaudit sdcardd sdcardd : capability { sys_module };
allow init ringtone_file : chr_file { relabelto };
allow system_server location_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow camera input_device : dir { ioctl read getattr lock search open };
allow perfprofd perfprofd : capability2 { block_suspend };
allow dumpstate imms_service : service_manager { find };
allow init audioserver : process { transition siginh rlimitinh };
dontaudit init audioserver : process { noatsecure };
allow system_server cache_recovery_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow kernel rootfs : lnk_file { ioctl read getattr lock open };
allow init shared_relro_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app lock_settings_service : service_manager { find };
allow init proc_kernel_sched : dir { read setattr search open };
allow debuggerd otapreopt_chroot : process { ptrace getattr };
allow adbd system_file : dir { ioctl read getattr lock search open };
allow init property_contexts : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow appdomain dalvikcache_data_file : file { ioctl read getattr lock execute open };
allow init nativetest_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow netdomain fwmarkd_socket : sock_file { write };
allow rild qmuxd : unix_stream_socket { connectto };
allow init hci_attach_tmpfs : chr_file { relabelto };
allow bluetooth bluetooth_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init drmserver_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow obdm_app proc : dir { ioctl read getattr lock search open };
allow mediaserver autoplay_app : fd { use };
dontaudit sudaemon port_type : netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow sudaemon app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain shortcut_manager_icons : file { read getattr };
allow dumpstate wifi_service : service_manager { find };
allow uncrypt powerctl_prop : file { ioctl read getattr lock open };
allow mediaserver binderservicedomain : fd { use };
allow surfaceflinger autoplay_app : lnk_file { ioctl read getattr lock open };
dontaudit sudaemon domain : netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow servicemanager mediaextractor : process { getattr };
allow autoplay_app autoplay_app : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow runas shell : fd { use };
allow init init_mid_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app serial_service : service_manager { find };
allow audioserver binderservicedomain : fd { use };
allow clatd clatd : lnk_file { ioctl read getattr lock open };
allow init sap_uim_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su port_type : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
dontaudit qti-testscripts qti-testscripts : capability { sys_module };
allow shell country_detector_service : service_manager { find };
allow nfc surfaceflinger_service : service_manager { find };
allow init surfaceflinger_tmpfs : chr_file { relabelto };
allow postinstall postinstall : fifo_file { ioctl read write getattr lock append open };
allow init_power sysfs_type : lnk_file { ioctl read getattr lock open };
allow platform_app sysfs : dir { ioctl read getattr lock search open };
allow servicemanager install_recovery : binder { transfer };
allow dumpstate shell_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate hardware_service : service_manager { find };
allow cppreopts cppreopts_tmpfs : file { read write };
allow shell shell : lnk_file { ioctl read getattr lock open };
allow uncrypt app_data_file : dir { ioctl read getattr lock search open };
allow priv_app shell_data_file : dir { ioctl read getattr lock search open };
allow dumpstate default_android_service : service_manager { find };
allow init logdw_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init init_radio_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init perfd_data_file : chr_file { relabelto };
allow bootanim bootanim : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow keystore racoon : process { getattr };
allow init xbl_block_device : chr_file { read setattr open };
allow dumpstate cm_profile_service : service_manager { find };
allow init zygote_socket : chr_file { relabelto };
allow init_power sysfs : file { ioctl read write getattr lock relabelfrom append open };
allow system_server racoon_socket : sock_file { write };
allow radio radio : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow perfd sysfs_type : lnk_file { ioctl read getattr lock open };
allow atfwd atfwd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow servicemanager dhcp : binder { transfer };
allow init debuggerd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app autoplay_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init icon_file : chr_file { relabelto };
type_transition system_app tmpfs : file system_app_tmpfs;
allow otapreopt_slot dalvikcache_data_file : dir { read write getattr add_name remove_name search rmdir open };
allow domain coredump_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow priv_app exec_type : file { read getattr open };
allow init wifi_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init mdnsd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell updatelock_service : service_manager { find };
allow vdc vdc : lnk_file { ioctl read getattr lock open };
allow mediacodec mediacodec : fd { use };
allow init rild_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell zygote_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init_power init_power : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow preopt2cachename cppreopts : fd { use };
allow atrace init : unix_stream_socket { connectto };
allow installd app_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow wcnss_filter wc_prop : file { ioctl read getattr lock open };
allow system_server cache_backup_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow wpa system_server : unix_dgram_socket { sendto };
allow wpa su : fd { use };
allow servicemanager kernel : security { compute_av };
allow dumpstate bluetooth_manager_service : service_manager { find };
allow init system_wpa_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager appdomain : process { getattr };
allow recovery_refresh recovery_refresh : dir { ioctl read getattr lock search open };
allow healthd ashmem_device : chr_file { execute };
allow system_app sysfs_zram : dir { search };
allow camera sysfs_camera : file { ioctl read write getattr lock append open };
allow init installd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init sg_device : chr_file { read setattr open };
allow init camera_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow domain_deprecated cache_file : lnk_file { ioctl read getattr lock open };
allow perfd sysfs_power_management : file { write };
dontaudit nanohub_slpi nanohub_slpi : capability { sys_module };
allow init mdns_socket : chr_file { relabelto };
allow init contextmount_type : file { ioctl read getattr lock open };
allow gpsd su : binder { call transfer };
allow init ringtone_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition tee tmpfs : file tee_tmpfs;
allow port-bridge at_device : chr_file { ioctl read write getattr lock append open };
allow init servicemanager : process { transition siginh rlimitinh };
dontaudit init servicemanager : process { noatsecure };
allow lmkd lmkd : fifo_file { ioctl read write getattr lock append open };
allow init mediaextractor_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain binderservicedomain : fd { use };
allow installd security_file : file { ioctl read getattr lock open };
allow rild gps_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager surfaceflinger : file { read open };
allow file_type rootfs : filesystem { associate };
allow init atfwd : process { transition siginh rlimitinh };
dontaudit init atfwd : process { noatsecure };
allowxperm domain domain : netlink_tcpdiag_socket ioctl { 0x0 };
allow init qmuxd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall postinstall_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow rild alarm_device : chr_file { ioctl read write getattr lock append open };
allow platform_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm platform_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm platform_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow update_engine_common postinstall_mnt_dir : dir { mounton };
allow tzdatacheck tzdatacheck : dir { ioctl read getattr lock search open };
allow mediaserver batterystats_service : service_manager { find };
allow shared_relro su : binder { call transfer };
allow platform_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow thermal-engine sysfs_msm_subsys : file { write };
allow installd themeservice_app_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow priv_app su : fd { use };
allow init bt_firmware_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow binderservicedomain dumpstate : fd { use };
allow keystore priv_app : dir { search };
allow mediaserver mediacodec_service : service_manager { find };
allow autoplay_app assetatlas_service : service_manager { find };
allow dumpstate content_service : service_manager { find };
allow init installd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init camera_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild radio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition init zygote_exec : process zygote;
allow servicemanager camera : dir { search };
allow init ims_tmpfs : blk_file { relabelto };
allow camera cameraserver : binder { call transfer };
allow init mnt_expand_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager camera : process { getattr };
allow mtp su : binder { call transfer };
allow dumpstate print_service : service_manager { find };
dontaudit su port_type : netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow cnd system_prop : file { ioctl read getattr lock open };
allow appdomain cgroup : file { ioctl read write getattr lock append open };
allow autoplay_app connectivity_service : service_manager { find };
type_transition init installd_exec : process installd;
allow init dumpstate_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow blkid blkid : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow rmt init : process { sigchld };
allow init system_data_file : chr_file { relabelto };
dontaudit sudaemon domain : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow runas sudaemon : process { dyntransition };
allow slideshow init : process { sigchld };
allow profman oemfs : file { read };
allowxperm sudaemon sudaemon : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm sudaemon sudaemon : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm sudaemon sudaemon : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow sudaemon sudaemon : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server healthd : binder { transfer };
allow system_server mediaserver : debuggerd { dump_backtrace };
allow init-qcom-qseecomd-sh toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init dhcp_tmpfs : chr_file { relabelto };
allow sudaemon sudaemon : dir { ioctl read getattr lock search open };
allow shell ctl_bugreport_prop : file { ioctl read getattr lock open };
allow init bootanim : process { transition siginh rlimitinh };
dontaudit init bootanim : process { noatsecure };
allow clatd clatd : dir { ioctl read getattr lock search open };
allow dnsmasq sysfs : lnk_file { ioctl read getattr lock open };
allow system_app sysfs_zram : file { ioctl read getattr lock open };
allow fsck devpts : chr_file { ioctl read write getattr };
allow racoon racoon : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow drmserver radio_data_file : file { read getattr };
allow vold toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow dumpstate dumpstate_tmpfs : file { read write execute };
allow init bluetooth_socket : blk_file { relabelto };
allow dex2oat dex2oat : fifo_file { ioctl read write getattr lock append open };
allow system_server kernel : security { compute_av };
allow obdm_app obdm_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow cppreopts cppreopts : file { ioctl read write getattr lock append open };
allow audioserver proc : dir { ioctl read getattr lock search open };
allow audioserver sysfs_soc : file { ioctl read getattr lock open };
allow init irqbalance_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow domain logdw_socket : sock_file { write };
allow rmt uio_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager selinuxfs : file { ioctl read write getattr lock append open };
allow dumpstate appdomain : process { signal };
allow per_mgr per_mgr : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_app log_tag_prop : file { ioctl read getattr lock open };
allow profman profman : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init perfd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netd dns_listener_service : service_manager { find };
allow init_power init_power_exec : file { read getattr execute entrypoint open };
allow servicemanager fsck_untrusted : binder { transfer };
allow init_power shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init bootanim_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init uncrypt_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init apk_private_tmp_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow racoon su : binder { call transfer };
allow vold vold_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow nfc media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow irqbalance sysfs_devices_system_cpu : file { ioctl read write getattr lock append open };
allow init install_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow gpsd gps_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow vold sgdisk : process { transition siginh rlimitinh };
dontaudit vold sgdisk : process { noatsecure };
allow kernel kernel : fd { use };
allow irqbalance irqbalance : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow postinstall update_engine_common : fifo_file { ioctl read write getattr lock append open };
allow shell cameraproxy_service : service_manager { find };
allow blkid_untrusted blkid_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_server ctl_bugreport_prop : file { ioctl read getattr lock open };
dontaudit su domain : tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind attach_queue };
allow profman su : fd { use };
allow cameraserver cameraserver : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init_radio toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init system_wpa_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon domain : peer { recv };
allow shell shell_exec : file { ioctl read getattr lock execute execute_no_trans entrypoint open };
allow servicemanager preloads_copy : binder { transfer };
allow init random_device : chr_file { read setattr open };
allow shell vr_manager_service : service_manager { find };
allow rmt sysfs_rmtfs : lnk_file { ioctl read getattr lock open };
allow init misc_user_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app wifi_service : service_manager { find };
allow servicemanager camera : file { read open };
allow init untrusted_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow servicemanager time : binder { transfer };
allow init platform_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init zygote_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dumpstate sysfs : dir { ioctl read getattr lock search open };
allow system_app adbsecure_prop : file { ioctl read getattr lock open };
allow init app_fuse_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_uio : file { read setattr open };
allow wpa wpa : lnk_file { ioctl read getattr lock open };
allow slideshow su : fd { use };
allow bootanim init : process { sigchld };
allow update_engine_common postinstall_file : file { ioctl read getattr lock execute execute_no_trans open };
dontaudit su domain : fd { use };
allow dhcp dhcp : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init bt_firmware_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd ims : process { ptrace getattr };
allow dhcp dhcp_prop : file { ioctl read getattr lock open };
allow drmserver autoplay_app : binder { call transfer };
allow recovery su : fd { use };
allow untrusted_app system_app_data_file : file { read write getattr };
allow nfc sysfs : lnk_file { ioctl read getattr lock open };
allow init themeservice_app_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm domain domain : netlink_xfrm_socket ioctl { 0x0 };
allow shell wifip2p_service : service_manager { find };
allow healthd graphics_device : dir { ioctl read getattr lock search open };
allow init asec_apk_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow irsc_util irsc_util_exec : file { read getattr execute entrypoint open };
allow dex2oat ota_data_file : file { ioctl read write create getattr setattr lock append open };
allow init update_engine_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mnt_expand_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cppreopts_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init toolbox_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init fsck_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow binderservicedomain keystore : keystore_key { get_state get insert delete exist list sign verify };
type_transition init servicemanager_exec : process servicemanager;
allow per_mgr system_server : fd { use };
allow system_server system_app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init wallpaper_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init storage_file : blk_file { relabelto };
allow vold kernel : process { setsched };
allow appdomain logd : unix_stream_socket { connectto };
allow vold sysfs : lnk_file { ioctl read getattr lock open };
allow dumpstate sysfs : file { ioctl read write getattr lock append open };
allow blkid_untrusted blkid_untrusted : file { ioctl read write getattr lock append open };
allow init unlabeled : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init per_proxy_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell su : binder { call transfer };
allow init system_server_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow postinstall persist_file : dir { getattr };
dontaudit sudaemon appops_service : service_manager { add find list };
allow system_server netd : unix_stream_socket { connectto };
allow per_proxy su : fd { use };
allow init mdns_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate dumpstate : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow obdm_app app_api_service : service_manager { find };
allow postinstall otapreopt_chroot_exec : file { read getattr execute open };
allow mediadrmserver cgroup : dir { ioctl read write getattr lock search open };
allow init su_tmpfs : chr_file { relabelto };
allow init ueventd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init obdm_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init socket_device : dir { relabelto };
allow init qmuxd_socket : chr_file { relabelto };
dontaudit su service_manager_type : service_manager { add find list };
allow init_foreground init_foreground : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow cameraserver appdomain : binder { call transfer };
allow subsystem_ramdump sysfs_type : lnk_file { ioctl read getattr lock open };
allow sdcardd fuse_device : chr_file { ioctl read write getattr lock append open };
allow init diag_device : chr_file { read setattr open };
allow netdomain port_type : udp_socket { name_bind };
allow installd nfc_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init per_mgr_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netmgrd qmuxd : unix_stream_socket { connectto };
allow init camera_data_file : chr_file { relabelto };
allow update_engine_common postinstall_file : filesystem { mount unmount relabelfrom relabelto };
allow init system_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto mounton add_name remove_name search rmdir open };
type_transition update_verifier tmpfs : file update_verifier_tmpfs;
allow ueventd su : fd { use };
allow cameraserver input_device : dir { ioctl read getattr lock search open };
allow inputflinger inputflinger : fifo_file { ioctl read write getattr lock append open };
allow surfaceflinger system_prop : property_service { set };
allow domain proc_cpuinfo : file { ioctl read getattr lock open };
allow init tzdatacheck_tmpfs : blk_file { relabelto };
allow init ims_socket : blk_file { relabelto };
allow themeservice_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate persistent_data_block_service : service_manager { find };
allow audioserver sdcard_type : file { ioctl read getattr lock open };
allow init adb_keys_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init dhcp_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init init_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init method_trace_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ppp ppp : dir { ioctl read getattr lock search open };
allow init wallpaper_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ppp ppp : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow debuggerd idmap : process { ptrace getattr };
allow vold init : process { sigchld };
allow lmkd lmkd : capability { dac_override kill ipc_lock sys_nice sys_resource };
dontaudit lmkd lmkd : capability { sys_module };
allow profman apk_data_file : file { read };
allow init adsprpcd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app recovery_service : service_manager { find };
allow shell meminfo_service : service_manager { find };
allow surfaceflinger surfaceflinger : file { ioctl read write getattr lock append open };
allow mediacodec su : fd { use };
allow init mkfs_exec : file { read getattr execute open };
allow system_server wifi_log_prop : file { ioctl read getattr lock open };
allow system_server tombstone_data_file : file { ioctl read getattr lock open };
allow init persist_property_file : chr_file { relabelto };
allow servicemanager mediadrmserver : process { getattr };
allow system_server inputflinger : binder { transfer };
allow init ota_package_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger display_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init sysinit_tmpfs : blk_file { relabelto };
allow appdomain tmpfs : dir { ioctl read getattr lock search open };
allow dumpstate notification_service : service_manager { find };
allow init shell_data_file : chr_file { relabelto };
allow binderservicedomain keystore : fd { use };
allow init keystore_tmpfs : chr_file { relabelto };
allow init uncrypt : process { transition siginh rlimitinh };
dontaudit init uncrypt : process { noatsecure };
allow init cache_backup_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell permission_service : service_manager { find };
allow dex2oat postinstall_file : dir { getattr search };
allow init sysfs_lowmemorykiller : dir { read setattr search open };
allow cameraserver property_socket : sock_file { write };
allow domain sysfs_devices_system_cpu : dir { ioctl read getattr lock search open };
allow platform_app radio_service : service_manager { find };
allow dumpstate updatelock_service : service_manager { find };
allow init irqbalance_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow zygote dex2oat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow fsck_untrusted su : fd { use };
allow atfwd sysfs_type : dir { ioctl read getattr lock search open };
dontaudit sudaemon port_type : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow init zoneinfo_data_file : blk_file { relabelto };
allow postinstall_dexopt postinstall_dexopt : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow autoplay_app su : binder { call transfer };
allow themeservice_app su : binder { call transfer };
allow recovery_refresh recovery_refresh : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow zygote zygote : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init htc_ramdump_tmpfs : chr_file { relabelto };
allow init shared_relro_file : chr_file { relabelto };
allow per_mgr per_proxy : fd { use };
allow mtp ppp_exec : file { read getattr execute open };
allow init wpa_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init installd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow otapreopt_slot ota_data_file : dir { ioctl read write getattr lock rename add_name remove_name reparent search rmdir open };
allow adbd apk_data_file : lnk_file { ioctl read getattr lock open };
allow init fsck_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow gatekeeperd sysfs : dir { ioctl read getattr lock search open };
allow netd netd : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init mediaserver_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager profman : binder { transfer };
allow postinstall postinstall_file : filesystem { remount };
allow init vold_socket : sock_file { read write create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd postinstall_dexopt : process { ptrace getattr };
allow port-bridge sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
type_transition init audioserver_exec : process audioserver;
allow system_server appdomain : fd { use };
allow keystore selinuxfs : file { ioctl read write getattr lock append open };
allow system_app otadexopt_service : service_manager { find };
allow surfaceflinger binderservicedomain : file { ioctl read getattr lock open };
dontaudit sudaemon port_type : netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
allow uncrypt uncrypt : fd { use };
allow init fscklogs : file { ioctl read write create getattr setattr lock append unlink rename open };
allow sysinit toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init sysfs_usb : chr_file { relabelto };
allow init proc_uid_cputime_removeuid : file { read setattr open };
allow clatd sysfs : dir { ioctl read getattr lock search open };
allow init bootchart_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow oemfs oemfs : filesystem { associate };
allow system_app sysfs : dir { ioctl read getattr lock search open };
allow system_app vr_manager_service : service_manager { find };
allow shell profman_dump_data_file : file { getattr unlink };
allow debuggerd vold : process { ptrace getattr };
allow wcnss_filter wcnss_filter : fifo_file { ioctl read write getattr lock append open };
allow nfc media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init security_file : file { ioctl read getattr lock relabelto open };
allow init logdw_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app user_service : service_manager { find };
allow dumpstate webviewupdate_service : service_manager { find };
allow bootanim audio_device : dir { ioctl read getattr lock search open };
allow system_app keystore : fd { use };
dontaudit sudaemon domain : netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
dontaudit su domain : netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow autoplay_app surfaceflinger : fd { use };
allow irqbalance irqbalance : file { ioctl read write getattr lock append open };
allow mtp mtp : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : fifo_file { ioctl read write getattr lock append open };
allow obdm_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell shell_data_file : file { ioctl read write create getattr setattr lock append unlink rename execute execute_no_trans open };
allow init gpsd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su port_type : netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
dontaudit su dev_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow audioserver init : process { sigchld };
allow installd resourcecache_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init full_device : chr_file { read setattr open };
allow system_app launcherapps_service : service_manager { find };
allow nanoapp_cmd nanoapp_cmd : fd { use };
allow htc_ramdump htc_ramdump : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow installd bluetooth_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow inotify inotify : filesystem { associate };
allow rild netmgrd : unix_stream_socket { connectto };
allow domain system_data_file : dir { getattr search };
allow init-qcom-qseecomd-sh su : binder { call transfer };
allow init themeservice_app_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm mediadrmserver mediadrmserver : udp_socket ioctl { 0x5411 0x5451 };
allowxperm mediadrmserver mediadrmserver : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediadrmserver mediadrmserver : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediadrmserver mediadrmserver : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow recovery_refresh pstorefs : file { ioctl read getattr lock open };
allow debuggerd netmgrd : process { ptrace getattr };
allow dumpstate batterystats_service : service_manager { find };
allow init sysfs_usb : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell log_prop : file { ioctl read getattr lock open };
allow init hci_attach : process { transition siginh rlimitinh };
dontaudit init hci_attach : process { noatsecure };
allow sgdisk sgdisk : dir { ioctl read getattr lock search open };
allow init sysinit_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd system_ndebug_socket : sock_file { write };
allow mediacodec mediacodec : lnk_file { ioctl read getattr lock open };
allowxperm google_camera_app google_camera_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm google_camera_app google_camera_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm google_camera_app google_camera_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow vold proc_net : dir { ioctl read getattr lock search open };
allow nanohub_slpi su : binder { call transfer };
dontaudit system_app system_app : capability { sys_module };
dontaudit sudaemon port_type : unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom };
allow init storage_file : chr_file { relabelto };
allow system_app cameraserver_service : service_manager { find };
allow init ringtone_file : blk_file { relabelto };
allow gatekeeperd su : binder { call transfer };
allow init cnss_diag_tmpfs : chr_file { relabelto };
allow servicemanager dumpstate : binder { transfer };
allow servicemanager fingerprintd : binder { transfer };
dontaudit sudaemon domain : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow ims ims : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm ims ims : udp_socket ioctl { 0x89fd };
allow netd netd : file { ioctl read write getattr lock append open };
allow installd profman_dump_data_file : file { write create setattr open };
allow system_server cache_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate dumpstate_prop : file { ioctl read getattr lock open };
allow init time_data_file : chr_file { relabelto };
allow init storage_stub_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow installd system_data_file : sock_file { getattr relabelfrom unlink };
allow nfc nfc : file { ioctl read write getattr lock append open };
allow sysfs_bluetooth_writable sysfs_bluetooth_writable : filesystem { associate };
allow domain ashmem_device : chr_file { ioctl read write getattr lock append open };
allowxperm nfc nfc : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm nfc nfc : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm nfc nfc : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow nfc nfc : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow bluetooth bluetooth : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init sysfs_hwrandom : file { read setattr open };
allow bootanim proc_meminfo : file { ioctl read getattr lock open };
allow adbd su : process { dyntransition };
allow init backup_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server per_mgr : fd { use };
allow wpa wpa : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm wpa wpa : packet_socket ioctl { 0x8927 0x8933 };
allow racoon su : fd { use };
allow system_server cgroup : dir { remove_name rmdir };
allow port-bridge port-bridge_exec : file { read getattr execute entrypoint open };
allow init zygote_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow binderservicedomain audioserver : binder { transfer };
allow mediacodec perfd_data_file : sock_file { write };
allow dumpstate system_data_file : file { ioctl read getattr lock open };
allow init gatekeeper_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init ota_data_file : chr_file { relabelto };
allow subsystem_ramdump init : process { sigchld };
allow camera ion_device : chr_file { ioctl read write getattr lock append open };
allow hostapd sysfs_type : lnk_file { ioctl read getattr lock open };
allow healthd proc_sysrq : file { ioctl read write getattr lock append open };
allow slideshow slideshow : lnk_file { ioctl read getattr lock open };
allow init system_server_tmpfs : chr_file { relabelto };
allow init nfc_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow appdomain cgroup : dir { write search };
allow debuggerd shared_relro_file : dir { ioctl read getattr lock search open };
allow init media_rw_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit sudaemon domain : unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow servicemanager racoon : binder { transfer };
allow dumpstate system_app_service : service_manager { find };
allow init boottrace_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediadrmserver appdomain : binder { call transfer };
allow init socket_device : chr_file { read setattr open };
allow init superuser_device : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init cnss_diag_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow qti-testscripts qti-testscripts : dir { ioctl read getattr lock search open };
allow clatd netd : udp_socket { read write };
allow dnsmasq dnsmasq : fd { use };
allow init adb_keys_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow sysfs_rmtfs sysfs_rmtfs : filesystem { associate };
allow sudaemon su : fd { use };
allow init init : lnk_file { ioctl read getattr lock open };
allow appdomain logd_socket : sock_file { write };
allow blkid_untrusted sysfs : lnk_file { ioctl read getattr lock open };
allow init_mid hw_sku_prop : property_service { set };
allow priv_app update_engine : fd { use };
dontaudit mm-pp-daemon mm-pp-daemon : capability { sys_module };
allow drmserver drmserver : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow adsprpcd adsprpcd : lnk_file { ioctl read getattr lock open };
allow mediadrmserver tee : unix_stream_socket { connectto };
allow dumpstate domain : process { getattr };
allow per_mgr per_mgr : fd { use };
allow untrusted_app perfprofd_data_file : dir { ioctl read getattr lock search open };
allow domain cache_block_device : blk_file { getattr };
allow dumpstate diskstats_service : service_manager { find };
allow init zoneinfo_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager mediaserver : dir { search };
allow nfc keystore_service : service_manager { find };
allow init ramdump_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init wcnss_filter_exec : process wcnss_filter;
allow init mm-pp-daemon_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow runas bluetooth : process { dyntransition };
allow init audioserver_tmpfs : blk_file { relabelto };
allow ims qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow time su : fd { use };
allow init kernel : process { sigchld setsched };
allow init autoplay_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app fingerprint_service : service_manager { find };
dontaudit location location : capability { sys_module };
allow location location : capability { setgid setuid net_admin net_raw };
auditallow location location : capability { net_admin net_raw };
allow tee tee : fd { use };
allow mediacodec mediacodec : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init bluetooth_data_file : chr_file { relabelto };
allow init vold_socket : blk_file { relabelto };
allow ueventd sysfs : lnk_file { ioctl read getattr lock open };
allow init location_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init proc_bluetooth_writable : dir { read setattr search open };
dontaudit google_camera_app google_camera_app : capability { sys_module };
allow system_server livedisplay_sysfs : file { ioctl read write getattr lock append open };
allow dhcp netd : netlink_nflog_socket { read write };
allow autoplay_app zygote_tmpfs : file { read };
allow init rild_debug_socket : chr_file { relabelto };
allow sysinit sysfs_devices_system_cpu : file { write };
allow mediadrmserver perfd_data_file : sock_file { write };
allow init shell_data_file : lnk_file { relabelto };
dontaudit su fs_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow themeservice_app themeservice_app : fd { use };
allow installd oemfs : dir { ioctl read getattr lock search open };
allow servicemanager location : binder { transfer };
allow preopt2cachename preopt2cachename : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allowxperm google_camera_app google_camera_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm google_camera_app google_camera_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm google_camera_app google_camera_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow servicemanager inputflinger : file { read open };
allow kernel init : process { transition share siginh rlimitinh };
dontaudit kernel init : process { noatsecure };
allow init shortcut_manager_icons : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow vold vold_device : blk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init cgroup : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
allow blkid_untrusted vold : fd { use };
allow platform_app audioserver_service : service_manager { find };
allow sysinit sysinit_tmpfs : file { read write };
allow slideshow graphics_device : chr_file { ioctl read write getattr lock append open };
allow bootanim surfaceflinger_service : service_manager { find };
allow preloads_copy system_file : dir { ioctl read getattr lock search open };
allow tee sysfs : lnk_file { ioctl read getattr lock open };
type_transition init fingerprintd_exec : process fingerprintd;
allow shell cm_livedisplay_service : service_manager { find };
allow dumpstate vdc_exec : file { read getattr execute open };
allow irsc_util irsc_util : lnk_file { ioctl read getattr lock open };
allow sysinit property_socket : sock_file { write };
allow appdomain zygote : fd { use };
allow hci_attach hci_attach : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init sysfs_thermal : dir { read setattr search open };
allow su su : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow netd netd : lnk_file { ioctl read getattr lock open };
allow init debugfs_sps : file { read write setattr lock append open };
allow init time_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow atfwd su : binder { call transfer };
dontaudit su port_type : netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
allow vdc vdc_exec : file { read getattr execute entrypoint open };
allow init thermal-engine : process { transition siginh rlimitinh };
dontaudit init thermal-engine : process { noatsecure };
allow ims ims_tmpfs : file { read write };
allow bluetooth proc_bluetooth_writable : file { ioctl read write getattr lock append open };
allow bootanim audio_device : chr_file { ioctl read write getattr lock append open };
dontaudit mdnsd mdnsd : capability { sys_module };
allow adbd adbd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
type_transition init mdnsd_exec : process mdnsd;
allow init lmkd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow radio radio : fd { use };
allow servicemanager audioserver : process { getattr };
allow update_engine update_engine_tmpfs : file { read write };
allow uncrypt powerctl_prop : property_service { set };
allow slideshow sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow init update_engine_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow thermal-engine init : process { sigchld };
allow clatd netd : netlink_nflog_socket { read write };
allow init anr_data_file : chr_file { relabelto };
dontaudit su domain : sem { create destroy getattr setattr read write associate unix_read unix_write };
dontaudit su node_type : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow mdnsd mdnsd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow slideshow input_device : chr_file { ioctl read getattr lock open };
allow appdomain system_data_file : dir { ioctl read getattr lock search open };
allow vold sysfs_zram_uevent : file { ioctl read write getattr lock append open };
allow init init_radio : process { transition siginh rlimitinh };
dontaudit init init_radio : process { noatsecure };
allow init systemkeys_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow location sensorservice_service : service_manager { find };
allow tee fingerprintd_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init mediacodec_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init cache_backup_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow su su : fd { use };
allow perfprofd sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow init unencrypted_data_file : blk_file { relabelto };
allow init adb_keys_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver media_rw_data_file : lnk_file { ioctl read getattr lock open };
dontaudit shell shell : capability { sys_module };
allow system_server adbtcp_prop : property_service { set };
allow irqbalance irqbalance_exec : file { read getattr execute entrypoint open };
allow imscm imscm : file { ioctl read write getattr lock append open };
allow installd selinuxfs : file { ioctl read write getattr lock append open };
allow adbd autoplay_app : unix_stream_socket { connectto };
allow rild radio_device : chr_file { ioctl read write getattr lock append open };
allow init preloads_data_file : chr_file { relabelto };
allow init preloads_copy_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow boot_control_hal modem_block_device : blk_file { getattr };
allow uncrypt uncrypt : dir { ioctl read getattr lock search open };
dontaudit audioserver audioserver : capability { sys_module };
allow sysinit userinit_data_exec : file { ioctl read getattr lock relabelto open };
type_transition init atrace_exec : process atrace;
allow init subsystem_ramdump_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm untrusted_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm untrusted_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow recovery_persist pstorefs : dir { search };
dontaudit update_engine kernel : system { module_request };
allow rild sysfs_type : lnk_file { ioctl read getattr lock open };
allow update_engine app_data_file : dir { search };
allow themeservice_app notification_service : service_manager { find };
allow toolbox sysfs : file { ioctl read getattr lock open };
allow init zero_device : chr_file { read setattr open };
allow installd installd : dir { ioctl read getattr lock search open };
allow init atrace_tmpfs : blk_file { relabelto };
allow htc_ramdump htc_ramdump_tmpfs : file { read write };
allow init apk_tmp_file : blk_file { relabelto };
allow servicemanager sysinit : binder { transfer };
allow init_power proc_kernel_sched : file { write lock append open };
type_transition per_proxy tmpfs : file per_proxy_tmpfs;
allow mediaserver appdomain : fifo_file { read write getattr };
allow platform_app shell_data_file : file { read getattr open };
allow exfat exfat : filesystem { associate };
allow install_recovery install_recovery : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init bluetooth_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init misc_user_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow lmkd su : binder { call transfer };
allow sysfs_hwrandom sysfs_hwrandom : filesystem { associate };
allow slideshow slideshow : fd { use };
allow radio radio_tmpfs : file { read write execute };
allow subsystem_ramdump property_socket : sock_file { write };
allow init time : process { transition siginh rlimitinh };
dontaudit init time : process { noatsecure };
allow bootanim bootanim : lnk_file { ioctl read getattr lock open };
allow time time_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow dumpstate textservices_service : service_manager { find };
allow install_recovery sysfs : lnk_file { ioctl read getattr lock open };
allow cnd cnd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow location location_exec : file { ioctl read getattr lock execute execute_no_trans entrypoint open };
allow vold system_data_file : dir { ioctl read write create getattr setattr lock mounton add_name remove_name search rmdir open };
allow system_server adbsecure_prop : file { ioctl read getattr lock open };
allow mtp mtp : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init ramdump_block_device : chr_file { read setattr open };
allow init sysfs_uio : dir { read setattr search open };
allow sysfs_msm_core sysfs_msm_core : filesystem { associate };
allow netd sysfs : file { ioctl read write getattr lock open };
allow healthd init : process { sigchld };
dontaudit sudaemon sudaemon : memprotect { mmap_zero };
dontaudit time time : capability { sys_module };
allow time time : capability { setgid setuid sys_time };
allow init usbaccessory_device : chr_file { read setattr open };
allow system_app system_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow cameraserver sysfs_type : file { ioctl read getattr lock open };
allow vold metadata_block_device : blk_file { ioctl read write getattr lock append open };
allow radio net_radio_prop : file { ioctl read getattr lock open };
allow logd logd : netlink_audit_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_write };
allow system_app cm_profile_service : service_manager { find };
allow surfaceflinger surfaceflinger : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init shared_relro_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow sysfs_uio sysfs_uio : filesystem { associate };
allow logd logd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow perfprofd perfprofd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow domain owntty_device : chr_file { ioctl read write getattr lock append open };
allow recovery_persist recovery_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init dalvikcache_data_file : chr_file { relabelto };
allow perfd perfd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow runas runas : fifo_file { ioctl read write getattr lock append open };
allow runas google_camera_app : process { dyntransition };
allow init mnt_user_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app user_service : service_manager { find };
allow themeservice_app cm_themes_service : dir { search };
allow otapreopt_chroot otapreopt_chroot : lnk_file { ioctl read getattr lock open };
allow wpa sysfs_type : file { ioctl read getattr lock open };
type_transition init tmpfs : file init_tmpfs;
allow init tmpfs : file { read setattr unlink open };
allow system_app log_tag_prop : property_service { set };
allow netmgrd sysfs_type : dir { ioctl read getattr lock search open };
allow shell media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init rmt_tmpfs : blk_file { relabelto };
allow init irqbalance_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init ramdump_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init apk_private_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger appdomain : file { ioctl read getattr lock open };
allow system_server fingerprintd_data_file : dir { ioctl read write getattr lock relabelto remove_name search rmdir open };
dontaudit vdc vdc : capability { sys_module };
allow bootstat bootstat_exec : file { read getattr execute entrypoint open };
allow init mkfs_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init method_trace_data_file : blk_file { relabelto };
allow racoon racoon : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow zygote rootfs : file { ioctl read getattr lock open };
allow dex2oat ota_data_file : dir { ioctl read write getattr lock add_name search open };
allow init hci_attach_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow appdomain appdomain : fifo_file { ioctl read write getattr lock append open };
allow debuggerd time : process { ptrace getattr };
allow mediadrmserver media_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init unlabeled : chr_file { relabelto };
allow idmap installd : process { sigchld };
allow wcnss_filter wcnss_filter_tmpfs : file { read write };
allow tzdatacheck sysfs : file { ioctl read getattr lock open };
allow domain_deprecated security_file : file { getattr };
allow system_server fscklogs : dir { ioctl read write getattr lock remove_name search open };
allow init mqueue : file { read setattr open };
allow dumpstate mediaserver : process { signal };
allow init install_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow clatd sysfs : lnk_file { ioctl read getattr lock open };
dontaudit radio radio : capability { sys_module };
allow rmt sysfs_rmtfs : dir { ioctl read getattr lock search open };
allow init init-qcom-qseecomd-sh_tmpfs : chr_file { relabelto };
allow debuggerd fsck : process { ptrace getattr };
allow init sysfs_devices_system_iosched : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init isolated_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow blkid dm_device : blk_file { ioctl read getattr lock open };
allow init mediacodec_exec : file { read getattr execute open };
allow cnd cnd : capability { chown fsetid setgid setuid net_bind_service };
dontaudit cnd cnd : capability { sys_module };
allow uncrypt uncrypt : lnk_file { ioctl read getattr lock open };
allow init proc_net : file { read write setattr lock append open };
allow system_server sysfs_lowmemorykiller : file { write getattr lock append open };
allow sgdisk sgdisk : lnk_file { ioctl read getattr lock open };
allow appdomain appdomain : unix_stream_socket { read write getattr getopt shutdown };
allow init dalvikcache_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediadrmserver mediadrmserver_service : service_manager { add find };
allow servicemanager mediadrmserver : binder { transfer };
allow drmserver media_rw_data_file : lnk_file { ioctl read getattr lock open };
allow init userinit_data_exec : chr_file { relabelto };
allow mediaserver appops_service : service_manager { find };
allow untrusted_app untrusted_app_devpts : chr_file { ioctl read write getattr open };
allow mm-pp-daemon mm-pp-daemon_exec : file { read getattr execute entrypoint open };
allow system_server dhcp_prop : property_service { set };
allow init cache_backup_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit su port_type : appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
dontaudit su domain : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow zygote system_data_file : dir { ioctl read getattr lock search open };
allow dumpstate media_rw_data_file : dir { getattr };
allow installd shell_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow keystore binderservicedomain : file { read open };
allow init-qcom-qseecomd-sh su : fd { use };
allow servicemanager cppreopts : binder { transfer };
allow proc_cpuinfo proc_cpuinfo : filesystem { associate };
allow vold sdcardd_exec : file { read getattr execute open };
allow vdc sysfs : file { ioctl read getattr lock open };
allow ims shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_app cnd_socket : sock_file { write };
allow system_server debug_prop : property_service { set };
allow adbd system_file : lnk_file { ioctl read getattr lock open };
allow dex2oat dex2oat_exec : file { read getattr execute entrypoint open };
dontaudit sudaemon port_type : netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server mnt_expand_file : dir { ioctl read getattr lock search open };
allow debuggerd cameraserver : process { ptrace getattr };
allow init resourcecache_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow keystore obdm_app : process { getattr };
allow bluetooth bluetooth : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow mediacodec su : binder { call transfer };
allow thermal-engine thermal-engine : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow sudaemon app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init unencrypted_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager adbd : dir { search };
allow vdc vdc : fd { use };
allow debuggerd tombstone_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init metadata_block_device : blk_file { ioctl read write getattr lock append open };
allow ssr_setup ssr_setup : fd { use };
allow blkid vold : fd { use };
allow fsck_untrusted fsck_untrusted : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init shared_relro_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server vpn_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow mtp sysfs : file { ioctl read getattr lock open };
allow init isolated_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init irqbalance_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow netd ctl_mdnsd_prop : file { ioctl read getattr lock open };
allow inputflinger sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow ueventd sysfs_usb : file { write lock append open };
allow init_power sysfs_type : file { ioctl read getattr lock open };
allow gpsd sysfs_usb : file { write lock append open };
allow appdomain shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow installd system_data_file : fifo_file { getattr relabelfrom unlink };
allow bootanim audioserver_service : service_manager { find };
allow init mkfs_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager gatekeeperd : dir { search };
allow appdomain icon_file : file { read getattr };
allow domain init : fd { use };
allow dex2oat dalvikcache_data_file : file { write };
allow init dhcp : process { transition siginh rlimitinh };
dontaudit init dhcp : process { noatsecure };
allow radio system_radio_prop : file { ioctl read getattr lock open };
allow gpsd gps_device : chr_file { ioctl read write getattr lock append open };
allow fingerprintd fingerprintd_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init system_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell misc_logd_file : file { ioctl read getattr lock open };
allow drmserver drmserver : fifo_file { ioctl read write getattr lock append open };
allow system_app logd_prop : file { ioctl read getattr lock open };
allow logd kernel : system { syslog_read syslog_mod };
allow keystore tee_device : chr_file { ioctl read write getattr lock append open };
allow untrusted_app untrusted_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow cnd cnd : lnk_file { ioctl read getattr lock open };
allow lmkd sysfs_type : file { ioctl read getattr lock open };
allow untrusted_app su : fd { use };
allow init_mid hw_sku_prop : file { ioctl read getattr lock open };
allow netd netd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow sgdisk vold : fd { use };
allow system_app misc_user_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow rild sysfs_type : file { ioctl read getattr lock open };
allow tmpfs tmpfs : filesystem { associate };
allow init tee_tmpfs : blk_file { relabelto };
allow rild net_radio_prop : file { ioctl read getattr lock open };
allow servicemanager nanoapp_cmd : binder { transfer };
allow nfc nfc_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate netd : fd { use };
allow installd autoplay_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow init system_server_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cameraserver appdomain : fd { use };
allow isolated_app isolated_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow htc_ramdump block_device : dir { search };
type_transition init hci_attach_exec : process hci_attach;
allow init persist_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd logdr_socket : sock_file { write };
allow system_app bluetooth_manager_service : service_manager { find };
allow mediacodec perfd : unix_stream_socket { connectto };
allow mdnsd mdnsd : dir { ioctl read getattr lock search open };
allow autoplay_app system_server : tcp_socket { read write getattr getopt shutdown };
allow otapreopt_chroot update_engine : fifo_file { write };
allow domain_deprecated asec_public_file : file { ioctl read getattr lock open };
allow shell sysfs_batteryinfo : file { ioctl read getattr lock open };
allow system_server camera : binder { transfer };
allow init atrace_exec : file { read getattr execute open };
allow init cnd : process { transition siginh rlimitinh };
dontaudit init cnd : process { noatsecure };
allow servicemanager platform_app : binder { transfer };
allow servicemanager atfwd : dir { search };
allow init dhcp_exec : file { read getattr execute open };
allow init location_data_file : blk_file { relabelto };
allow ppp sysfs : dir { ioctl read getattr lock search open };
allow init update_verifier_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager bootanim : dir { search };
allow init icon_file : blk_file { relabelto };
allow dex2oat asec_apk_file : file { read };
allow init mnt_media_rw_stub_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init display_data_file : chr_file { relabelto };
allow gatekeeperd gatekeeper_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow cnd cnd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow appdomain dalvikcache_data_file : dir { getattr search };
allow sudaemon sudaemon : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init otapreopt_slot_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow gatekeeperd keystore_service : service_manager { find };
allow watchdogd watchdogd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
type_transition init-qcom-qseecomd-sh tmpfs : file init-qcom-qseecomd-sh_tmpfs;
type_transition atrace tmpfs : file atrace_tmpfs;
allow cppreopts cppreopts : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init_power init_power : file { ioctl read write getattr lock append open };
allow system_server nfc_service : service_manager { find };
allow debuggerd security_file : dir { ioctl read getattr lock search open };
allow rmt su : binder { call transfer };
allow ssr_setup init : process { sigchld };
allow init system_ndebug_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server device_logging_prop : property_service { set };
allow priv_app media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init audioserver_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init wcnss_filter_tmpfs : chr_file { relabelto };
allow init systemkeys_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mdnsd mdnsd : fifo_file { ioctl read write getattr lock append open };
allow system_server qmuxd : unix_stream_socket { connectto };
allow init camera_data_file : blk_file { relabelto };
allow preopt2cachename proc_net : file { ioctl read getattr lock open };
allow init profman_dump_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init perfd_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init vdc_tmpfs : chr_file { relabelto };
allow init coredump_file : chr_file { relabelto };
allow init vold_data_file : lnk_file { relabelto };
allow init wcnss_filter_tmpfs : blk_file { relabelto };
allow wpa sysfs_type : lnk_file { ioctl read getattr lock open };
allow init contextmount_type : filesystem { relabelto };
allow init adbd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init cnss-daemon_tmpfs : blk_file { relabelto };
allow servicemanager healthd : file { read open };
allow debuggerd wcnss_filter : process { ptrace getattr };
allow tzdatacheck tzdatacheck : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow rmt su : fd { use };
allow install_recovery boot_block_device : blk_file { ioctl read getattr lock open };
allow dumpstate drmserver : process { signal };
allow untrusted_app mediacodec_service : service_manager { find };
allow kernel init_exec : file { read getattr relabelto execute open };
allow system_server inputflinger : debuggerd { dump_backtrace };
type_transition cnss_diag tmpfs : file cnss_diag_tmpfs;
allow shell bluetooth_service : service_manager { find };
allow bluetooth keystore : binder { call transfer };
allow mkfs mkfs_tmpfs : file { read write };
allow init_radio init_radio : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dnsmasq dnsmasq : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd keychain_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow cnss-daemon cnss-daemon : file { ioctl read write getattr lock append open };
allow init install_recovery_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow postinstall_dexopt tmpfs : file { read };
allow profman profman_dump_data_file : file { write };
allow debuggerd init_mid : process { ptrace getattr };
type_transition rmt tmpfs : file rmt_tmpfs;
allow mediadrmserver mediadrmserver : file { ioctl read write getattr lock append open };
allow ppp su : fd { use };
allow domain block_device : dir { getattr search };
allow init shell_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow wcnss_filter init : unix_stream_socket { connectto };
allow servicemanager sdcardd : binder { transfer };
allow system_server servicemanager : binder { call transfer };
allow init nanohub_slpi_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init_mid_tmpfs : chr_file { relabelto };
allow init display_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain zygote : fifo_file { write };
allow system_server perfd_data_file : sock_file { write };
allow zygote proc_net : dir { ioctl read getattr lock search open };
allow gpsd gpsd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow themeservice_app cm_status_bar_service : service_manager { find };
allow vold sdcard_posix : filesystem { relabelfrom relabelto };
allow platform_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow healthd sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow init sysfs : file { ioctl read getattr setattr lock relabelfrom open };
allow init mdnsd_tmpfs : chr_file { relabelto };
allow system_app system_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init system_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow per_mgr per_mgr : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow cnss_diag init : process { sigchld };
allow cameraserver servicemanager : binder { call transfer };
allow init fingerprintd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit sudaemon port_type : netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow profman profman : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dumpstate cm_themes_service : service_manager { find };
allow init vpn_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow drmserver system_server : fd { use };
allow runas sysfs : file { ioctl read getattr lock open };
allow uncrypt shell_data_file : dir { ioctl read getattr lock search open };
allow system_app power_service : service_manager { find };
type_transition init_power tmpfs : file init_power_tmpfs;
allow camera servicemanager : binder { call transfer };
allow init wifi_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow platform_app surfaceflinger_service : service_manager { find };
allow system_server sensors_device : chr_file { ioctl read write getattr lock append open };
allow system_server system_wpa_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow tee persist_file : lnk_file { ioctl read getattr lock open };
allow healthd pstorefs : dir { ioctl read getattr lock search open };
allow servicemanager location : process { getattr };
allow tee persist_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
dontaudit autoplay_app autoplay_app : capability { sys_module };
allow cppreopts su : fd { use };
allow system_server domain : file { ioctl read getattr lock open };
allow servicemanager postinstall : file { read open };
allow mediaextractor mediaextractor : fifo_file { ioctl read write getattr lock append open };
allow clatd clatd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow per_mgr firmware_file : file { ioctl read getattr lock open };
allow domain_deprecated apk_data_file : file { ioctl read getattr lock open };
allow netmgrd netmgrd : lnk_file { ioctl read getattr lock open };
allow uncrypt uncrypt : fifo_file { ioctl read write getattr lock append open };
allow shell shell_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init servicemanager_exec : file { read getattr execute open };
allow init netd_socket : blk_file { relabelto };
type_transition preloads_copy tmpfs : file preloads_copy_tmpfs;
allow perfd cameraserver : process { signull };
allow domain proc_net : dir { search };
allow debuggerd gatekeeperd : process { ptrace getattr };
allow init perfprofd_exec : file { read getattr execute open };
allow domain_deprecated asec_apk_file : dir { ioctl read getattr lock search open };
allow bluetooth media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow bluetooth sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow domain init : key { search };
allow init system_server_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow lmkd lmkd : fd { use };
allow healthd sysfs : lnk_file { ioctl read getattr lock open };
allow init rild_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd logd_socket : sock_file { write };
allow init_power sysfs_devices_system_cpu : dir { relabelto };
allow system_server qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init cache_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server mediacodec_service : service_manager { find };
allow init mediaextractor_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init ringtone_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow bluetooth uhid_device : chr_file { ioctl read write getattr lock append open };
allow racoon vpn_data_file : dir { write lock add_name remove_name search open };
allow installd shell_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
dontaudit su domain : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow radio sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow init_mid init_mid_exec : file { read getattr execute entrypoint open };
allow domain rootfs : dir { search };
allow init userinit_data_exec : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init wallpaper_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
type_transition time tmpfs : file time_tmpfs;
allow domain rootfs : lnk_file { read getattr };
allow system_app samplingprofiler_service : service_manager { find };
allow init superuser_device : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app keystore_service : service_manager { find };
allow ims cnd_socket : sock_file { write };
dontaudit servicemanager servicemanager : capability { sys_module };
dontaudit init_power init_power : capability { sys_module };
allow system_app debug_prop : property_service { set };
allow hostapd hostapd : lnk_file { ioctl read getattr lock open };
allow system_server system_server : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_server system_server : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow gpsd system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow debuggerd debuggerd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow google_camera_app google_camera_app : fd { use };
allow shm shm : filesystem { associate };
allow nfc gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm nfc gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm nfc gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow priv_app vold : fd { use };
allow system_server mtpd_socket : sock_file { write };
allow nfc ion_device : chr_file { ioctl read write getattr lock append open };
allow zygote zygote_exec : file { ioctl read getattr lock execute execute_no_trans entrypoint open };
allow init efs_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow update_verifier update_verifier : fifo_file { ioctl read write getattr lock append open };
allow profman profman : fd { use };
allow wpa wpa_exec : file { read getattr execute entrypoint open };
allow domain sysfs : dir { search };
allow untrusted_app cameraserver_service : service_manager { find };
type_transition debuggerd tmpfs : file debuggerd_tmpfs;
allow adbd zygote_exec : file { ioctl read getattr lock open };
allow rild radio_device : blk_file { ioctl read getattr lock open };
allow ppp ppp : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow shell app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow tzdatacheck tzdatacheck : lnk_file { ioctl read getattr lock open };
allow init persist_display_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init_mid init_mid : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
dontaudit obdm_app obdm_app : capability { sys_module };
allow init coredump_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow servicemanager atfwd : file { read open };
allow init radio_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cppreopts dalvikcache_data_file : dir { write add_name remove_name search };
allow init debugfs : dir { read getattr setattr relabelfrom search open };
allow init display_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server system_server : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow installd sysfs : file { ioctl read getattr lock open };
allow su su : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow servicemanager kernel : binder { transfer };
allow su keystore : fd { use };
allow cameraserver camera : unix_dgram_socket { sendto };
dontaudit sudaemon domain : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow netd system_wpa_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow installd asec_image_file : dir { search };
allow init audio_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server ctl_default_prop : property_service { set };
type_transition wpa tmpfs : file wpa_tmpfs;
type_transition themeservice_app tmpfs : file themeservice_app_tmpfs;
allow kernel media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init sysfs_zram : dir { read setattr search open };
allow vdc sysfs : dir { ioctl read getattr lock search open };
allow init adbd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition untrusted_app tmpfs : file untrusted_app_tmpfs;
allow system_app mediaserver_service : service_manager { find };
allow rild servicemanager : binder { call transfer };
allow runas sysfs : lnk_file { ioctl read getattr lock open };
allow init bootanim_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init : fifo_file { ioctl read write getattr lock append open };
allow installd nfc_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
type_transition init cnss_diag_exec : process cnss_diag;
allow init nanohub_slpi_exec : file { read getattr execute open };
allow debuggerd domain : file { ioctl read getattr lock open };
allow init update_engine_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init tzdatacheck_tmpfs : chr_file { relabelto };
allow drmserver drm_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow keystore platform_app : dir { search };
allow shell proc : filesystem { getattr };
allow init wifi_data_file : chr_file { relabelto };
allow init coredump_file : blk_file { relabelto };
allow rild time : unix_stream_socket { connectto };
allow init racoon_socket : blk_file { relabelto };
allow priv_app priv_app_devpts : chr_file { ioctl read write getattr open };
allow ueventd ueventd : fifo_file { ioctl read write getattr lock append open };
allow init misc_user_data_file : chr_file { relabelto };
allow firmware_file firmware_file : filesystem { associate };
allow surfaceflinger appdomain : dir { ioctl read getattr lock search open };
allow recovery_refresh recovery_refresh : lnk_file { ioctl read getattr lock open };
allow platform_app cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
auditallow platform_app cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow per_proxy servicemanager : binder { call transfer };
allow init port-bridge_tmpfs : blk_file { relabelto };
allow system_app atfwd_service : service_manager { add find };
allow shell statusbar_service : service_manager { find };
allow bluetooth bluetooth : tun_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init proc_net : dir { read setattr search open };
allow init rmt_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server qtaguid_proc : file { ioctl read write getattr lock append open };
allow init netmgrd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cache_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init ssr_setup_tmpfs : blk_file { relabelto };
allow radio app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit su port_type : netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow dex2oat unlabeled : file { read };
allow sudaemon sudaemon : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow cnss-daemon cnss-daemon : lnk_file { ioctl read getattr lock open };
allow dhcp netd : fifo_file { ioctl read write getattr lock append open };
allow init port-bridge_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow binderservicedomain appdomain : binder { transfer };
allow init preloads_copy_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init nfc_data_file : blk_file { relabelto };
allow init bootstat_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain vfat : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell debug_prop : property_service { set };
allow debuggerd lmkd : process { ptrace getattr };
allow nanohub_slpi nanohub_slpi : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init_power toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init_mid mid_prop : file { ioctl read getattr lock open };
allow init mnt_media_rw_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server proc_sysrq : file { ioctl read write getattr lock append open };
allow hostapd sysfs : dir { ioctl read getattr lock search open };
allow system_app netstats_service : service_manager { find };
allow mediadrmserver mediadrmserver : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow surfaceflinger tee_device : chr_file { ioctl read write getattr lock append open };
allow shell activity_service : service_manager { find };
allow inputflinger inputflinger : capability2 { block_suspend };
allow hostapd sysfs : file { ioctl read getattr lock open };
allow shell surfaceflinger : binder { transfer };
allow init debuggerd_tmpfs : chr_file { relabelto };
allow imscm imscm : lnk_file { ioctl read getattr lock open };
allow shell drmserver_service : service_manager { find };
allow system_server netmgrd : unix_stream_socket { connectto };
allow system_server tun_device : chr_file { ioctl read write getattr lock append open };
allow system_server configfs : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition dumpstate tmpfs : file dumpstate_tmpfs;
allow init logd_exec : file { read getattr execute open };
allow domain_deprecated security_file : lnk_file { ioctl read getattr lock open };
allow binderservicedomain appdomain : fifo_file { write };
allow clatd clatd : file { ioctl read write getattr lock append open };
allow appdomain cameraserver : binder { transfer };
allow runas security_file : file { ioctl read getattr lock open };
allow init dhcp_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ueventd init : process { sigchld };
allow init cnss_diag_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow mkfs mkfs : fd { use };
allow shell wallpaper_service : service_manager { find };
dontaudit su port_type : packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init radio_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init-qcom-qseecomd-sh_tmpfs : blk_file { relabelto };
dontaudit su port_type : netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow dhcp init : unix_stream_socket { connectto };
allow init proc_irq : file { read setattr open };
allow logd system_data_file : file { ioctl read getattr lock open };
allow nfc nfc : fd { use };
dontaudit recovery_refresh recovery_refresh : capability { sys_module };
allow init bootchart_data_file : chr_file { relabelto };
allow system_app connmetrics_service : service_manager { find };
allow system_server proc_uid_cputime_showstat : file { ioctl read getattr lock open };
allow uncrypt storage_stub_file : dir { ioctl read getattr lock search open };
allow init themeservice_app_data_file : blk_file { relabelto };
allow init property_data_file : chr_file { relabelto };
allow debugfs_trace_marker debugfs_trace_marker : filesystem { associate };
allow platform_app shell_data_file : dir { search };
allow runas radio : process { dyntransition };
allow mediaserver mediaserver : lnk_file { ioctl read getattr lock open };
allow rild efs_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow debuggerd logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow installd apk_tmp_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow init preloads_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain console_device : chr_file { read write };
allow init dumpstate_tmpfs : chr_file { relabelto };
allow init perfd_exec : file { read getattr execute open };
allow init efs_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init init_power_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server cameraserver : process { getsched setsched };
allow camera su : binder { call transfer };
allow system_server iio_device : chr_file { ioctl read write getattr lock append open };
allow init watchdog_device : chr_file { read setattr open };
allow gpsd gps_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow postinstall_dexopt su : fd { use };
allow dumpstate shortcut_service : service_manager { find };
allow init bootctrl_block_device : chr_file { read setattr open };
type_transition atfwd tmpfs : file atfwd_tmpfs;
allow system_app edge_gesture_service : service_manager { find };
allow blkid blkid_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init_radio su : fd { use };
allow installd misc_user_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow dhcp sysfs : file { ioctl read getattr lock open };
allow untrusted_app preloads_data_file : file { ioctl read getattr lock open };
allow per_mgr ssr_device : chr_file { read open };
allow ims sysfs_type : dir { ioctl read getattr lock search open };
allow mediaserver media_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dumpstate debugfs_tracing : dir { ioctl read getattr lock search open };
allow init media_rw_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server cache_file : file { ioctl read write create getattr setattr lock relabelfrom append unlink rename open };
allow port-bridge sysfs_msm_subsys : file { ioctl read getattr lock open };
allow shell kernel : system { syslog_read };
allow system_server gps_socket : sock_file { write };
allow init security_file : lnk_file { ioctl read getattr lock relabelto open };
allow thermal-engine sysfs_type : dir { ioctl read getattr lock search open };
allow system_server system_data_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow dumpstate appwidget_service : service_manager { find };
allow init dev_type : lnk_file { create };
allow imscm sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
allow netmgrd netmgrd : netlink_xfrm_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init perfprofd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow atrace servicemanager : binder { call transfer };
allow servicemanager bootanim : file { read open };
allow init_mid init_mid : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow audioserver audio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition installd tmpfs : file installd_tmpfs;
allow init superuser_device : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow platform_app media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow untrusted_app su : binder { call transfer };
allow vold misc_block_device : blk_file { write lock append open };
allow shell property_socket : sock_file { write };
allow dumpstate search_service : service_manager { find };
allow debuggerd mtp : process { ptrace getattr };
allow keystore system_app : dir { search };
allow nfc nfc_tmpfs : file { read write execute };
dontaudit mediacodec mediacodec : capability { sys_module };
allow init sysfs_batteryinfo : file { read setattr open };
allow google_camera_app proc_meminfo : file { ioctl read getattr lock open };
allow time time : file { ioctl read write getattr lock append open };
allow nfc nfc : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow debuggerd htc_ramdump : process { ptrace getattr };
allow untrusted_app mediadrmserver_service : service_manager { find };
allow surfaceflinger sysfs : lnk_file { ioctl read getattr lock open };
allow vold storage_file : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
type_transition vold storage_file : dir storage_stub_file;
allow init thermal-engine_tmpfs : blk_file { relabelto };
allow priv_app sysfs_zram : file { ioctl read getattr lock open };
allow vold vold_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dumpstate cm_status_bar_service : service_manager { find };
allow system_server system_prop : file { ioctl read getattr lock open };
allow nfc su : fd { use };
allow init mnt_media_rw_file : chr_file { relabelto };
allow keystore untrusted_app : dir { search };
allow bluetooth pan_result_prop : property_service { set };
allow init obdm_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init per_proxy : process { transition siginh rlimitinh };
dontaudit init per_proxy : process { noatsecure };
allow keystore google_camera_app : process { getattr };
allow init camera_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init nanoapp_cmd : process { transition siginh rlimitinh };
dontaudit init nanoapp_cmd : process { noatsecure };
allow debugfs_type debugfs_tracing : filesystem { associate };
allow domain_deprecated proc_net : lnk_file { ioctl read getattr lock open };
allow system_server system_server : file { ioctl read write getattr lock append open };
allow dumpstate drmserver_service : service_manager { find };
allow servicemanager mkfs : binder { transfer };
allow init ramdump_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition cnd socket_device : fifo_file cnd_socket;
allow ims ims : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow hostapd wifi_data_file : file { ioctl read write getattr lock append open };
allow init racoon_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow adbd adbsecure_prop : property_service { set };
allow system_server systemkeys_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init uncrypt_tmpfs : blk_file { relabelto };
allow init diag_logs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold labeledfs : filesystem { mount remount unmount relabelfrom };
allow shell adbd : process { sigchld };
allow init efs_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow debuggerd debuggerd : capability { chown dac_override fowner kill setgid setuid sys_ptrace };
dontaudit debuggerd debuggerd : capability { sys_module };
allow dex2oat postinstall_file : file { read getattr execute entrypoint open };
allow dex2oat sysfs : dir { ioctl read getattr lock search open };
allow vold mnt_media_rw_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition vold mnt_media_rw_file : dir mnt_media_rw_stub_file;
allow system_app anr_data_file : dir { ioctl read write getattr lock add_name search open };
allow nfc nfc_device : chr_file { ioctl read write getattr lock append open };
allow init adsprpcd_tmpfs : chr_file { relabelto };
allow init bootstat_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell system_app_service : service_manager { find };
allow cnss-daemon su : binder { call transfer };
allow init drmserver_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init system_app_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init irsc_util_exec : process irsc_util;
allow mediaserver bluetooth_socket : sock_file { write };
dontaudit su fs_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow vold blkid_untrusted : process { transition siginh rlimitinh };
dontaudit vold blkid_untrusted : process { noatsecure };
allow otapreopt_slot su : fd { use };
allow system_server system_server : capability2 { block_suspend };
allow update_engine_common postinstall_file : lnk_file { ioctl read getattr lock open };
allow update_engine_common misc_block_device : blk_file { ioctl read write getattr lock append open };
allow keystore obdm_app : file { read open };
allow init recovery_data_file : chr_file { relabelto };
allow gpsd sysfs : file { ioctl read write getattr lock append open };
allow servicemanager su : binder { call transfer };
allow obdm_app obdm_app : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow shell ctl_bugreport_prop : property_service { set };
allow system_server themeservice_app_data_file : dir { ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open };
allow init_radio init_radio : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow netmgrd sysfs_type : file { ioctl read getattr lock open };
allow priv_app nfc_service : service_manager { find };
allow cameraserver binderservicedomain : binder { call transfer };
allow mediaextractor sysfs : dir { ioctl read getattr lock search open };
allow rild radio_prop : file { ioctl read getattr lock open };
allow mediaserver drmserver_service : service_manager { find };
allow mediaserver ringtone_file : file { read getattr };
allow qti-testscripts sysfs : dir { ioctl read getattr lock search open };
allow ppp su : binder { call transfer };
allow audioserver autoplay_app : binder { call transfer };
allow init radio_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain mnt_expand_file : dir { ioctl read getattr lock search open };
allow init system_ndebug_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app media_projection_service : service_manager { find };
allow nanoapp_cmd nanoapp_cmd : lnk_file { ioctl read getattr lock open };
allow servicemanager irsc_util : binder { transfer };
allow init fsck_exec : file { read getattr execute open };
allow init init-qcom-qseecomd-sh : process { transition siginh rlimitinh };
dontaudit init init-qcom-qseecomd-sh : process { noatsecure };
allow ueventd efs_file : dir { search };
allow shared_relro gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm shared_relro gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm shared_relro gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow init mtp_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow preloads_copy preloads_copy : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow irqbalance irqbalance : lnk_file { ioctl read getattr lock open };
allow init bluetooth_efs_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver video_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager sudaemon : binder { transfer };
allow system_server block_device : dir { search };
dontaudit rmt rmt : capability { sys_module };
allow rmt rmt : capability { setgid setuid setpcap net_bind_service sys_admin };
auditallow rmt rmt : capability { net_bind_service };
allow rild net_radio_prop : property_service { set };
auditallow rild net_radio_prop : property_service { set };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : fd { use };
allow system_app dreams_service : service_manager { find };
allow system_app network_time_update_service : service_manager { find };
allow init qmuxd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init media_rw_data_file : chr_file { relabelto };
allow profman profman : dir { ioctl read getattr lock search open };
allow appdomain kernel : security { compute_av check_context };
allow debuggerd selinuxfs : file { ioctl read write getattr lock append open };
allow zygote themeservice_app_data_file : file { ioctl read getattr lock open };
type_transition sysinit tmpfs : file sysinit_tmpfs;
allow init kmsg_device : chr_file { read setattr open };
allow init mediadrmserver_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow preloads_copy preloads_copy : dir { ioctl read getattr lock search open };
allow netmgrd netmgrd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow irsc_util irsc_util : dir { ioctl read getattr lock search open };
allow init platform_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server zoneinfo_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow uncrypt uncrypt : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init i2c_device : chr_file { read setattr open };
allow domain_deprecated system_file : file { ioctl read getattr lock open };
allow dumpstate country_detector_service : service_manager { find };
allow uncrypt media_rw_data_file : file { ioctl read getattr lock open };
allow per_proxy su : binder { call transfer };
allow dumpstate cm_weather_service : service_manager { find };
allow servicemanager perfprofd : binder { transfer };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh_tmpfs : file { read write };
allow init systemkeys_data_file : chr_file { relabelto };
allow radio su : fd { use };
allow system_app sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
allow ims qmuxd : unix_stream_socket { connectto };
allow servicemanager dumpstate : file { read open };
allow init drmserver_tmpfs : blk_file { relabelto };
allow shared_relro shared_relro : fifo_file { ioctl read write getattr lock append open };
allow proc_irq proc_irq : filesystem { associate };
allow rild bluetooth_efs_file : file { ioctl read getattr lock open };
allow camera init : process { sigchld };
allow init time_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cnd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd sysfs_msm_core : file { write lock append open };
allow system_server surfaceflinger : debuggerd { dump_backtrace };
allow nfc mediaextractor_service : service_manager { find };
allow servicemanager tzdatacheck : binder { transfer };
allow init lmkd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dumpstate meminfo_service : service_manager { find };
type_transition postinstall otapreopt_chroot_exec : process otapreopt_chroot;
allow tzdatacheck su : binder { call transfer };
allow init init_foreground_exec : file { read getattr execute open };
allow init gps_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow postinstall_dexopt dalvikcache_data_file : dir { ioctl read write getattr lock relabelto add_name remove_name search open };
allow adbd powerctl_prop : file { ioctl read getattr lock open };
allow adbd device_logging_prop : file { ioctl read getattr lock open };
allow init drmserver : process { transition siginh rlimitinh };
dontaudit init drmserver : process { noatsecure };
allow init apk_tmp_file : chr_file { relabelto };
allow shell ion_device : chr_file { ioctl read write getattr lock append open };
allow system_server kernel : system { syslog_read module_request };
allow init backup_data_file : chr_file { relabelto };
allow surfaceflinger video_device : dir { ioctl read getattr lock search open };
allow servicemanager cameraserver : file { read open };
allow init backup_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allowxperm nfc nfc : udp_socket ioctl { 0x5411 0x5451 };
allowxperm nfc nfc : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm nfc nfc : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow nfc nfc : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow audioserver appdomain : binder { call transfer };
allow dumpstate property_socket : sock_file { write };
allow init fscklogs : chr_file { read setattr open };
allow mediaserver autoplay_app : binder { call transfer };
allow init wcnss_filter_exec : file { read getattr execute open };
allow init sysfs_mac_address : dir { read setattr search open };
type_transition mkfs tmpfs : file mkfs_tmpfs;
allow update_engine kmsg_device : chr_file { write lock append open };
allow domain devpts : dir { search };
allow drmserver media_rw_data_file : dir { ioctl read getattr lock search open };
dontaudit sudaemon port_type : netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init persist_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init mediacodec_tmpfs : chr_file { relabelto };
allow system_server dhcp_data_file : dir { ioctl read getattr lock search open };
type_transition keystore tmpfs : file keystore_tmpfs;
allow init init_power_tmpfs : blk_file { relabelto };
allow servicemanager keystore : binder { transfer };
allow init livedisplay_sysfs : chr_file { relabelto };
allow dex2oat postinstall_dexopt : process { sigchld };
allow camera init : unix_stream_socket { connectto };
allow surfaceflinger su : fd { use };
allow init untrusted_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager su : fd { use };
allow fsck_untrusted su : binder { call transfer };
allow init userinit_data_exec : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init shared_relro_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager servicemanager : lnk_file { ioctl read getattr lock open };
allow init mnt_expand_file : blk_file { relabelto };
allow system_app ssr_prop : file { ioctl read getattr lock open };
allow servicemanager sysfs : file { ioctl read getattr lock open };
allow bluetooth bluetooth : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd installd_exec : file { read getattr execute entrypoint open };
type_transition installd system_data_file : file install_data_file;
allow installd system_data_file : file { getattr relabelfrom unlink };
allow init wifi_data_file : blk_file { relabelto };
allow profman profman : fifo_file { ioctl read write getattr lock append open };
allow init_radio firmware_file : dir { ioctl read getattr lock search open };
allow init system_app_tmpfs : blk_file { relabelto };
allow system_server fuse_device : chr_file { ioctl read write getattr };
allow bootanim cgroup : dir { ioctl read getattr lock search open };
allow sysfs_wake_lock sysfs_wake_lock : filesystem { associate };
allow domain sysfs : lnk_file { read };
allow dhcp dhcp : dir { ioctl read getattr lock search open };
allow init audioserver_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init ramdump_data_file : blk_file { relabelto };
allow servicemanager netd : dir { search };
allow init recovery_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow tee init : unix_stream_socket { connectto };
allow init keystore : process { transition siginh rlimitinh };
dontaudit init keystore : process { noatsecure };
allow init perfd_tmpfs : blk_file { relabelto };
allow init obdm_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow adsprpcd adsprpcd : fifo_file { ioctl read write getattr lock append open };
allow init netmgrd_tmpfs : chr_file { relabelto };
allow init audio_data_file : chr_file { relabelto };
allow cppreopts cppreopts : fifo_file { ioctl read write getattr lock append open };
allow system_app cm_iconcache_service : service_manager { find };
allow init mnt_media_rw_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init per_mgr_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell network_score_service : service_manager { find };
allow rmt rmt_exec : file { read getattr execute entrypoint open };
allow dnsmasq netd : netlink_kobject_uevent_socket { read write };
allow keystore su : binder { call transfer };
allow healthd sysfs_batteryinfo : file { ioctl read getattr lock open };
allow system_app mediadrmserver_service : service_manager { find };
allow ueventd efs_file : file { ioctl read getattr lock open };
allow init tzdatacheck_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init misc_user_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore keystore_tmpfs : file { read write };
allow mediadrmserver appdomain : fd { use };
allow init shell_data_file : sock_file { relabelto };
allow bootanim su : binder { call transfer };
allow ppp sysfs : file { ioctl read getattr lock open };
allow system_server fingerprint_prop : property_service { set };
type_transition init rmt_exec : process rmt;
type_transition init inputflinger_exec : process inputflinger;
allow otapreopt_slot otapreopt_slot : fd { use };
allow servicemanager drmserver : file { read open };
allow init_foreground init_foreground : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init dhcp_tmpfs : blk_file { relabelto };
allow fsck fsck : fifo_file { ioctl read write getattr lock append open };
allow init drmserver_tmpfs : chr_file { relabelto };
allow init mtp_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow bootanim bootanim : dir { ioctl read getattr lock search open };
allow servicemanager wcnss_filter : binder { transfer };
allow system_server sdcardd : debuggerd { dump_backtrace };
allow init bluetooth_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaextractor mediaextractor : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow dumpstate cm_livedisplay_service : service_manager { find };
allow hostapd sysfs_type : dir { ioctl read getattr lock search open };
allow init netmgrd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init recovery_refresh_tmpfs : chr_file { relabelto };
allow kernel selinuxfs : file { ioctl read write getattr lock open };
allow update_engine_common custom_ab_block_device : blk_file { ioctl read write getattr lock append open };
allow qmuxd qmuxd : fifo_file { ioctl read write getattr lock append open };
allow atfwd atfwd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow shell default_android_service : service_manager { find };
allow nfc nfc_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server shell_data_file : file { read write getattr };
allow dumpstate dumpstate : capability { chown dac_override fowner fsetid kill setgid setuid net_admin net_raw sys_ptrace sys_resource };
dontaudit dumpstate dumpstate : capability { sys_module };
type_transition installd profman_exec : process profman;
allow cgroup cgroup : filesystem { associate };
allow netd hostapd : unix_dgram_socket { sendto };
allow dumpstate user_profile_data_file : file { ioctl read getattr lock open };
allow su app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow perfprofd init : process { sigchld };
allow system_server mediadrmserver : debuggerd { dump_backtrace };
allow init configfs : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
allow gatekeeperd user_service : service_manager { find };
allow system_app surfaceflinger_service : service_manager { find };
allow ims ims : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
type_transition recovery_persist tmpfs : file recovery_persist_tmpfs;
allow init user_profile_foreign_dex_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init property_contexts : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain sysfs_soc : dir { search };
allow hostapd su : binder { call transfer };
allow init storage_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow time time : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow inputflinger inputflinger_tmpfs : file { read write };
allow boot_control_hal ssd_block_device : blk_file { getattr };
allow ims ims : dir { ioctl read getattr lock search open };
allow radio nfc_service : service_manager { find };
dontaudit su domain : netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow dex2oat dex2oat : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow domain_deprecated proc : file { ioctl read getattr lock open };
allow init sap_uim_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver sysfs : dir { ioctl read getattr lock search open };
allow dhcp property_socket : sock_file { write };
dontaudit sudaemon port_type : netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow vold tee_device : chr_file { ioctl read write getattr lock append open };
allowxperm untrusted_app untrusted_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm untrusted_app untrusted_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm untrusted_app untrusted_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow untrusted_app untrusted_app : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow ueventd sysfs_zram_uevent : file { write lock append open };
allowxperm domain domain : netlink_nflog_socket ioctl { 0x0 };
allow cnss-daemon init : process { sigchld };
allow bluetooth drmserver_service : service_manager { find };
allow init sysfs_devices_system_iosched : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init vold_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su file_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow nfc app_api_service : service_manager { find };
allow fsck fsck_tmpfs : file { read write };
allow init thermal_socket : chr_file { relabelto };
type_transition surfaceflinger tmpfs : file surfaceflinger_tmpfs;
allow init untrusted_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver audio_prop : property_service { set };
allow shell keystore : fd { use };
allow keystore keystore_service : service_manager { add find };
allow watchdogd su : binder { call transfer };
allow init_radio init_radio : file { ioctl read write getattr lock append open };
allow dumpstate binderservicedomain : fd { use };
allow autoplay_app system_file : dir { getattr };
allow priv_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow cnss_diag cnss_diag : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow domain selinuxfs : filesystem { getattr };
allow system_server persist_file : file { ioctl read getattr lock open };
allow installd profman_exec : file { read getattr execute open };
allow vold fsck_untrusted : process { transition siginh rlimitinh };
dontaudit vold fsck_untrusted : process { noatsecure };
allow system_server audioserver_service : service_manager { find };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh_exec : file { read getattr execute entrypoint open };
allow keystore gatekeeperd : file { read open };
allow hostapd hostapd : capability { setgid setuid net_admin net_raw };
dontaudit hostapd hostapd : capability { sys_module };
allow sudaemon sudaemon : lnk_file { ioctl read getattr lock open };
allow mdnsd mdnsd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow servicemanager appdomain : dir { search };
allow dumpstate user_profile_data_file : dir { ioctl read getattr lock search open };
allow init gps_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cameraserver cameraserver_tmpfs : file { read write };
allow servicemanager lmkd : binder { transfer };
allow blkid su : fd { use };
allow dumpstate serial_service : service_manager { find };
allow mediacodec mediacodec_exec : file { read getattr execute entrypoint open };
allow appdomain dalvikcache_data_file : lnk_file { ioctl read getattr lock open };
dontaudit sudaemon domain : tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind attach_queue };
allow rild per_mgr_service : service_manager { find };
allow system_server apk_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow init port-bridge_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init apk_private_tmp_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow location location : file { ioctl read write getattr lock append open };
allow servicemanager mediaextractor : file { read open };
allow autoplay_app system_data_file : lnk_file { read };
type_transition installd dex2oat_exec : process dex2oat;
allow init adbd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init fsck_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm radio radio : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm radio radio : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm radio radio : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow radio radio : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow surfaceflinger binderservicedomain : binder { call transfer };
allow servicemanager system_server : dir { search };
allow init dumpstate : process { transition siginh rlimitinh };
dontaudit init dumpstate : process { noatsecure };
allow system_app servicemanager : service_manager { list };
allow init installd_tmpfs : blk_file { relabelto };
allow proc_iomem proc_iomem : filesystem { associate };
allow init user_profile_foreign_dex_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow wpa wpa : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init selinuxfs : dir { read setattr search open };
allow init fwmarkd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init cameraserver_exec : file { read getattr execute open };
allow runas shell : process { sigchld dyntransition };
allow system_app default_android_service : service_manager { find };
allow init mdnsd_socket : blk_file { relabelto };
allow untrusted_app cm_status_bar_service : service_manager { find };
dontaudit sudaemon domain : netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init perfd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su port_type : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow surfaceflinger power_service : service_manager { find };
allow init install_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver perfd : unix_stream_socket { connectto };
allow shell console_device : chr_file { ioctl read write getattr lock append open };
allow init audio_data_file : blk_file { relabelto };
allow shell accessibility_service : service_manager { find };
allow init fsck_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow gatekeeperd gatekeeperd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init_mid property_socket : sock_file { write };
allow ueventd ueventd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow platform_app keystore : fd { use };
allow netmgrd netmgrd : netlink_route_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init cnd_tmpfs : blk_file { relabelto };
allow slideshow input_device : dir { ioctl read getattr lock search open };
allow perfprofd perfprofd : file { ioctl read write getattr lock append open };
allow init cppreopts_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow blkid sysfs : dir { ioctl read getattr lock search open };
allow obdm_app obdm_app : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
dontaudit su domain : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow zygote sysfs : lnk_file { ioctl read getattr lock open };
allow dhcp dhcp_prop : property_service { set };
allow init fwmarkd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app country_detector_service : service_manager { find };
allow system_server su : binder { call transfer };
allow cnd cnd_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow servicemanager bluetooth : binder { transfer };
allow installd mnt_expand_file : dir { getattr search };
allow keystore keystore_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow adbd functionfs : dir { search };
allow init mediacodec_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow domain_deprecated asec_public_file : dir { ioctl read getattr lock search open };
allow init radio_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init ims_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver media_session_service : service_manager { find };
allow dnsmasq dnsmasq : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow postinstall_dexopt selinuxfs : dir { ioctl read getattr lock search open };
allow debuggerd debuggerd_exec : file { read getattr execute entrypoint open };
allow servicemanager adbd : binder { transfer };
allow audioserver bluetooth : unix_stream_socket { connectto };
allow keystore racoon : binder { transfer };
allow kernel kernel : file { ioctl read write getattr lock append open };
allow keystore servicemanager : binder { call transfer };
allow htc_ramdump init : process { sigchld };
allow mediadrmserver media_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate dumpstate_exec : file { read getattr execute entrypoint open };
allow pstorefs pstorefs : filesystem { associate };
allow init wpa_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init drm_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app search_service : service_manager { find };
type_transition init bootstat_exec : process bootstat;
allow init dhcp_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell consumer_ir_service : service_manager { find };
allow camera cameraserver : fd { use };
allow toolbox toolbox : lnk_file { ioctl read getattr lock open };
allow installd sysfs : lnk_file { ioctl read getattr lock open };
allow vold asec_apk_file : file { ioctl read getattr setattr lock relabelfrom relabelto open };
allow init_mid init_mid : file { ioctl read write getattr lock append open };
allow init autoplay_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain socket_device : dir { ioctl read getattr lock search open };
allow keystore wpa : file { read open };
allow dumpstate cache_block_device : blk_file { getattr };
allow priv_app priv_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow dnsmasq dnsmasq : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init gatekeeperd : process { transition siginh rlimitinh };
dontaudit init gatekeeperd : process { noatsecure };
allow init cache_recovery_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netmgrd netmgrd_socket : dir { ioctl read write getattr lock add_name remove_name search open };
allow radio tun_device : chr_file { ioctl read write getattr append };
allow shell logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow perfd init : process { sigchld };
allow update_engine_common postinstall : process { transition sigstop signal siginh rlimitinh };
dontaudit update_engine_common postinstall : process { noatsecure };
allow init logdw_socket : chr_file { relabelto };
allow mediacodec mediacodec : dir { ioctl read getattr lock search open };
allow init update_engine_tmpfs : chr_file { relabelto };
allow shell graphicsstats_service : service_manager { find };
allow servicemanager otapreopt_chroot : binder { transfer };
allow debuggerd system_data_file : file { open };
allow init obdm_app_tmpfs : chr_file { relabelto };
dontaudit su domain : netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server gatekeeperd : binder { call transfer };
allow keystore platform_app : binder { transfer };
allow platform_app diag_device : chr_file { ioctl read write getattr lock append open };
allow init systemkeys_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow radio su : binder { call transfer };
allow shell logpersistd_logging_prop : file { ioctl read getattr lock open };
allow dumpstate anr_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init autoplay_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow uncrypt uncrypt_exec : file { read getattr execute entrypoint open };
allow init qmuxd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain zygote_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init sysfs_video : dir { read setattr search open };
allowxperm radio radio : udp_socket ioctl { 0x5411 0x5451 };
allowxperm radio radio : udp_socket ioctl { 0x8906-0x8907 0x890b-0x890d 0x8910-0x8927 0x8929 0x8930-0x8938 0x8940-0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm radio radio : udp_socket ioctl { 0x8b00-0x8b02 0x8b04-0x8b1d 0x8b20-0x8b2d 0x8b30-0x8b36 0x8be0-0x8bff };
allowxperm radio radio : udp_socket ioctl { 0x6900 0x6902 };
allow radio radio : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init tombstone_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sudaemon tun_device : chr_file { ioctl read write getattr append };
allow shell backup_service : service_manager { find };
allow init vold : unix_stream_socket { connectto };
allow atrace property_socket : sock_file { write };
allow perfprofd sysfs_devices_system_cpu : file { ioctl read write getattr lock append open };
allow racoon racoon : dir { ioctl read getattr lock search open };
allow perfd sysfs_msm_subsys : file { write };
allow obdm_app sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow cnss_diag cnss_diag : capability { setgid setuid net_admin };
auditallow cnss_diag cnss_diag : capability { net_admin };
dontaudit cnss_diag cnss_diag : capability { sys_module };
dontaudit gpsd gpsd : capability { sys_module };
allow shell audio_service : service_manager { find };
allow shell vibrator_service : service_manager { find };
allow system_server location : unix_stream_socket { connectto };
allow adbd profman_dump_data_file : file { ioctl read getattr lock open };
allow autoplay_app zygote : unix_dgram_socket { write };
allow rmt rmt : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mkfs init : process { sigchld };
allow google_camera_app keystore : keystore_key { get_state get insert delete exist list sign verify };
dontaudit irqbalance irqbalance : capability { sys_module };
allow irqbalance irqbalance : capability { setgid setuid };
allow init vpn_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow atfwd atfwd : fd { use };
allow su su : fifo_file { ioctl read write getattr lock append open };
allow perfprofd perfprofd_exec : file { read getattr execute entrypoint open };
allow vold vold_tmpfs : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server mediaserver : tcp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow zygote appdomain : process { getpgid setpgid dyntransition };
allow init cnss-daemon_exec : file { read getattr execute open };
allow init uncrypt_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app deviceidle_service : service_manager { find };
allow appdomain sdcard_posix : file { ioctl read write create getattr setattr lock append unlink rename open };
allow vold mnt_expand_file : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
allow init mtp_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init_foreground su : fd { use };
allow rild tty_device : chr_file { ioctl read write getattr lock append open };
allow cnd cnd : dir { ioctl read getattr lock search open };
allow untrusted_app proc_net : dir { ioctl read getattr lock search open };
allow servicemanager mediacodec : process { getattr };
allow recovery_persist recovery_persist_exec : file { read getattr execute entrypoint open };
allow mkfs mkfs : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow vold vold : fifo_file { ioctl read write getattr lock append open };
allow shell cpuinfo_service : service_manager { find };
allow system_server user_profile_foreign_dex_data_file : file { getattr unlink rename };
allow tee system_prop : property_service { set };
allow adbd shell_prop : property_service { set };
allow bluetooth bluetooth_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition bluetooth bluetooth_data_file : sock_file bluetooth_socket;
allow init atfwd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager servicemanager : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow gpsd su : fd { use };
allow rild system_radio_prop : property_service { set };
auditallow rild system_radio_prop : property_service { set };
allow sdcardd sdcardd_exec : file { read getattr execute entrypoint open };
allow init ota_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow time sysfs : dir { ioctl read getattr lock search open };
allow system_server system_data_file : file { ioctl read write create getattr setattr lock relabelfrom append unlink link rename open };
allow adbd storage_file : lnk_file { ioctl read getattr lock open };
allow shell cgroup : dir { ioctl read getattr lock search open };
allow nanoapp_cmd sysfs_nanoapp_cmd : dir { search };
allow init kernel : system { syslog_read syslog_mod };
dontaudit su domain : netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow perfprofd perfprofd_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow installd dalvikcache_data_file : dir { ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open };
allow thermal-engine thermal-engine : dir { ioctl read getattr lock search open };
allow google_camera_app su : binder { call transfer };
type_transition racoon tmpfs : file racoon_tmpfs;
allow camera sysfs_video : file { ioctl read getattr lock open };
allow init domain : file { ioctl read getattr lock open };
allow servicemanager healthd : process { getattr };
allow dumpstate servicediscovery_service : service_manager { find };
allow healthd sysfs : dir { ioctl read getattr lock search open };
allow dumpstate system_server : binder { transfer };
allow domain core_property_type : file { ioctl read getattr lock open };
allow recovery recovery : file { ioctl read write getattr lock append open };
allow init tombstone_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server adbd_socket : sock_file { ioctl read write getattr lock append open };
allow healthd healthd : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init asec_public_file : blk_file { relabelto };
allow perfd proc_kernel_sched : file { ioctl read write getattr lock append open };
allow dumpstate sysfs_wake_lock : file { ioctl read write getattr lock append open };
dontaudit sudaemon port_type : appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow priv_app mtp_device : chr_file { ioctl read write getattr lock append open };
allowxperm shell shell : udp_socket ioctl { 0x5411 0x5451 };
allowxperm shell shell : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shell shell : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow shell shell : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init_power init_power : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow recovery sysfs : lnk_file { ioctl read getattr lock open };
allow init uncrypt_tmpfs : chr_file { relabelto };
allow untrusted_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit su domain : key { view read write search link setattr create };
allow rild kernel : system { module_request };
allow servicemanager mediacodec : file { read open };
allow system_server audio_device : dir { ioctl read getattr lock search open };
allow tzdatacheck sysfs : lnk_file { ioctl read getattr lock open };
allow update_engine update_engine : fd { use };
allow system_server appdomain : unix_stream_socket { read write getattr };
allow recovery recovery : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init system_ndebug_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow preopt2cachename preopt2cachename : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mediaserver sdcard_type : lnk_file { ioctl read getattr lock open };
dontaudit sudaemon file_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow rild efs_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server sysfs_devices_system_cpu : file { write lock append open };
allow nfc nfc : dir { ioctl read getattr lock search open };
allow netd netd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow debuggerd kernel : security { compute_av };
allow dumpstate device_policy_service : service_manager { find };
allow location location : fifo_file { ioctl read write getattr lock append open };
allow perfprofd debugfs_tracing : file { ioctl read getattr lock open };
allow atfwd atfwd : dir { ioctl read getattr lock search open };
allow cameraserver camera_data_file : sock_file { write };
allow file_type tmpfs : filesystem { associate };
allow init audioserver_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow otapreopt_slot otapreopt_slot : lnk_file { ioctl read getattr lock open };
allow init servicemanager_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init iio_device : chr_file { read setattr open };
allow init selinuxfs : file { ioctl read write getattr setattr lock append open };
allow qti-testscripts qti-testscripts : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd bluetooth_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow ppp ppp : capability { net_admin };
dontaudit ppp ppp : capability { sys_module };
allow preloads_copy preloads_copy : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow clatd clatd : fd { use };
allow init healthd : process { transition siginh rlimitinh };
dontaudit init healthd : process { noatsecure };
allow sysinit system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow mtp mtp : file { ioctl read write getattr lock append open };
allow tzdatacheck tzdatacheck : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init init_foreground_tmpfs : blk_file { relabelto };
allow init bluetooth_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init apk_private_tmp_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dex2oat dex2oat : file { ioctl read write getattr lock append open };
allow cnd proc_meminfo : file { ioctl read getattr lock open };
allow mediaserver mediaserver : dir { ioctl read getattr lock search open };
allow atfwd property_socket : sock_file { write };
allow platform_app su : binder { call transfer };
allow autoplay_app surfaceflinger_service : service_manager { find };
allow init vold_tmpfs : blk_file { relabelto };
allow ueventd sysfs_soc : file { write lock append open };
allow themeservice_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow location qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow keystore keystore : fd { use };
type_transition init perfprofd_exec : process perfprofd;
allow init installd_exec : file { read getattr execute open };
allow otapreopt_chroot update_engine : fd { use };
allow init bootchart_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain debuggerd : process { sigchld };
allow netd net_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow mediaserver su : fd { use };
allow postinstall_dexopt ota_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow shell input_method_service : service_manager { find };
allow debuggerd blkid_untrusted : process { ptrace getattr };
allow surfaceflinger gpu_device : chr_file { ioctl read write getattr lock append open };
allow wcnss_filter wcnss_filter : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
type_transition thermal-engine tmpfs : file thermal-engine_tmpfs;
allow update_engine_common modem_block_device : blk_file { ioctl read write getattr lock append open };
allow init display_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init persist_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow install_recovery install_recovery : fifo_file { ioctl read write getattr lock append open };
allow racoon racoon : fd { use };
type_transition rild tmpfs : file rild_tmpfs;
allow slideshow sysfs : dir { ioctl read getattr lock search open };
allow servicemanager dex2oat : binder { transfer };
allow dumpstate cm_audio_service : service_manager { find };
allow shell trust_service : service_manager { find };
allow subsystem_ramdump subsystem_ramdump : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_server method_trace_data_file : dir { write lock add_name remove_name search open };
allow dumpstate dns_listener_service : service_manager { find };
allow init servicemanager_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore binderservicedomain : dir { search };
allow untrusted_app sysfs_hwrandom : file { ioctl read getattr lock open };
allow mdnsd init : process { sigchld };
allow init_power sysfs_devices_system_cpu : file { write lock relabelto append open };
allow isolated_app webviewupdate_service : service_manager { find };
allow system_app graphicsstats_service : service_manager { find };
allow toolbox sysfs : lnk_file { ioctl read getattr lock open };
allow init themeservice_app_data_file : chr_file { relabelto };
allow mediaserver rild : unix_stream_socket { read write setopt connectto };
dontaudit su domain : netlink_audit_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write nlmsg_relay nlmsg_readpriv nlmsg_tty_audit };
dontaudit cppreopts cppreopts : capability { sys_module };
allow wpa wpa : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_server bluetooth_data_file : file { read write getattr };
allow bootstat bootstat_tmpfs : file { read write };
type_transition init init_mid_exec : process init_mid;
allow init gps_data_file : blk_file { relabelto };
allow priv_app cache_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow appdomain runas_exec : file { getattr };
allow dhcp netd : fd { use };
allow autoplay_app graphicsstats_service : service_manager { find };
allow init rmt_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd sysinit : process { ptrace getattr };
allow init bluetooth_efs_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow google_camera_app google_camera_app : fifo_file { ioctl read write getattr lock append open };
allow nfc nfc_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow fsck_untrusted fsck_untrusted : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init htc_ramdump_exec : file { read getattr execute open };
allow per_mgr sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
allow sysfs_batteryinfo sysfs_batteryinfo : filesystem { associate };
allow irqbalance proc_irq : file { ioctl read write getattr lock append open };
allow logd su : binder { call transfer };
allow platform_app mediaextractor_service : service_manager { find };
allow debuggerd debuggerd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init vold_exec : file { read getattr execute open };
allow init perfprofd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow surfaceflinger servicemanager : binder { call transfer };
allow system_server racoon : unix_stream_socket { connectto };
allow cnss-daemon proc_net : file { ioctl read write getattr lock append open };
allow init userinit_data_exec : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init google_camera_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init ota_package_file : blk_file { relabelto };
allow dumpstate wifiscanner_service : service_manager { find };
allow bluetooth pan_result_prop : file { ioctl read getattr lock open };
allow init atfwd_exec : file { read getattr execute open };
allow init surfaceflinger_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold vold_exec : file { read getattr execute entrypoint open };
allow init rmt_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init debugfs_msm_core : dir { read setattr search open };
allow vold rootfs : dir { ioctl read getattr lock mounton search open };
allow platform_app preloads_data_file : dir { ioctl read getattr lock search open };
allow init bootstat_data_file : blk_file { relabelto };
allow init cpuctl_device : chr_file { read setattr open };
allow shell shell : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init superuser_device : chr_file { relabelto };
allow appdomain storage_file : dir { ioctl read getattr lock search open };
allow netd property_socket : sock_file { write };
allow kernel kernel : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow adsprpcd adsprpcd_tmpfs : file { read write };
allow per_proxy init : process { sigchld };
allow mediaextractor init : process { sigchld };
allow init bootanim_exec : file { read getattr execute open };
allow cnd cnd : fd { use };
allow per_proxy per_mgr_service : service_manager { find };
allow system_server mtp : unix_stream_socket { connectto };
allow adbd rootfs : lnk_file { ioctl read getattr lock open };
allow adsprpcd adsprpcd : fd { use };
allow init sysfs_msm_subsys_restart : file { read setattr open };
allow system_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow wcnss_filter wcnss_filter : file { ioctl read write getattr lock append open };
allow init user_profile_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell labeledfs : filesystem { getattr };
allow camera camera : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow sgdisk sgdisk : file { ioctl read write getattr lock append open };
allow init vdc_tmpfs : blk_file { relabelto };
allow thermal-engine thermal_device : chr_file { ioctl read write getattr lock append open };
allow audioserver media_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow tee persist_file : dir { ioctl read getattr lock search open };
allow installd apk_tmp_file : file { ioctl read getattr lock unlink open };
allow perfprofd logdw_socket : sock_file { write };
allow system_app activity_service : service_manager { find };
allow system_server lmkd : unix_stream_socket { connectto };
allow cnd cnd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init profman_dump_data_file : chr_file { relabelto };
allow init debuggerd_tmpfs : blk_file { relabelto };
allow init mtp_device : chr_file { read setattr open };
allow location location : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow port-bridge sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow bootanim surfaceflinger : binder { call transfer };
allow system_server drmserver : binder { transfer };
allow keystore shell : file { read open };
allow adbd shell_exec : file { read getattr execute open };
allow init cnd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init system_server_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit init-qcom-qseecomd-sh init-qcom-qseecomd-sh : capability { sys_module };
allow dumpstate contexthub_service : service_manager { find };
allow init rild_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore obdm_app : dir { search };
type_transition mediacodec tmpfs : file mediacodec_tmpfs;
allow bluetooth shell_data_file : file { read };
allow per_proxy per_proxy_exec : file { read getattr execute entrypoint open };
allow init debugfs_tracing : dir { read getattr setattr relabelfrom search open };
allow ims cnd : unix_stream_socket { connectto };
allow zygote method_trace_data_file : file { write create lock append open };
allow cnd su : binder { call transfer };
allow dumpstate update_engine_service : service_manager { find };
allow system_server video_device : chr_file { ioctl read write getattr lock append open };
allow init persist_property_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init shell_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow fingerprintd fingerprintd_service : service_manager { add find };
allow platform_app drmserver_service : service_manager { find };
allow priv_app update_engine_service : service_manager { find };
allow untrusted_app untrusted_app : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow location system_server : unix_stream_socket { read write };
allow audioserver autoplay_app : fd { use };
allow cnss_diag diag_device : chr_file { ioctl read write getattr lock append open };
allow debuggerd kernel : process { ptrace getattr };
allow debuggerd fsck_untrusted : process { ptrace getattr };
allow toolbox su : fd { use };
allow init mtpd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow vold vold_prop : property_service { set };
allow rild diag_device : chr_file { ioctl read write getattr lock append open };
allow system_server sysfs_thermal : file { ioctl read getattr lock open };
allow init logd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow domain_deprecated proc : lnk_file { ioctl read getattr lock open };
allow keystore system_app : process { getattr };
allow init wpa_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mediacodec_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow tee sysfs : file { ioctl read getattr lock open };
allow dumpstate lock_settings_service : service_manager { find };
allow sudaemon superuser_device : sock_file { write create setattr unlink };
allow servicemanager autoplay_app : process { getattr };
allow init irsc_util_tmpfs : blk_file { relabelto };
allow init qmuxd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell bootchart_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow blkid_untrusted blkid_untrusted : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init lmkd_exec : file { read getattr execute open };
allow init system_app_data_file : blk_file { relabelto };
allow mediaserver surfaceflinger_service : service_manager { find };
allow drmserver drmserver : dir { ioctl read getattr lock search open };
allow uncrypt sysfs : dir { ioctl read getattr lock search open };
allow vold ctl_fuse_prop : property_service { set };
allow irsc_util init : process { sigchld };
allow init gatekeeperd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su port_type : netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init boottrace_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow bootanim bootanim_exec : file { read getattr execute entrypoint open };
allow platform_app platform_app : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow drmserver sdcard_type : file { read write getattr };
allow dumpstate mediaextractor : debuggerd { dump_backtrace };
allow init postinstall_mnt_dir : blk_file { relabelto };
allow shell anr_data_file : file { ioctl read getattr lock open };
allow adsprpcd su : fd { use };
allow hostapd hostapd_exec : file { read getattr execute entrypoint open };
allow servicemanager nfc : binder { transfer };
allow sdcardd sdcardd : lnk_file { ioctl read getattr lock open };
allow install_recovery install_recovery : fd { use };
allow atrace boottrace_data_file : dir { search };
allow dumpstate package_service : service_manager { find };
allow dumpstate graphicsstats_service : service_manager { find };
allow shell edge_gesture_service : service_manager { find };
allow appdomain surfaceflinger : unix_stream_socket { read write getattr getopt setopt shutdown };
dontaudit sudaemon domain : netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow rild rild : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow atfwd atfwd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow appdomain keychain_data_file : dir { ioctl read getattr lock search open };
allow shell imms_service : service_manager { find };
allow clatd clatd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow debuggerd system_server : unix_stream_socket { connectto };
allow dumpstate sdcardd : process { signal };
allow init location_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init netd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm domain domain : udp_socket ioctl { 0x5411 0x5451 };
allowxperm domain domain : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm domain domain : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
dontaudit sudaemon domain : process { fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate };
allow zygote su : binder { call transfer };
allow servicemanager servicemanager_tmpfs : file { read write };
allow rild rild : capability { setuid net_admin net_raw };
dontaudit rild rild : capability { sys_module };
allow init ptmx_device : chr_file { read setattr open };
allow mediaserver mediaserver_tmpfs : file { read write };
type_transition imscm tmpfs : file imscm_tmpfs;
allow init method_trace_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow proc_sysrq proc_sysrq : filesystem { associate };
allow debuggerd postinstall : process { ptrace getattr };
allow mediaserver perfd_data_file : dir { search };
allow init_foreground init_foreground : lnk_file { ioctl read getattr lock open };
allow init system_wpa_socket : chr_file { relabelto };
dontaudit nanoapp_cmd nanoapp_cmd : capability { sys_module };
allow priv_app priv_app : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init contextmount_type : dir { ioctl read getattr lock search open };
allow cnss-daemon cnss-daemon : dir { ioctl read getattr lock search open };
allow init location_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnd qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow init sysfs_mac_address : file { read setattr open };
allow system_server sysfs_type : file { ioctl read getattr lock open };
allow init init_radio_tmpfs : blk_file { relabelto };
allow init misc_logd_file : fifo_file { relabelto };
allow system_app anr_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow fsck fsck : file { ioctl read write getattr lock append open };
allow isolated_app isolated_app : dir { ioctl read getattr lock search open };
allow init wcnss_filter_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate mediaserver_service : service_manager { find };
dontaudit su domain : drmservice { consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread };
allow debuggerd drmserver : debuggerd { dump_backtrace };
allow shell diskstats_service : service_manager { find };
allow shell proc_meminfo : file { ioctl read getattr lock open };
allow mediaserver app_data_file : file { ioctl read write getattr lock append open };
allow servicemanager preopt2cachename : binder { transfer };
allow installd dex2oat : process { transition siginh rlimitinh };
dontaudit installd dex2oat : process { noatsecure };
allow init properties_device : dir { relabelto };
allow system_server system_server : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
type_transition netd hostapd_exec : process hostapd;
allow bootstat bootstat : file { ioctl read write getattr lock append open };
allow init tzdatacheck_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain_deprecated selinuxfs : dir { ioctl read getattr lock search open };
allow netd netd : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow mediacodec mediacodec : fifo_file { ioctl read write getattr lock append open };
allow init audioserver_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init zygote_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init logd : process { transition siginh rlimitinh };
dontaudit init logd : process { noatsecure };
allow adsprpcd su : binder { call transfer };
allow hostapd netd : process { sigchld };
allow servicemanager location : file { read open };
allow system_app system_app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow servicemanager per_mgr : file { read open };
allow netd netd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init livedisplay_sysfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow nanohub_slpi ion_device : chr_file { ioctl read getattr lock open };
dontaudit su domain : netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow preloads_copy preloads_copy : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init ssr_setup_exec : file { read getattr execute open };
allow init priv_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell uimode_service : service_manager { find };
allow init system_data_file : blk_file { relabelto };
type_transition init qmuxd_exec : process qmuxd;
allow init zygote_exec : file { read getattr execute open };
allow domain_deprecated apk_data_file : lnk_file { ioctl read getattr lock open };
allow mediaserver init : process { sigchld };
allow netmgrd qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init at_device : chr_file { read setattr open };
allow drmserver themeservice_app_data_file : file { ioctl read getattr lock open };
allow mediaserver themeservice_app_data_file : file { ioctl read getattr lock open };
allow update_engine update_engine : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow wpa wpa_tmpfs : file { read write };
allow bluetooth bluetooth_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow rild su : fd { use };
allow audioserver audio_device : dir { ioctl read getattr lock search open };
allow postinstall_dexopt postinstall_dexopt : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init sysfs_fingerprint : file { read setattr open };
allow mediadrmserver sysfs : file { ioctl read getattr lock open };
allow ueventd ueventd : lnk_file { ioctl read getattr lock open };
allowxperm domain domain : key_socket ioctl { 0x0 };
allow init superuser_device : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaextractor mediaextractor_tmpfs : file { read write };
allow htc_ramdump htc_ramdump : dir { ioctl read getattr lock search open };
allow init per_mgr_tmpfs : blk_file { relabelto };
dontaudit atrace atrace : capability { sys_module };
allow per_mgr per_mgr : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mtp ppp : process { transition signal siginh rlimitinh };
dontaudit mtp ppp : process { noatsecure };
allow init dalvikcache_data_file : blk_file { relabelto };
allow sysfs_nfc_power_writable sysfs_nfc_power_writable : filesystem { associate };
allow radio diag_device : chr_file { ioctl read write getattr lock append open };
dontaudit sudaemon port_type : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow subsystem_ramdump subsystem_ramdump : fifo_file { ioctl read write getattr lock append open };
allow cnss_diag su : binder { call transfer };
allow update_verifier system_block_device : blk_file { ioctl read getattr lock open };
allow gpsd toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow watchdogd watchdogd : dir { ioctl read getattr lock search open };
allow audioserver servicemanager : binder { call transfer };
allow mediadrmserver mediadrmserver : dir { ioctl read getattr lock search open };
allow surfaceflinger surfaceflinger_tmpfs : file { read write };
allow drmserver kernel : security { compute_av };
allow radio uce_service : service_manager { add find };
allow mediaserver cameraserver_service : service_manager { find };
allow postinstall_dexopt otapreopt_chroot : fd { use };
allow untrusted_app untrusted_app : fd { use };
allow zygote security_file : dir { ioctl read getattr lock search open };
allow mediaserver mediaserver : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow appdomain system_server : tcp_socket { read write getattr getopt shutdown };
allow obdm_app obdm_app : dir { ioctl read getattr lock search open };
allow init preloads_copy_tmpfs : chr_file { relabelto };
allow vold vold : key { write search setattr };
allow init init_radio_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_server system_server : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow shell gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm shell gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm shell gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow system_server wpa_socket : sock_file { write unlink };
type_transition system_server wpa_socket : sock_file system_wpa_socket;
type_transition adbd shell_exec : process shell;
allow nanoapp_cmd nanoapp_cmd_exec : file { read getattr execute entrypoint open };
allow tee block_device : dir { ioctl read getattr lock search open };
allow init preloads_copy_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit perfd perfd : capability { kill sys_module };
dontaudit sudaemon domain : netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow drmserver su : fd { use };
allow init audioserver_tmpfs : chr_file { relabelto };
allow mtp init : process { sigchld };
allow fsck_untrusted fsck_exec : file { read getattr execute entrypoint open };
allow subsystem_ramdump sysfs_type : file { ioctl read getattr lock open };
allow camera input_device : chr_file { ioctl read getattr lock open };
allow healthd sysfs_usb : file { write };
allow dumpstate dbinfo_service : service_manager { find };
allow slideshow device : dir { ioctl read getattr lock search open };
allow autoplay_app input_method_service : service_manager { find };
type_transition cppreopts preopt2cachename_exec : process preopt2cachename;
allow surfaceflinger surfaceflinger : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow otapreopt_slot otapreopt_slot : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init google_camera_app_tmpfs : chr_file { relabelto };
allow surfaceflinger binderservicedomain : fd { use };
allow fsck fsck : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allowxperm domain domain : netlink_netfilter_socket ioctl { 0x0 };
allow dumpstate sensorservice_service : service_manager { find };
allow init location_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow debuggerd mediadrmserver : process { ptrace getattr };
allow autoplay_app autoplay_app : file { ioctl read write getattr lock append open };
allow logd logd : lnk_file { ioctl read getattr lock open };
allow priv_app keystore : binder { call transfer };
allow init irqbalance_socket : blk_file { relabelto };
allow init unencrypted_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow subsystem_ramdump device : dir { ioctl read getattr lock search open };
allow dumpstate system_file : file { execute_no_trans };
allow init adsprpcd_exec : file { read getattr execute open };
allow sgdisk sgdisk : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allowxperm priv_app priv_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm priv_app priv_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm priv_app priv_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow priv_app priv_app : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init vold_tmpfs : chr_file { relabelto };
allow ueventd dev_type : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow audioserver perfd_data_file : sock_file { write };
allow init ims_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow radio net_radio_prop : property_service { set };
auditallow radio net_radio_prop : property_service { set };
allow sudaemon app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain adbd : unix_stream_socket { ioctl read write getattr getopt shutdown connectto };
allow init debugfs_rmt_storage : file { read setattr open };
allow install_recovery sysfs : dir { ioctl read getattr lock search open };
allow init preloads_copy_exec : file { read getattr execute open };
allow shell logdr_socket : sock_file { write };
allow init ims_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell scheduling_policy_service : service_manager { find };
allow wpa kernel : system { module_request };
allow servicemanager cameraserver : dir { search };
allow system_server zygote : unix_stream_socket { getattr getopt connectto };
allow thermal-engine su : fd { use };
allow debuggerd location : process { ptrace getattr };
allow bluetooth sysfs : lnk_file { ioctl read getattr lock open };
allow bluetooth storage_stub_file : dir { ioctl read getattr lock search open };
type_transition google_camera_app tmpfs : file google_camera_app_tmpfs;
allow init systemkeys_data_file : blk_file { relabelto };
allow init security_file : sock_file { relabelto };
allow cppreopts cppreopts : fd { use };
allow init install_recovery_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow kernel firmware_file : file { ioctl read getattr lock open };
allow kernel sdcard_type : file { read write };
allow adbd anr_data_file : dir { ioctl read getattr lock search open };
allow wpa wpa : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow servicemanager racoon : process { getattr };
allow servicemanager per_proxy : dir { search };
allow servicemanager imscm : process { getattr };
allow zygote autoplay_app : dir { getattr search };
allow adbd selinuxfs : dir { ioctl read getattr lock search open };
allow init_foreground init_foreground : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
type_transition hci_attach tmpfs : file hci_attach_tmpfs;
allow debuggerd qti-testscripts : process { ptrace getattr };
allow fsck_untrusted sysfs : lnk_file { ioctl read getattr lock open };
allow init netmgrd : process { transition siginh rlimitinh };
dontaudit init netmgrd : process { noatsecure };
allow radio radio_service : service_manager { add find };
allow ueventd tmpfs : chr_file { ioctl read write getattr lock append open };
allow platform_app keystore : keystore_key { get_state get insert delete exist list sign verify };
allow installd bluetooth_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow rmt rmt : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm rmt rmt : socket ioctl { 0xc300-0xc305 };
allow system_app IProxyService_service : service_manager { find };
type_transition htc_ramdump tmpfs : file htc_ramdump_tmpfs;
allow init net_data_file : blk_file { relabelto };
allow cameraserver ion_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager fingerprintd : file { read open };
allow system_server mediadrmserver : tcp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow fsck vold : fifo_file { read write getattr };
allow servicemanager system_server : binder { transfer };
allow obdm_app obdm_app : fd { use };
allow init gatekeeper_data_file : blk_file { relabelto };
allow init irqbalance_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init_power su : fd { use };
allow update_engine update_engine_service : service_manager { add };
allow zygote cgroup : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow debuggerd irsc_util : process { ptrace getattr };
allow init tee_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow pipefs pipefs : filesystem { associate };
allow atfwd atfwd_tmpfs : file { read write };
allow system_app ctl_bugreport_prop : property_service { set };
allow bluetooth storage_stub_file : lnk_file { ioctl read getattr lock open };
allow google_camera_app tun_device : chr_file { ioctl read write getattr append };
allow camera surfaceflinger : fd { use };
allow healthd property_socket : sock_file { write };
allow vold devpts : chr_file { ioctl read write getattr lock append open };
allow debuggerd domain : lnk_file { read };
allow shell telecom_service : service_manager { find };
allow tee su : fd { use };
allow bootstat proc : file { ioctl read getattr lock open };
allow vold unlabeled : file { ioctl read getattr setattr lock relabelfrom open };
allow shell init : unix_stream_socket { connectto };
allow init serial_device : chr_file { read setattr open };
dontaudit profman profman : capability { sys_module };
allow init storage_file : dir { ioctl read write create getattr setattr relabelfrom relabelto mounton add_name remove_name search rmdir open };
allow init nanoapp_cmd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow platform_app platform_app : fd { use };
allow installd devpts : chr_file { ioctl read write getattr lock append open };
allow init camera_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow kernel unlabeled : dir { search };
allow init backup_data_file : blk_file { relabelto };
allow obdm_app obdm_app : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm obdm_app obdm_app : socket ioctl { 0xc302 0xc304 };
allow init shell_data_file : blk_file { relabelto };
allow priv_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init app_fuse_file : blk_file { relabelto };
allow recovery_persist recovery_persist : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow dhcp dhcp : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init thermal-engine_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd ppp : process { ptrace getattr };
allow init rild_debug_socket : blk_file { relabelto };
allow init keystore_exec : file { read getattr execute open };
allow init time_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow adbd bootchart_data_file : dir { search };
dontaudit su port_type : netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow servicemanager hci_attach : binder { transfer };
allow nfc property_socket : sock_file { write };
allow tzdatacheck zoneinfo_data_file : file { unlink };
allow init properties_device : chr_file { read setattr open };
allow ueventd audio_data_file : file { ioctl read getattr lock open };
allow rild system_radio_prop : file { ioctl read getattr lock open };
allow init nfc_data_file : chr_file { relabelto };
allow mediaextractor su : fd { use };
dontaudit wcnss_filter wcnss_filter : capability { sys_module };
allow system_server autoplay_app : udp_socket { read write getattr getopt setopt shutdown };
allow init recovery_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow bootanim system_file : dir { ioctl read getattr lock search open };
allow mkfs block_device : dir { search };
allow zygote fuse : filesystem { unmount };
allow system_server init : process { sigchld };
allow bluetooth storage_stub_file : file { ioctl read getattr lock open };
allow fingerprintd fingerprintd_exec : file { read getattr execute entrypoint open };
allow themeservice_app wallpaper_service : service_manager { find };
allow cppreopts cppreopts_exec : file { read getattr execute entrypoint open };
allow shell usb_service : service_manager { find };
allow tzdatacheck init : process { sigchld };
allow init net_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init per_mgr : process { transition siginh rlimitinh };
dontaudit init per_mgr : process { noatsecure };
allow system_server audioserver : debuggerd { dump_backtrace };
allow mediaextractor su : binder { call transfer };
allow nanohub_slpi nanohub_slpi : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow zygote security_file : file { ioctl read getattr lock open };
allow per_proxy per_mgr : binder { call transfer };
allow init bluetooth_efs_file : blk_file { relabelto };
allow dex2oat dex2oat : lnk_file { ioctl read getattr lock open };
allow keystore google_camera_app : dir { search };
allow init google_camera_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init update_engine_exec : process update_engine;
allow init apk_data_file : chr_file { relabelto };
allow cppreopts init : process { sigchld };
allow installd app_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow keystore keystore_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow autoplay_app accessibility_service : service_manager { find };
allow hostapd hostapd : dir { ioctl read getattr lock search open };
type_transition init vold_exec : process vold;
allow appdomain heapdump_data_file : file { append };
allow init logd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init audioserver_data_file : blk_file { relabelto };
dontaudit sudaemon fs_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow healthd init : unix_stream_socket { connectto };
allow atfwd sysfs_type : file { ioctl read getattr lock open };
allow appdomain radio_data_file : file { read write getattr };
dontaudit su port_type : netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow servicemanager racoon : dir { search };
allow install_recovery cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
auditallow install_recovery cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init tzdatacheck : process { transition siginh rlimitinh };
dontaudit init tzdatacheck : process { noatsecure };
allow ssr_setup ssr_setup : lnk_file { ioctl read getattr lock open };
allow system_server appdomain : tcp_socket { read write getattr getopt setopt shutdown };
allow dumpstate cm_partner_interface : service_manager { find };
allow htc_ramdump su : binder { call transfer };
dontaudit su domain : netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow camera graphics_device : chr_file { ioctl read write getattr lock append open };
allow dumpstate battery_service : service_manager { find };
allow init unencrypted_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow boot_control_hal system_block_device : blk_file { getattr };
allow irqbalance su : binder { call transfer };
allow audioserver audio_data_file : dir { ioctl read write getattr lock add_name search open };
allow debuggerd preopt2cachename : process { ptrace getattr };
allow system_app wifip2p_service : service_manager { find };
allow system_server logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow obdm_app keystore : keystore_key { get_state get insert delete exist list sign verify };
allow init persist_property_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow blkid sysfs : lnk_file { ioctl read getattr lock open };
allow debuggerd init_power : process { ptrace getattr };
allow system_server perfd_data_file : dir { search };
allow drmserver ringtone_file : file { read getattr };
allow installd bluetooth_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init atfwd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init nanohub_slpi_tmpfs : blk_file { relabelto };
allow init install_recovery_exec : file { read getattr execute open };
allow ssr_setup ssr_setup : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow ppp mtp : unix_dgram_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow cnd sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow debuggerd init_radio : process { ptrace getattr };
allow init fwmarkd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell package_service : service_manager { find };
allow dhcp dhcp_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow vdc su : binder { call transfer };
allow bluetooth bluetooth : fd { use };
allow vold restorecon_prop : property_service { set };
allow mtp mtp : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow tzdatacheck su : fd { use };
allow fsck_untrusted fsck_untrusted : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init property_type : file { ioctl read write create getattr setattr lock relabelto append unlink rename open };
allow logd logdr_socket : sock_file { write };
allow ssr_setup ssr_setup : fifo_file { ioctl read write getattr lock append open };
allow init_foreground toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow installd themeservice_app_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
type_transition init cnd_exec : process cnd;
allow init audioserver_exec : file { read getattr execute open };
allow system_app jobscheduler_service : service_manager { find };
allow init efs_file : blk_file { relabelto };
allow per_mgr per_mgr : file { ioctl read write getattr lock append open };
allow init asec_apk_file : blk_file { relabelto };
allow cameraserver surfaceflinger_service : service_manager { find };
allow dumpstate dumpstate : fd { use };
allow installd system_app_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow dumpstate audioserver : process { signal };
allow dex2oat dex2oat : dir { ioctl read getattr lock search open };
allow location location : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow hostapd hostapd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init netmgrd_tmpfs : blk_file { relabelto };
allow su su_tmpfs : file { read write execute };
allow ims ion_device : chr_file { ioctl read getattr lock open };
allow install_recovery install_recovery_tmpfs : file { read write };
allow init_radio init_radio : fifo_file { ioctl read write getattr lock append open };
allow fsck su : binder { call transfer };
allowxperm platform_app platform_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm platform_app platform_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm platform_app platform_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow platform_app platform_app : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init irsc_util_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager inputflinger : process { getattr };
allow dnsmasq su : binder { call transfer };
allow installd radio_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
dontaudit sudaemon dev_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow init install_data_file : chr_file { relabelto };
allow init wallpaper_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shared_relro shared_relro : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow wpa sysfs : dir { ioctl read getattr lock search open };
allow healthd vold : binder { transfer };
allow init proc_uid_cputime_removeuid : dir { read setattr search open };
allow mediaextractor binderservicedomain : binder { call transfer };
allow debuggerd perfprofd : process { ptrace getattr };
allow untrusted_app zygote : process { getsched };
allow sdcardd storage_file : dir { search };
allow bootstat bootstat : fifo_file { ioctl read write getattr lock append open };
allow domain logd : unix_dgram_socket { sendto };
allow netmgrd netmgrd : capability2 { block_suspend };
allow installd idmap : process { transition siginh rlimitinh };
dontaudit installd idmap : process { noatsecure };
allow init autoplay_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow gatekeeperd permission_service : service_manager { find };
allow update_engine update_engine_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init sysfs_devices_system_iosched : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow obdm_app tun_device : chr_file { ioctl read write getattr append };
allow init sysfs_hwrandom : dir { read setattr search open };
allow profman installd : fd { use };
allow init binfmt_miscfs : file { read setattr open };
allow priv_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename execute execute_no_trans open };
allow domain selinuxfs : dir { search };
allow init_foreground proc_meminfo : file { getattr };
allow audioserver audioserver_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
dontaudit netmgrd netmgrd : capability { sys_module };
allow netmgrd netmgrd : capability { setgid setuid setpcap net_admin net_raw };
allow init thermal_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow recovery_persist recovery_persist : fd { use };
allow dnsmasq dnsmasq : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow uncrypt storage_file : dir { ioctl read getattr lock search open };
allow installd radio_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
type_transition location tmpfs : file location_tmpfs;
allow init dumpstate_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate trust_service : service_manager { find };
allow sgdisk sysfs : lnk_file { ioctl read getattr lock open };
allow init ims_tmpfs : chr_file { relabelto };
allow qti-testscripts su : fd { use };
allow system_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit sudaemon port_type : netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow bluetooth wc_prop : file { ioctl read getattr lock open };
allowxperm mediadrmserver mediadrmserver : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm mediadrmserver mediadrmserver : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediadrmserver mediadrmserver : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediadrmserver mediadrmserver : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow dnsmasq dnsmasq : fifo_file { ioctl read write getattr lock append open };
allow mediaserver app_fuse_file : file { read getattr };
allow system_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow servicemanager vdc : binder { transfer };
allow init cameraserver_tmpfs : blk_file { relabelto };
allow init su_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
type_transition init vdc_exec : process vdc;
allow radio qmuxd : unix_stream_socket { connectto };
allow system_app assetatlas_service : service_manager { find };
allow dex2oat oemfs : file { read };
allow init subsystem_ramdump_exec : file { read getattr execute open };
allow audioserver audioserver_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init postinstall_mnt_dir : chr_file { relabelto };
allow racoon cgroup : dir { create add_name };
allow adbd shell : process { transition signal noatsecure siginh rlimitinh };
dontaudit adbd shell : process { noatsecure };
allow init irqbalance_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow ueventd sysfs_type : file { getattr setattr relabelfrom relabelto };
allow nanoapp_cmd nanoapp_cmd : fifo_file { ioctl read write getattr lock append open };
allow init mtpd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain usbaccessory_device : chr_file { read write getattr };
allow sgdisk sgdisk : fd { use };
allow ppp vpn_data_file : dir { write lock add_name remove_name search open };
allow cameraserver appops_service : service_manager { find };
allow binderservicedomain console_device : chr_file { ioctl read write getattr lock append open };
allow adbd rootfs : file { read getattr execute entrypoint open };
allow rmt debugfs_rmt_storage : file { write lock append open };
allow ims sysfs_type : file { ioctl read getattr lock open };
allow dumpstate atrace_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_server media_rw_data_file : dir { ioctl read getattr lock search open };
allow tee tee : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init rpmsg_device : chr_file { read setattr open };
allow system_server heapdump_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow netd wpa_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow debuggerd hostapd : process { ptrace getattr };
allow adbd adbd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow sysfs_perf sysfs_perf : filesystem { associate };
allow shell notification_service : service_manager { find };
allow priv_app media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow platform_app diag_logs : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_app system_app : fifo_file { ioctl read write getattr lock append open };
allow recovery_refresh su : binder { call transfer };
allow vdc dumpstate : process { sigchld };
allow init otapreopt_slot_exec : file { read getattr execute open };
allow sysinit sysinit : dir { ioctl read getattr lock search open };
allow imscm imscm : fifo_file { ioctl read write getattr lock append open };
allow ims ims_exec : file { read getattr execute entrypoint open };
allow preloads_copy preloads_copy : fd { use };
allow drmserver drmserver : file { ioctl read write getattr lock append open };
allow adbd media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init apk_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow logd logd_tmpfs : file { read write };
allow proc_security proc_security : filesystem { associate };
allow shell init : process { sigchld };
allow healthd input_device : dir { ioctl read getattr lock search open };
allow init thermal-engine_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init ramdump_data_file : chr_file { relabelto };
allow init zygote_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow recovery_persist pstorefs : file { ioctl read getattr lock open };
allow recovery recovery : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init vpn_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init surfaceflinger : process { transition siginh rlimitinh };
dontaudit init surfaceflinger : process { noatsecure };
allow init mm-pp-daemon_tmpfs : blk_file { relabelto };
dontaudit su domain : netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow netd netd : netlink_nflog_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init sysfs_perf : dir { read setattr search open };
allow system_server shortcut_manager_icons : dir { ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open };
allow servicemanager google_camera_app : binder { transfer };
allow init null_device : chr_file { read setattr open };
allow installd shell_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow init lmkd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cnss_diag cnss_diag_tmpfs : file { read write };
allow runas su : fd { use };
allow fingerprintd keystore_service : service_manager { find };
allow surfaceflinger ctl_bootanim_prop : file { ioctl read getattr lock open };
allow nanoapp_cmd nanoapp_cmd : file { ioctl read write getattr lock append open };
allow vdc devpts : chr_file { ioctl read write getattr lock append open };
allow init sudaemon_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow port-bridge port-bridge_tmpfs : file { read write };
allow healthd system_server : fd { use };
allow bootanim oemfs : dir { search };
allow radio avtimer_device : chr_file { ioctl read write getattr lock append open };
allow gpsd gps_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow mediaserver audio_prop : file { ioctl read getattr lock open };
allow rild rild : lnk_file { ioctl read getattr lock open };
allow fuse fuse : filesystem { associate };
allow dumpstate init : process { sigchld };
allow platform_app mediacodec_service : service_manager { find };
type_transition dhcp system_data_file : dir dhcp_data_file;
allow init perfprofd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow blkid_untrusted shell_exec : file { read getattr execute entrypoint open };
allow shell apk_data_file : dir { ioctl read getattr lock search open };
allowxperm domain domain : netlink_generic_socket ioctl { 0x0 };
allow init gatekeeper_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init avtimer_device : chr_file { read setattr open };
allow cameraserver cameraserver : fifo_file { ioctl read write getattr lock append open };
allow init functionfs : dir { read setattr search open };
allow init netmgrd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init diag_logs : chr_file { relabelto };
allow hci_attach hci_attach_dev : chr_file { ioctl read write getattr lock append open };
allow wpa wpa : file { ioctl read write getattr lock append open };
allow appdomain themeservice_app_data_file : file { ioctl read getattr lock open };
allow dumpstate jobscheduler_service : service_manager { find };
allow init app_data_file : lnk_file { relabelto };
allow init recovery_persist_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init per_proxy_tmpfs : blk_file { relabelto };
allow themeservice_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow servicemanager logd : binder { transfer };
allow servicemanager drmserver : binder { transfer };
allow vdc vdc : fifo_file { ioctl read write getattr lock append open };
allow dumpstate IProxyService_service : service_manager { find };
allow init ashmem_device : chr_file { read setattr open };
allow gpsd gpsd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow keystore shared_relro : binder { transfer };
allow port-bridge sysfs_soc : dir { ioctl read getattr lock search open };
allow init servicemanager_tmpfs : chr_file { relabelto };
allow update_verifier update_verifier : lnk_file { ioctl read getattr lock open };
allow init dnsproxyd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow per_mgr per_mgr_exec : file { read getattr execute entrypoint open };
allow keystore themeservice_app : file { read open };
allow autoplay_app su : fd { use };
allow debugfs_sps debugfs_sps : filesystem { associate };
allow sgdisk sgdisk : fifo_file { ioctl read write getattr lock append open };
allow init uhid_device : chr_file { read setattr open };
allow dumpstate cm_app_suggest_service : service_manager { find };
allow autoplay_app ion_device : chr_file { read open };
allow qmuxd qmuxd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager adsprpcd : binder { transfer };
allow init nfc_tmpfs : chr_file { relabelto };
allow mediacodec mediacodec : file { ioctl read write getattr lock append open };
allow installd nfc_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init hci_attach_exec : file { read getattr execute open };
allow init recovery_data_file : blk_file { relabelto };
allow init shared_relro_file : blk_file { relabelto };
allow htc_ramdump userdata_block_device : blk_file { read write open };
type_transition init per_mgr_exec : process per_mgr;
allow runas security_file : dir { ioctl read getattr lock search open };
allow domain_deprecated inotify : lnk_file { ioctl read getattr lock open };
allow shell themes_service : service_manager { find };
allow platform_app cache_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init mqueue : dir { read setattr search open };
allow init boottrace_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell lock_settings_service : service_manager { find };
allow init init_power_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app cnd : unix_stream_socket { connectto };
allow nfc nfc_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow kernel tmpfs : chr_file { write };
allow hci_attach bluetooth_efs_file : file { ioctl read getattr lock open };
allow adsprpcd adsprpcd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
dontaudit su dev_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow servicemanager rild : process { getattr };
allow init logdw_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow rild rild : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init dhcp_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell restrictions_service : service_manager { find };
allow platform_app icon_file : file { read getattr open };
allow init tee_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cnss-daemon_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit bootanim bootanim : capability { sys_module };
dontaudit sudaemon port_type : tun_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind attach_queue };
dontaudit sudaemon dev_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow init debuggerd_exec : file { read getattr execute open };
allow init persist_file : chr_file { relabelto };
allow postinstall_dexopt dalvikcache_data_file : lnk_file { ioctl read getattr lock open };
allow nfc system_api_service : service_manager { find };
allow installd installd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow irqbalance su : fd { use };
allow nfc nfc : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd installd : capability { chown dac_override fowner fsetid setgid setuid };
dontaudit installd installd : capability { sys_module };
allow init bluetooth_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mnt_user_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init imscm_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init toolbox_tmpfs : blk_file { relabelto };
allow system_app cm_status_bar_service : service_manager { find };
allow drmserver servicemanager : binder { call transfer };
allow dumpstate location_service : service_manager { find };
type_transition init cppreopts_exec : process cppreopts;
allow init fwmarkd_socket : blk_file { relabelto };
allow domain_deprecated proc_meminfo : file { ioctl read getattr lock open };
allow init heapdump_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow ssr_setup sysfs_msm_subsys : dir { ioctl read getattr lock search open };
dontaudit su port_type : netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow themeservice_app display_service : service_manager { find };
allow sudaemon init : process { sigchld };
allow dumpstate gfxinfo_service : service_manager { find };
allow init themeservice_app_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init media_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow tee init : process { sigchld };
allow priv_app priv_app : dir { ioctl read getattr lock search open };
allow init themeservice_app_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow location init : process { sigchld };
allow sysfs_net sysfs_net : filesystem { associate };
allow dex2oat sysfs : file { ioctl read getattr lock open };
allow keystore system_app : file { read open };
allow system_server init : unix_stream_socket { connectto };
allow audioserver scheduling_policy_service : service_manager { find };
allow init storage_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow otapreopt_chroot block_device : dir { search };
allow rmt sysfs_rmtfs : file { ioctl read getattr lock open };
allow init drm_data_file : chr_file { relabelto };
allow init misc_logd_file : dir { ioctl read create getattr setattr relabelto search open };
allow shell power_service : service_manager { find };
allow system_server bootanim : process { getsched setsched };
allow init drm_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init dumpstate_exec : process dumpstate;
allow audioserver audio_cal_device : chr_file { ioctl read write getattr lock append open };
allow slideshow slideshow : fifo_file { ioctl read write getattr lock append open };
allow atrace atrace : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
dontaudit su port_type : netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow update_verifier ota_package_file : dir { ioctl read getattr lock search open };
allow blkid_untrusted vold_device : blk_file { ioctl read getattr lock open };
allow init mdns_socket : blk_file { relabelto };
allow init imscm_exec : file { read getattr execute open };
allow perfprofd logd : unix_dgram_socket { sendto };
allow init sysfs_lowmemorykiller : file { read setattr open };
allow update_engine_common ssd_block_device : blk_file { ioctl read write getattr lock append open };
allow netmgrd netd : unix_stream_socket { connectto };
allow init persist_data_file : blk_file { relabelto };
allow init per_proxy_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow fsck_untrusted vold : fifo_file { read write getattr };
allow vold powerctl_prop : property_service { set };
allow shell batterystats_service : service_manager { find };
allow mediacodec surfaceflinger_service : service_manager { find };
allow init_power init_power_tmpfs : file { read write };
allow binderservicedomain surfaceflinger : binder { transfer };
allow netd sysfs : dir { ioctl read getattr lock search open };
allow init adbd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init keystore_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app autoplay_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init irqbalance_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init bootstat_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init atrace_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cnss_diag cnss_diag : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_app system_app : lnk_file { ioctl read getattr lock open };
allow audioserver audioserver : dir { ioctl read getattr lock search open };
allow proc_bluetooth_writable proc_bluetooth_writable : filesystem { associate };
dontaudit sudaemon port_type : socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow audioserver perfd_data_file : dir { search };
allow init nativetest_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init recovery_persist_exec : file { read getattr execute open };
allow priv_app mediadrmserver_service : service_manager { find };
dontaudit qmuxd qmuxd : capability { sys_module };
allow init per_mgr_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow sysinit sysinit_exec : file { read getattr execute entrypoint open };
allow surfaceflinger init : process { sigchld };
allow fingerprintd uhid_device : chr_file { ioctl read write getattr lock append open };
allow cppreopts shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
dontaudit sudaemon fs_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow logd kmsg_device : chr_file { write lock append open };
allow radio sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
allow su dumpstate : process { transition sigchld siginh rlimitinh };
dontaudit su dumpstate : process { noatsecure };
allow init heapdump_data_file : chr_file { relabelto };
allow atfwd su : fd { use };
allow init_power init_power : dir { ioctl read getattr lock search open };
allow mdnsd mdnsd_exec : file { read getattr execute entrypoint open };
allow system_server location_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow mediaserver binderservicedomain : binder { call transfer };
allow gatekeeperd init : process { sigchld };
allow shell selinuxfs : file { ioctl read getattr lock open };
allow mediaserver autoplay_app : fifo_file { read write getattr };
allow init init-qcom-qseecomd-sh_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init sysinit_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow update_engine sysfs : dir { ioctl read getattr lock search open };
allow system_app shortcut_service : service_manager { find };
allow servicemanager fsck : binder { transfer };
allow fsck_untrusted fsck_untrusted : lnk_file { ioctl read getattr lock open };
allow ssr_setup ssr_setup_tmpfs : file { read write };
allow dumpstate appdomain : fd { use };
allow audioserver audioserver : file { ioctl read write getattr lock append open };
allow init logd_socket : chr_file { relabelto };
allow radio drmserver_service : service_manager { find };
allow cameraserver mediaserver_service : service_manager { find };
allow inputflinger sysfs : lnk_file { ioctl read getattr lock open };
type_transition irsc_util tmpfs : file irsc_util_tmpfs;
allow init zygote : process { transition siginh rlimitinh };
dontaudit init zygote : process { noatsecure };
allow radio radio : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow location su : fd { use };
allow hostapd netd : fifo_file { read write };
allow init audio_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow installd app_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow blkid blkid : dir { ioctl read getattr lock search open };
allow perfd sysfs_type : file { ioctl read getattr lock open };
dontaudit kernel kernel : security { setenforce };
allow kernel kernel : security { setcheckreqprot };
allow install_recovery su : binder { call transfer };
type_transition init nanoapp_cmd_exec : process nanoapp_cmd;
allow perfprofd pmsg_device : chr_file { write lock append open };
allow netmgrd sysfs_net : file { write };
allow system_server system_server : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow drmserver drmserver : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow preopt2cachename preopt2cachename : lnk_file { ioctl read getattr lock open };
allow domain_deprecated tmpfs : file { read getattr };
allow init time_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow appdomain user_profile_foreign_dex_data_file : dir { write add_name search };
allow irsc_util irsc_util_tmpfs : file { read write };
allow rmt rmt : capability2 { block_suspend };
allow fingerprintd keystore : fd { use };
allow init asec_image_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dhcp pan_result_prop : file { ioctl read getattr lock open };
allow init sudaemon : process { transition siginh rlimitinh };
dontaudit init sudaemon : process { noatsecure };
dontaudit sudaemon file_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow init_power su : binder { call transfer };
allow init apk_private_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow atrace atrace_exec : file { read getattr execute entrypoint open };
allow location location_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow netd netd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init mkfs_tmpfs : chr_file { relabelto };
allow radio keystore_service : service_manager { find };
allow system_app drmserver_service : service_manager { find };
allow racoon sysfs : lnk_file { ioctl read getattr lock open };
allow rild system_data_file : dir { ioctl read getattr lock search open };
allow servicemanager drmserver : dir { search };
allow drmserver sysfs : lnk_file { ioctl read getattr lock open };
allow dumpstate fingerprintd_service : service_manager { find };
allow init untrusted_app_devpts : dir { read setattr search open };
allow mediaserver video_device : chr_file { ioctl read write getattr lock append open };
allow priv_app priv_app : file { ioctl read write getattr lock append open };
allow mkfs mkfs : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow google_camera_app audioserver_service : service_manager { find };
allow domain_deprecated device : file { read };
allow init netmgrd_socket : chr_file { relabelto };
allow init boottrace_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init tombstone_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init_power rootfs : file { ioctl read getattr lock open };
allow inputflinger inputflinger : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init mediadrmserver_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dumpstate cm_telephony_service : service_manager { find };
allow init sysinit_tmpfs : chr_file { relabelto };
allow system_server mediacodec : debuggerd { dump_backtrace };
allow init apk_private_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cameraserver perfd : unix_stream_socket { connectto };
allow sudaemon sudaemon : fd { use };
allow rild sdcard_type : dir { ioctl read getattr lock search open };
allow platform_app vr_manager_service : service_manager { find };
allow rmt debugfs_rmt_storage : dir { search };
allow domain_deprecated cache_file : dir { ioctl read getattr lock search open };
allow dhcp dhcp : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init cache_block_device : blk_file { ioctl read write getattr lock append open };
allow init fingerprintd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server oemfs : file { ioctl read getattr lock open };
allow cnss_diag cnss_diag : dir { ioctl read getattr lock search open };
allow shell cgroup : file { ioctl read getattr lock open };
type_transition isolated_app tmpfs : file isolated_app_tmpfs;
allow platform_app asec_apk_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain sdcardfs : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow platform_app ion_device : chr_file { ioctl read write getattr lock append open };
allow dhcp netd : unix_stream_socket { read write };
allow sysfs_power_management sysfs_power_management : filesystem { associate };
allow ims system_prop : property_service { set };
allow audioserver bluetooth_socket : sock_file { write };
allow init system_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init mdnsd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm themeservice_app themeservice_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm themeservice_app themeservice_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm themeservice_app themeservice_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow vdc dumpstate : unix_dgram_socket { read write };
allow google_camera_app app_api_service : service_manager { find };
allow gpsd gpsd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow audioserver bootanim : binder { call transfer };
allow servicemanager update_engine : binder { transfer };
allow system_app display_service : service_manager { find };
allow system_server adbd : unix_stream_socket { ioctl read write getattr getopt shutdown connectto };
allow debuggerd qmuxd : process { ptrace getattr };
allow appdomain method_trace_data_file : dir { write lock add_name remove_name search open };
allow hostapd netd : netlink_kobject_uevent_socket { read write };
allow init usermodehelper : file { ioctl read write getattr setattr lock append open };
allow fsck block_device : dir { search };
allow system_server autoplay_app : tcp_socket { read write getattr getopt setopt shutdown };
allow init diag_logs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init thermal_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow domain_deprecated proc_net : file { ioctl read getattr lock open };
allow cameraserver cameraserver : lnk_file { ioctl read getattr lock open };
allow rild rild : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow platform_app persistent_data_block_service : service_manager { find };
allow per_proxy per_mgr : fd { use };
allow init autoplay_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow atfwd atfwd : lnk_file { ioctl read getattr lock open };
type_transition update_engine tmpfs : file update_engine_tmpfs;
allow zygote zygote_tmpfs : file { read write };
allow debuggerd vdc : process { ptrace getattr };
allow runas runas : lnk_file { ioctl read getattr lock open };
allow init block_device : chr_file { read setattr open };
type_transition init subsystem_ramdump_exec : process subsystem_ramdump;
allow init dnsproxyd_socket : blk_file { relabelto };
allow debuggerd debuggerd : fd { use };
allow adbd ffs_prop : property_service { set };
allow runas shell : fifo_file { read write };
allow init ims_exec : file { read getattr execute open };
allow init mdnsd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_soc : dir { read setattr search open };
allow otapreopt_slot su : binder { call transfer };
allow preloads_copy preloads_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow kernel su : binder { call transfer };
allow cameraserver sysfs_type : lnk_file { ioctl read getattr lock open };
allow shell system_file : lnk_file { ioctl read getattr lock open };
allow atrace sysfs : lnk_file { ioctl read getattr lock open };
allow servicemanager keystore : file { read open };
allow drmserver mediaserver : dir { search };
allow system_server mediaextractor : debuggerd { dump_backtrace };
allow init system_ndebug_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow fsck vold : fd { use };
allow imscm su : binder { call transfer };
allow tee ssd_block_device : blk_file { read write open };
allow init input_device : chr_file { read setattr open };
allow init bootstat_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow per_mgr per_proxy : binder { call transfer };
allow perfprofd logcat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow debuggerd bluetooth : debuggerd { dump_backtrace };
allow init mtp_tmpfs : blk_file { relabelto };
allow system_server uncrypt_socket : sock_file { write };
allow audioserver power_service : service_manager { find };
type_transition init gatekeeperd_exec : process gatekeeperd;
allow update_engine update_engine : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow mediacodec servicemanager : binder { call transfer };
allow init user_profile_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow watchdogd init : process { sigchld };
allow init nfc_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow qmuxd qmuxd_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow postinstall otapreopt_chroot : process { transition siginh rlimitinh };
dontaudit postinstall otapreopt_chroot : process { noatsecure };
allow obdm_app sysfs : dir { ioctl read getattr lock search open };
allow healthd system_prop : file { ioctl read getattr lock open };
allow zygote kernel : security { compute_av check_context };
allow init_foreground proc : file { getattr };
allow init gpsd : process { transition siginh rlimitinh };
dontaudit init gpsd : process { noatsecure };
allow system_server app_data_file : file { read write getattr };
allow dnsmasq dhcp_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow bluetooth bluetooth_prop : file { ioctl read getattr lock open };
allow su su : binder { call transfer };
allow shell usagestats_service : service_manager { find };
allow blkid_untrusted sysfs : dir { ioctl read getattr lock search open };
allow nanoapp_cmd su : binder { call transfer };
allow system_server property_socket : sock_file { write };
dontaudit runas runas : capability { dac_override sys_module };
allow runas runas : capability { setgid setuid };
allow hostapd wifi_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow gatekeeperd su : fd { use };
allow system_server adbd : fd { use };
allow keystore keystore_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate alarm_service : service_manager { find };
allow init sysfs_video : file { read setattr open };
allow ims system_prop : file { ioctl read getattr lock open };
allow priv_app app_fuse_file : file { ioctl read write getattr lock append open };
allow init perfprofd_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init logd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnd cnd_socket : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init shared_relro_tmpfs : blk_file { relabelto };
allow audioserver audioserver : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow drmserver app_data_file : file { read write getattr };
allow init otapreopt_slot_tmpfs : chr_file { relabelto };
allow shell ctl_dumpstate_prop : property_service { set };
allow init autoplay_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow atrace atrace : lnk_file { ioctl read getattr lock open };
allow qmuxd qmuxd : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init dumpstate_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init keychain_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app cm_telephony_service : service_manager { find };
allow installd installd : fifo_file { ioctl read write getattr lock append open };
allow logd sysfs : file { ioctl read getattr lock open };
allow init audio_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver rpmsg_device : chr_file { ioctl read write getattr lock append open };
allow system_server configfs : file { write getattr unlink open };
allow servicemanager wpa : file { read open };
allow init qmuxd_exec : file { read getattr execute open };
allow servicemanager per_mgr : binder { transfer };
allow init mediaextractor : process { transition siginh rlimitinh };
dontaudit init mediaextractor : process { noatsecure };
dontaudit su servicemanager : service_manager { list };
allow servicemanager cameraserver : binder { transfer };
allow subsystem_ramdump su : binder { call transfer };
allow obdm_app keystore_service : service_manager { find };
allow init binfmt_miscfs : dir { read setattr search open };
allow qti-testscripts qti-testscripts : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow netd netd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm netd netd : udp_socket ioctl { 0x8914 0x8916 0x8927 };
allow dumpstate dropbox_service : service_manager { find };
allow runas shared_relro : process { dyntransition };
allow init ueventd_tmpfs : chr_file { relabelto };
allow init autoplay_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init apk_tmp_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su dev_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow dumpstate su : binder { call transfer };
allow mediacodec perfd_data_file : dir { search };
allow init mtpd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell fingerprint_service : service_manager { find };
allowxperm domain domain : unix_stream_socket ioctl { 0x5401 0x5411 0x5413-0x5414 0x541b 0x5451 };
allow dumpstate shell_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dumpstate vr_manager_service : service_manager { find };
type_transition irqbalance tmpfs : file irqbalance_tmpfs;
allow untrusted_app servicemanager : service_manager { list };
allow vold fsck : process { transition siginh rlimitinh };
dontaudit vold fsck : process { noatsecure };
allow otapreopt_slot shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init gatekeeperd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init bootstat_data_file : chr_file { relabelto };
allow postinstall_dexopt postinstall_dexopt : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow shell toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow bluetooth bluetooth : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm bluetooth bluetooth : udp_socket ioctl { 0x6900 0x6902 };
allowxperm bluetooth bluetooth : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm bluetooth bluetooth : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow init sysfs : lnk_file { ioctl read getattr lock relabelfrom open };
allow init init-qcom-qseecomd-sh_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow themeservice_app themeservice_app_tmpfs : file { read write execute };
allow wpa su : binder { call transfer };
allow init proc_cpuinfo : file { read setattr open };
allow dumpstate inputflinger : debuggerd { dump_backtrace };
allow cameraserver sysfs_type : dir { ioctl read getattr lock search open };
allow priv_app ota_package_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow servicemanager update_engine : process { getattr };
allow priv_app cameraserver_service : service_manager { find };
type_transition init thermal-engine_exec : process thermal-engine;
type_transition postinstall_dexopt postinstall_file : process dex2oat;
allow shared_relro shared_relro : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init update_engine_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow zygote zygote : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server update_engine : fd { use };
allow clatd su : binder { call transfer };
allow keystore themeservice_app : binder { transfer };
allow bootanim proc : dir { ioctl read getattr lock search open };
allow cnss_diag cnss_diag : fifo_file { ioctl read write getattr lock append open };
allow htc_ramdump ramdump_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init cppreopts_tmpfs : chr_file { relabelto };
allow system_server powerctl_prop : file { ioctl read getattr lock open };
allow init labeledfs : file { read setattr open };
allow blkid blkid : lnk_file { ioctl read getattr lock open };
allow binderservicedomain cameraserver : binder { transfer };
allow system_app ctl_default_prop : property_service { set };
allow shell keystore_service : service_manager { find };
allow dumpstate mediadrmserver : debuggerd { dump_backtrace };
allow vold device : dir { write };
allow vold userdata_block_device : blk_file { ioctl read write getattr lock append open };
allow shell textservices_service : service_manager { find };
allow init mnt_media_rw_stub_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init wifi_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netd sysfs : lnk_file { ioctl read getattr lock open };
allow kernel kernel : dir { ioctl read getattr lock search open };
allow netmgrd su : binder { call transfer };
type_transition init install_recovery_exec : process install_recovery;
allow perfprofd perfprofd : lnk_file { ioctl read getattr lock open };
allow cameraserver camera_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server thermal_socket : sock_file { write };
allow init_radio su : binder { call transfer };
allow runas runas : file { ioctl read write getattr lock append open };
allow system_app debug_prop : file { ioctl read getattr lock open };
allow google_camera_app google_camera_app_tmpfs : file { read write execute };
allow shell log_tag_prop : property_service { set };
allow keystore sysfs : dir { ioctl read getattr lock search open };
allow mediacodec mediacodec_service : service_manager { add };
allow init ssr_setup_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild per_mgr : binder { call transfer };
allow audioserver ion_device : chr_file { ioctl read getattr lock open };
allow init ota_data_file : blk_file { relabelto };
allow init atfwd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init isolated_app_tmpfs : blk_file { relabelto };
allow system_server sysfs_type : lnk_file { ioctl read getattr lock open };
allow sgdisk sgdisk : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init netmgrd_socket : blk_file { relabelto };
allow init tzdatacheck_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow location location : dir { ioctl read getattr lock search open };
allow qmuxd qmuxd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_app accessibility_service : service_manager { find };
allow lmkd init : process { sigchld };
allow init asec_apk_file : chr_file { relabelto };
allow system_app cne_service : service_manager { add find };
allow ims ims : fd { use };
allow system_app ctl_bugreport_prop : file { ioctl read getattr lock open };
allow su su : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow per_mgr per_mgr : dir { ioctl read getattr lock search open };
allow watchdogd kmsg_device : chr_file { ioctl read write getattr lock append open };
allow system_app ctl_default_prop : file { ioctl read getattr lock open };
allow kernel proc_sysrq : file { write lock append open };
allow init bluetooth_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netdomain mdnsd_socket : sock_file { write };
allow update_engine servicemanager : binder { call transfer };
allow mediaserver system_server : fifo_file { ioctl read getattr lock open };
allow servicemanager appdomain : file { read open };
allow netd netd : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init misc_block_device : chr_file { read setattr open };
allow bootanim cgroup : file { ioctl read getattr lock open };
allow surfaceflinger graphics_device : chr_file { ioctl read write getattr lock append open };
allow audioserver su : binder { call transfer };
allow uncrypt ota_package_file : file { ioctl read getattr lock open };
allow init sysfs_thermal : file { read setattr open };
allow init inputflinger_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow isolated_app su : binder { call transfer };
allow appdomain dumpstate : fifo_file { write getattr };
allow init apk_private_tmp_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cnd_socket : chr_file { relabelto };
allow init logd_tmpfs : blk_file { relabelto };
allow priv_app apk_tmp_file : dir { ioctl read getattr lock search open };
allow init mtp_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mediaserver appdomain : binder { call transfer };
allow system_server zoneinfo_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allowxperm priv_app priv_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm priv_app priv_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8927 0x8933 0x8938 0x8942 };
allowxperm priv_app priv_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b1b 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow priv_app priv_app : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
dontaudit sudaemon port_type : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow servicemanager atrace : file { read open };
allow drmserver efs_file : lnk_file { ioctl read getattr lock open };
allow init perfd_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd update_verifier : process { ptrace getattr };
allow mtp mtp : lnk_file { ioctl read getattr lock open };
allow init surfaceflinger_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow radio sysfs : dir { ioctl read getattr lock search open };
allow vold media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow uncrypt media_rw_data_file : dir { ioctl read getattr lock search open };
allow servicemanager mediacodec : dir { search };
allow init cnss_diag_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init qmuxd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow radio audioserver_service : service_manager { find };
allow postinstall_dexopt postinstall_dexopt : lnk_file { ioctl read getattr lock open };
allow clatd tun_device : chr_file { ioctl read write getattr lock append open };
allow init time_tmpfs : blk_file { relabelto };
allow perfd perfd : fifo_file { ioctl read write getattr lock append open };
allow system_app connectivity_service : service_manager { find };
allow shell debugfs_tracing : dir { ioctl read getattr lock search open };
allow bluetooth bluetooth_service : service_manager { find };
allow installd installd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_server anr_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow inputflinger system_server : binder { call transfer };
allow init sap_uim_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app pinner_service : service_manager { find };
allow domain ptmx_device : chr_file { ioctl read write getattr lock append open };
allow init update_engine_exec : file { read getattr execute open };
allow init tee : process { transition siginh rlimitinh };
dontaudit init tee : process { noatsecure };
allow init anr_data_file : blk_file { relabelto };
allow boot_control_hal boot_block_device : blk_file { getattr };
allow init tee_tmpfs : chr_file { relabelto };
allow init init_radio_exec : file { read getattr execute open };
allow ims init : unix_stream_socket { connectto };
allow bootanim sysfs : file { ioctl read getattr lock open };
allow mediaserver themeservice_app_data_file : dir { ioctl read getattr lock search open };
allow system_app commontime_management_service : service_manager { find };
allow camera sysfs_msm_subsys : file { ioctl read getattr lock open };
allow init servicemanager_tmpfs : blk_file { relabelto };
allow ueventd sysfs : file { ioctl read write getattr lock relabelfrom append open };
allow system_server fingerprintd : fd { use };
allow init imscm : process { transition siginh rlimitinh };
dontaudit init imscm : process { noatsecure };
allow init cache_file : chr_file { relabelto };
allow cameraserver sysfs_enable_ps_sensor : file { write lock append open };
allow runas runas : fd { use };
allow installd radio_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow preopt2cachename cppreopts : fifo_file { read write getattr };
allow mediadrmserver init : process { sigchld };
allow surfaceflinger dumpstate : dir { ioctl read getattr lock search open };
allow kernel firmware_file : dir { ioctl read getattr lock search open };
allow init contextmount_type : fifo_file { ioctl read getattr lock open };
allow mediadrmserver perfd : unix_stream_socket { connectto };
allow keystore nfc : file { read open };
allow dumpstate audio_service : service_manager { find };
allow update_verifier init : process { sigchld };
allow dumpstate domain : file { ioctl read getattr lock open };
dontaudit su port_type : unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow location servicemanager : binder { call transfer };
allow update_engine sysfs : file { ioctl read getattr lock open };
allow dumpstate shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow domain userdata_block_device : blk_file { getattr };
allow proc_uid_cputime_showstat proc_uid_cputime_showstat : filesystem { associate };
allow init tee_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow nanoapp_cmd nanoapp_cmd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow bluetooth bluetooth : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow wcnss_filter proc_sysrq : file { write lock append open };
allow init drmserver_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init mnt_media_rw_stub_file : chr_file { relabelto };
allow system_app network_management_service : service_manager { find };
allow appdomain apk_data_file : dir { ioctl read getattr lock search open };
allow vold fuse_device : chr_file { ioctl read write getattr lock append open };
allow wcnss_filter wcnss_filter_exec : file { read getattr execute entrypoint open };
allowxperm isolated_app isolated_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm isolated_app isolated_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm isolated_app isolated_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow init netmgrd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow zygote system_file : dir { ioctl read getattr lock search open };
allow init gps_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init racoon_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allowxperm untrusted_app untrusted_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm untrusted_app untrusted_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm untrusted_app untrusted_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow untrusted_app untrusted_app : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow gpsd gpsd : fd { use };
allow bluetooth sysfs : file { ioctl read getattr lock open };
allow init cnd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediadrmserver su : fd { use };
allow binderservicedomain system_server : binder { transfer };
allow init vold_data_file : sock_file { relabelto };
allow sysfs_mac_address sysfs_mac_address : filesystem { associate };
allow camera camera : file { ioctl read write getattr lock append open };
allow shared_relro app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server appdomain : fifo_file { read write getattr };
allow mm-pp-daemon mm-pp-daemon : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init tee_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init location_data_file : chr_file { relabelto };
allow init bluetooth_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver audioserver_service : service_manager { find };
allow recovery_persist init : process { sigchld };
allow recovery_persist su : binder { call transfer };
allow init sysfs_usb : blk_file { relabelto };
allow shared_relro app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server uhid_device : chr_file { ioctl read write getattr lock append open };
allow init profman_dump_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon domain : appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init radio_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app preloads_data_file : dir { ioctl read getattr lock search open };
allow dex2oat sysfs : lnk_file { ioctl read getattr lock open };
allow ims su : binder { call transfer };
allow netmgrd netmgrd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow dhcp sysfs : lnk_file { ioctl read getattr lock open };
allow netmgrd netmgrd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm netmgrd netmgrd : udp_socket ioctl { 0x6900 0x6902 };
allowxperm netmgrd netmgrd : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8939 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm netmgrd netmgrd : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow location sysfs_type : file { ioctl read getattr lock open };
allow irqbalance irqbalance_tmpfs : file { read write };
allow init surfaceflinger_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app activity_service : service_manager { find };
allow init nfc_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow debuggerd surfaceflinger : process { ptrace getattr };
allow adbd media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init uncrypt_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init mkfs_exec : process mkfs;
allow profman su : binder { call transfer };
allow recovery_persist recovery_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow zygote autoplay_app : process { getpgid setpgid dyntransition };
allow dumpstate qtaguid_proc : file { ioctl read getattr lock open };
allow system_app network_score_service : service_manager { find };
allow drmserver drmserver : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow radio system_api_service : service_manager { find };
allow bluetooth init : unix_stream_socket { connectto };
allow install_recovery install_recovery : lnk_file { ioctl read getattr lock open };
allow init recovery_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init mediadrmserver : process { transition siginh rlimitinh };
dontaudit init mediadrmserver : process { noatsecure };
allow domain_deprecated system_data_file : lnk_file { ioctl read getattr lock open };
allow debuggerd platform_app : process { ptrace getattr };
allow init preloads_copy_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cppreopts_exec : file { read getattr execute open };
allow nanohub_slpi init : process { sigchld };
allow init bluetooth_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mediaextractor mediaextractor : file { ioctl read write getattr lock append open };
allow system_server dumpstate : binder { call transfer };
allow adbd servicemanager : binder { call transfer };
allow init time_exec : file { read getattr execute open };
allow domain_deprecated apk_data_file : dir { getattr search };
type_transition init logd_exec : process logd;
allow init cnss-daemon_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow install_recovery cache_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init init_power : process { transition siginh rlimitinh };
dontaudit init init_power : process { noatsecure };
allow mtp mtp : fifo_file { ioctl read write getattr lock append open };
allow dumpstate misc_logd_file : dir { ioctl read getattr lock search open };
type_transition install_recovery tmpfs : file install_recovery_tmpfs;
type_transition init recovery_persist_exec : process recovery_persist;
allow shell appwidget_service : service_manager { find };
allow atrace atrace : dir { ioctl read getattr lock search open };
allowxperm domain domain : netlink_kobject_uevent_socket ioctl { 0x0 };
allow zygote system_server : process { getpgid setpgid dyntransition };
allow autoplay_app system_server : binder { call transfer };
allow system_server persist_file : dir { search };
allow perfd perfd : file { ioctl read write getattr lock append open };
allow init dnsproxyd_socket : chr_file { relabelto };
allow servicemanager update_verifier : binder { transfer };
allow init wpa_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow gpsd gpsd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init irsc_util_tmpfs : chr_file { relabelto };
allow init init : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mediaserver sysfs_soc : dir { search };
dontaudit sudaemon domain : socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allowxperm domain domain : socket ioctl { 0x0 };
allow dhcp dhcp : capability { setgid setuid net_bind_service net_admin net_raw };
dontaudit dhcp dhcp : capability { sys_module };
allow init perfd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init shell_data_file : dir { ioctl read create getattr setattr relabelto search open };
allow preopt2cachename su : binder { call transfer };
allow servicemanager recovery : binder { transfer };
allow servicemanager atrace : dir { search };
allow dumpstate assetatlas_service : service_manager { find };
allow init cameraserver_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cache_recovery_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow dhcp dhcp_exec : file { read getattr execute entrypoint open };
allow dumpstate autoplay_app : binder { call transfer };
allow gatekeeperd gatekeeperd_exec : file { read getattr execute entrypoint open };
allow adbd adb_keys_file : dir { search };
allow clatd netd : netlink_route_socket { read write };
allow init vold_data_file : chr_file { relabelto };
allow init persist_property_file : blk_file { relabelto };
allow mediadrmserver mediadrmserver : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow servicemanager blkid_untrusted : binder { transfer };
allow platform_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init thermal-engine_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sudaemon_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm mediaserver mediaserver : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm mediaserver mediaserver : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediaserver mediaserver : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediaserver mediaserver : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow ims ims : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init debuggerd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow fsck sysfs : dir { ioctl read getattr lock search open };
allow system_server autoplay_data_file : dir { read getattr search };
allow debuggerd preloads_copy : process { ptrace getattr };
allow surfaceflinger graphics_device : dir { search };
allow camera video_device : chr_file { ioctl read write getattr lock append open };
allow init su_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init mm-pp-daemon_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dnsmasq netd : process { sigchld };
allow init recovery_persist_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ssr_setup ssr_setup : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow shell window_service : service_manager { find };
allow dumpstate processinfo_service : service_manager { find };
allow bluetooth system_api_service : service_manager { find };
allow init bluetooth_socket : chr_file { relabelto };
allow shared_relro shared_relro : dir { ioctl read getattr lock search open };
allow appdomain user_profile_foreign_dex_data_file : file { create };
dontaudit appdomain user_profile_foreign_dex_data_file : file { read open };
allow surfaceflinger permission_service : service_manager { find };
allow mediaserver mediaserver_exec : file { read getattr execute entrypoint open };
allow domain pmsg_device : chr_file { write lock append open };
allow system_server audioserver : tcp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow wpa keystore : keystore_key { get sign verify };
allow system_app cm_livedisplay_service : service_manager { find };
allow domain su : fd { use };
allow init shortcut_manager_icons : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition qmuxd tmpfs : file qmuxd_tmpfs;
allow nanoapp_cmd nanoapp_cmd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow otapreopt_chroot postinstall_dexopt : process { transition siginh rlimitinh };
dontaudit otapreopt_chroot postinstall_dexopt : process { noatsecure };
allow ueventd sysfs_video : file { write lock append open };
allow time diag_device : chr_file { ioctl read write getattr lock append open };
allow system_server resourcecache_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow proc_meminfo proc_meminfo : filesystem { associate };
allow init rmt_tmpfs : chr_file { relabelto };
type_transition mm-pp-daemon tmpfs : file mm-pp-daemon_tmpfs;
allow dumpstate DockObserver_service : service_manager { find };
allow dumpstate radio_service : service_manager { find };
allow init netd_tmpfs : chr_file { relabelto };
allow sysfs_devices_system_cpu sysfs_devices_system_cpu : filesystem { associate };
allow update_engine sysfs : lnk_file { ioctl read getattr lock open };
allow init persist_file : dir { ioctl read write create getattr setattr relabelfrom relabelto mounton add_name remove_name search rmdir open };
allow system_app print_service : service_manager { find };
dontaudit sudaemon file_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow shell proc : dir { ioctl read getattr lock search open };
allow init proc_meminfo : dir { read setattr search open };
allow init perfd_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su file_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow hci_attach kernel : system { module_request };
allow vold tmpfs : filesystem { mount unmount };
allow drmserver tee : unix_stream_socket { connectto };
allow ims netmgrd : unix_stream_socket { connectto };
allow init per_proxy_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app appops_service : service_manager { find };
allow installd install_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init system_app_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init wcnss_filter_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init_power init_power : fd { use };
allow dumpstate cm_livelockscreen_service : service_manager { find };
allow themeservice_app themeservice_app : lnk_file { ioctl read getattr lock open };
allow surfaceflinger persist_display_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow keystore shell : process { getattr };
allow init adbd_socket : chr_file { relabelto };
allow per_mgr sysfs : dir { ioctl read getattr lock search open };
allow appdomain fuseblk : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow lmkd lmkd : lnk_file { ioctl read getattr lock open };
allow init domain : process { sigkill signal };
allow ims qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow ims ims : fifo_file { ioctl read write getattr lock append open };
allow htc_ramdump rootfs : file { ioctl read getattr lock open };
allow system_app wallpaper_service : service_manager { find };
allow update_engine update_engine : capability2 { block_suspend };
allow init lmkd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init update_engine_data_file : blk_file { relabelto };
allow shell keystore : keystore_key { get_state get insert delete exist list sign verify };
allow nfc drmserver_service : service_manager { find };
allow netmgrd property_socket : sock_file { write };
allow install_recovery proc_drop_caches : file { write lock append open };
allow init sensors_device : chr_file { read setattr open };
allow init vold_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow qmuxd qmuxd_tmpfs : file { read write };
allow init wpa_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init firmware_file : dir { mounton };
allow radio rild : unix_stream_socket { connectto };
allow domain device : dir { search };
allow vold asec_public_file : dir { setattr relabelto };
allow keystore google_camera_app : file { read open };
allow init uncrypt_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow otapreopt_chroot labeledfs : filesystem { mount };
allow zygote zygote : capability { chown dac_override fowner setgid setuid setpcap sys_admin };
dontaudit zygote zygote : capability { sys_module };
allow mediaserver media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow qti-testscripts qti-testscripts : lnk_file { ioctl read getattr lock open };
allow init per_proxy_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init per_mgr_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init postinstall_mnt_dir : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow update_verifier su : fd { use };
allow dex2oat dex2oat : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow recovery_refresh su : fd { use };
allow init adb_keys_file : chr_file { relabelto };
allow system_app location_service : service_manager { find };
allow google_camera_app google_camera_app : dir { ioctl read getattr lock search open };
allow dhcp netd : netlink_kobject_uevent_socket { read write };
allow init configfs : file { read setattr open };
allow mm-pp-daemon mm-pp-daemon_tmpfs : file { read write };
allow appdomain oemfs : dir { ioctl read getattr lock search open };
allow wpa system_wpa_socket : sock_file { write };
allow init gps_control : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit sudaemon fs_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow bootanim bootanim_tmpfs : file { read write };
allow init subsystem_ramdump : process { transition siginh rlimitinh };
dontaudit init subsystem_ramdump : process { noatsecure };
allow system_server storage_file : lnk_file { read getattr };
allow appdomain user_profile_data_file : dir { write add_name search };
allow bluetooth su : binder { call transfer };
allow fuseblk fuseblk : filesystem { associate };
dontaudit sudaemon domain : netlink_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server sensors_prop : property_service { set };
allow domain_deprecated cache_file : file { read getattr };
allow update_engine update_engine_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow port-bridge port-bridge : file { ioctl read write getattr lock append open };
allow sysinit sysinit : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init system_wpa_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow atrace boottrace_data_file : file { ioctl read getattr lock open };
allow app_fuse_file app_fusefs : filesystem { associate };
allow init cache_private_backup_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_devices_system_cpu : file { read setattr open };
allow system_server themeservice_app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow postinstall servicemanager : binder { call transfer };
allow sysinit sysinit : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit setcurrent };
allow init property_contexts : blk_file { relabelto };
allow bluetooth bluetooth : file { ioctl read write getattr lock append open };
allow init update_engine_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell device_policy_service : service_manager { find };
allow system_app batterystats_service : service_manager { find };
allow atrace debugfs_tracing : file { ioctl read getattr lock open };
allow autoplay_app audioserver : binder { transfer };
allow init platform_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager netd : process { getattr };
allow system_server system_server : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm system_server system_server : udp_socket ioctl { 0x6900 0x6902 };
allowxperm system_server system_server : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm system_server system_server : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow untrusted_app asec_apk_file : file { ioctl read getattr lock open };
allow init gps_socket : chr_file { relabelto };
allow vold tmpfs : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
allow init unlabeled : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow keystore fingerprintd : process { getattr };
allow otapreopt_slot init : process { sigchld };
allow mediacodec sysfs_soc : dir { search };
allow wpa wpa : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow hostapd netd : fd { use };
allow shell jobscheduler_service : service_manager { find };
allow mediaextractor mediaextractor : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init wcnss_filter_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain properties_device : dir { ioctl read getattr lock search open };
allowxperm sudaemon sudaemon : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm sudaemon sudaemon : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm sudaemon sudaemon : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow sudaemon sudaemon : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow shell update_engine_service : service_manager { find };
allow keystore racoon : dir { search };
allow init ssr_setup : process { transition siginh rlimitinh };
dontaudit init ssr_setup : process { noatsecure };
allow system_server gatekeeperd : fd { use };
allow inputflinger servicemanager : binder { call transfer };
allow mediacodec init : process { sigchld };
allow init ringtone_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition adsprpcd tmpfs : file adsprpcd_tmpfs;
allow init icon_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow profman asec_apk_file : file { read };
allow wpa wifi_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init sysfs_type : lnk_file { read relabelto };
allow init sudaemon_tmpfs : blk_file { relabelto };
allow isolated_app isolated_app : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init nativetest_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init storage_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init misc_block_device : blk_file { write lock append open };
allow system_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow surfaceflinger surfaceflinger_service : service_manager { add find };
dontaudit vold proc_irq : dir { read };
allow fsck vold : process { sigchld };
allow perfprofd perfprofd_tmpfs : file { read write };
allow kernel priv_app : fd { use };
allow installd misc_user_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow app_fusefs app_fusefs : filesystem { associate };
allow init irsc_util_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app textservices_service : service_manager { find };
allow domain sysfs_usb : dir { ioctl read getattr lock search open };
allow init cache_recovery_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su fs_type : filesystem { mount remount unmount getattr relabelfrom relabelto transition associate quotamod quotaget };
dontaudit update_engine kernel : process { setsched };
allow bluetooth bluetooth_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow watchdogd su : fd { use };
allow servicemanager mm-pp-daemon : binder { transfer };
allow init gpsd_tmpfs : blk_file { relabelto };
allow init logd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd mediaserver : process { ptrace getattr };
allow racoon racoon : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow dumpstate midi_service : service_manager { find };
allow dumpstate input_method_service : service_manager { find };
allow tzdatacheck sysfs : dir { ioctl read getattr lock search open };
allow thermal-engine thermal-engine_tmpfs : file { read write };
allow shell DockObserver_service : service_manager { find };
allow init property_contexts : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain system_data_file : lnk_file { read };
allow drmserver sdcard_type : dir { search };
allow dumpstate connectivity_service : service_manager { find };
allow init nanohub_slpi_tmpfs : chr_file { relabelto };
allow logd logd : capability { setgid setuid sys_nice audit_control };
dontaudit logd logd : capability { sys_module };
allow perfprofd sysfs : file { ioctl read getattr lock open };
allow shell apk_data_file : file { ioctl read getattr lock open };
allow init drmserver_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init init_tmpfs : chr_file { relabelto };
allow system_server dalvikcache_data_file : file { execute };
allow audioserver perfd : unix_stream_socket { connectto };
allow otapreopt_chroot su : fd { use };
allow dnsmasq netd : unix_stream_socket { read write };
allow hci_attach init : process { sigchld };
allow servicemanager cnd : binder { transfer };
allow servicemanager blkid : binder { transfer };
allow debuggerd clatd : process { ptrace getattr };
allow wpa keystore : fd { use };
allow slideshow slideshow : capability { sys_tty_config };
dontaudit slideshow slideshow : capability { sys_module };
allow system_app sysfs_msm_subsys : file { ioctl read getattr lock open };
allow google_camera_app google_camera_app : file { ioctl read write getattr lock append open };
allow vold app_data_file : dir { search };
allow priv_app drmserver_service : service_manager { find };
allow system_server netd_service : service_manager { find };
allow init init : file { ioctl read write getattr lock append open };
allow slideshow sysfs : lnk_file { ioctl read getattr lock open };
allow ims netmgrd_socket : sock_file { write };
allow shell midi_service : service_manager { find };
allow mediacodec video_device : chr_file { ioctl read write getattr lock append open };
allow debuggerd toolbox : process { ptrace getattr };
allow system_server lmkd_socket : sock_file { write };
allow nfc init : unix_stream_socket { connectto };
allow init priv_app_tmpfs : chr_file { relabelto };
allow cnss_diag sysfs_type : lnk_file { ioctl read getattr lock open };
allow fsck sysfs : file { ioctl read getattr lock open };
allow hci_attach sysfs : dir { ioctl read getattr lock search open };
allow dhcp netd : unix_dgram_socket { read write };
allow priv_app sysfs_type : dir { ioctl read getattr lock search open };
allow ppp mtp : socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm ppp mtp : socket ioctl { 0x7436-0x7441 0x7446-0x7447 0x744b-0x745a 0x7480-0x7488 };
allow debugfs debugfs : filesystem { associate };
allow init wpa : process { transition siginh rlimitinh };
dontaudit init wpa : process { noatsecure };
dontaudit su file_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow ueventd firmware_file : lnk_file { ioctl read getattr lock open };
allow system_server sysfs_zram : file { ioctl read getattr lock open };
allow init watchdogd : process { transition siginh rlimitinh };
dontaudit init watchdogd : process { noatsecure };
allow location system_server : binder { call transfer };
allow shell input_device : dir { ioctl read getattr lock search open };
allow debuggerd bootanim : process { ptrace getattr };
allow init install_recovery_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow radio app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow google_camera_app system_app_data_file : file { read write getattr };
allow init hci_attach_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shared_relro ion_device : chr_file { ioctl read write getattr lock append open };
allow surfaceflinger dumpstate : fd { use };
allow init servicemanager_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow netd servicemanager : binder { call transfer };
allow radio keystore : fd { use };
allow appdomain storage_file : lnk_file { ioctl read getattr lock open };
allow servicemanager fingerprintd : process { getattr };
allow system_server gatekeeper_service : service_manager { find };
allow system_app permission_service : service_manager { find };
allow lmkd appdomain : process { sigkill };
allow obdm_app ion_device : chr_file { ioctl read write getattr lock append open };
allow init irqbalance_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mediadrmserver mediadrmserver : lnk_file { ioctl read getattr lock open };
allow mediadrmserver servicemanager : binder { call transfer };
allow irsc_util irsc_util : fd { use };
allow init sap_uim_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init apk_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init misc_user_data_file : blk_file { relabelto };
allow gatekeeperd gatekeeper_service : service_manager { add find };
allow nanoapp_cmd init : process { sigchld };
allow init bluetooth_tmpfs : blk_file { relabelto };
allow system_server autoplay_app : unix_stream_socket { read write getattr };
dontaudit hci_attach hci_attach : capability { sys_module };
allow netd dnsmasq_exec : file { read getattr execute open };
allow init thermal-engine_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow cameraserver video_device : dir { ioctl read getattr lock search open };
allow obdm_app sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
type_transition init cnss-daemon_exec : process cnss-daemon;
allow sysfs sysfs : filesystem { associate };
allow servicemanager postinstall : dir { search };
allow untrusted_app untrusted_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow surfaceflinger dumpstate : binder { call transfer };
allow recovery recovery : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init themeservice_app_tmpfs : chr_file { relabelto };
allow isolated_app isolated_app_tmpfs : file { read write execute };
allow init init_foreground_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app statusbar_service : service_manager { find };
allow netd su : fd { use };
allow init radio_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app untrusted_app : lnk_file { ioctl read getattr lock open };
allow nfc radio_service : service_manager { find };
allow mtp sysfs : lnk_file { ioctl read getattr lock open };
allow init keystore_data_file : sock_file { relabelto };
allow appdomain misc_user_data_file : dir { ioctl read getattr lock search open };
allow vold rootfs : file { ioctl read getattr lock execute entrypoint open };
allow init ringtone_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore keystore : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow bluetooth media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow imscm imscm : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
dontaudit sudaemon dev_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow servicemanager camera : binder { transfer };
allow init log_device : chr_file { read setattr open };
allow ueventd wifi_data_file : file { ioctl read getattr lock open };
allow ueventd device : chr_file { ioctl read write getattr lock append open };
allow system_app system_radio_prop : file { ioctl read getattr lock open };
allow location location : lnk_file { ioctl read getattr lock open };
allow init keychain_data_file : blk_file { relabelto };
allow qmuxd qmuxd_socket : dir { write lock add_name remove_name search open };
allow tee tee_exec : file { read getattr execute entrypoint open };
allow init subsystem_ramdump_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init tee_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init misc_logd_file : chr_file { relabelto };
allow autoplay_app autoplay_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow sgdisk block_device : dir { search };
allow init installd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init contextmount_type : sock_file { ioctl read getattr lock open };
allow init keychain_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init sysfs_writable : file { read setattr open };
allow init rtc_device : chr_file { read setattr open };
allow wpa wpa : capability { setgid setuid net_admin net_raw };
dontaudit wpa wpa : capability { sys_module };
allow init sysfs_usb : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init tee_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow runas nfc : process { dyntransition };
allow irqbalance proc : lnk_file { ioctl read getattr lock open };
allow dumpstate dalvikcache_data_file : file { execute };
allow init resourcecache_data_file : blk_file { relabelto };
dontaudit su su : memprotect { mmap_zero };
allowxperm domain domain : netlink_socket ioctl { 0x0 };
allow mediaserver mediaserver : file { ioctl read write getattr lock append open };
allow cnss-daemon cnss-daemon : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init shared_relro_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow untrusted_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename execute execute_no_trans execmod open };
allow init netmgrd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow idmap su : binder { call transfer };
allow cnd cnd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow camera camera : fifo_file { ioctl read write getattr lock append open };
allow init htc_ramdump_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow bootanim bootanim : fifo_file { ioctl read write getattr lock append open };
allow domain debuggerd : unix_stream_socket { connectto };
allow dumpstate dreams_service : service_manager { find };
allow vold ctl_fuse_prop : file { ioctl read getattr lock open };
type_transition sdcardd system_data_file : dir media_rw_data_file;
type_transition priv_app devpts : chr_file priv_app_devpts;
allow radio ion_device : chr_file { ioctl read write getattr lock append open };
allow atfwd servicemanager : binder { call transfer };
allow domain_deprecated system_file : lnk_file { ioctl read getattr lock open };
allow subsystem_ramdump subsystem_ramdump : lnk_file { ioctl read getattr lock open };
allow htc_ramdump init : unix_stream_socket { connectto };
allow keystore sysfs : file { ioctl read getattr lock open };
allow mdnsd mdnsd_tmpfs : file { read write };
allow dumpstate atfwd_service : service_manager { find };
allow shell shell_prop : file { ioctl read getattr lock open };
allow domain system_file : file { read getattr execute open };
allow init autoplay_app_tmpfs : blk_file { relabelto };
allow qmuxd qmuxd_exec : file { read getattr execute entrypoint open };
dontaudit sudaemon property_type : property_service { set };
allow uncrypt userdata_block_device : blk_file { write lock append open };
allow init mediaextractor_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server diag_device : chr_file { ioctl read write getattr lock append open };
allow install_recovery install_recovery : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow gatekeeperd servicemanager : binder { call transfer };
allow debuggerd nanohub_slpi : process { ptrace getattr };
allow init install_recovery_tmpfs : blk_file { relabelto };
allow postinstall update_engine_common : process { sigchld };
allowxperm nfc nfc : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm nfc nfc : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm nfc nfc : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow nfc nfc : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init bluetooth_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app usb_service : service_manager { find };
allow servicemanager ueventd : binder { transfer };
allow init mediaserver_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init proc_uid_cputime_showstat : file { read setattr open };
allow sdcardd vold : process { sigchld };
allow zygote zygote : fifo_file { ioctl read write getattr lock append open };
allow init vdc_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app backup_service : service_manager { find };
allow binderservicedomain dumpstate : unix_stream_socket { read write getattr getopt };
allow debuggerd security_file : file { ioctl read getattr lock open };
allow init livedisplay_sysfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
type_transition otapreopt_chroot postinstall_file : process postinstall_dexopt;
allow debuggerd racoon : process { ptrace getattr };
allow init dhcp_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server radio_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow bluetooth app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow installd unlabeled : sock_file { getattr setattr relabelfrom unlink rename };
allow init apk_tmp_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd ueventd : file { ioctl read write getattr lock append open };
allow subsystem_ramdump subsystem_ramdump : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow qti-testscripts qti-testscripts : file { ioctl read write getattr lock append open };
allow servicemanager postinstall : binder { transfer };
allow dumpstate logdr_socket : sock_file { write };
dontaudit sudaemon domain : netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow vold asec_image_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow thermal-engine uio_device : chr_file { ioctl read write getattr lock append open };
allow init subsystem_ramdump_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sysfs_type sysfs : filesystem { associate };
allow system_app system_app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow su su_exec : file { read getattr execute entrypoint open };
allow vold apk_data_file : dir { create getattr setattr };
allow shell battery_service : service_manager { find };
allow postinstall postinstall_file : lnk_file { ioctl read getattr lock open };
allow ims ims_socket : sock_file { write };
allow themeservice_app themeservice_app : file { ioctl read write getattr lock append open };
allow shell dreams_service : service_manager { find };
allow netd netdomain : tun_socket { read write getattr setattr getopt setopt };
allow init sysfs_devices_system_iosched : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su domain : packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init gps_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall su : binder { call transfer };
allow sgdisk sgdisk : capability { sys_admin };
dontaudit sgdisk sgdisk : capability { sys_module };
dontaudit mediaserver mediaserver : capability { sys_module };
allow dumpstate gpu_service : service_manager { find };
allow init sysinit_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow vold vold : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setexec setfscreate setrlimit };
allow system_server location_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow preloads_copy preloads_copy_tmpfs : file { read write };
allow system_server proc_uid_cputime_removeuid : file { write getattr lock append open };
dontaudit init_radio init_radio : capability { sys_module };
allow init_radio init_radio : capability { chown };
allow init thermal-engine_tmpfs : chr_file { relabelto };
allow init bluetooth_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore bluetooth : dir { search };
allow init netd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app superuser_device : dir { ioctl read write create getattr setattr lock unlink add_name remove_name search open };
allow init bt_firmware_file : blk_file { relabelto };
allow init fingerprintd_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold app_fusefs : filesystem { mount unmount relabelfrom relabelto };
allow fsck_untrusted devpts : chr_file { ioctl read write getattr };
allow radio radio : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
dontaudit su domain : unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom };
allow init wpa_exec : file { read getattr execute open };
allow mm-pp-daemon mm-pp-daemon : fifo_file { ioctl read write getattr lock append open };
allow obdm_app keystore : fd { use };
type_transition init mm-pp-daemon_exec : process mm-pp-daemon;
allow init misc_logd_file : sock_file { relabelto };
allow vold dm_device : chr_file { ioctl read write getattr lock append open };
allow htc_ramdump kmsg_device : chr_file { append open };
allow appdomain backup_data_file : file { read write getattr };
allow system_server safemode_prop : file { ioctl read getattr lock open };
allow system_server frp_block_device : blk_file { ioctl read write getattr lock append open };
allow atrace sysfs : dir { ioctl read getattr lock search open };
allow dumpstate kill_switch_service : service_manager { find };
allow system_server oemfs : lnk_file { ioctl read getattr lock open };
allow dumpstate restrictions_service : service_manager { find };
allow priv_app ringtone_file : file { read write getattr };
allow mediaserver oemfs : file { ioctl read getattr lock open };
allow shell cm_status_bar_service : service_manager { find };
dontaudit recovery_persist recovery_persist : capability { sys_module };
allow dumpstate dumpstate : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init recovery_refresh : process { transition siginh rlimitinh };
dontaudit init recovery_refresh : process { noatsecure };
allow init cameraserver_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init dalvikcache_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init debugfs : file { read getattr setattr relabelfrom open };
allow init binder_device : chr_file { read setattr open };
allow debuggerd sysfs : lnk_file { ioctl read getattr lock open };
allow init sysfs_enable_ps_sensor : dir { read setattr search open };
allow domain_deprecated cgroup : file { ioctl read getattr lock open };
allow init cnd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netd dumpstate : fifo_file { write getattr };
allow init bluetooth_efs_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd shared_relro_file : file { ioctl read getattr lock open };
type_transition inputflinger tmpfs : file inputflinger_tmpfs;
allow init logdw_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init logdr_socket : blk_file { relabelto };
allow init system_wpa_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su netif_type : netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send ingress egress };
allow postinstall_dexopt apk_data_file : lnk_file { ioctl read getattr lock open };
allow init media_rw_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate network_time_update_service : service_manager { find };
allow thermal-engine qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow init logcat_exec : file { read getattr execute open };
allow priv_app system_api_service : service_manager { find };
allow boot_control_hal gpt_block_device : blk_file { ioctl read write getattr lock append open };
allow debuggerd input_device : chr_file { ioctl read write getattr lock append open };
allow init swap_block_device : blk_file { ioctl read write getattr lock append open };
allow zygote proc_net : lnk_file { ioctl read getattr lock open };
allow installd asec_image_file : file { getattr };
allow untrusted_app shell_data_file : dir { ioctl read getattr lock search open };
allow servicemanager cnss_diag : binder { transfer };
allow init fwmarkd_socket : chr_file { relabelto };
allow drmserver drmserver : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init rild_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init_power sysfs_power_management : file { write };
allow hostapd wpa_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow healthd su : binder { call transfer };
allow init autoplay_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow vold user_profile_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain audioserver : binder { transfer };
allow blkid_untrusted blkid_untrusted : fifo_file { ioctl read write getattr lock append open };
allow servicemanager per_proxy : process { getattr };
allow init netd_socket : chr_file { relabelto };
allow shell log_tag_prop : file { ioctl read getattr lock open };
allow servicemanager rild : file { read open };
allow init mnt_media_rw_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow per_mgr firmware_file : dir { search };
allow dnsmasq dnsmasq : file { ioctl read write getattr lock append open };
allow recovery recovery : lnk_file { ioctl read getattr lock open };
allow init init_foreground_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server mnt_user_file : dir { getattr search };
type_transition init tee_exec : process tee;
allow cameraserver camera_prop : property_service { set };
allow platform_app cache_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow tzdatacheck tzdatacheck_tmpfs : file { read write };
allow init mnt_user_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init persist_file : blk_file { relabelto };
allow vold sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow system_server audioserver : udp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
allow init_foreground kernel : process { setsched };
allow thermal-engine sysfs_type : lnk_file { ioctl read getattr lock open };
allow appdomain rootfs : lnk_file { ioctl read getattr lock open };
allow shell bluetooth_manager_service : service_manager { find };
allow untrusted_app sysfs_hwrandom : dir { search };
allow rild rild : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow shell pinner_service : service_manager { find };
allow init user_profile_foreign_dex_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sudaemon sudaemon : file { ioctl read write getattr lock append open };
allow ims diag_device : chr_file { ioctl read write getattr lock append open };
allow lmkd sysfs_type : lnk_file { ioctl read getattr lock open };
allow debuggerd cnd : process { ptrace getattr };
allow bluetooth gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm bluetooth gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm bluetooth gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow mediadrmserver perfd_data_file : dir { search };
allow fsck fsck : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_app media_session_service : service_manager { find };
allow dumpstate bluetooth_service : service_manager { find };
allow system_app property_socket : sock_file { write };
allow time sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow init_radio radio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow radio sysfs_msm_subsys : file { ioctl read getattr lock open };
allow mediaserver mediaextractor_service : service_manager { find };
allow fsck fsck : dir { ioctl read getattr lock search open };
allow ssr_setup su : fd { use };
allow dumpstate appdomain : binder { call transfer };
allow sysfs_enable_ps_sensor sysfs_enable_ps_sensor : filesystem { associate };
allow cnd init : unix_stream_socket { connectto };
allow idmap idmap_exec : file { read getattr execute entrypoint open };
allow rmt rmt_tmpfs : file { read write };
allow init postinstall_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell logpersistd_logging_prop : property_service { set };
allow shell shell : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow fsck_untrusted fsck_untrusted : fd { use };
allow servicemanager init-qcom-qseecomd-sh : binder { transfer };
allow init mtp_exec : file { read getattr execute open };
dontaudit inputflinger inputflinger : capability { sys_module };
allow fingerprintd keystore : binder { call transfer };
allow bootanim gpu_device : chr_file { ioctl read write getattr lock append open };
allow racoon keystore_service : service_manager { find };
allowxperm shared_relro shared_relro : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm shared_relro shared_relro : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm shared_relro shared_relro : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow wcnss_filter wcnss_filter : lnk_file { ioctl read getattr lock open };
allow init drm_data_file : blk_file { relabelto };
allow sysfs_soc sysfs_soc : filesystem { associate };
allow dumpstate vdc : process { transition siginh rlimitinh };
dontaudit dumpstate vdc : process { noatsecure };
allow dumpstate cache_recovery_file : dir { ioctl read getattr lock search open };
allow hci_attach hci_attach_exec : file { read getattr execute entrypoint open };
allow init_mid su : binder { call transfer };
allow debuggerd inputflinger : process { ptrace getattr };
allow idmap idmap : fifo_file { ioctl read write getattr lock append open };
allow init postinstall_file : blk_file { relabelto };
allow installd cgroup : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init debuggerd : process { transition siginh rlimitinh };
dontaudit init debuggerd : process { noatsecure };
allow debuggerd otapreopt_slot : process { ptrace getattr };
allow per_mgr su : fd { use };
allow cameraserver cameraserver : fd { use };
allow appdomain drmserver : binder { transfer };
allow debuggerd debuggerd : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow gatekeeperd gatekeeperd : lnk_file { ioctl read getattr lock open };
allow init servicemanager_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediadrmserver binderservicedomain : fd { use };
allow shell webviewupdate_service : service_manager { find };
allow init priv_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow ims system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow domain block_device : blk_file { getattr };
allow priv_app priv_app : lnk_file { ioctl read getattr lock open };
allow init proc : dir { read setattr search open };
allow watchdogd watchdogd : fifo_file { ioctl read write getattr lock append open };
allow init vdc_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow bootanim cgroup : lnk_file { ioctl read getattr lock open };
allow shell tty_device : chr_file { ioctl read write getattr lock append open };
allow debuggerd sdcardd : debuggerd { dump_backtrace };
allow init adb_keys_file : blk_file { relabelto };
allow dumpstate user_profile_foreign_dex_data_file : dir { ioctl read getattr lock search open };
allow radio keystore : keystore_key { get_state get insert delete exist list sign verify };
allow appdomain fuse : file { ioctl read write create getattr setattr lock append unlink rename open };
allow priv_app mnt_media_rw_file : dir { search };
allow port-bridge su : binder { call transfer };
allow drmserver sysfs : file { ioctl read getattr lock open };
allow system_app system_app : dir { ioctl read getattr lock search open };
allow init subsystem_ramdump_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init audioserver_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mkfs mkfs : lnk_file { ioctl read getattr lock open };
allow system_server anr_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
dontaudit recovery recovery : capability { sys_module };
allow debuggerd thermal-engine : process { ptrace getattr };
allow init mm-pp-daemon_tmpfs : chr_file { relabelto };
allow netd dnsmasq : process { transition signal siginh rlimitinh };
dontaudit netd dnsmasq : process { noatsecure };
allow init gpsd_tmpfs : chr_file { relabelto };
allow idmap idmap : fd { use };
allow vdc su : fd { use };
allow init debugfs_trace_marker : file { read setattr open };
allow init fingerprintd_exec : file { read getattr execute open };
allow domain_deprecated system_file : dir { ioctl read getattr lock search open };
allow fingerprintd fingerprintd : fifo_file { ioctl read write getattr lock append open };
allow su dumpstate_exec : file { read getattr execute open };
allow init preloads_copy_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow clatd netd : netlink_kobject_uevent_socket { read write };
allow camera camera : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow installd security_file : dir { ioctl read getattr lock search open };
allow radio property_socket : sock_file { write };
allow vold asec_image_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow dhcp system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow camera sysfs_video : dir { search };
allow dumpstate launcherapps_service : service_manager { find };
allow init autoplay_app_tmpfs : chr_file { relabelto };
allow vold healthd : fd { use };
allow atfwd radio_prop : file { ioctl read getattr lock open };
allow netmgrd netmgrd : fifo_file { ioctl read write getattr lock append open };
allow dumpstate imscm_service : service_manager { find };
type_transition mediaserver tmpfs : file mediaserver_tmpfs;
allow untrusted_app mnt_media_rw_file : dir { search };
allow debuggerd exec_type : file { ioctl read getattr lock open };
allow priv_app priv_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init rild_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shared_relro shared_relro : lnk_file { ioctl read getattr lock open };
allow location qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow racoon system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow surfaceflinger autoplay_app : file { ioctl read getattr lock open };
dontaudit mediadrmserver mediadrmserver : capability { sys_module };
allow time sysfs_msm_subsys : file { ioctl read getattr lock open };
allow init recovery_refresh_tmpfs : blk_file { relabelto };
allow sysfs_lowmemorykiller sysfs_lowmemorykiller : filesystem { associate };
allow init superuser_device : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow runas kernel : security { check_context };
allow init media_data_file : blk_file { relabelto };
allow bootanim surfaceflinger : fd { use };
allow dumpstate cm_hardware_service : service_manager { find };
allow uncrypt cache_recovery_file : fifo_file { ioctl read write getattr lock append open };
allow init init_foreground_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dhcp dhcp : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow autoplay_app system_server : unix_stream_socket { read write getattr getopt setopt shutdown };
allow init userinit_data_exec : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init systemkeys_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon port_type : netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init bluetooth_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init vold_socket : chr_file { relabelto };
allow per_mgr su : binder { call transfer };
allow dhcp pan_result_prop : property_service { set };
allow rild audioserver : fd { use };
allow servicemanager mediaserver : binder { transfer };
allow blkid blkid : fifo_file { ioctl read write getattr lock append open };
allow init device : file { ioctl read write create getattr setattr lock append unlink rename open };
allow themeservice_app tun_device : chr_file { ioctl read write getattr append };
allow installd system_app_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow location qmuxd : unix_stream_socket { connectto };
allow mm-pp-daemon mm-pp-daemon : file { ioctl read write getattr lock append open };
allow cnss_diag cnss_diag : file { ioctl read write getattr lock append open };
allow netdomain node_type : udp_socket { node_bind };
allow init install_data_file : blk_file { relabelto };
allow init dhcp_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init installd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow update_verifier block_device : dir { search };
dontaudit sudaemon domain : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow toolbox devpts : chr_file { ioctl read write getattr };
allow init gatekeeperd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow bootstat proc : dir { ioctl read getattr lock search open };
allow shell proc_net : lnk_file { ioctl read getattr lock open };
allow camera camera_exec : file { read getattr execute entrypoint open };
allow init cppreopts_tmpfs : blk_file { relabelto };
allow gatekeeperd gatekeeperd : fifo_file { ioctl read write getattr lock append open };
type_transition init sysinit_exec : process sysinit;
allow sudaemon su : binder { call transfer };
allow debuggerd recovery_persist : process { ptrace getattr };
allow init drmserver_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cnss-daemon_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow su su : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mqueue mqueue : filesystem { associate };
allow init app_data_file : blk_file { relabelto };
allow init atrace : process { transition siginh rlimitinh };
dontaudit init atrace : process { noatsecure };
allow system_server sysfs_usb : file { write lock append open };
allow ueventd sysfs : dir { ioctl read getattr lock search open };
allow shell otadexopt_service : service_manager { find };
allow system_server adb_keys_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow keystore themeservice_app : process { getattr };
allow init cnd_exec : file { read getattr execute open };
allow init themeservice_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd subsystem_ramdump : process { ptrace getattr };
allow drmserver appdomain : fd { use };
allow preopt2cachename preopt2cachename : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow netd proc_net : file { write };
allow sdcardd sdcardd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow kernel sysfs : lnk_file { ioctl read getattr lock open };
allow postinstall toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow cameraserver perfd_data_file : dir { search };
allow fingerprintd sysfs_fingerprint : file { ioctl read write getattr lock append open };
allow tee tee : file { ioctl read write getattr lock append open };
allow adbd bootchart_data_file : file { ioctl read getattr lock open };
allow init cppreopts_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow nfc mediacodec_service : service_manager { find };
allow bluetooth bluetooth_efs_file : lnk_file { ioctl read getattr lock open };
allow init proc_sysrq : dir { read setattr search open };
dontaudit su port_type : netlink_nflog_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow su su : dir { ioctl read getattr lock search open };
allow init keychain_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow update_engine update_engine : lnk_file { ioctl read getattr lock open };
allow autoplay_app display_service : service_manager { find };
allow init ota_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ueventd sysfs_msm_subsys : file { write lock append open };
allow installd system_data_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow keystore shell : dir { search };
allow init untrusted_app_tmpfs : blk_file { relabelto };
allow radio radio : dir { ioctl read getattr lock search open };
dontaudit sudaemon file_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow platform_app cache_recovery_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
auditallow platform_app cache_recovery_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow netdomain port_type : tcp_socket { name_bind name_connect };
allow drmserver selinuxfs : file { ioctl read write getattr lock append open };
allow system_app cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit su domain : unix_dgram_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow debuggerd rmt : process { ptrace getattr };
allow cameraserver camera_prop : file { ioctl read getattr lock open };
allow audioserver sysfs_soc : dir { ioctl read getattr lock search open };
allow sgdisk sysfs : file { ioctl read getattr lock open };
allow init gatekeeper_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init adb_data_file : chr_file { relabelto };
allow system_app keystore_service : service_manager { find };
allow shell powerctl_prop : property_service { set };
type_transition tzdatacheck tmpfs : file tzdatacheck_tmpfs;
allow shell netpolicy_service : service_manager { find };
allow installd su : binder { call transfer };
allow init unencrypted_data_file : chr_file { relabelto };
allow mediaserver oemfs : dir { search };
allow init domain : dir { ioctl read getattr lock search open };
allow logd proc_net : dir { ioctl read getattr lock search open };
allow appdomain mediacodec : binder { transfer };
allow init resourcecache_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cameraserver : process { transition siginh rlimitinh };
dontaudit init cameraserver : process { noatsecure };
allow vold sdcard_type : dir { ioctl read write create getattr setattr lock rename mounton add_name remove_name reparent search rmdir open };
dontaudit domain property_type : file { audit_access };
allow sdcardd su : binder { call transfer };
allow update_verifier update_verifier : dir { ioctl read getattr lock search open };
dontaudit su domain : peer { recv };
allow init mtp_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow toolbox block_device : dir { search };
allow dhcp proc_net : file { write };
allow uncrypt uncrypt : capability { dac_override sys_rawio };
dontaudit uncrypt uncrypt : capability { sys_module };
allow init bootstat_exec : file { read getattr execute open };
allow init app_data_file : file { relabelto };
allow init tombstone_data_file : chr_file { relabelto };
allow toolbox init : process { sigchld };
allow mediaserver tee : unix_stream_socket { connectto };
allow servicemanager tee : binder { transfer };
allow perfprofd exec_type : file { ioctl read getattr lock open };
allow init time_data_file : blk_file { relabelto };
allow appdomain fuseblk : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init nanoapp_cmd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow hostapd hostapd : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server resourcecache_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shared_relro app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server su : fd { use };
allow dex2oat dalvikcache_data_file : lnk_file { read };
allow debuggerd system_app : process { ptrace getattr };
allow adbd gpu_device : chr_file { ioctl read write getattr lock append open };
allow uncrypt shell_data_file : file { ioctl read getattr lock open };
allow init keystore_data_file : file { getattr relabelto };
allow shell mediacodec_service : service_manager { find };
allow dumpstate mediaextractor : process { signal };
allow init sysfs_bluetooth_writable : dir { read setattr search open };
allow init dumpstate_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate mediaextractor_service : service_manager { find };
allow init media_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore keystore : lnk_file { ioctl read getattr lock open };
allow init fsck_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dnsmasq dnsmasq_exec : file { read getattr execute entrypoint open };
allow nfc sysfs : file { ioctl read write getattr lock open };
allow otapreopt_chroot postinstall_file : file { read getattr execute open };
allow drmserver sysfs : dir { ioctl read getattr lock search open };
allow system_app cm_livelockscreen_service : service_manager { find };
allow camera sysfs_camera : dir { search };
allow init bluetooth_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init subsystem_ramdump_tmpfs : chr_file { relabelto };
allow shell batteryproperties_service : service_manager { find };
allow keystore radio : binder { transfer };
allow racoon racoon : file { ioctl read write getattr lock append open };
allow debuggerd debuggerd : capability2 { syslog };
allow init rild_exec : file { read getattr execute open };
allow init radio_data_file : blk_file { relabelto };
allow google_camera_app su : fd { use };
allow update_engine update_engine_exec : file { ioctl read getattr lock execute execute_no_trans entrypoint open };
allow netmgrd qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow init recovery_refresh_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init inputflinger_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver qtaguid_proc : file { ioctl read write getattr lock append open };
allow ims ims : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm ims ims : socket ioctl { 0xc300-0xc305 };
allow bluetooth surfaceflinger_service : service_manager { find };
allow init install_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain_deprecated selinuxfs : file { ioctl read getattr lock open };
allow update_engine update_engine : fifo_file { ioctl read write getattr lock append open };
allow otapreopt_chroot postinstall_file : dir { mounton search };
allow mtp mtp : capability { net_raw };
dontaudit mtp mtp : capability { sys_module };
allow shell cm_performance_service : service_manager { find };
allow autoplay_app pmsg_device : chr_file { write lock append open };
allow init swap_block_device : chr_file { read setattr open };
allow appdomain shared_relro_file : file { ioctl read getattr lock open };
allow init ssr_setup_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init preloads_copy : process { transition siginh rlimitinh };
dontaudit init preloads_copy : process { noatsecure };
allow uncrypt init : unix_stream_socket { connectto };
allow init priv_app_tmpfs : blk_file { relabelto };
allow init mdnsd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow thermal-engine qmuxd : unix_stream_socket { connectto };
allow audioserver proc : lnk_file { ioctl read getattr lock open };
allow init dumpstate_exec : file { read getattr execute open };
allow dumpstate telecom_service : service_manager { find };
type_transition ueventd tmpfs : file ueventd_tmpfs;
allow update_verifier update_verifier_exec : file { read getattr execute entrypoint open };
allow shell selinuxfs : dir { ioctl read getattr lock search open };
allow platform_app tun_device : chr_file { ioctl read write getattr append };
allow obdm_app obdm_app : fifo_file { ioctl read write getattr lock append open };
allow init app_data_file : sock_file { relabelto };
allow init sysfs_devices_system_iosched : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow adbd adbd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit setcurrent };
allow init property_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow runas isolated_app : process { dyntransition };
allow init mediaserver_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow idmap su : fd { use };
allow system_server postinstall : fd { use };
allow postinstall update_engine_common : fd { use };
allow system_app logd_socket : sock_file { write };
allow shell logd : unix_stream_socket { connectto };
allow servicemanager servicemanager : file { ioctl read write getattr lock append open };
allow appdomain appdomain : binder { call transfer };
allow adbd anr_data_file : file { ioctl read getattr lock open };
allow system_app mount_service : service_manager { find };
allow cppreopts preopt2cachename : process { transition siginh rlimitinh };
dontaudit cppreopts preopt2cachename : process { noatsecure };
type_transition init netmgrd_exec : process netmgrd;
dontaudit su domain : ipc { create destroy getattr setattr read write associate unix_read unix_write };
allow init netmgrd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_server mediadrmserver_service : service_manager { find };
allow system_server zygote : unix_dgram_socket { write };
allow priv_app keystore : keystore_key { get_state get insert delete exist list sign verify };
allow update_engine_common postinstall_file : dir { ioctl read getattr lock search open };
allow dumpstate kernel : system { syslog_read };
type_transition init lmkd_exec : process lmkd;
allow system_server unlabeled : dir { ioctl read getattr lock search open };
allow init system_app_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_pcie : file { read setattr open };
allow vold mnt_user_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow platform_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow adbd apk_data_file : dir { ioctl read getattr lock search open };
allow blkid su : binder { call transfer };
allow system_server ctl_bugreport_prop : property_service { set };
allow system_server system_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow netmgrd netmgrd : file { ioctl read write getattr lock append open };
allow mediacodec mediacodec : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init init_mid : process { transition siginh rlimitinh };
dontaudit init init_mid : process { noatsecure };
allow init audio_cal_device : chr_file { read setattr open };
allow postinstall_dexopt postinstall_file : file { read getattr execute entrypoint open };
allow ppp system_file : file { ioctl read getattr lock execute execute_no_trans open };
dontaudit sudaemon domain : packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow priv_app shell_data_file : file { ioctl read getattr lock open };
allow time time : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server radio_service : service_manager { find };
allow cnd qmuxd : unix_stream_socket { connectto };
allow tee tee_tmpfs : file { read write };
allow dnsmasq su : fd { use };
allow init installd_tmpfs : chr_file { relabelto };
allow debuggerd obdm_app : process { ptrace getattr };
allow init racoon_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init rild_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init qmuxd_tmpfs : chr_file { relabelto };
allow appdomain themeservice_app_data_file : dir { ioctl read getattr lock search open };
allow otapreopt_slot dalvikcache_data_file : lnk_file { read getattr unlink };
allow fingerprintd fingerprintd : fd { use };
allow vold sdcard_type : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server surfaceflinger : unix_stream_socket { read write setopt };
allow postinstall_dexopt postinstall : process { sigchld };
dontaudit sudaemon domain : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow rild sysfs : lnk_file { ioctl read getattr lock open };
allow blkid_untrusted block_device : dir { search };
allow netd netdomain : rawip_socket { read write getattr setattr getopt setopt };
allow keystore priv_app : file { read open };
allow installd themeservice_app_data_file : fifo_file { getattr setattr relabelfrom relabelto unlink rename };
allow mediaserver gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm mediaserver gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm mediaserver gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow vold property_socket : sock_file { write };
allow init net_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init themeservice_app_tmpfs : blk_file { relabelto };
allow shell tun_device : chr_file { ioctl read write getattr append };
allow ueventd sysfs_type : lnk_file { getattr setattr relabelfrom relabelto };
allow vold vold_prop : file { ioctl read getattr lock open };
type_transition drmserver apk_data_file : sock_file drmserver_socket;
allow drmserver apk_data_file : sock_file { unlink };
allow init fingerprintd_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow google_camera_app surfaceflinger_service : service_manager { find };
allow init cache_private_backup_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow qti-testscripts qti-testscripts : fd { use };
allow shell anr_data_file : dir { ioctl read getattr lock search open };
allow otapreopt_chroot otapreopt_chroot : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init livedisplay_sysfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init htc_ramdump : process { transition siginh rlimitinh };
dontaudit init htc_ramdump : process { noatsecure };
allow shell su : process { transition siginh rlimitinh };
dontaudit shell su : process { noatsecure };
allow time time_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow platform_app vfat : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow debuggerd su : process { ptrace getattr };
allow init unlabeled : blk_file { relabelto };
allow update_engine update_engine : dir { ioctl read getattr lock search open };
allow hci_attach hci_attach : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow priv_app perfprofd_data_file : file { ioctl read getattr lock open };
allow shell shortcut_service : service_manager { find };
allow dumpstate mediacodec : process { signal };
dontaudit idmap idmap : capability { sys_module };
allow zygote zygote : fd { use };
allow init camera_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnss-daemon cnss-daemon : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dnsmasq dnsmasq : dir { ioctl read getattr lock search open };
allow bluetooth bluetooth_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow untrusted_app_devpts untrusted_app_devpts : filesystem { associate };
allow preloads_copy preloads_copy : lnk_file { ioctl read getattr lock open };
allow system_app registry_service : service_manager { find };
allow debuggerd fingerprintd : process { ptrace getattr };
allow init proc : file { read write setattr lock append open };
allow init update_verifier_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init sysfs_wake_lock : file { read setattr open };
allow system_app init : unix_stream_socket { connectto };
allow vold sysfs_zram : dir { ioctl read getattr lock search open };
allow domain binder_device : chr_file { ioctl read write getattr lock append open };
allow untrusted_app untrusted_app : fifo_file { ioctl read write getattr lock append open };
allow shell devicestoragemonitor_service : service_manager { find };
allow property_type tmpfs : filesystem { associate };
allow init mtp : process { transition siginh rlimitinh };
dontaudit init mtp : process { noatsecure };
allow lmkd sysfs : lnk_file { ioctl read getattr lock open };
allow platform_app mediadrmserver_service : service_manager { find };
allow init port-bridge_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init atrace_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app updatelock_service : service_manager { find };
allow cnd cnd_tmpfs : file { read write };
allow nfc app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow vold vold : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init debugfs_tracing : lnk_file { getattr relabelfrom };
allow untrusted_app shell_data_file : file { ioctl read getattr lock open };
allow zygote mnt_user_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init gps_control : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init cache_recovery_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow vold init : unix_stream_socket { connectto };
allow netmgrd init : unix_stream_socket { connectto };
allow shell location_service : service_manager { find };
allow autoplay_app dumpstate : binder { transfer };
allow init installd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow appdomain shell_data_file : file { write getattr };
allow shell display_service : service_manager { find };
allow sysfs_camera sysfs_camera : filesystem { associate };
allow netd netd : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
type_transition init bootanim_exec : process bootanim;
allow init system_ndebug_socket : blk_file { relabelto };
allow init_foreground init_foreground : file { ioctl read write getattr lock append open };
allow init sysfs_enable_ps_sensor : file { read setattr open };
allow otapreopt_slot dalvikcache_data_file : file { getattr unlink };
allow recovery_persist su : fd { use };
allow mediadrmserver ion_device : chr_file { ioctl read write getattr lock append open };
allow mediaextractor mediaextractor : dir { ioctl read getattr lock search open };
allow obdm_app radio_service : service_manager { find };
allow imscm su : fd { use };
allow appdomain ashmem_device : chr_file { execute };
allow nfc su : binder { call transfer };
allow surfaceflinger tee : unix_stream_socket { connectto };
allow su app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition perfd tmpfs : file perfd_tmpfs;
allow dumpstate drmserver : debuggerd { dump_backtrace };
allow surfaceflinger sysfs : file { ioctl read getattr lock open };
allow uncrypt media_rw_data_file : lnk_file { ioctl read getattr lock open };
allow location location : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow surfaceflinger surfaceflinger : lnk_file { ioctl read getattr lock open };
allow init mkfs_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_server gps_control : file { ioctl read write getattr lock append open };
allow netmgrd net_data_file : dir { ioctl read getattr lock search open };
allow init apk_private_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su dev_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow dhcp su : binder { call transfer };
allow installd shell_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow fingerprintd fingerprintd : dir { ioctl read getattr lock search open };
type_transition init irqbalance_exec : process irqbalance;
allow init system_app_data_file : chr_file { relabelto };
allow init shell_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app autoplay_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow cnss-daemon cnss-daemon : capability { setgid setuid net_bind_service net_admin };
auditallow cnss-daemon cnss-daemon : capability { net_admin };
dontaudit cnss-daemon cnss-daemon : capability { sys_module };
allow init asec_apk_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow appdomain tmpfs : lnk_file { ioctl read getattr lock open };
allow shell print_service : service_manager { find };
allow priv_app mediaextractor_service : service_manager { find };
allow init debugfs_trace_marker : dir { read setattr search open };
allow init thermal-engine_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow rild rild : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm rild rild : socket ioctl { 0xc300-0xc305 };
allow install_recovery cache_recovery_file : dir { ioctl read write getattr lock add_name remove_name search open };
auditallow install_recovery cache_recovery_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init install_recovery : process { transition siginh rlimitinh };
dontaudit init install_recovery : process { noatsecure };
allow init time_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow priv_app cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init netd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd logd : capability2 { syslog };
allow init untrusted_app_devpts : file { read setattr open };
allow qmuxd qmuxd : lnk_file { ioctl read getattr lock open };
allow wpa wpa : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow surfaceflinger dumpstate : lnk_file { ioctl read getattr lock open };
allow init mkfs_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app telecom_service : service_manager { find };
allow cnss-daemon cnss-daemon : fd { use };
allow runas app_data_file : dir { getattr search };
allow init bootanim_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow google_camera_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow gatekeeperd keystore : fd { use };
allow dumpstate domain : dir { ioctl read getattr lock search open };
allow bootstat bootstat : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow fingerprintd keystore : keystore_key { add_auth };
allow functionfs functionfs : filesystem { associate };
allow system_server audioserver : process { getsched setsched };
allow dumpstate dumpstate : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
type_transition init perfd_exec : process perfd;
allow rild netmgrd_socket : sock_file { write };
allow shell logd_socket : sock_file { write };
allow gatekeeperd sysfs : lnk_file { ioctl read getattr lock open };
allow update_engine su : fd { use };
allow cnd shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow otapreopt_chroot otapreopt_chroot_exec : file { read getattr execute entrypoint open };
allow init apk_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow audioserver sdcard_type : dir { ioctl read getattr lock search open };
allow debuggerd cnss_diag : process { ptrace getattr };
allow appdomain adbd : fd { use };
allow init location_exec : file { read getattr execute open };
allow debuggerd mediaextractor : debuggerd { dump_backtrace };
allow bluetooth keystore : fd { use };
allow per_proxy per_proxy : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow rmt rmt : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow sysinit su : binder { call transfer };
allow perfd gpu_device : chr_file { ioctl read write getattr lock append open };
allow themeservice_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init shell_exec : file { read getattr execute open };
allow preopt2cachename cppreopts : process { sigchld };
allow cnd cnd : file { ioctl read write getattr lock append open };
dontaudit sudaemon domain : netlink_xfrm_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow debuggerd camera : process { ptrace getattr };
allow init bootstat : process { transition siginh rlimitinh };
dontaudit init bootstat : process { noatsecure };
allow init radio_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow bootanim audioserver : fd { use };
allow platform_app platform_app_tmpfs : file { read write execute };
dontaudit sudaemon port_type : netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow autoplay_app ashmem_device : chr_file { execute };
allow init apk_tmp_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app processinfo_service : service_manager { find };
allow init misc_user_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediacodec appdomain : binder { call transfer };
allow init logdr_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow rild netmgrd_socket : dir { search };
allow vold system_file : file { getattr execute execute_no_trans };
allow system_server uncrypt : unix_stream_socket { connectto };
allow fingerprintd fingerprintd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow ueventd firmware_file : file { ioctl read getattr lock open };
allow cameraserver cameraproxy_service : service_manager { find };
allow init anr_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow gpsd gpsd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init apk_private_data_file : blk_file { relabelto };
allow gatekeeperd gatekeeperd : file { ioctl read write getattr lock append open };
type_transition netmgrd tmpfs : file netmgrd_tmpfs;
allow radio ctl_rildaemon_prop : property_service { set };
allow domain urandom_device : chr_file { ioctl read write getattr lock append open };
allow init autoplay_data_file : blk_file { relabelto };
allow system_server wpa_socket : dir { ioctl read write getattr lock add_name remove_name search open };
allow init app_fuse_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow watchdogd watchdogd : fd { use };
allow init gatekeeperd_tmpfs : blk_file { relabelto };
allow init racoon_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init themeservice_app_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init shortcut_manager_icons : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init update_engine : process { transition siginh rlimitinh };
dontaudit init update_engine : process { noatsecure };
allow bluetooth sysfs : dir { ioctl read getattr lock search open };
allow init atfwd_tmpfs : chr_file { relabelto };
allow installd unlabeled : fifo_file { getattr setattr relabelfrom unlink rename };
allow init perfprofd_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow runas runas : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init gatekeeper_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cppreopts cppreopts : lnk_file { ioctl read getattr lock open };
allow vold blkid : process { transition siginh rlimitinh };
dontaudit vold blkid : process { noatsecure };
dontaudit preloads_copy preloads_copy : capability { sys_module };
allow init debugfs_type : dir { relabelto };
allow init diag_logs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow runas shell_data_file : file { read write };
allow dumpstate permission_service : service_manager { find };
allow init ims_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shared_relro tun_device : chr_file { ioctl read write getattr append };
allow thermal-engine thermal-engine : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init dm_device : blk_file { ioctl read write getattr lock append open };
allow slideshow rootfs : file { read getattr execute entrypoint open };
allow adsprpcd system_file : dir { ioctl read getattr lock search open };
allow init security_file : fifo_file { relabelto };
allow debuggerd dumpstate : process { ptrace getattr };
allow debuggerd slideshow : process { ptrace getattr };
allow gpsd gpsd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow wcnss_filter init : process { sigchld };
allow cnd cnd_exec : file { read getattr execute entrypoint open };
allow proc_net proc_net : filesystem { associate };
allow keystore google_camera_app : binder { transfer };
allow ims ims : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow file_type labeledfs : filesystem { associate };
allow init uncrypt_socket : chr_file { relabelto };
allow shell app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow platform_app keystore : binder { call transfer };
allow shell input_device : chr_file { ioctl read write getattr lock append open };
allow zygote sysfs : file { ioctl read getattr lock open };
allow priv_app sysfs_type : lnk_file { ioctl read getattr lock open };
allow vold proc_net : lnk_file { ioctl read getattr lock open };
allow system_server ctl_default_prop : file { ioctl read getattr lock open };
allow keystore keystore_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init cache_backup_file : blk_file { relabelto };
allow logd sysfs : lnk_file { ioctl read getattr lock open };
allow kernel kernel : fifo_file { ioctl read write getattr lock append open };
allow init uio_device : chr_file { read setattr open };
allow init sysfs_pcie : dir { read setattr search open };
allow ueventd sysfs_thermal : file { write lock append open };
allow boot_control_hal xbl_block_device : blk_file { ioctl read write getattr lock append open };
allow htc_ramdump htc_ramdump : lnk_file { ioctl read getattr lock open };
allow init ueventd_tmpfs : blk_file { relabelto };
allow init cppreopts : process { transition siginh rlimitinh };
dontaudit init cppreopts : process { noatsecure };
allow shell cm_app_suggest_service : service_manager { find };
allow init update_verifier_tmpfs : blk_file { relabelto };
allow servicemanager healthd : binder { transfer };
allow servicemanager servicemanager : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow adbd adbd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow dumpstate rttmanager_service : service_manager { find };
allow mediaserver activity_service : service_manager { find };
allow servicemanager recovery_persist : binder { transfer };
allow zygote zygote : dir { ioctl read getattr lock search open };
allow dumpstate mediacodec_service : service_manager { find };
allow sgdisk su : fd { use };
type_transition init camera_exec : process camera;
allow init display_data_file : blk_file { relabelto };
allow init adb_device : chr_file { read setattr open };
allow nanohub_slpi nanohub_slpi : fifo_file { ioctl read write getattr lock append open };
allow init nfc_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow appdomain system_data_file : lnk_file { getattr };
allow atrace atrace : fd { use };
allow bootstat bootstat : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow time sysfs_soc : file { ioctl read getattr lock open };
allow servicemanager servicemanager : fd { use };
allow domain su : fifo_file { write getattr };
allow init security_file : chr_file { relabelto };
allow adbd apk_data_file : file { ioctl read getattr lock open };
allow per_proxy sysfs_type : dir { ioctl read getattr lock search open };
dontaudit per_mgr per_mgr : capability { sys_module };
allow per_mgr per_mgr : capability { net_bind_service };
allow system_app system_app : file { ioctl read write getattr lock append open };
allow inputflinger su : fd { use };
dontaudit update_verifier update_verifier : capability { sys_module };
allow servicemanager mtp : binder { transfer };
allow init user_profile_foreign_dex_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow thermal-engine sysfs_thermal : file { write };
allow tee tee : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow ppp ppp : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_app trust_service : service_manager { find };
allow shell clipboard_service : service_manager { find };
allow system_server domain : lnk_file { ioctl read getattr lock open };
allow netd system_server : binder { call transfer };
type_transition init init_foreground_exec : process init_foreground;
allow mediaserver appdomain : fd { use };
allow runas selinuxfs : file { ioctl read write getattr lock append open };
allow servicemanager gatekeeperd : file { read open };
allow blkid blkid : file { ioctl read write getattr lock append open };
allow debuggerd untrusted_app : process { ptrace getattr };
allow dumpstate dumpstate : fifo_file { ioctl read write getattr lock append open };
allow radio sysfs : lnk_file { ioctl read getattr lock open };
allow system_app keystore : binder { call transfer };
allow shell recovery_service : service_manager { find };
allow init racoon_tmpfs : chr_file { relabelto };
allow recovery_persist recovery_persist : lnk_file { ioctl read getattr lock open };
allow domain_deprecated proc_net : dir { ioctl read getattr lock search open };
allow per_mgr per_mgr_tmpfs : file { read write };
allow system_server batteryproperties_service : service_manager { find };
allow binderservicedomain mediadrmserver : binder { transfer };
allow netd sysfs_net : file { write lock append open };
allow init vdc_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init cppreopts_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init shell_tmpfs : blk_file { relabelto };
allow init camera_tmpfs : blk_file { relabelto };
allow mediaserver asec_apk_file : file { read getattr };
allow vold storage_stub_file : dir { ioctl read write create getattr setattr lock append mounton add_name search rmdir open };
allow servicemanager rild : dir { search };
allow uncrypt shell_data_file : lnk_file { ioctl read getattr lock open };
allow fsck_untrusted block_device : dir { search };
allow servicemanager mediacodec : binder { transfer };
allow installd asec_apk_file : file { ioctl read getattr lock open };
allow netd permission_service : service_manager { find };
allow appdomain appdomain : fd { use };
allow keystore su : fd { use };
allow atrace init : process { sigchld };
allow dumpstate user_service : service_manager { find };
allow preopt2cachename preopt2cachename : file { ioctl read write getattr lock append open };
dontaudit mkfs mkfs : capability { sys_module };
allowxperm domain domain : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm domain domain : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm domain domain : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow dumpstate dm_device : blk_file { getattr };
allow sysfs_msm_subsys_restart sysfs_msm_subsys_restart : filesystem { associate };
allow mdnsd proc_net : file { ioctl read getattr lock open };
allow shell domain : lnk_file { read getattr open };
dontaudit su domain : process { fork transition sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate };
allow ims ims : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init apk_private_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow atrace surfaceflinger : binder { call };
allow init thermal_socket : blk_file { relabelto };
allow dumpstate dumpstate : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow atrace sysfs : file { ioctl read getattr lock open };
allow system_server sysfs : dir { ioctl read getattr lock search open };
type_transition su dumpstate_exec : process dumpstate;
allow system_server appdomain : binder { call transfer };
allow domain_deprecated kernel : fd { use };
dontaudit su domain : netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow drmserver apk_data_file : file { read getattr };
allow autoplay_app surfaceflinger : binder { call transfer };
allow init bootstat_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow zygote appdomain : file { ioctl read getattr lock open };
allow keystore su : file { read open };
allow netmgrd netmgrd : dir { ioctl read getattr lock search open };
allow google_camera_app cameraserver_service : service_manager { find };
allow init cnss-daemon : process { transition siginh rlimitinh };
dontaudit init cnss-daemon : process { noatsecure };
allow perfprofd system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow init_power sysfs : dir { ioctl read getattr lock relabelfrom search open };
allow system_server postinstall : binder { call transfer };
allow init asec_public_file : chr_file { relabelto };
allow init modem_block_device : chr_file { read setattr open };
allow init ims_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app keystore_service : service_manager { find };
dontaudit sysinit sysinit : capability { sys_module };
allow sysinit sysinit : capability { dac_override };
allow inputflinger inputflinger : fd { use };
allow ppp sysfs : lnk_file { ioctl read getattr lock open };
allow lmkd su : fd { use };
allow debuggerd dnsmasq : process { ptrace getattr };
allow init init_tmpfs : blk_file { relabelto };
allow init sysfs_wake_lock : dir { read setattr search open };
allow system_server apk_private_tmp_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init sysfs_net : dir { read setattr search open };
allow init thermal_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow netd netd : fd { use };
allow idmap sysfs : lnk_file { ioctl read getattr lock open };
allow rmt rmt : fd { use };
allow ppp ppp : file { ioctl read write getattr lock append open };
allow servicemanager autoplay_app : binder { transfer };
allow tee sg_device : chr_file { ioctl read write setattr open };
allow dumpstate surfaceflinger : process { signal };
allow init dev_type : blk_file { ioctl read getattr lock open };
allow init irqbalance_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init time_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cnss_diag cnss_diag : fd { use };
allow untrusted_app asec_public_file : file { execute execmod };
allow vold user_profile_foreign_dex_data_file : dir { getattr setattr };
allow adsprpcd adsprpcd : file { ioctl read write getattr lock append open };
allow mediaserver app_data_file : dir { search };
allow themeservice_app connectivity_service : service_manager { find };
allow init thermal_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app notification_service : service_manager { find };
allow domain_deprecated rootfs : lnk_file { ioctl read getattr lock open };
dontaudit sudaemon domain : msgq { create destroy getattr setattr read write associate unix_read unix_write enqueue };
allow shell gpu_service : service_manager { find };
allow mtp mtp : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow dumpstate account_service : service_manager { find };
allow dumpstate cameraserver : debuggerd { dump_backtrace };
allow toolbox su : binder { call transfer };
allow slideshow slideshow : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init update_engine_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sudaemon_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init gps_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init cache_backup_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell wifi_log_prop : file { ioctl read getattr lock open };
allow system_app cm_hardware_service : service_manager { find };
dontaudit sudaemon port_type : netlink_fib_lookup_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server cache_recovery_file : file { ioctl read write create getattr setattr lock relabelfrom append unlink rename open };
allow system_server apk_private_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow uncrypt sysfs : lnk_file { ioctl read getattr lock open };
allow system_server binderservicedomain : fd { use };
allow dumpstate dumpstate : file { ioctl read write getattr lock append open };
allow init tmpfs : chr_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server node : rawip_socket { node_bind };
allow init superuser_device : blk_file { relabelto };
allow cppreopts cppreopts : dir { ioctl read getattr lock search open };
allow init irsc_util_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init property_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su node_type : node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send enforce_dest dccp_recv dccp_send recvfrom sendto };
allow shell su_exec : file { read getattr execute open };
allow init sysfs_msm_core : dir { read setattr search open };
allow mediaserver apk_data_file : file { read getattr };
allow appdomain system_server : unix_stream_socket { read write getattr getopt setopt shutdown };
allow rild su : binder { call transfer };
allow dumpstate recovery_service : service_manager { find };
allow otapreopt_chroot otapreopt_chroot : file { ioctl read write getattr lock append open };
allow mm-pp-daemon mm-pp-daemon : dir { ioctl read getattr lock search open };
allow init vdc_exec : file { read getattr execute open };
type_transition init racoon_exec : process racoon;
allow vold sgdisk_exec : file { read getattr execute open };
allow blkid_untrusted sysfs : file { ioctl read getattr lock open };
allow init cnd_socket : blk_file { relabelto };
allow idmap sysfs : dir { ioctl read getattr lock search open };
allow dhcp cgroup : dir { write create add_name };
allow wpa servicemanager : binder { call transfer };
allow priv_app preloads_data_file : file { ioctl read getattr lock open };
allow init atrace_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow gatekeeperd system_server : binder { call transfer };
allow fsck fsck : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init install_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow update_verifier update_verifier : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init proc_bluetooth_writable : file { read setattr open };
allow mm-pp-daemon mm-pp-daemon : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_app cm_weather_service : service_manager { find };
allow rild per_mgr : fd { use };
allow bootstat bootstat : dir { ioctl read getattr lock search open };
allow init ueventd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow bluetooth audioserver_service : service_manager { find };
type_transition toolbox tmpfs : file toolbox_tmpfs;
allow mediaserver sysfs : lnk_file { ioctl read getattr lock open };
allow atfwd atfwd : fifo_file { ioctl read write getattr lock append open };
allow surfaceflinger shell : binder { call transfer };
allow runas devpts : chr_file { ioctl read write };
allow htc_ramdump htc_ramdump : fd { use };
allow thermal-engine thermal-engine : lnk_file { ioctl read getattr lock open };
allow init mm-pp-daemon_exec : file { read getattr execute open };
allow init tee_device : chr_file { read setattr open };
allow init google_camera_app_tmpfs : blk_file { relabelto };
allow init hci_attach_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allowxperm themeservice_app themeservice_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm themeservice_app themeservice_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm themeservice_app themeservice_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow inputflinger input_device : chr_file { ioctl read write getattr lock append open };
allow ssr_setup su : binder { call transfer };
allow google_camera_app adsprpcd_device : chr_file { ioctl read getattr lock open };
allow zygote tmpfs : filesystem { mount unmount };
allow init perfd_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnd su : fd { use };
allow untrusted_app keystore : fd { use };
type_transition untrusted_app devpts : chr_file untrusted_app_devpts;
allow shared_relro keystore : binder { call transfer };
dontaudit nfc nfc : capability { sys_module };
allow hostapd sysfs_type : file { ioctl read getattr lock open };
dontaudit untrusted_app untrusted_app : capability { sys_module };
allow dex2oat su : binder { call transfer };
dontaudit sudaemon domain : shm { create destroy getattr setattr read write associate unix_read unix_write lock };
allow nfc app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allowxperm mediadrmserver mediadrmserver : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm mediadrmserver mediadrmserver : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm mediadrmserver mediadrmserver : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow mediadrmserver mediadrmserver : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init netd_exec : file { read getattr execute open };
allow kernel kernel : capability { sys_boot sys_nice sys_resource };
dontaudit kernel kernel : capability { sys_module };
allow init unlabeled : filesystem { mount remount unmount getattr relabelfrom transition associate quotamod quotaget };
allow init fingerprintd_tmpfs : chr_file { relabelto };
allow init dhcp_data_file : chr_file { relabelto };
allow audioserver appdomain : fd { use };
allow system_server storage_stub_file : dir { getattr };
allow platform_app system_api_service : service_manager { find };
allow nanohub_slpi nanohub_slpi : dir { ioctl read getattr lock search open };
allow init pta_device : chr_file { read setattr open };
allow init camera_tmpfs : chr_file { relabelto };
allow preopt2cachename preopt2cachename : fifo_file { ioctl read write getattr lock append open };
allow ppp ppp : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_server apk_tmp_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow clatd clatd : capability { setgid setuid net_admin net_raw ipc_lock };
dontaudit clatd clatd : capability { sys_module };
allow init isolated_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow untrusted_app untrusted_app : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init livedisplay_sysfs : blk_file { relabelto };
allow init rild : process { transition siginh rlimitinh };
dontaudit init rild : process { noatsecure };
allow init tombstone_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init boottrace_data_file : chr_file { relabelto };
dontaudit su node_type : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow servicemanager inputflinger : dir { search };
allow init priv_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init update_verifier : process { transition siginh rlimitinh };
dontaudit init update_verifier : process { noatsecure };
allow tee tee_device : chr_file { ioctl read write getattr lock append open };
allow usbfs usbfs : filesystem { associate };
allow keystore shared_relro : dir { search };
allow adbd adb_keys_file : file { ioctl read getattr lock open };
allow init vold_data_file : fifo_file { relabelto };
allow debugfs_msm_core debugfs_msm_core : filesystem { associate };
allow cnd cnd : capability2 { block_suspend };
allow subsystem_ramdump ssr_prop : property_service { set };
allow audioserver diag_device : chr_file { ioctl read write getattr lock append open };
allow system_app gatekeeper_service : service_manager { find };
allow isolated_app activity_service : service_manager { find };
allow servicemanager htc_ramdump : binder { transfer };
allow system_server appdomain : udp_socket { read write getattr getopt setopt shutdown };
allow init_radio init_radio : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow fsck_untrusted fsck_untrusted : file { ioctl read write getattr lock append open };
allow init gps_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit sudaemon domain : sem { create destroy getattr setattr read write associate unix_read unix_write };
allow time time_exec : file { read getattr execute entrypoint open };
allow system_server gpu_device : chr_file { ioctl read write getattr lock append open };
allow init mnt_media_rw_stub_file : blk_file { relabelto };
allow bootstat proc : lnk_file { ioctl read getattr lock open };
allow init gpt_block_device : chr_file { read setattr open };
allow init mdns_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow postinstall_dexopt postinstall_dexopt : fifo_file { ioctl read write getattr lock append open };
type_transition init atfwd_exec : process atfwd;
allow init heapdump_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow subsystem_ramdump ramdump_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow system_server cache_private_backup_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow debuggerd tee : process { ptrace getattr };
allow themeservice_app keystore : keystore_key { get_state get insert delete exist list sign verify };
allowxperm platform_app platform_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm platform_app platform_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm platform_app platform_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow platform_app platform_app : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
dontaudit su property_type : property_service { set };
dontaudit sudaemon sudaemon : capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
allow cppreopts su : binder { call transfer };
allow isolated_app isolated_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init per_proxy_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow otapreopt_slot otapreopt_slot_exec : file { read getattr execute entrypoint open };
allow init radio_device : chr_file { read setattr open };
allow init netd_tmpfs : blk_file { relabelto };
allow bootanim oemfs : file { ioctl read getattr lock open };
allow surfaceflinger property_socket : sock_file { write };
allow init_power init_power : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init wallpaper_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init mnt_user_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init logdr_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell cm_partner_interface : service_manager { find };
allow per_proxy per_proxy : dir { ioctl read getattr lock search open };
allow servicemanager watchdogd : binder { transfer };
allow subsystem_ramdump ramdump_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow netd su : binder { call transfer };
allow init install_recovery_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
type_transition init recovery_refresh_exec : process recovery_refresh;
allow init camera_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow domain system_file : lnk_file { read };
allow otapreopt_chroot postinstall : process { sigchld };
allow debugfs_type debugfs : filesystem { associate };
allow blkid_untrusted blkid_untrusted : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow debuggerd init : process { sigchld };
allow init adb_keys_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow qmuxd qmuxd : file { ioctl read write getattr lock append open };
allow bootstat su : binder { call transfer };
allow init wpa_tmpfs : blk_file { relabelto };
allow init cache_block_device : chr_file { read setattr open };
allow rild rild : file { ioctl read write getattr lock append open };
allow update_verifier update_verifier : fd { use };
allow init radio_tmpfs : blk_file { relabelto };
allow init init_mid_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow logd proc : lnk_file { ioctl read getattr lock open };
allow shared_relro shared_relro_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow profman tmpfs : file { read };
allow htc_ramdump htc_ramdump_exec : file { read getattr execute entrypoint open };
allow cnss_diag cnss_diag_exec : file { read getattr execute entrypoint open };
allow shell shell : fd { use };
allow init init-qcom-qseecomd-sh_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow shell audioserver_service : service_manager { find };
allow system_server zygote : fd { use };
allow platform_app platform_app : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow sdcardd mnt_media_rw_file : dir { ioctl read getattr lock search open };
allow zygote dalvikcache_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init backup_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init racoon_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow ssr_setup ssr_setup : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow bluetooth radio_service : service_manager { find };
allow dumpstate media_session_service : service_manager { find };
allow bootanim themeservice_app_data_file : dir { search };
allow shared_relro app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_app media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition obdm_app tmpfs : file obdm_app_tmpfs;
allow mdnsd proc_net : lnk_file { ioctl read getattr lock open };
allow shell dumpstate : unix_stream_socket { connectto };
allow lmkd appdomain : file { ioctl read write getattr lock open };
allow init resourcecache_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init logd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow ppp vpn_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow mediadrmserver system_file : lnk_file { ioctl read getattr lock open };
allow priv_app perfprofd_data_file : dir { ioctl read getattr lock search open };
allow install_recovery su : fd { use };
allow radio app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow sudaemon app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init perfd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init property_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app ctl_bootanim_prop : property_service { set };
allow init dumpstate_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow logd domain : dir { ioctl read getattr lock search open };
allow vold su : binder { call transfer };
allow system_server usb_device : dir { ioctl read getattr lock search open };
allow dhcp init : process { sigchld };
allow init asec_image_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init proc_cpuinfo : dir { read setattr search open };
allow init user_profile_foreign_dex_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnd property_socket : sock_file { write };
allow audioserver rild : binder { call transfer };
allow adbd tmpfs : dir { search };
allow bluetooth bluetooth : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow sdcardd sysfs : lnk_file { ioctl read getattr lock open };
allow autoplay_app autoplay_app_tmpfs : file { read write execute };
allow init nfc_device : chr_file { read setattr open };
allow postinstall postinstall : file { ioctl read write getattr lock append open };
allow servicemanager shared_relro : binder { transfer };
allow priv_app preloads_data_file : dir { ioctl read getattr lock search open };
allow sdcardd vold : fifo_file { read write getattr };
allow appdomain system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow sdcardd su : fd { use };
allow mtp vpn_data_file : dir { search };
allow radio net_data_file : file { ioctl read getattr lock open };
allow system_app asec_apk_file : file { ioctl read getattr lock open };
allow atrace su : binder { call transfer };
allow netdomain node_type : tcp_socket { node_bind };
allow wcnss_filter wcnss_filter : dir { ioctl read getattr lock search open };
allow dumpstate otadexopt_service : service_manager { find };
allow dumpstate sdcardd : debuggerd { dump_backtrace };
allow installd app_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init shared_relro_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd dev_type : lnk_file { create unlink };
allow shell boottrace_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init net_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow imscm imscm : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
type_transition system_server tmpfs : file system_server_tmpfs;
allow installd user_profile_foreign_dex_data_file : dir { read write getattr add_name remove_name search rmdir open };
allow autoplay_app input_service : service_manager { find };
allow netd netd : dir { ioctl read getattr lock search open };
allow dumpstate surfaceflinger_service : service_manager { find };
allow autoplay_app autoplay_app : lnk_file { ioctl read getattr lock open };
allow system_server wallpaper_file : file { ioctl read write getattr lock relabelto append unlink link rename open };
allow platform_app app_api_service : service_manager { find };
allow init debugfs_sps : dir { read setattr search open };
allow debuggerd domain : dir { ioctl read getattr lock search open };
type_transition camera tmpfs : file camera_tmpfs;
allow mm-pp-daemon mm-pp-daemon : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd autoplay_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow shell proc : lnk_file { ioctl read getattr lock open };
allow keystore themeservice_app : dir { search };
allow bluetooth bluetooth_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init bt_firmware_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init mdnsd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow nfc keystore : binder { call transfer };
allow sgdisk sysfs : dir { ioctl read getattr lock search open };
allow init shared_relro_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow appdomain vfat : file { ioctl read write create getattr setattr lock append unlink rename open };
allow ims init : process { sigchld };
allow vdc vdc : file { ioctl read write getattr lock append open };
allow debuggerd sdcardd : process { ptrace getattr };
type_transition cnd socket_device : sock_file cnd_socket;
allow shell mediaextractor_service : service_manager { find };
allow hci_attach bluetooth_efs_file : dir { ioctl read getattr lock search open };
allow init hci_attach_dev : chr_file { read setattr open };
dontaudit sudaemon node_type : node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send enforce_dest dccp_recv dccp_send recvfrom sendto };
allow system_server video_device : dir { ioctl read getattr lock search open };
allow update_verifier ota_package_file : file { ioctl read getattr lock open };
allow location location_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow port-bridge port-bridge : fifo_file { ioctl read write getattr lock append open };
allow blkid_untrusted blkid_untrusted : lnk_file { ioctl read getattr lock open };
allow debuggerd drmserver : process { ptrace getattr };
allow init mdnsd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow per_mgr per_mgr : lnk_file { ioctl read getattr lock open };
allow runas themeservice_app : process { dyntransition };
allow init profman_dump_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ppp ppp : lnk_file { ioctl read getattr lock open };
allow vold mnt_media_rw_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init domain : lnk_file { ioctl read getattr lock open };
allow init nanohub_slpi : process { transition siginh rlimitinh };
dontaudit init nanohub_slpi : process { noatsecure };
allow system_app net_radio_prop : property_service { set };
auditallow system_app net_radio_prop : property_service { set };
allow hostapd hostapd : fifo_file { ioctl read write getattr lock append open };
allow init cache_private_backup_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow keystore untrusted_app : file { read open };
allow healthd tty_device : chr_file { ioctl read write getattr lock append open };
allow postinstall postinstall : lnk_file { ioctl read getattr lock open };
dontaudit sudaemon port_type : netlink_dnrt_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow vdc sysfs : lnk_file { ioctl read getattr lock open };
allow init su_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init ppp_device : chr_file { read setattr open };
allow per_mgr per_mgr : fifo_file { ioctl read write getattr lock append open };
type_transition shared_relro tmpfs : file shared_relro_tmpfs;
allow dumpstate cameraserver_service : service_manager { find };
allow init gpsd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow rild init : process { sigchld };
allow mediaserver processinfo_service : service_manager { find };
allow mediadrmserver processinfo_service : service_manager { find };
allow racoon vpn_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow uncrypt init : process { sigchld };
allow obdm_app keystore : binder { call transfer };
allow init google_camera_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init property_socket : chr_file { relabelto };
type_transition autoplay_app tmpfs : file autoplay_app_tmpfs;
allow postinstall_dexopt postinstall_file : dir { getattr search };
allow servicemanager installd : binder { transfer };
allow init media_rw_data_file : blk_file { relabelto };
allow boot_control_hal block_device : dir { read open };
allow slideshow slideshow : capability2 { block_suspend };
allow thermal-engine thermal-engine : fifo_file { ioctl read write getattr lock append open };
allow update_verifier update_verifier_tmpfs : file { read write };
allow servicemanager obdm_app : binder { transfer };
allow system_server cppreopt_prop : file { ioctl read getattr lock open };
allow init wpa_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init recovery_persist_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell log_prop : property_service { set };
allow init ssr_setup_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow surfaceflinger surfaceflinger : fifo_file { ioctl read write getattr lock append open };
allow servicemanager vold : file { read open };
allow audioserver system_file : dir { ioctl read getattr lock search open };
type_transition kernel init_exec : process init;
allow google_camera_app google_camera_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow lmkd sysfs : dir { ioctl read getattr lock search open };
allow thermal-engine thermal-engine : fd { use };
allow domain fs_type : dir { getattr };
allow init rmt : process { transition siginh rlimitinh };
dontaudit init rmt : process { noatsecure };
allow init apk_tmp_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager thermal-engine : binder { transfer };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init bootchart_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init drm_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate audioserver : debuggerd { dump_backtrace };
allow init port-bridge_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow adbd su : fd { use };
allow priv_app persistent_data_block_service : service_manager { find };
allow init property_data_file : blk_file { relabelto };
allow system_app DockObserver_service : service_manager { find };
allow appdomain system_server : binder { transfer };
allow init heapdump_data_file : blk_file { relabelto };
allow init zygote_tmpfs : blk_file { relabelto };
allow domain_deprecated ion_device : chr_file { ioctl read write getattr lock append open };
allow system_server perfd : unix_stream_socket { connectto };
allow hostapd wpa_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow installd profman : process { transition siginh rlimitinh };
dontaudit installd profman : process { noatsecure };
allow init system_wpa_socket : blk_file { relabelto };
allow system_app netpolicy_service : service_manager { find };
dontaudit sudaemon domain : binder { impersonate call set_context_mgr transfer };
allow google_camera_app keystore : binder { call transfer };
allow obdm_app surfaceflinger_service : service_manager { find };
allow shell debugfs_trace_marker : file { getattr };
allow init init : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setexec setfscreate setrlimit setsockcreate };
allow time init : process { sigchld };
allow init_mid init : unix_stream_socket { connectto };
allow zygote storage_file : dir { mounton search };
allow init usbfs : file { read setattr open };
allow rild rild : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow shell shell_tmpfs : file { read write execute };
allow installd unlabeled : dir { ioctl read write getattr lock relabelfrom add_name remove_name search rmdir open };
allow debuggerd dex2oat : process { ptrace getattr };
allow dhcp dhcp : lnk_file { ioctl read getattr lock open };
allow lmkd appdomain : dir { ioctl read getattr lock search open };
allow adbd init : process { sigchld };
allow vdc shell_data_file : file { write getattr };
allow imscm sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow postinstall system_server : fd { use };
allow dhcp sysfs : dir { ioctl read getattr lock search open };
allow bluetoothdomain bluetooth : unix_stream_socket { ioctl read write getattr getopt setopt shutdown };
allow keystore shared_relro : file { read open };
allow shell shell : fifo_file { ioctl read write getattr lock append open };
allow init media_rw_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger dumpstate : file { ioctl read getattr lock open };
allow mediaserver audioserver_service : service_manager { find };
allow mkfs mkfs : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow keystore bluetooth : binder { transfer };
allow qti-testscripts sysfs : lnk_file { ioctl read getattr lock open };
allow ueventd sysfs_rmtfs : file { write lock append open };
allow system_server installd : unix_stream_socket { connectto };
allow dumpstate media_projection_service : service_manager { find };
allow init bluetooth_efs_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnss_diag cnss_diag : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow fsck init : process { sigchld };
allow system_app system_app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain system_file : dir { ioctl read getattr lock search open };
allow blkid_untrusted vold : process { sigchld };
allow keystore sysfs : lnk_file { ioctl read getattr lock open };
allow init install_recovery_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow bootanim bootanim : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init system_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow camera system_server : fd { use };
allow init mediaextractor_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit otapreopt_chroot kernel : process { setsched };
type_transition init time_exec : process time;
allow dumpstate activity_service : service_manager { find };
dontaudit su port_type : netlink_route_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow init mdnsd : process { transition siginh rlimitinh };
dontaudit init mdnsd : process { noatsecure };
allow keystore fingerprintd : binder { transfer };
allow dumpstate fuse_device : chr_file { getattr };
allow wpa init : process { sigchld };
allow init apk_data_file : blk_file { relabelto };
allow rild audioserver : binder { call transfer };
allow adbd selinuxfs : file { ioctl read getattr lock open };
allow uncrypt uncrypt : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init zygote_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init storage_stub_file : chr_file { relabelto };
allow bluetooth app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server debugfs : file { ioctl read getattr lock open };
allow init shortcut_manager_icons : blk_file { relabelto };
allow init dumpstate_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow dumpstate cache_recovery_file : file { ioctl read getattr lock open };
allow runas platform_app : process { dyntransition };
allow fsck su : fd { use };
dontaudit sudaemon domain : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allowxperm priv_app priv_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm priv_app priv_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm priv_app priv_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow priv_app priv_app : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init recovery_persist_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver camera_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allowxperm platform_app platform_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm platform_app platform_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm platform_app platform_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow platform_app platform_app : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init sysfs_devices_system_iosched : chr_file { relabelto };
allow init lmkd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app dropbox_service : service_manager { find };
allow irsc_util su : binder { call transfer };
allow ueventd sysfs_hwrandom : file { write lock append open };
allow servicemanager wpa : binder { transfer };
allow mediaextractor mediaextractor_exec : file { read getattr execute entrypoint open };
type_transition init rild_exec : process rild;
allow servicemanager mediaserver : process { getattr };
allow mediaextractor binderservicedomain : fd { use };
allow init mediaserver_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init usermodehelper : dir { read setattr search open };
allow netdomain mdnsd : unix_stream_socket { connectto };
allow debuggerd recovery : process { ptrace getattr };
allow init audioserver_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server system_server : fd { use };
allow init logd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init cache_file : dir { ioctl read write create getattr setattr relabelfrom relabelto mounton add_name remove_name search rmdir open };
allow system_app system_app : fd { use };
allow google_camera_app mediacodec_service : service_manager { find };
allow gatekeeperd gatekeeperd : fd { use };
allow hostapd hostapd : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow radio ims : unix_stream_socket { connectto };
allow untrusted_app app_api_service : service_manager { find };
allow mediadrmserver binderservicedomain : binder { call transfer };
allow perfd perfd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init irqbalance_exec : file { read getattr execute open };
type_transition audioserver tmpfs : file audioserver_tmpfs;
allow init mnt_user_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init nanoapp_cmd_tmpfs : blk_file { relabelto };
allow vold sdcardd : process { transition siginh rlimitinh };
dontaudit vold sdcardd : process { noatsecure };
allow htc_ramdump su : fd { use };
allow init perfprofd : process { transition siginh rlimitinh };
dontaudit init perfprofd : process { noatsecure };
allow location permission_service : service_manager { find };
type_transition init surfaceflinger_exec : process surfaceflinger;
allow domain_deprecated cgroup : lnk_file { ioctl read getattr lock open };
allow fingerprintd sysfs : file { ioctl read getattr lock open };
allow keystore priv_app : binder { transfer };
allow init camera_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init misc_logd_file : lnk_file { relabelto };
allow sdcardd sdcardd : fifo_file { ioctl read write getattr lock append open };
allow recovery su : binder { call transfer };
allow nanohub_slpi nanohub_slpi : fd { use };
allow init debuggerd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_server mnt_user_file : lnk_file { read getattr };
allow debuggerd ssr_setup : process { ptrace getattr };
allow init system_wpa_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager wpa : process { getattr };
allow init hci_attach_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow gpsd init : process { sigchld };
allow debuggerd rild : process { ptrace getattr };
allow mkfs mkfs_exec : file { read getattr execute entrypoint open };
allow idmap installd : fd { use };
allow dumpstate tv_input_service : service_manager { find };
allow sysfs_wifi sysfs_wifi : filesystem { associate };
allow init cache_private_backup_file : blk_file { relabelto };
allow init cache_file : blk_file { relabelto };
allow init ueventd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init wcnss_filter_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init nfc_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall system_server : binder { call transfer };
dontaudit sudaemon port_type : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
dontaudit sudaemon dev_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow shell shell : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow keystore nfc : binder { transfer };
allow system_server sysfs_mac_address : file { ioctl read getattr lock open };
allow camera system_server : binder { call transfer };
allow dumpstate consumer_ir_service : service_manager { find };
allow perfprofd logdr_socket : sock_file { write };
allow init heapdump_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow camera sensorservice_service : service_manager { find };
type_transition init drmserver_exec : process drmserver;
allow rild rild : fd { use };
allow binderservicedomain keystore : binder { call transfer };
allow debuggerd per_proxy : process { ptrace getattr };
allow irsc_util irsc_util : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init location_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init mdnsd_tmpfs : blk_file { relabelto };
allow adbd functionfs : file { ioctl read write getattr lock append open };
allow binderservicedomain mediacodec : binder { transfer };
allow logd property_socket : sock_file { write };
dontaudit sudaemon domain : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow nfc keystore : fd { use };
allow system_app usagestats_service : service_manager { find };
dontaudit sudaemon file_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow platform_app platform_app : fifo_file { ioctl read write getattr lock append open };
allow init uncrypt_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init_radio init_radio_tmpfs : file { read write };
allow debuggerd logd : unix_stream_socket { connectto };
allow profman profman : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow platform_app apk_private_tmp_file : file { ioctl read write getattr lock append open };
allow platform_app apk_private_data_file : dir { search };
allow dumpstate cpuinfo_service : service_manager { find };
allow init thermal_device : chr_file { read setattr open };
allow postinstall postinstall : fd { use };
allow mediadrmserver system_data_file : dir { getattr search };
allow dnsmasq netd : fd { use };
allow init backup_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow adbd surfaceflinger_service : service_manager { find };
allow init init : fd { use };
allow drmserver drmserver : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow adsprpcd adsprpcd_device : chr_file { ioctl read write getattr lock append open };
allow init fingerprintd_tmpfs : blk_file { relabelto };
allow vold vold : capability2 { block_suspend };
allow init drmserver_exec : file { read getattr execute open };
allow debuggerd debuggerd : file { ioctl read write getattr lock append open };
allow system_app dns_listener_service : service_manager { find };
type_transition mdnsd tmpfs : file mdnsd_tmpfs;
allow cameraserver input_device : chr_file { ioctl read getattr lock open };
allow shell appops_service : service_manager { find };
allow keystore keystore : file { ioctl read write getattr lock append open };
allow postinstall_dexopt proc : file { read getattr open };
allow location diag_device : chr_file { ioctl read write getattr lock append open };
allow watchdogd init_exec : file { read getattr execute entrypoint open };
allow keystore untrusted_app : binder { transfer };
allow fingerprintd system_server : fd { use };
allow init logd_socket : blk_file { relabelto };
allow audioserver audioserver : lnk_file { ioctl read getattr lock open };
allow blkid_untrusted blkid_untrusted : dir { ioctl read getattr lock search open };
allow racoon racoon : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow runas untrusted_app : process { dyntransition };
allow cameraserver system_server : unix_stream_socket { read write };
allow appdomain shared_relro_file : dir { search };
allow sysfs_thermal sysfs_thermal : filesystem { associate };
allow uncrypt uncrypt_socket : sock_file { write };
allow system_app logd : unix_stream_socket { connectto };
allow servicemanager priv_app : binder { transfer };
allow zygote su : fd { use };
allow adbd mnt_user_file : dir { ioctl read getattr lock search open };
allow init property_type : property_service { set };
allow dnsmasq netd : netlink_route_socket { read write };
type_transition dhcp tmpfs : file dhcp_tmpfs;
allow bootstat bootstat : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow themeservice_app mount_service : service_manager { find };
type_transition shell tmpfs : file shell_tmpfs;
allow perfprofd su : binder { call transfer };
allow untrusted_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_app imms_service : service_manager { find };
allow blkid blkid : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow tee tee : capability { chown dac_override setgid setuid sys_rawio sys_admin };
dontaudit tee tee : capability { sys_module };
allow port-bridge port-bridge : lnk_file { ioctl read getattr lock open };
allow init sysfs_nanoapp_cmd : file { read setattr open };
allow fsck dm_device : blk_file { ioctl read write getattr lock append open };
allow fingerprintd tee_device : chr_file { ioctl read write getattr lock append open };
allow init bootanim_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su dev_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow platform_app mnt_media_rw_file : dir { ioctl read getattr lock search open };
allow dumpstate nfc_service : service_manager { find };
allow init-qcom-qseecomd-sh init : process { sigchld };
allow servicemanager sysfs : dir { ioctl read getattr lock search open };
allow dumpstate usb_service : service_manager { find };
allow init apk_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow platform_app vfat : file { ioctl read write create getattr setattr lock append unlink rename open };
allow ueventd sysfs_net : file { write lock append open };
allow atrace su : fd { use };
allow appdomain cache_backup_file : dir { getattr };
allow init per_mgr_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow logd logd : dir { ioctl read getattr lock search open };
allow shell domain : dir { read getattr search open };
allow drmserver oemfs : file { ioctl read getattr lock open };
allow keystore nfc : process { getattr };
allow init mkfs : process { transition siginh rlimitinh };
dontaudit init mkfs : process { noatsecure };
allow nanoapp_cmd sensors_device : chr_file { ioctl read write getattr lock append open };
allow init pipefs : file { read setattr open };
allow priv_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init mediaextractor_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init ims_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow lmkd system_server : dir { ioctl read getattr lock search open };
allow radio sysfs : file { ioctl read getattr lock open };
allow system_app uimode_service : service_manager { find };
allow init shm : dir { read setattr search open };
allow untrusted_app su_exec : file { read getattr execute execute_no_trans open };
allow init bootstat_tmpfs : blk_file { relabelto };
allow shared_relro shared_relro : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init_mid init_mid_tmpfs : file { read write };
allow clatd netd : fifo_file { read write };
allow init rootfs : dir { ioctl read write create getattr setattr lock relabelfrom rename mounton add_name remove_name reparent search rmdir open };
allow otapreopt_chroot otapreopt_chroot : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init zygote_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow untrusted_app surfaceflinger_service : service_manager { find };
allow servicemanager uncrypt : binder { transfer };
dontaudit isolated_app isolated_app : capability { sys_module };
allow binderservicedomain dumpstate : binder { transfer };
allow sdcardd sdcardd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow kernel rootfs : file { ioctl read getattr lock relabelfrom open };
allow debuggerd mdnsd : process { ptrace getattr };
allow dumpstate edge_gesture_service : service_manager { find };
allow per_proxy per_proxy_tmpfs : file { read write };
allow init mkfs_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init init_mid_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow clatd clatd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow dumpstate ashmem_device : chr_file { execute };
allow dnsmasq dnsmasq : lnk_file { ioctl read getattr lock open };
allow domain debugfs_trace_marker : file { write lock append open };
allow init init : udp_socket { ioctl create };
allowxperm init init : udp_socket ioctl { 0x8914 };
allow mediaserver power_service : service_manager { find };
allow system_server bluetooth : debuggerd { dump_backtrace };
allow vold asec_public_file : file { setattr relabelto };
allow cnss-daemon sysfs_type : file { ioctl read getattr lock open };
allow debuggerd imscm : process { ptrace getattr };
allow priv_app priv_app_tmpfs : file { read write execute };
allow domain_deprecated dalvikcache_data_file : dir { getattr search };
allow servicemanager shell : binder { transfer };
allow servicemanager servicemanager : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow system_server sysfs_thermal : dir { search };
allow init wpa_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow dumpstate network_management_service : service_manager { find };
allow postinstall_file postinstall_file : filesystem { associate };
allow init nanoapp_cmd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit gatekeeperd gatekeeperd : capability { sys_module };
allow shared_relro sysfs : file { ioctl read getattr lock open };
dontaudit sudaemon fs_type : filesystem { mount remount unmount getattr relabelfrom relabelto transition associate quotamod quotaget };
allow netmgrd toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow wcnss_filter wcnss_filter : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow shell input_service : service_manager { find };
allow vdc init : process { sigchld };
allow sdcardd sdcardd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow uncrypt app_data_file : file { ioctl read getattr lock open };
allow installd system_app_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow irqbalance irqbalance : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init perfd_data_file : blk_file { relabelto };
allow init mediadrmserver_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init proc_iomem : file { read setattr open };
allow init sysfs_rmtfs : dir { read setattr search open };
allow adbd storage_file : dir { ioctl read getattr lock search open };
allow netmgrd netmgrd : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm netmgrd netmgrd : socket ioctl { 0xc300-0xc305 };
allow dumpstate mediaserver : debuggerd { dump_backtrace };
allow surfaceflinger gpu_service : service_manager { add find };
allow kernel sysfs : dir { ioctl read getattr lock search open };
allow system_server gpsd : unix_stream_socket { connectto };
allow recovery_refresh recovery_refresh_tmpfs : file { read write };
allow installd radio_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init ueventd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sockfs : file { read setattr open };
allow dhcp dhcp : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow shell contexthub_service : service_manager { find };
allow idmap apk_data_file : file { ioctl read getattr lock open };
allow debuggerd nanoapp_cmd : process { ptrace getattr };
allow dhcp dhcp_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow wpa wifi_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow fingerprintd fingerprintd : file { ioctl read write getattr lock append open };
allow init fsck_tmpfs : blk_file { relabelto };
allow init lmkd : process { transition siginh rlimitinh };
dontaudit init lmkd : process { noatsecure };
allow perfd perfd_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow cnss-daemon sysfs_type : lnk_file { ioctl read getattr lock open };
allowxperm radio radio : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm radio radio : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm radio radio : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow radio radio : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow untrusted_app perfprofd_data_file : file { ioctl read getattr lock open };
allow system_server postinstall : fifo_file { write };
allow sgdisk sgdisk_exec : file { read getattr execute entrypoint open };
allow irsc_util irsc_util : fifo_file { ioctl read write getattr lock append open };
allow init efs_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow vold unencrypted_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow system_server drmserver_service : service_manager { find };
allow init sysfs_soc : file { read setattr open };
allow system_server dalvikcache_data_file : dir { ioctl read getattr lock search open };
allow dumpstate anr_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init camera_exec : file { read getattr execute open };
allow init pstorefs : dir { read setattr search open };
allow shell device : dir { getattr };
allow fingerprintd su : binder { call transfer };
allow rild rild : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow netd net_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow debuggerd debuggerd : fifo_file { ioctl read write getattr lock append open };
allow toolbox toolbox : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow per_proxy sysfs_type : lnk_file { ioctl read getattr lock open };
allow init anr_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server surfaceflinger_service : service_manager { find };
allow shell media_session_service : service_manager { find };
allow perfprofd domain : lnk_file { ioctl read getattr lock open };
type_transition bootanim tmpfs : file bootanim_tmpfs;
allow themeservice_app keystore : binder { call transfer };
allow cppreopts cppreopts : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow clatd clatd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow wcnss_filter diag_device : chr_file { ioctl read write getattr lock append open };
allow cnd cnd : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow shell shell_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server rild : unix_stream_socket { connectto };
allow dumpstate wifip2p_service : service_manager { find };
allow bluetooth app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain sdcard_posix : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init mediacodec_tmpfs : blk_file { relabelto };
allow init metadata_block_device : chr_file { read setattr open };
allow ims netmgrd_socket : dir { search };
allow time sysfs_soc : dir { search };
allow init dumpstate_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnd sysfs_type : lnk_file { ioctl read getattr lock open };
allow cnd cnd : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm cnd cnd : socket ioctl { 0xc300-0xc305 };
allow perfd su : fd { use };
allow init ramdump_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow debuggerd su : fd { use };
allow mm-pp-daemon init : process { sigchld };
allow nanohub_slpi system_file : dir { ioctl read getattr lock search open };
allow surfaceflinger appdomain : lnk_file { ioctl read getattr lock open };
allow vold security_file : file { ioctl read getattr lock open };
allow boot_control_hal bootctrl_block_device : blk_file { ioctl read write getattr lock append open };
allow dumpstate network_score_service : service_manager { find };
allow dumpstate deviceidle_service : service_manager { find };
allow init mnt_user_file : chr_file { relabelto };
allow init pmsg_device : chr_file { read setattr open };
allow system_app torch_service : service_manager { find };
allow mm-pp-daemon mm-pp-daemon : lnk_file { ioctl read getattr lock open };
allow hostapd netd : unix_stream_socket { read write };
allow logd domain : file { ioctl read getattr lock open };
allow init dnsproxyd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall otadexopt_service : service_manager { find };
allow hci_attach hci_attach : fifo_file { ioctl read write getattr lock append open };
allow autoplay_app logd : unix_dgram_socket { sendto };
allow priv_app fuse_device : chr_file { read write };
allow init zoneinfo_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow netmgrd netmgrd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow update_engine update_engine : file { ioctl read write getattr lock append open };
allow init preloads_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init_power_tmpfs : chr_file { relabelto };
allow nfc sysfs_nfc_power_writable : file { ioctl read write getattr lock append open };
allow init google_camera_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init vold_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell cm_audio_service : service_manager { find };
allow init coredump_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow cnss-daemon cnss-daemon : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init bootstat_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow adbd sdcard_type : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init perfprofd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit themeservice_app themeservice_app : capability { sys_module };
allow system_server icon_file : file { ioctl read write getattr lock relabelto append unlink open };
allow shell inputflinger_service : service_manager { find };
allow ppp ppp : fd { use };
allow blkid blkid : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init mm-pp-daemon_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app hardware_properties_service : service_manager { find };
allow perfprofd perfprofd : capability { dac_override ipc_lock sys_ptrace sys_admin sys_resource };
dontaudit perfprofd perfprofd : capability { sys_module };
allow bluetooth app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow installd installd_tmpfs : file { read write };
allow system_server vold_socket : sock_file { write };
allow init installd : process { transition siginh rlimitinh };
dontaudit init installd : process { noatsecure };
allow init ims_socket : chr_file { relabelto };
dontaudit su domain : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow init cnss_diag_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app servicediscovery_service : service_manager { find };
allow init anr_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allowxperm su su : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm su su : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm su su : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow su su : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow recovery recovery : dir { ioctl read getattr lock search open };
allow drmserver mediaserver : binder { call transfer };
allow dumpstate net_data_file : file { ioctl read getattr lock open };
allow init vold : process { transition siginh rlimitinh };
dontaudit init vold : process { noatsecure };
allow mediadrmserver system_data_file : lnk_file { ioctl read getattr lock open };
allow keystore sudaemon : file { read open };
dontaudit sudaemon node_type : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow wpa su : unix_dgram_socket { sendto };
allow profman user_profile_data_file : file { read write getattr lock };
allow servicemanager ppp : binder { transfer };
allow system_server gps_device : chr_file { ioctl read write getattr lock append open };
allow shell persist_debug_prop : property_service { set };
allow shell apk_data_file : lnk_file { ioctl read getattr lock open };
allow shell fingerprintd_service : service_manager { find };
allow lmkd autoplay_app : lnk_file { ioctl read getattr lock open };
allow recovery_refresh recovery_refresh : fifo_file { ioctl read write getattr lock append open };
allow servicemanager system_server : file { read open };
allow recovery_persist recovery_persist : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow priv_app radio_service : service_manager { find };
allow imscm sysfs_msm_subsys : file { ioctl read getattr lock open };
allow wcnss_filter wc_prop : property_service { set };
allow dumpstate dumpstate : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow init sudaemon_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init init_mid_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow thermal-engine diag_device : chr_file { ioctl read write getattr lock append open };
allow init time_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init init : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init imscm_tmpfs : chr_file { relabelto };
allow system_app sensorservice_service : service_manager { find };
allow surfaceflinger autoplay_app : fd { use };
allow init port-bridge_exec : file { read getattr execute open };
allow htc_ramdump debug_prop : property_service { set };
allow hostapd netd : netlink_nflog_socket { read write };
allow init drmserver_socket : chr_file { relabelto };
allow preopt2cachename preopt2cachename : dir { ioctl read getattr lock search open };
allow surfaceflinger binderservicedomain : lnk_file { ioctl read getattr lock open };
allow postinstall_dexopt dex2oat : process { transition siginh rlimitinh };
dontaudit postinstall_dexopt dex2oat : process { noatsecure };
allow qtaguid_proc qtaguid_proc : filesystem { associate };
allow init asec_public_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
type_transition init htc_ramdump_exec : process htc_ramdump;
allow audioserver binderservicedomain : binder { call transfer };
allow sdcardd sdcard_type : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow port-bridge init : process { sigchld };
allow servicemanager update_engine : file { read open };
allow platform_app asec_apk_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow dumpstate cne_service : service_manager { find };
allow init fingerprintd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow su app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow dumpstate dumpstate : lnk_file { ioctl read getattr lock open };
allow installd nfc_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init perfd : process { transition siginh rlimitinh };
dontaudit init perfd : process { noatsecure };
allow init cache_private_backup_file : chr_file { relabelto };
allow init proc_security : file { ioctl read write getattr setattr lock append open };
allow mediadrmserver mediadrmserver : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow cnss-daemon cnss-daemon : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm cnss-daemon cnss-daemon : socket ioctl { 0xc300-0xc305 };
allow htc_ramdump htc_ramdump : fifo_file { ioctl read write getattr lock append open };
allow init irqbalance_tmpfs : blk_file { relabelto };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : lnk_file { ioctl read getattr lock open };
type_transition sdcardd system_data_file : file media_rw_data_file;
allow sdcardd system_data_file : file { ioctl read getattr lock open };
allow dumpstate pstorefs : dir { ioctl read getattr lock search open };
allow init net_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow slideshow slideshow : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_app mediacodec_service : service_manager { find };
type_transition sudaemon tmpfs : file sudaemon_tmpfs;
allow init otapreopt_slot_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app activity_service : service_manager { find };
allow domain_deprecated rootfs : file { ioctl read getattr lock open };
allow vold fsck_exec : file { ioctl read getattr lock execute open };
allow init per_proxy_exec : file { read getattr execute open };
allow sockfs sockfs : filesystem { associate };
allow uncrypt sysfs : file { ioctl read getattr lock open };
allow racoon racoon : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow debuggerd recovery_refresh : process { ptrace getattr };
allow shell network_management_service : service_manager { find };
allow init lmkd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit ims ims : capability { sys_module };
allow ims ims : capability { net_bind_service };
allow uncrypt misc_block_device : blk_file { write lock append open };
allow healthd healthd : dir { ioctl read getattr lock search open };
allow mediaserver bluetooth : unix_stream_socket { connectto };
allow init drmserver_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init keystore_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow ueventd ueventd : fd { use };
allow shell media_router_service : service_manager { find };
allow init alarm_device : chr_file { read setattr open };
allow mkfs mkfs : fifo_file { ioctl read write getattr lock append open };
allow location location : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init lmkd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd ueventd : capability { chown dac_override fowner fsetid setgid net_admin sys_rawio mknod };
dontaudit ueventd ueventd : capability { sys_module };
allow sysinit sysinit : file { ioctl read write getattr lock append open };
allow system_server powerctl_prop : property_service { set };
allow dumpstate dumpstate_prop : property_service { set };
allow mdnsd mdnsd : lnk_file { ioctl read getattr lock open };
allow netmgrd su : fd { use };
allow init su_tmpfs : blk_file { relabelto };
allow init qmuxd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init : capability { chown dac_override fowner fsetid kill setgid setuid net_admin net_raw sys_rawio sys_admin sys_boot sys_resource sys_time sys_tty_config mknod };
dontaudit init init : capability { sys_module };
allow servicemanager mediadrmserver : dir { search };
allow binderservicedomain mediaextractor : binder { transfer };
allow system_app ion_device : chr_file { ioctl read write getattr lock append open };
allow cnd cnd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow mkfs su : fd { use };
allow time time : fd { use };
allow dhcp dhcp : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow keystore sudaemon : process { getattr };
allow appdomain qtaguid_device : chr_file { ioctl read getattr lock open };
allow shell cm_iconcache_service : service_manager { find };
allow postinstall_dexopt user_profile_data_file : dir { getattr search };
allow appdomain logdr_socket : sock_file { write };
allow vold cache_file : dir { ioctl read getattr lock search open };
allow dumpstate display_service : service_manager { find };
allow init preloads_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow surfaceflinger init : unix_stream_socket { connectto };
allow init shell_tmpfs : chr_file { relabelto };
allow system_server netmgrd_socket : sock_file { write };
allow priv_app su : binder { call transfer };
allow logd safemode_prop : file { ioctl read getattr lock open };
allow servicemanager adbd : file { read open };
allow init dhcp_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dhcp dhcp : fifo_file { ioctl read write getattr lock append open };
allow sgdisk su : binder { call transfer };
allow init cache_private_backup_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mdnsd mdnsd : file { ioctl read write getattr lock append open };
allow vold loop_device : blk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow shell profman_dump_data_file : dir { write getattr remove_name search };
allow system_server selinuxfs : file { ioctl read write getattr lock append open };
allow nanohub_slpi nanohub_slpi : file { ioctl read write getattr lock append open };
allow init perfprofd_data_file : chr_file { relabelto };
allow system_server shell_data_file : dir { read getattr search };
allow servicemanager gatekeeperd : process { getattr };
allow perfd perfd : dir { ioctl read getattr lock search open };
allow init wallpaper_file : chr_file { relabelto };
allow shell registry_service : service_manager { find };
allow dumpstate fingerprint_service : service_manager { find };
allow ssr_setup sysfs_msm_subsys : file { ioctl read write getattr lock append open };
allow drmserver asec_apk_file : file { read getattr };
allow shell cameraserver_service : service_manager { find };
allow obdm_app su : binder { call transfer };
allow bluetooth wc_prop : property_service { set };
allow sysfs_video sysfs_video : filesystem { associate };
allow init tee_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow debuggerd shell : process { ptrace getattr };
allow sudaemon sudaemon : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow shell procstats_service : service_manager { find };
allow system_server apk_private_tmp_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow adbd autoplay_data_file : dir { search };
type_transition bootstat tmpfs : file bootstat_tmpfs;
allow init init_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init postinstall_mnt_dir : dir { ioctl read write create getattr setattr relabelfrom relabelto mounton add_name remove_name search rmdir open };
allow dnsmasq dnsmasq : capability { dac_override setgid setuid net_bind_service net_admin net_raw };
dontaudit dnsmasq dnsmasq : capability { sys_module };
allow init ota_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server sysfs : lnk_file { ioctl read getattr lock open };
allow healthd pstorefs : file { ioctl read getattr lock open };
allow init persist_display_file : blk_file { relabelto };
allow system_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow audioserver batterystats_service : service_manager { find };
allow init tmpfs : lnk_file { create };
allow init proc_irq : dir { read setattr search open };
allow init mtpd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow tee fingerprintd_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow runas runas : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit setcurrent };
allow bootanim ion_device : chr_file { ioctl read write getattr lock append open };
allow postinstall_dexopt cpuctl_device : dir { search };
allow keystore system_app : binder { transfer };
allow gatekeeperd tee_device : chr_file { ioctl read write getattr lock append open };
allow system_server backup_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init gps_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cameraserver cameraserver : dir { ioctl read getattr lock search open };
allow appdomain misc_user_data_file : file { ioctl read getattr lock open };
allow cnss-daemon cnss-daemon_exec : file { read getattr execute entrypoint open };
allow installd bluetooth_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init mm-pp-daemon : process { transition siginh rlimitinh };
dontaudit init mm-pp-daemon : process { noatsecure };
allow clatd clatd : fifo_file { ioctl read write getattr lock append open };
allow themeservice_app themeservice_app : dir { ioctl read getattr lock search open };
allow surfaceflinger surfaceflinger_exec : file { read getattr execute entrypoint open };
allow appdomain zygote : process { sigchld };
allow qmuxd su : fd { use };
allow system_server persist_property_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow drmserver su : binder { call transfer };
allow init dhcp_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow drmserver permission_service : service_manager { find };
allow init_foreground domain : file { read open };
allow appdomain system_data_file : file { execute execute_no_trans execmod open };
allow perfd perfd_exec : file { read getattr execute entrypoint open };
allow init logd_tmpfs : chr_file { relabelto };
allow installd radio_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow themeservice_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm themeservice_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm themeservice_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow system_server zygote : process { sigchld sigkill };
allow adbd powerctl_prop : property_service { set };
allow init gatekeeper_data_file : chr_file { relabelto };
allow sudaemon app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit mediaextractor mediaextractor : capability { sys_module };
allow domain sysfs_devices_system_cpu : lnk_file { ioctl read getattr lock open };
allow init rild_debug_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su domain : netlink_tcpdiag_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow init cnd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow thermal-engine su : binder { call transfer };
allowxperm domain domain : tun_socket ioctl { 0x0 };
allow rmt rmt : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow appdomain dumpstate : binder { transfer };
allow preloads_copy preloads_copy : file { ioctl read write getattr lock append open };
allow servicemanager mediaserver : file { read open };
allow drmserver system_server : binder { call transfer };
allow init kernel : security { compute_av compute_create };
allow system_app hw_sku_prop : file { ioctl read getattr lock open };
type_transition mtp ppp_exec : process ppp;
allow sysinit su : fd { use };
allow init mtd_device : chr_file { read setattr open };
allow mediaserver property_socket : sock_file { write };
allow surfaceflinger adbd : fd { use };
allow racoon racoon : tun_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server hw_random_device : chr_file { ioctl read getattr lock open };
allow init camera_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow qmuxd su : binder { call transfer };
allow init system_ndebug_socket : chr_file { relabelto };
allow init storage_stub_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow radio radio_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit sudaemon port_type : netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow system_server usbaccessory_device : chr_file { ioctl read write getattr lock append open };
allow hostapd netd : udp_socket { read write };
allow irsc_util su : fd { use };
allow postinstall shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow clatd clatd_exec : file { read getattr execute entrypoint open };
allow shell devpts : chr_file { ioctl read write getattr lock append open };
allow init fuse_device : chr_file { read setattr open };
allow tee su : binder { call transfer };
allow init zygote_tmpfs : chr_file { relabelto };
allow init vold_device : chr_file { read setattr open };
allow system_app su : binder { call transfer };
allow debuggerd audioserver : debuggerd { dump_backtrace };
allow netd init : unix_stream_socket { connectto };
allow installd themeservice_app_data_file : sock_file { getattr setattr relabelfrom relabelto unlink rename };
allow radio radio_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow surfaceflinger persist_display_file : dir { ioctl read getattr lock search open };
allow nfc app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition init gpsd_exec : process gpsd;
dontaudit su fs_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow shell app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init adsprpcd_tmpfs : blk_file { relabelto };
allow radio radio : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow domain_deprecated system_data_file : dir { getattr search };
allow recovery_refresh recovery_refresh : file { ioctl read write getattr lock append open };
allow system_app window_service : service_manager { find };
allow port-bridge su : fd { use };
allow init tzdatacheck_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow postinstall su : fd { use };
allow mdnsd mdnsd : fd { use };
allow mediaserver scheduling_policy_service : service_manager { find };
allow ueventd sysfs_type : dir { ioctl read getattr setattr lock relabelfrom relabelto search open };
dontaudit sudaemon domain : netlink_crypto_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init resourcecache_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init persist_display_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow update_engine_common boot_block_device : blk_file { ioctl read write getattr lock append open };
allow adbd tmpfs : lnk_file { ioctl read getattr lock open };
allow usermodehelper usermodehelper : filesystem { associate };
allow proc_drop_caches proc_drop_caches : filesystem { associate };
type_transition gatekeeperd tmpfs : file gatekeeperd_tmpfs;
allow system_app audio_service : service_manager { find };
allow kernel kernel : lnk_file { ioctl read getattr lock open };
allow init update_verifier_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow zygote system_file : file { ioctl read getattr lock open };
allow netmgrd netmgrd_exec : file { read getattr execute entrypoint open };
allow init mediaserver : process { transition siginh rlimitinh };
dontaudit init mediaserver : process { noatsecure };
dontaudit atfwd atfwd : capability { sys_module };
allow system_app batteryproperties_service : service_manager { find };
allow system_server fingerprintd_data_file : file { getattr unlink };
allow install_recovery install_recovery : file { ioctl read write getattr lock append open };
allow domain system_file : dir { getattr search };
allow init gatekeeper_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cnd cnd_socket : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow servicemanager cameraserver : process { getattr };
allow init inotify : dir { read setattr search open };
allow init ion_device : chr_file { read setattr open };
allow shell mediadrmserver_service : service_manager { find };
allow tee tee : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow bootanim bootanim : file { ioctl read write getattr lock append open };
allow location su : binder { call transfer };
allow rild shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow system_app hdmi_control_service : service_manager { find };
allow keystore radio : process { getattr };
allow keystore racoon : file { read open };
allow sysinit sysfs : file { ioctl read write getattr lock append open };
allow nanoapp_cmd nanoapp_cmd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init usb_device : chr_file { read setattr open };
allow init location_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow recovery_persist recovery_persist : fifo_file { ioctl read write getattr lock append open };
allow cameraserver cameraserver_service : service_manager { add };
allow racoon racoon_exec : file { read getattr execute entrypoint open };
allow init cnd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netd sysfs_usb : file { write };
allow sudaemon su_exec : file { read getattr execute entrypoint open };
allow vold asec_apk_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename mounton add_name remove_name reparent search rmdir open };
allow idmap resourcecache_data_file : file { read write getattr };
allow qti-testscripts sysfs : file { ioctl read getattr lock open };
allow ueventd klog_device : chr_file { write create unlink open };
allow irqbalance proc : file { ioctl read getattr lock open };
allow init inputflinger_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init per_mgr_tmpfs : chr_file { relabelto };
allow surfaceflinger video_device : chr_file { ioctl read write getattr lock append open };
allow init vcs_device : chr_file { read setattr open };
allow platform_app apk_tmp_file : file { ioctl read write getattr lock append open };
allow init gatekeeperd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init radio_tmpfs : chr_file { relabelto };
allow system_server storage_file : dir { getattr search };
allow port-bridge sysfs_soc : lnk_file { ioctl read getattr lock open };
allow init cameraserver_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell account_service : service_manager { find };
allow init sap_uim_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate dumpstate : capability2 { syslog block_suspend };
allow adbd ion_device : chr_file { ioctl read write getattr lock append open };
allow imscm imscm : dir { ioctl read getattr lock search open };
allow init mediaserver_tmpfs : chr_file { relabelto };
allow servicemanager autoplay_app : file { read open };
allow isolated_app isolated_app : file { ioctl read write getattr lock append open };
allow system_server thermal-engine : unix_stream_socket { connectto };
allow inputflinger sysfs : file { ioctl read getattr lock open };
allow init themeservice_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold sdcard_type : filesystem { mount remount unmount };
allow keystore su : process { getattr };
allow priv_app recovery_service : service_manager { find };
allow init wpa_socket : blk_file { relabelto };
allow init irsc_util : process { transition siginh rlimitinh };
dontaudit init irsc_util : process { noatsecure };
allow init apk_tmp_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow logd logd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_server keystore_service : service_manager { find };
allow servicemanager imscm : dir { search };
allow dumpstate commontime_management_service : service_manager { find };
allow per_proxy sysfs_type : file { ioctl read getattr lock open };
allow init_foreground init_foreground : fd { use };
allow init fingerprintd_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init nfc_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mediacodec ion_device : chr_file { ioctl read write getattr lock append open };
allow init postinstall_mnt_dir : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app themeservice_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow installd media_rw_data_file : file { getattr unlink };
allow fingerprintd permission_service : service_manager { find };
allow system_app cm_performance_service : service_manager { find };
allow cameraserver su : binder { call transfer };
allow init htc_ramdump_tmpfs : blk_file { relabelto };
allow init cache_recovery_file : chr_file { relabelto };
allow init coredump_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dumpstate usagestats_service : service_manager { find };
allow init storage_stub_file : blk_file { relabelto };
allow init location : process { transition siginh rlimitinh };
dontaudit init location : process { noatsecure };
allow update_engine update_engine : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init priv_app_devpts : dir { read setattr search open };
allow init proc_meminfo : file { read setattr open };
allow init zoneinfo_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init mediadrmserver_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app mediaextractor_service : service_manager { find };
allow kernel kernel : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow update_verifier update_verifier : file { ioctl read write getattr lock append open };
type_transition cnss-daemon tmpfs : file cnss-daemon_tmpfs;
allow zygote selinuxfs : file { ioctl read write getattr lock append open };
type_transition init tzdatacheck_exec : process tzdatacheck;
allow appdomain app_fuse_file : file { read write getattr append };
allow dumpstate zygote_exec : file { ioctl read getattr lock execute execute_no_trans open };
type_transition bluetooth tmpfs : file bluetooth_tmpfs;
allow autoplay_app zygote : fd { use };
allow init time_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow drmserver drm_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init asec_public_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow init mediaextractor_tmpfs : blk_file { relabelto };
allow init bluetooth_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow sdcardd sysfs : file { ioctl read getattr lock open };
allow fingerprintd su : fd { use };
allow mkfs mkfs : dir { ioctl read getattr lock search open };
allow init_mid shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init vpn_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init proc_drop_caches : dir { read setattr search open };
allow priv_app_devpts priv_app_devpts : filesystem { associate };
allow init imscm_tmpfs : blk_file { relabelto };
allow init racoon_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vold domain : process { sigkill signal };
allow inputflinger inputflinger : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow ims ims : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow preloads_copy toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow kernel vold : fd { use };
allow dumpstate cm_performance_service : service_manager { find };
allow init nativetest_data_file : chr_file { relabelto };
type_transition wcnss_filter tmpfs : file wcnss_filter_tmpfs;
allow init ssr_setup_tmpfs : chr_file { relabelto };
allow ssr_setup ssr_setup : file { ioctl read write getattr lock append open };
allow subsystem_ramdump subsystem_ramdump : fd { use };
allow platform_app sysfs : file { ioctl read getattr lock open };
allow drmserver drmserver : fd { use };
dontaudit su domain : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow hci_attach hci_attach : fd { use };
allow dev_type tmpfs : filesystem { associate };
allow init adsprpcd : process { transition siginh rlimitinh };
dontaudit init adsprpcd : process { noatsecure };
allow priv_app app_api_service : service_manager { find };
allow gatekeeperd gatekeeper_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow dhcp dhcp : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init qmuxd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon domain : netlink_selinux_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
dontaudit sudaemon domain : key { view read write search link setattr create };
allow obdm_app obdm_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow netmgrd system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow inputflinger sysfs : dir { ioctl read getattr lock search open };
allow autoplay_app autoplay_app : dir { ioctl read getattr lock search open };
allow thermal-engine qmuxd_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
type_transition ssr_setup tmpfs : file ssr_setup_tmpfs;
allow bootanim su : fd { use };
allow installd user_profile_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow shared_relro shared_relro : file { ioctl read write getattr lock append open };
allow location sysfs_type : dir { ioctl read getattr lock search open };
allow init update_engine_data_file : chr_file { relabelto };
allowxperm obdm_app obdm_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm obdm_app obdm_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm obdm_app obdm_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow obdm_app obdm_app : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow perfd sysfs_devices_system_cpu : file { write };
allow irsc_util irsc_util : file { ioctl read write getattr lock append open };
allow rmt rmt : fifo_file { ioctl read write getattr lock append open };
allow init mdns_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediaserver qtaguid_device : chr_file { ioctl read getattr lock open };
allowxperm domain domain : netlink_audit_socket ioctl { 0x0 };
allow inputflinger inputflinger_service : service_manager { add find };
allow system_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm system_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm system_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
type_transition vold sdcardd_exec : process sdcardd;
allow adbd adbd : dir { ioctl read getattr lock search open };
allow adbd ffs_prop : file { ioctl read getattr lock open };
allow radio gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm radio gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm radio gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow init netmgrd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow ims ims : file { ioctl read write getattr lock append open };
allow netdomain dnsproxyd_socket : sock_file { write };
allow appdomain anr_data_file : file { append open };
allow init urandom_device : chr_file { read setattr open };
allow tee system_prop : file { ioctl read getattr lock open };
dontaudit su port_type : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow cameraserver su : fd { use };
allowxperm sudaemon sudaemon : udp_socket ioctl { 0x5411 0x5451 };
allowxperm sudaemon sudaemon : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm sudaemon sudaemon : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow sudaemon sudaemon : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow shell proc_net : dir { ioctl read getattr lock search open };
allow uncrypt block_device : blk_file { write lock append open };
auditallow uncrypt block_device : blk_file { write lock append open };
allow servicemanager isolated_app : binder { transfer };
allow audioserver sdcard_type : lnk_file { ioctl read getattr lock open };
allow shell assetatlas_service : service_manager { find };
allowxperm domain domain : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm domain domain : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm domain domain : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow rmt rmt : dir { ioctl read getattr lock search open };
allow servicemanager slideshow : binder { transfer };
allow init frp_block_device : chr_file { read setattr open };
allow postinstall system_block_device : blk_file { ioctl open };
allow thermal-engine thermal-engine : file { ioctl read write getattr lock append open };
allow netd hostapd : process { transition signal siginh rlimitinh };
dontaudit netd hostapd : process { noatsecure };
allow installd dalvikcache_data_file : file { ioctl read write create getattr setattr lock relabelto append unlink link rename open };
allow init netmgrd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app uce_service : service_manager { find };
allow cnd system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow shell bootchart_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init uncrypt_socket : blk_file { relabelto };
allow system_server apk_private_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow debuggerd bluetooth : process { ptrace getattr };
allow tzdatacheck tzdatacheck_exec : file { read getattr execute entrypoint open };
allow init isolated_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow location proc_net : file { ioctl read getattr lock open };
allow dnsmasq netd : unix_dgram_socket { read write };
allow init uncrypt_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediaextractor mediaextractor_service : service_manager { add };
allow init_radio init_radio : lnk_file { ioctl read getattr lock open };
allow system_app system_app : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow vold sysfs_usb : file { write lock append open };
allow drmserver media_rw_data_file : file { ioctl read getattr lock open };
allow init user_profile_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init_foreground su : binder { call transfer };
allow rild qmuxd_socket : sock_file { read write create getattr setattr unlink };
dontaudit subsystem_ramdump subsystem_ramdump : capability { sys_module };
allow mediadrmserver mediadrmserver : fifo_file { ioctl read write getattr lock append open };
allow dumpstate domain : lnk_file { ioctl read getattr lock open };
allow init lmkd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow surfaceflinger system_prop : file { ioctl read getattr lock open };
allow ueventd ueventd : dir { ioctl read getattr lock search open };
allow lmkd lmkd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow debuggerd su : binder { call transfer };
allow init device : chr_file { ioctl read write getattr setattr lock append open };
allow nfc nfc_prop : property_service { set };
allow init domain : unix_dgram_socket { create bind };
allow mediaserver mediaserver : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager servicemanager_exec : file { read getattr execute entrypoint open };
allow shell deviceidle_service : service_manager { find };
allow dnsmasq netd : udp_socket { read write };
allow init anr_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init location_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shared_relro keystore : keystore_key { get_state get insert delete exist list sign verify };
allow wpa cgroup : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow irqbalance irqbalance : fifo_file { ioctl read write getattr lock append open };
allow init anr_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow radio radio_prop : file { ioctl read getattr lock open };
allow autoplay_app servicemanager : binder { call transfer };
allow domain property_contexts : file { ioctl read getattr lock open };
allow netd netd_exec : file { read getattr execute entrypoint open };
allow preopt2cachename preopt2cachename_exec : file { read getattr execute entrypoint open };
allow sysfs_writable sysfs_writable : filesystem { associate };
allow init ssr_device : chr_file { read setattr open };
allow init heapdump_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow postinstall_dexopt apk_data_file : file { ioctl read getattr lock open };
allow clatd clatd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow system_app su : fd { use };
allow mediaextractor mediaextractor : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow debuggerd wpa : process { ptrace getattr };
allow shell nativetest_data_file : dir { ioctl read getattr lock search open };
allow init netmgrd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow dex2oat user_profile_data_file : file { read getattr lock };
allow camera system_server : unix_stream_socket { read write };
allow init debugfs_tracing : file { read write getattr setattr lock relabelfrom append open };
allow domain_deprecated inotify : dir { ioctl read getattr lock search open };
allow dumpstate hdmi_control_service : service_manager { find };
allow slideshow graphics_device : dir { ioctl read getattr lock search open };
allow netdomain netd : unix_stream_socket { connectto };
allow bluetooth wcnss_filter : unix_stream_socket { connectto };
allow init sdsprpc_device : chr_file { read setattr open };
allow init system_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow perfprofd app_data_file : dir { search };
allow init perfd_tmpfs : chr_file { relabelto };
allow servicemanager system_server : process { getattr };
allow servicemanager bootstat : binder { transfer };
allow init logdr_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app procstats_service : service_manager { find };
allow racoon racoon : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow keystore gatekeeperd : dir { search };
allow bootanim proc : lnk_file { ioctl read getattr lock open };
dontaudit su domain : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow autoplay_app system_server : fifo_file { ioctl read write getattr lock append open };
allow init user_profile_foreign_dex_data_file : blk_file { relabelto };
allow slideshow su : binder { call transfer };
allow system_app webviewupdate_service : service_manager { find };
allow tzdatacheck tzdatacheck : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow ssr_setup ssr_setup : dir { ioctl read getattr lock search open };
allow debuggerd debuggerd_tmpfs : file { read write };
allow domain log_property_type : file { ioctl read getattr lock open };
allow clatd clatd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow mediadrmserver mediadrmserver_exec : file { read getattr execute entrypoint open };
allow debuggerd tombstone_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow drmserver efs_file : dir { ioctl read getattr lock search open };
allow dumpstate pstorefs : file { ioctl read getattr lock open };
allow slideshow tty_device : chr_file { ioctl read write getattr lock append open };
allow qti-testscripts qti-testscripts : fifo_file { ioctl read write getattr lock append open };
allow servicemanager imscm : binder { transfer };
allow priv_app cache_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init_radio init_radio : fd { use };
allow init init_foreground_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow cameraserver system_file : dir { ioctl read getattr lock search open };
allow nfc app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init diag_logs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init userdata_block_device : blk_file { ioctl read write getattr lock append open };
allow servicemanager gatekeeperd : binder { transfer };
allow adbd adbd : lnk_file { ioctl read getattr lock open };
allow init mediadrmserver_tmpfs : chr_file { relabelto };
allow google_camera_app keystore : fd { use };
allow system_server cache_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow domain vold : key { search };
allow untrusted_app tun_device : chr_file { ioctl read write getattr append };
allow system_app consumer_ir_service : service_manager { find };
allow domain selinuxfs : file { getattr };
allow irqbalance irqbalance : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init zygote_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow appdomain fuse : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow sgdisk vold_device : blk_file { ioctl read write getattr lock append open };
allow mediaextractor mediaextractor : fd { use };
allow init postinstall_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allowxperm system_app system_app : tcp_socket ioctl { 0x5411 0x5451 };
allowxperm system_app system_app : tcp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm system_app system_app : tcp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow system_app system_app : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow fingerprintd fingerprintd_tmpfs : file { read write };
allow blkid userdata_block_device : blk_file { ioctl read getattr lock open };
allow vold sysfs : dir { ioctl read getattr lock search open };
allow installd nfc_data_file : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init perfprofd_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow camera camera : lnk_file { ioctl read getattr lock open };
allow init cnss-daemon_tmpfs : chr_file { relabelto };
allow init rild_socket : blk_file { relabelto };
allow sysinit system_file : dir { ioctl read getattr lock search open };
allow keystore init : process { sigchld };
allow init installd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell voiceinteraction_service : service_manager { find };
allow init update_verifier_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app persistent_data_block_service : service_manager { find };
allow camera camera : capability { sys_nice };
dontaudit camera camera : capability { sys_module };
allow atfwd atfwd_exec : file { read getattr execute entrypoint open };
allow debuggerd priv_app : process { ptrace getattr };
type_transition init update_verifier_exec : process update_verifier;
allow shared_relro keystore_service : service_manager { find };
allow init proc_uid_cputime_showstat : dir { read setattr search open };
allow bluetooth bluetooth : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
dontaudit platform_app platform_app : capability { sys_module };
allow debuggerd nfc : process { ptrace getattr };
allow init gps_control : chr_file { relabelto };
allow nfc nfc : lnk_file { ioctl read getattr lock open };
allow install_recovery recovery_block_device : blk_file { ioctl read write getattr lock append open };
allow shell samplingprofiler_service : service_manager { find };
allow preloads_copy preloads_copy : fifo_file { ioctl read write getattr lock append open };
allow sysinit sysinit : lnk_file { ioctl read getattr lock open };
allow system_app cameraproxy_service : service_manager { find };
allow init_mid init_mid : fifo_file { ioctl read write getattr lock append open };
allow per_proxy per_proxy : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow imscm init : process { sigchld };
allow uncrypt fuse : file { ioctl read getattr lock open };
allow init vold_data_file : file { getattr relabelto };
allow init user_profile_data_file : chr_file { relabelto };
allow appdomain qtaguid_proc : file { ioctl read write getattr lock append open };
allow gpsd shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow servicemanager location : dir { search };
allow camera camera : fd { use };
allow servicemanager cnss-daemon : binder { transfer };
allow platform_app su : fd { use };
allow init camera_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow postinstall_dexopt postinstall_dexopt : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init persist_display_file : chr_file { relabelto };
allow servicemanager init_mid : binder { transfer };
allow init zygote_socket : blk_file { relabelto };
allow init lmkd_socket : chr_file { relabelto };
allow lmkd lmkd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init inotify : file { read setattr open };
allow init platform_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow bootanim themeservice_app_data_file : file { ioctl read getattr lock open };
allow surfaceflinger autoplay_app : dir { ioctl read getattr lock search open };
dontaudit dex2oat dex2oat : capability { sys_module };
allow bluetooth bluetooth : capability2 { wake_alarm block_suspend };
allow init untrusted_app_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd logd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
dontaudit su port_type : netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init init_radio_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init system_app_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init sysfs_nfc_power_writable : file { read setattr open };
allow autoplay_app system_server : fd { use };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow untrusted_app audioserver_service : service_manager { find };
allow kernel kernel : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init bootchart_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow postinstall_dexopt kernel : security { compute_av check_context };
allow vdc vdc_tmpfs : file { read write };
allow postinstall_dexopt apk_data_file : dir { ioctl read getattr lock search open };
allow hci_attach hci_attach : lnk_file { ioctl read getattr lock open };
allow servicemanager atrace : binder { transfer };
allow system_server heapdump_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init_mid init : process { sigchld };
allow adsprpcd adsprpcd_exec : file { read getattr execute entrypoint open };
allow installd media_rw_data_file : dir { ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open };
allow init mediadrmserver_exec : file { read getattr execute open };
allow system_server pstorefs : file { ioctl read getattr lock open };
allow init ota_package_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow gpsd gpsd : fifo_file { ioctl read write getattr lock append open };
allow otapreopt_slot otapreopt_slot : fifo_file { ioctl read write getattr lock append open };
allow system_app device_policy_service : service_manager { find };
allow servicemanager init : process { sigchld };
allow autoplay_app surfaceflinger : unix_stream_socket { read write getattr getopt setopt shutdown };
allow runas su : binder { call transfer };
allow obdm_app obdm_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow toolbox swap_block_device : blk_file { ioctl read write getattr lock append open };
allow shell atfwd_service : service_manager { find };
allow racoon racoon : capability { setuid net_bind_service net_admin net_raw };
dontaudit racoon racoon : capability { sys_module };
allow rild rild : capability2 { block_suspend };
allow isolated_app isolated_app : fifo_file { ioctl read write getattr lock append open };
allow uncrypt uncrypt_tmpfs : file { read write };
allow init preloads_copy_tmpfs : blk_file { relabelto };
allow init preloads_data_file : blk_file { relabelto };
allow imscm imscm : fd { use };
allow priv_app tun_device : chr_file { ioctl read write getattr append };
allow sysfs_nanoapp_cmd sysfs_nanoapp_cmd : filesystem { associate };
allow perfprofd sysfs : dir { ioctl read getattr lock search open };
allow camera system_file : dir { ioctl read getattr lock search open };
allow vold cache_file : lnk_file { ioctl read getattr lock open };
allow debuggerd sysfs : file { ioctl read getattr lock open };
allow platform_app apk_private_tmp_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow update_engine priv_app : fd { use };
allow system_server fscklogs : lnk_file { ioctl read getattr lock open };
allow netd netdomain : udp_socket { read write getattr setattr getopt setopt };
allow rmt block_device : dir { search };
allow init asec_apk_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd mm-pp-daemon : process { ptrace getattr };
allow debugfs_tracing debugfs_tracing : filesystem { associate };
allow init nanoapp_cmd_exec : file { read getattr execute open };
allow hci_attach su : binder { call transfer };
allow postinstall_dexopt ota_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server qmuxd_socket : sock_file { read write create getattr setattr unlink };
allow debuggerd isolated_app : process { ptrace getattr };
allow logd logd : file { ioctl read write getattr lock append open };
dontaudit shared_relro shared_relro : capability { sys_module };
allow uncrypt uncrypt : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init media_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow boot_control_hal custom_ab_block_device : blk_file { getattr };
allow init boottrace_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager atfwd : binder { transfer };
allow init gps_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su fs_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow appdomain usb_device : chr_file { ioctl read write getattr };
allow init ota_package_file : chr_file { relabelto };
allow domain dev_type : lnk_file { ioctl read getattr lock open };
allow rild mtd_device : dir { search };
allow keystore platform_app : file { read open };
allow init sysfs_bluetooth_writable : file { read setattr open };
allow sudaemon keystore : keystore_key { get_state get insert delete exist list sign verify };
allow shell domain : file { read getattr open };
allow netd wifi_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow obdm_app obdm_app : lnk_file { ioctl read getattr lock open };
allow init irsc_util_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell cm_themes_service : service_manager { find };
allow per_mgr init : process { sigchld };
allow mediadrmserver mediadrmserver : fd { use };
allow init sysinit_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app sysfs : lnk_file { ioctl read getattr lock open };
allow isolated_app display_service : service_manager { find };
allow system_server sysfs_zram : dir { search };
allow dumpstate cameraserver : process { signal };
allow init drmserver_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server user_profile_data_file : dir { search };
allow init zygote_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow perfprofd sysfs : lnk_file { ioctl read getattr lock open };
allow lmkd sysfs_type : dir { ioctl read getattr lock search open };
allow init_power sysfs_thermal : file { write lock append open };
allow init adsprpcd_device : chr_file { read setattr open };
allow time time_tmpfs : file { read write };
allow hostapd hostapd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
allow init apk_private_data_file : chr_file { relabelto };
allow appdomain adbd : process { sigchld };
allow mediacodec mediacodec : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init logd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init location_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow ueventd sysfs_pcie : file { write lock append open };
allow shell domain : process { getattr };
allow subsystem_ramdump subsystem_ramdump_exec : file { read getattr execute entrypoint open };
allow init-qcom-qseecomd-sh shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init cnd_tmpfs : chr_file { relabelto };
allow init sysinit : process { transition siginh rlimitinh };
dontaudit init sysinit : process { noatsecure };
allow init icon_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow mkfs cache_block_device : blk_file { ioctl read write getattr lock append open };
allow init init_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init toolbox_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell runas : process { transition siginh rlimitinh };
dontaudit shell runas : process { noatsecure };
allow init atfwd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init imscm_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow netmgrd net_radio_prop : property_service { set };
allow imscm imscm_service : service_manager { add };
allow debuggerd radio : process { ptrace getattr };
allow init_foreground shell_exec : file { read getattr };
allow atfwd radio_prop : property_service { set };
dontaudit sudaemon dev_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow lmkd system_server : lnk_file { ioctl read getattr lock open };
allow init wpa_tmpfs : chr_file { relabelto };
allow sysinit sysinit : fd { use };
allow untrusted_app ion_device : chr_file { ioctl read write getattr lock append open };
allow perfprofd domain : dir { ioctl read getattr lock search open };
allow bluetooth app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow appdomain mediaserver : binder { transfer };
allow init inputflinger_tmpfs : blk_file { relabelto };
allow adbd devpts : chr_file { ioctl read write getattr lock append open };
allow atrace debug_prop : property_service { set };
dontaudit sudaemon node_type : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow servicemanager mdnsd : binder { transfer };
allow mediaserver init : unix_stream_socket { connectto };
allow keystore radio : dir { search };
allow ueventd sysfs_devices_system_cpu : file { ioctl read write getattr setattr lock append open };
allow init storage_stub_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init dnsproxyd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sudaemon superuser_device : dir { ioctl read write create getattr setattr lock unlink add_name remove_name search open };
allow install_recovery toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init apk_private_tmp_file : chr_file { relabelto };
allow fsck sysfs : lnk_file { ioctl read getattr lock open };
allow installd apk_data_file : lnk_file { read create unlink };
allow init icon_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow drmserver drmserver_tmpfs : file { read write };
allow cppreopts preopt2cachename_exec : file { read getattr execute open };
allow init sysfs_perf : file { read setattr open };
allow atfwd atfwd_service : service_manager { find };
allow servicemanager otapreopt_slot : binder { transfer };
allow init property_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow priv_app audioserver_service : service_manager { find };
allow installd user_profile_foreign_dex_data_file : file { getattr unlink rename };
type_transition init adsprpcd_exec : process adsprpcd;
allow mediaserver mediaserver : fifo_file { ioctl read write getattr lock append open };
allow irsc_util irsc_util : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm irsc_util irsc_util : socket ioctl { 0xc300-0xc305 };
allow dumpstate misc_logd_file : file { ioctl read getattr lock open };
allow init autoplay_data_file : chr_file { relabelto };
allow recovery_refresh recovery_refresh_exec : file { read getattr execute entrypoint open };
allow ims property_socket : sock_file { write };
allow system_server cache_backup_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow healthd batteryproperties_service : service_manager { add find };
type_transition init per_proxy_exec : process per_proxy;
allow init uncrypt_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init location_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su domain : appletalk_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init resourcecache_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow servicemanager perfd : binder { transfer };
allow init otapreopt_slot_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow debuggerd shared_relro : process { ptrace getattr };
allow dumpstate debugfs_tracing : file { ioctl read write getattr lock append open };
allow system_server netmgrd_socket : dir { search };
allow dumpstate mediadrmserver : process { signal };
allow init recovery_block_device : chr_file { read setattr open };
allow dumpstate hardware_properties_service : service_manager { find };
type_transition init_foreground tmpfs : file init_foreground_tmpfs;
allow init vold_data_file : dir { ioctl read create getattr setattr relabelto search open };
allow cameraserver perfd_data_file : sock_file { write };
allow debuggerd inputflinger : debuggerd { dump_backtrace };
dontaudit preopt2cachename preopt2cachename : capability { sys_module };
allow dnsmasq netd : netlink_nflog_socket { read write };
allow dumpstate tombstone_data_file : dir { ioctl read getattr lock search open };
allow bootstat su : fd { use };
allow mediaserver drmserver : drmservice { consumeRights setPlaybackStatus openDecryptSession closeDecryptSession initializeDecryptUnit decrypt finalizeDecryptUnit pread };
allow vold cache_file : file { read getattr };
allow mediadrmserver surfaceflinger_service : service_manager { find };
allow audioserver audio_device : chr_file { ioctl read write getattr lock append open };
allow init profman_dump_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init system_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app cm_app_suggest_service : service_manager { find };
allow fsck fsck : lnk_file { ioctl read getattr lock open };
type_transition cnd socket_device : file cnd_socket;
allow dumpstate system_server : process { signal };
allow dumpstate recovery_data_file : file { ioctl read getattr lock open };
allow init persist_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow profman profman_exec : file { read getattr execute entrypoint open };
allow domain zero_device : chr_file { ioctl read write getattr lock append open };
allow init htc_ramdump_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init loop_device : chr_file { read setattr open };
allow fsck fsck : fd { use };
type_transition vold sgdisk_exec : process sgdisk;
allow rmt sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow init ota_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow zygote zygote : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit setcurrent };
allow netmgrd proc_net : file { ioctl read write getattr lock append open };
allow init misc_user_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mtpd_socket : chr_file { relabelto };
allow adbd surfaceflinger : fd { use };
allow priv_app sysfs : lnk_file { ioctl read getattr lock open };
allow slideshow slideshow : file { ioctl read write getattr lock append open };
allow configfs configfs : filesystem { associate };
allow dex2oat dex2oat : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow racoon racoon : lnk_file { ioctl read getattr lock open };
allow rild rild : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm rild rild : udp_socket ioctl { 0x6900 0x6902 };
allowxperm rild rild : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm rild rild : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow time su : binder { call transfer };
allow update_engine update_engine : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server mediaserver : udp_socket { ioctl read write getattr setattr lock append bind connect getopt setopt shutdown };
type_transition netd clatd_exec : process clatd;
allow dhcp netd : udp_socket { read write };
allow init sysfs_net : file { read setattr open };
allow audioserver proc : file { ioctl read getattr lock open };
allow netmgrd diag_device : chr_file { ioctl read write getattr lock append open };
allow init su_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init app_data_file : chr_file { relabelto };
allow vold vold : dir { ioctl read getattr lock search open };
allow servicemanager per_proxy : file { read open };
allow toolbox sysfs : dir { ioctl read getattr lock search open };
allow installd shell_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init drmserver_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sdcardd storage_stub_file : dir { mounton search };
allow init logdw_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit sudaemon kernel : system { ipc_info syslog_read syslog_mod syslog_console module_request module_load };
allow rild audioserver_service : service_manager { find };
allow radio radio : fifo_file { ioctl read write getattr lock append open };
type_transition sudaemon socket_device : sock_file superuser_device;
allow init mediaserver_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init rild_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver processinfo_service : service_manager { find };
allow netmgrd net_data_file : file { ioctl read getattr lock open };
allow init system_app_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init init : dir { ioctl read getattr lock search open };
allow logd safemode_prop : property_service { set };
allow system_app nfc_service : service_manager { find };
allow domain_deprecated proc : dir { ioctl read getattr lock search open };
allow sudaemon ion_device : chr_file { ioctl read write getattr lock append open };
allow init media_rw_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow radio cameraserver_service : service_manager { find };
allow init vpn_data_file : blk_file { relabelto };
allow system_app voiceinteraction_service : service_manager { find };
allow dumpstate ethernet_service : service_manager { find };
allow surfaceflinger app_data_file : file { read write };
allow vold vold : file { ioctl read write getattr lock append open };
allow debuggerd cameraserver : debuggerd { dump_backtrace };
allow surfaceflinger bootanim : binder { call transfer };
allow domain camera_prop : file { ioctl read getattr lock open };
allow install_recovery system_file : file { ioctl read getattr lock execute execute_no_trans open };
allow init netd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init sysfs_msm_subsys : file { read setattr open };
allow mm-pp-daemon mm-pp-daemon : fd { use };
allow bluetooth keystore : keystore_key { get_state get insert delete exist list sign verify };
allow init ssr_setup_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init method_trace_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server mdns_socket : sock_file { ioctl read write getattr lock append open };
allow appdomain cache_backup_file : file { read write getattr };
allow init logd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app wifiscanner_service : service_manager { find };
allow kernel app_data_file : file { read };
allow init init_mid_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow servicemanager update_engine : dir { search };
allow init cameraserver_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow untrusted_app app_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow vold fscklogs : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit su dev_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow nfc nfc_service : service_manager { add find };
allow init perfprofd_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow location location : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm location location : socket ioctl { 0xc300-0xc305 };
allow system_app superuser_device : sock_file { read write create getattr setattr unlink };
type_transition init dhcp_exec : process dhcp;
allow shell kill_switch_service : service_manager { find };
allow init update_engine_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow adbd sdcard_type : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init ims_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow sdcardd rootfs : dir { mounton };
allow init misc_logd_file : file { getattr relabelto };
allow init htc_ramdump_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow gpsd gps_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init app_fuse_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init nanohub_slpi_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init recovery_persist_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow htc_ramdump htc_ramdump : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init persist_property_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init toolbox_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
type_transition init_radio tmpfs : file init_radio_tmpfs;
allow installd profman_dump_data_file : dir { write add_name search };
dontaudit su domain : netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
dontaudit sudaemon netif_type : netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send ingress egress };
type_transition init port-bridge_exec : process port-bridge;
allow shell shell_prop : property_service { set };
dontaudit blkid_untrusted blkid_untrusted : capability { sys_module };
allow hci_attach hci_attach : dir { ioctl read getattr lock search open };
allow init tee_exec : file { read getattr execute open };
allow init property_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init asec_public_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow debuggerd update_engine : process { ptrace getattr };
dontaudit drmserver drmserver : capability { sys_module };
allow init sysfs_wifi : file { read setattr open };
allow mediaserver mediaserver : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
dontaudit watchdogd watchdogd : capability { sys_module };
allow init fingerprintd_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init gatekeeperd_exec : file { read getattr execute open };
allow init sysfs_zram_uevent : dir { read setattr search open };
allow dumpstate accessibility_service : service_manager { find };
allow init media_data_file : chr_file { relabelto };
allow cnss_diag cnss_diag : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow ueventd su : binder { call transfer };
allow gpsd gpsd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow servicemanager mediaextractor : binder { transfer };
allow keystore keystore : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow sudaemon keystore_service : service_manager { find };
allow lmkd system_server : file { ioctl read write getattr lock open };
allow system_server dhcp_prop : file { ioctl read getattr lock open };
allow debuggerd input_device : dir { ioctl read getattr lock search open };
allow radio radio_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow priv_app sysfs : file { ioctl read getattr lock open };
dontaudit sudaemon port_type : dccp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind name_connect };
allow init otapreopt_slot_tmpfs : blk_file { relabelto };
allow themeservice_app themeservice_app : fifo_file { ioctl read write getattr lock append open };
allow cameraserver camera_device : chr_file { ioctl read write getattr lock append open };
dontaudit sudaemon fs_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
type_transition gpsd tmpfs : file gpsd_tmpfs;
allow installd autoplay_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow bootanim sysfs : lnk_file { ioctl read getattr lock open };
allow ueventd ueventd_tmpfs : file { read write };
allow appdomain mediaextractor : binder { transfer };
allow su tun_device : chr_file { ioctl read write getattr append };
allow kernel rootfs : dir { ioctl read getattr lock search open };
allow wpa sysfs : file { ioctl read getattr lock open };
allow init mnt_user_file : blk_file { relabelto };
allow domain_deprecated system_server : fd { use };
allow vold security_file : dir { ioctl read getattr lock search open };
allow system_server per_mgr_service : service_manager { find };
allow debuggerd debuggerd : dir { ioctl read getattr lock search open };
allow installd system_app_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow init unlabeled : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow system_app bluetooth_service : service_manager { find };
allow mediadrmserver mediadrmserver : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow autoplay_app textservices_service : service_manager { find };
dontaudit su domain : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow vold unencrypted_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init_foreground domain : dir { getattr search };
allow radio rild_socket : sock_file { write };
allow vdc vdc : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow mtp mtp : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow fingerprintd sysfs : lnk_file { ioctl read getattr lock open };
allow inputflinger system_server : fd { use };
allow fingerprintd sysfs_fingerprint : dir { ioctl read getattr lock search open };
allow nanohub_slpi sdsprpc_device : chr_file { ioctl read write getattr lock append open };
allow postinstall postinstall : dir { ioctl read getattr lock search open };
allow vold mkfs_exec : file { read getattr execute execute_no_trans open };
allow domain init : process { sigchld };
allow init time_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow fingerprintd init : process { sigchld };
allow init ramdump_device : chr_file { read setattr open };
allow init fingerprintd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow gatekeeperd gatekeeperd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow servicemanager wpa : dir { search };
allow perfprofd perfprofd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow appdomain sdcardfs : file { ioctl read write create getattr setattr lock append unlink rename open };
allow zygote system_data_file : file { ioctl read getattr lock open };
allow dumpstate su_exec : file { read getattr execute open };
allow proc proc : filesystem { associate };
allow fsck_untrusted vold : process { sigchld };
allow adbd adb_device : chr_file { ioctl read write getattr lock append open };
allow adbd property_socket : sock_file { write };
allow init gps_data_file : chr_file { relabelto };
allow netd clatd : process { transition signal siginh rlimitinh };
dontaudit netd clatd : process { noatsecure };
allow system_server bluetooth_data_file : dir { read getattr search };
allow debuggerd per_mgr : process { ptrace getattr };
allow logd pstorefs : file { ioctl read getattr lock open };
type_transition fingerprintd tmpfs : file fingerprintd_tmpfs;
allow init gps_control : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app ion_device : chr_file { ioctl read write getattr lock append open };
allow platform_app platform_app : lnk_file { ioctl read getattr lock open };
allow sdcardd vold : fd { use };
allow autoplay_app dalvikcache_data_file : lnk_file { ioctl read getattr lock open };
allow slideshow slideshow : dir { ioctl read getattr lock search open };
allow platform_app mediaserver_service : service_manager { find };
allow tee tee_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow otapreopt_chroot otapreopt_chroot : capability { sys_chroot sys_admin };
dontaudit otapreopt_chroot otapreopt_chroot : capability { sys_module };
allow init racoon_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init functionfs : file { read setattr open };
allow domain coredump_file : dir { ioctl read write getattr lock add_name search open };
allow debuggerd profman : process { ptrace getattr };
allow dex2oat apk_tmp_file : file { read };
allow vold domain : lnk_file { ioctl read getattr lock open };
allow obdm_app obdm_app : file { ioctl read write getattr lock append open };
allow hci_attach sysfs : lnk_file { ioctl read getattr lock open };
allow healthd su : fd { use };
allow netmgrd shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow healthd healthd : capability2 { block_suspend };
allow init hw_random_device : chr_file { ioctl read getattr setattr lock open };
allow tee property_socket : sock_file { write };
allow installd user_profile_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init vold_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow surfaceflinger surfaceflinger : dir { ioctl read getattr lock search open };
allow platform_app media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow priv_app priv_app : fifo_file { ioctl read write getattr lock append open };
allow installd sysfs : dir { ioctl read getattr lock search open };
dontaudit su port_type : unix_stream_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom };
allow init_power sysfs_msm_subsys : file { write lock append open };
allow keystore kernel : security { compute_av };
dontaudit untrusted_app exec_type : file { getattr };
allow appdomain user_profile_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow lmkd lmkd_tmpfs : file { read write };
allow keystore gatekeeperd : process { getattr };
allow irqbalance proc : dir { ioctl read getattr lock search open };
allow init keystore_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app logdw_socket : sock_file { write };
allow init recovery_refresh_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow cnss-daemon sysfs_msm_core : file { write };
allow update_engine update_engine : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow domain properties_serial : file { ioctl read getattr lock open };
allow dumpstate autoplay_app : fd { use };
allow shell rttmanager_service : service_manager { find };
allow clatd netd : process { sigchld };
allow zygote zygote : file { ioctl read write getattr lock append open };
allow appdomain dex2oat_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow mm-pp-daemon su : fd { use };
allow shell imscm_service : service_manager { find };
allow init install_recovery_tmpfs : chr_file { relabelto };
allow system_server debug_prop : file { ioctl read getattr lock open };
allow mediaserver mediaserver : fd { use };
allow servicemanager servicemanager : dir { ioctl read getattr lock search open };
allow uncrypt app_data_file : lnk_file { ioctl read getattr lock open };
allow init nanoapp_cmd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_app keystore : keystore_key { get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid user_changed };
allow shell nativetest_data_file : file { ioctl read getattr lock execute execute_no_trans open };
allow cnss-daemon cnss-daemon_tmpfs : file { read write };
allow init gps_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init display_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit su file_type : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow system_server systemkeys_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init installd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init themeservice_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow cameraserver sensorservice_service : service_manager { find };
allow shell connmetrics_service : service_manager { find };
allow mediacodec gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm mediacodec gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm mediacodec gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow gatekeeperd sysfs : file { ioctl read getattr lock open };
allow shell mount_service : service_manager { find };
allow system_app imscm_service : service_manager { find };
allow cameraserver gpu_device : chr_file { ioctl read write getattr lock append open };
allow servicemanager atfwd : process { getattr };
allow drmserver drmserver : lnk_file { ioctl read getattr lock open };
allow init owntty_device : chr_file { read setattr open };
allow rild system_data_file : file { ioctl read getattr lock open };
allow sdcardd mnt_expand_file : dir { search };
allow init mdns_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init cameraserver_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init keystore_data_file : dir { ioctl read create getattr setattr relabelto search open };
allow vold init : key { write search setattr };
allow vold sysfs : file { ioctl read write getattr lock append open };
allow preloads_copy su : binder { call transfer };
allow shell wifi_log_prop : property_service { set };
allow recovery_refresh recovery_refresh : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow adbd shell_prop : file { ioctl read getattr lock open };
allow healthd system_server : binder { call transfer };
allow mediaserver media_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow google_camera_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow perfd perfd_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow wpa wpa : dir { ioctl read getattr lock search open };
allow imscm imscm_tmpfs : file { read write };
allow inputflinger init : process { sigchld };
allow init mediadrmserver_tmpfs : blk_file { relabelto };
allow init method_trace_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow racoon keystore : fd { use };
allow audioserver audioserver_service : service_manager { add find };
allow update_engine update_engine : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow system_server wifi_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server ringtone_file : dir { ioctl read write create getattr setattr lock relabelto rename add_name remove_name reparent search rmdir open };
allow uncrypt su : fd { use };
allow init mnt_expand_file : chr_file { relabelto };
allow priv_app priv_app : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow per_mgr system_server : binder { call transfer };
allow update_engine_common shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow keystore tee : unix_stream_socket { connectto };
allow bootstat init : process { sigchld };
allow system_server cameraserver_service : service_manager { find };
allow debuggerd mkfs : process { ptrace getattr };
allow obdm_app sysfs_msm_subsys : file { ioctl read getattr lock open };
allow bootanim bootanim : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow shell search_service : service_manager { find };
allow servicemanager debuggerd : binder { transfer };
allow logd powerctl_prop : property_service { set };
allow init toolbox_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init surfaceflinger_tmpfs : blk_file { relabelto };
allow system_app cache_recovery_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server preloads_data_file : file { ioctl read getattr lock unlink open };
allow init inputflinger_tmpfs : chr_file { relabelto };
allow ppp ppp_exec : file { read getattr execute entrypoint open };
allow init isolated_app_tmpfs : chr_file { relabelto };
allow zygote sdcardfs : filesystem { unmount };
allow dumpstate registry_service : service_manager { find };
allow init ueventd_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mdnsd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init toolbox_tmpfs : chr_file { relabelto };
allow init ims_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow mediadrmserver cgroup : lnk_file { ioctl read getattr lock open };
allow ueventd wifi_data_file : dir { ioctl read getattr lock search open };
dontaudit sudaemon kernel : security { compute_av compute_create compute_member check_context load_policy compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot read_policy };
allow shell radio_service : service_manager { find };
allow servicemanager racoon : file { read open };
allow init property_data_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
allow netd radio_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow zygote pmsg_device : chr_file { getattr };
allow init logdr_socket : chr_file { relabelto };
allow subsystem_ramdump subsystem_ramdump : file { ioctl read write getattr lock append open };
allow init userinit_data_exec : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init storage_stub_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow radio ims_socket : sock_file { write };
allow dumpstate dumpstate : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow recovery sysfs : file { ioctl read getattr lock open };
allow uncrypt property_socket : sock_file { write };
dontaudit su domain : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_app ethernet_service : service_manager { find };
allow postinstall_dexopt postinstall_dexopt : file { ioctl read write getattr lock append open };
allow port-bridge port-bridge : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_app radio_service : service_manager { find };
dontaudit sudaemon domain : netlink_rdma_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server rtc_device : chr_file { ioctl read write getattr lock append open };
allow uncrypt cache_recovery_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow shared_relro shared_relro : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow sudaemon sudaemon : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow init drmserver_socket : blk_file { relabelto };
type_transition fsck tmpfs : file fsck_tmpfs;
allow appdomain media_rw_data_file : file { read getattr };
allow init drmserver_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon domain : netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow netd dumpstate : binder { transfer };
allow hostapd hostapd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
dontaudit su fs_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow appdomain servicemanager : binder { call transfer };
dontaudit sudaemon port_type : netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow shell sensorservice_service : service_manager { find };
allow init contextmount_type : lnk_file { ioctl read getattr lock open };
allow sgdisk sgdisk : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_server user_profile_data_file : file { getattr };
allow init uncrypt_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow blkid_untrusted blkid_untrusted : fd { use };
allow adbd surfaceflinger : binder { call transfer };
allow shell persistent_data_block_service : service_manager { find };
allow drmserver autoplay_data_file : file { read write getattr };
allow init bootstat_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow keystore shared_relro : process { getattr };
allow irqbalance irqbalance : fd { use };
allow init ims_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_msm_core : file { read setattr open };
allowxperm system_app system_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm system_app system_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm system_app system_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow system_app system_app : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow vold proc_drop_caches : file { write lock append open };
allow obdm_app diag_device : chr_file { ioctl read write getattr lock append open };
allow init shortcut_manager_icons : chr_file { relabelto };
allow init ota_package_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su port_type : socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
dontaudit su port_type : dccp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind name_connect };
allow system_server per_mgr : binder { call transfer };
allow init inputflinger_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init mediacodec_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow untrusted_app keystore : binder { call transfer };
allow system_app system_prop : file { ioctl read getattr lock open };
allow system_server installd_socket : sock_file { write };
allow isolated_app isolated_app : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow platform_app apk_tmp_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow debuggerd mediacodec : process { ptrace getattr };
allow drmserver drmserver : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager netmgrd : binder { transfer };
allow radio app_api_service : service_manager { find };
allow uncrypt ota_package_file : dir { ioctl read getattr lock search open };
allow vold mnt_user_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow shell wifiscanner_service : service_manager { find };
allow shell system_file : dir { ioctl read getattr lock search open };
allow system_server location : binder { transfer };
allow init dumpstate_socket : blk_file { relabelto };
allow mediaserver mediaserver_service : service_manager { add find };
allow debuggerd mediaserver : debuggerd { dump_backtrace };
allow bootanim sysfs : dir { ioctl read getattr lock search open };
allow init radio_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit fingerprintd fingerprintd : capability { sys_module };
allow wpa keystore : binder { call transfer };
allow rild property_socket : sock_file { write };
allow runas su : process { dyntransition };
allow wpa wpa : netlink_generic_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init nativetest_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init diag_logs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow rild rild_tmpfs : file { read write };
allow system_server system_prop : property_service { set };
allow init atfwd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init audio_device : chr_file { read setattr open };
allow init init-qcom-qseecomd-sh_exec : file { read getattr execute open };
allow init qmuxd_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager vold : binder { transfer };
allow shell pstorefs : file { ioctl read getattr lock open };
allow domain random_device : chr_file { ioctl read write getattr lock append open };
allow sdcardd sdcard_type : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit port-bridge port-bridge : capability { sys_module };
allow servicemanager postinstall_dexopt : binder { transfer };
allow kernel usbfs : dir { search };
allow init system_ndebug_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow lmkd sysfs_lowmemorykiller : file { write lock append open };
allow keystore keystore : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow sudaemon sudaemon : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow rild rild : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow wcnss_filter hci_attach_dev : chr_file { ioctl read write getattr lock append open };
allow servicemanager radio : binder { transfer };
allow adbd su : binder { call transfer };
allow init drmserver_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server cache_recovery_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init rmt_exec : file { read getattr execute open };
allow recovery_refresh recovery_refresh : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow shell surfaceflinger_service : service_manager { find };
allow inputflinger input_device : dir { ioctl read getattr lock search open };
allow dhcp dhcp_tmpfs : file { read write };
allow init rmt_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow preloads_copy preloads_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow servicemanager audioserver : binder { transfer };
allow nfc nfc : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
dontaudit sudaemon port_type : packet_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow installd sdcard_type : dir { search };
allow init gpsd_exec : file { read getattr execute open };
allow init asec_apk_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediaextractor appdomain : binder { call transfer };
dontaudit sudaemon port_type : netlink_firewall_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
allow clatd netd : unix_dgram_socket { read write };
allow debuggerd dhcp : process { ptrace getattr };
allow init surfaceflinger_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow cameraserver init : process { sigchld };
allow cnss-daemon cnss-daemon : fifo_file { ioctl read write getattr lock append open };
allow init wcnss_filter : process { transition siginh rlimitinh };
dontaudit init wcnss_filter : process { noatsecure };
allow sgdisk vold : process { sigchld };
allow init proc_kernel_sched : file { read write setattr lock append open };
allow thermal-engine thermal-engine : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm thermal-engine thermal-engine : socket ioctl { 0xc300-0xc305 };
allow watchdogd watchdogd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow init racoon_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
type_transition nfc tmpfs : file nfc_tmpfs;
allow init app_fuse_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init vold_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow atrace atrace : file { ioctl read write getattr lock append open };
allow perfprofd logd : unix_stream_socket { connectto };
type_transition netd dnsmasq_exec : process dnsmasq;
allow appdomain cache_file : dir { getattr };
allow shell hdmi_control_service : service_manager { find };
allow init platform_app_tmpfs : chr_file { relabelto };
allow priv_app update_engine : binder { call transfer };
allow port-bridge port-bridge : dir { ioctl read getattr lock search open };
allow init fsck : process { transition siginh rlimitinh };
dontaudit init fsck : process { noatsecure };
allow system_server vpn_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init tzdatacheck_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow cameraserver init : unix_stream_socket { connectto };
allow dumpstate clipboard_service : service_manager { find };
dontaudit thermal-engine thermal-engine : capability { sys_module };
allow thermal-engine thermal-engine : capability { sys_boot };
allow fsck cache_block_device : blk_file { ioctl read write getattr lock append open };
allow rild sysfs : dir { ioctl read getattr lock search open };
allow vold domain : file { ioctl read getattr lock open };
dontaudit sudaemon domain : netlink_netfilter_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init cache_backup_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow otapreopt_slot otapreopt_slot : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init mnt_media_rw_stub_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow dnsmasq dnsmasq : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init perfprofd_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow lmkd cgroup : dir { remove_name rmdir };
allow drmserver apk_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow netmgrd sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow init irsc_util_exec : file { read getattr execute open };
allow init mnt_media_rw_file : blk_file { relabelto };
allow system_app per_mgr_service : service_manager { find };
allow domain_deprecated tmpfs : dir { ioctl read getattr lock search open };
allow debuggerd install_recovery : process { ptrace getattr };
allow uncrypt su : binder { call transfer };
allow obdm_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow radio ctl_rildaemon_prop : file { ioctl read getattr lock open };
allow rild radio_prop : property_service { set };
allow dumpstate debugfs_trace_marker : file { getattr };
allow init themeservice_app_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow logd logpersistd_logging_prop : file { ioctl read getattr lock open };
allow shell su : fd { use };
allow subsystem_ramdump init : unix_stream_socket { connectto };
allow init autoplay_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow surfaceflinger surfaceflinger : fd { use };
allow postinstall_dexopt otapreopt_chroot : process { sigchld };
allow servicemanager inputflinger : binder { transfer };
allow init persist_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_app themes_service : service_manager { find };
allow system_server sysfs : file { ioctl read write getattr lock append open };
allow system_server device : dir { ioctl read getattr lock search open };
allow tee device : dir { ioctl read getattr lock search open };
allow sysfs_pcie sysfs_pcie : filesystem { associate };
allow init slideshow : process { transition siginh rlimitinh };
dontaudit init slideshow : process { noatsecure };
allow preopt2cachename preopt2cachename : fd { use };
allow shell connectivity_service : service_manager { find };
allow debuggerd cnss-daemon : process { ptrace getattr };
allow dumpstate inputflinger_service : service_manager { find };
allow cnd cnd : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow installd idmap_exec : file { read getattr execute open };
allow init adb_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init ssr_setup_exec : process ssr_setup;
allow init installd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init domain : unix_stream_socket { create bind };
allow init nanohub_slpi_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow dex2oat su : fd { use };
allow system_server backup_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit toolbox toolbox : capability { sys_module };
allow init misc_logd_file : blk_file { relabelto };
allow bootanim proc : file { ioctl read getattr lock open };
type_transition init mediacodec_exec : process mediacodec;
allow init vold_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow idmap idmap : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow servicemanager init_radio : binder { transfer };
allow port-bridge port-bridge : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow installd installd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow system_app logpersistd_logging_prop : file { ioctl read getattr lock open };
allow sdcard_posix sdcard_posix : filesystem { associate };
allow servicemanager adbd : process { getattr };
allow init update_verifier_exec : file { read getattr execute open };
allow cnss_diag cnss_diag : lnk_file { ioctl read getattr lock open };
allow appdomain oemfs : file { ioctl read getattr lock execute execute_no_trans open };
allow camera camera_tmpfs : file { read write };
allow tzdatacheck tzdatacheck : fd { use };
allow init mediadrmserver_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell IProxyService_service : service_manager { find };
allow init nfc_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow watchdogd watchdogd : lnk_file { ioctl read getattr lock open };
allow system_app cm_audio_service : service_manager { find };
allow rild bluetooth_efs_file : dir { ioctl read getattr lock search open };
allow camera camera_prop : file { ioctl read getattr lock open };
allow wpa keystore_service : service_manager { find };
allow mediadrmserver system_file : dir { ioctl read getattr lock search open };
type_transition dhcp system_data_file : file dhcp_data_file;
allow adbd app_data_file : dir { search };
allow system_app cm_partner_interface : service_manager { find };
allow mediaserver radio_data_file : file { read getattr };
allow debuggerd audioserver : process { ptrace getattr };
allow init radio_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow system_app alarm_service : service_manager { find };
dontaudit sudaemon dev_type : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow priv_app keystore_service : service_manager { find };
allow wpa wpa : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init sysfs_zram : file { read getattr setattr open };
allow init tmpfs : dir { ioctl read write create getattr setattr lock relabelfrom rename mounton add_name remove_name reparent search rmdir open };
allow init racoon_exec : file { read getattr execute open };
allow servicemanager mediaextractor : dir { search };
allow mm-pp-daemon su : binder { call transfer };
allow system_server oemfs : dir { ioctl read getattr lock search open };
allow system_server apk_data_file : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open };
allow init persist_display_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow zygote proc_net : file { ioctl read getattr lock open };
allow ueventd firmware_file : dir { ioctl read getattr lock search open };
allow obdm_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow init gatekeeperd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow dex2oat installd : fd { use };
allow zygote rootfs : dir { mounton };
allow init rild_socket : chr_file { relabelto };
allow priv_app sysfs : dir { ioctl read getattr lock search open };
allow init bootstat_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow su keystore : keystore_key { get_state get insert delete exist list sign verify };
dontaudit su keystore : keystore_key { get_state get insert delete exist list reset password lock unlock is_empty sign verify grant duplicate clear_uid add_auth user_changed };
allow vold vold : fd { use };
type_transition lmkd tmpfs : file lmkd_tmpfs;
allow vfat vfat : filesystem { associate };
allow debuggerd bootstat : process { ptrace getattr };
allow wpa wpa_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit su domain : msgq { create destroy getattr setattr read write associate unix_read unix_write enqueue };
allow shell dumpstate_prop : file { ioctl read getattr lock open };
allow bluetooth rild : unix_stream_socket { connectto };
allow init gpsd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow mediacodec binderservicedomain : fd { use };
allow init zygote_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow tzdatacheck tzdatacheck : fifo_file { ioctl read write getattr lock append open };
allow init gpu_device : chr_file { read setattr open };
allow keystore platform_app : process { getattr };
allow hostapd sysfs : lnk_file { ioctl read getattr lock open };
allow dnsmasq dhcp_data_file : dir { write lock add_name remove_name search open };
allow init dhcp_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init fwmarkd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow shell dumpstate_socket : sock_file { write };
allow priv_app cache_recovery_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow rootfs rootfs : filesystem { associate };
allow debuggerd mediadrmserver : debuggerd { dump_backtrace };
allow debuggerd sgdisk : process { ptrace getattr };
allow init vold_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
dontaudit sudaemon port_type : netlink_kobject_uevent_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow camera camera : dir { ioctl read getattr lock search open };
allow init proc_iomem : dir { read setattr search open };
allow init sysfs_camera : dir { read setattr search open };
allow init boottrace_data_file : blk_file { relabelto };
allow atrace atrace : fifo_file { ioctl read write getattr lock append open };
allow system_server apk_tmp_file : dir { ioctl read write create getattr setattr lock relabelfrom relabelto rename add_name remove_name reparent search rmdir open };
type_transition nanoapp_cmd tmpfs : file nanoapp_cmd_tmpfs;
allow su su : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow priv_app priv_app : fd { use };
allow init rild_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init systemkeys_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell hardware_properties_service : service_manager { find };
allow lmkd lmkd_exec : file { read getattr execute entrypoint open };
allow system_server autoplay_app : process { sigkill signal getsched setsched };
allow dumpstate connmetrics_service : service_manager { find };
allow init system_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow shell content_service : service_manager { find };
allow dumpstate binderservicedomain : binder { call transfer };
allow gatekeeperd gatekeeperd : dir { ioctl read getattr lock search open };
allow gpsd gpsd : lnk_file { ioctl read getattr lock open };
allow toolbox toolbox : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init surfaceflinger_exec : file { read getattr execute open };
allow init sysfs_type : file { write lock relabelto append open };
allow init perfprofd_tmpfs : blk_file { relabelto };
allow servicemanager zygote : binder { transfer };
allow system_server security_file : dir { ioctl read getattr lock search open };
allow init media_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager servicemanager : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow debuggerd blkid : process { ptrace getattr };
allow keystore bluetooth : process { getattr };
allow init subsystem_ramdump_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow update_engine_common xbl_block_device : blk_file { ioctl read write getattr lock append open };
allow installd apk_data_file : dir { ioctl read write create getattr setattr lock relabelfrom rename add_name remove_name reparent search rmdir open };
allow nanohub_slpi nanohub_slpi_tmpfs : file { read write };
allow netd system_file : file { getattr execute execute_no_trans };
allow init bootstat_tmpfs : chr_file { relabelto };
allow toolbox toolbox : fifo_file { ioctl read write getattr lock append open };
allow shell processinfo_service : service_manager { find };
allow system_app restrictions_service : service_manager { find };
allow binderservicedomain mediaserver : binder { transfer };
allow servicemanager clatd : binder { transfer };
allow init apk_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init recovery_refresh_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow qmuxd qmuxd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
dontaudit sudaemon domain : ipc { create destroy getattr setattr read write associate unix_read unix_write };
allow otapreopt_chroot otapreopt_chroot : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow debuggerd logd : process { ptrace getattr };
allow mediaserver drmserver : binder { transfer };
allow vold proc : lnk_file { ioctl read getattr lock open };
allow debuggerd adsprpcd : process { ptrace getattr };
allow toolbox toolbox : fd { use };
allow netmgrd sysfs_type : lnk_file { ioctl read getattr lock open };
allow shell cm_profile_service : service_manager { find };
allow update_engine ota_package_file : dir { ioctl read getattr lock search open };
allow system_server adb_keys_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
dontaudit htc_ramdump htc_ramdump : capability { sys_module };
allow htc_ramdump htc_ramdump : capability { fowner fsetid sys_rawio };
allow healthd servicemanager : binder { call transfer };
allow init property_contexts : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init efs_file : chr_file { relabelto };
allow adbd adb_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow logd device_logging_prop : file { ioctl read getattr lock open };
allow shared_relro shared_relro : fd { use };
allow system_server user_profile_foreign_dex_data_file : dir { read write add_name remove_name search open };
allow keystore keystore : dir { ioctl read getattr lock search open };
allow init priv_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
dontaudit su domain : socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow ssr_setup sysfs_msm_subsys : lnk_file { read };
allow install_recovery init : process { sigchld };
type_transition dumpstate su_exec : process su;
allow system_server sensors_prop : file { ioctl read getattr lock open };
allow init sysinit_exec : file { read getattr execute open };
allow sysfs_msm_subsys sysfs_msm_subsys : filesystem { associate };
allow surfaceflinger binderservicedomain : dir { ioctl read getattr lock search open };
allow init servicemanager_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow ueventd sysfs_fingerprint : file { write lock append open };
allow postinstall storage_file : dir { getattr };
allow irqbalance init : process { sigchld };
dontaudit keystore keystore : capability { sys_module };
allow init wpa_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init irqbalance : process { transition siginh rlimitinh };
dontaudit init irqbalance : process { noatsecure };
allow themeservice_app su : fd { use };
type_transition shell runas_exec : process runas;
allow nanohub_slpi nanohub_slpi_exec : file { read getattr execute entrypoint open };
allow init update_engine_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit cameraserver cameraserver : capability { sys_module };
allow bootstat bootstat : fd { use };
allow init audio_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init dnsproxyd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager servicemanager : binder { set_context_mgr transfer };
allow init profman_dump_data_file : blk_file { relabelto };
allow sudaemon keystore : binder { call transfer };
allow init dumpstate_tmpfs : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mkfs userdata_block_device : blk_file { ioctl read write getattr lock append open };
allow servicemanager subsystem_ramdump : binder { transfer };
allow init adb_data_file : blk_file { relabelto };
allow nanoapp_cmd nanoapp_cmd : dir { ioctl read getattr lock search open };
allow priv_app app_fuse_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init livedisplay_sysfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd proc_net : lnk_file { ioctl read getattr lock open };
allow location location : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm location location : udp_socket ioctl { 0x8927 0x8933 };
allowxperm location location : udp_socket ioctl { 0x8be5 };
allow shell app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow system_server mediaserver_service : service_manager { find };
allow dumpstate netd : binder { call transfer };
allow system_server cache_private_backup_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow sdcardd sdcard_type : filesystem { mount unmount };
allow zygote dalvikcache_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow cppreopts dalvikcache_data_file : file { read write create getattr rename open };
allow appdomain shell : process { sigchld };
allow vold shell_data_file : dir { create getattr setattr };
allow init asec_image_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow domain zoneinfo_data_file : lnk_file { ioctl read getattr lock open };
allow adbd adbd : fifo_file { ioctl read write getattr lock append open };
type_transition init mediaextractor_exec : process mediaextractor;
allow uncrypt fuse : dir { ioctl read getattr lock search open };
allow init app_fuse_file : chr_file { relabelto };
allow racoon sysfs : dir { ioctl read getattr lock search open };
allow racoon racoon : key_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow vold servicemanager : binder { call transfer };
allow system_server system_server : netlink_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow keystore wpa : process { getattr };
type_transition init toolbox_exec : process toolbox;
allow domain_deprecated inotify : file { ioctl read getattr lock open };
allow hostapd netd : netlink_route_socket { read write };
allow system_app input_method_service : service_manager { find };
allow adbd kernel : security { read_policy };
allow untrusted_app media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init isolated_app_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon fs_type : dir { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton add_name remove_name reparent search rmdir open audit_access execmod };
allow camera camera_device : chr_file { ioctl read write getattr lock append open };
allow keystore gatekeeperd : binder { transfer };
allow mediaserver video_device : dir { ioctl read getattr lock search open };
allow shell shell : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow dnsmasq sysfs : file { ioctl read getattr lock open };
allow debuggerd sudaemon : process { ptrace getattr };
allow google_camera_app google_camera_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow cameraserver cameraserver : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow perfd sysfs : file { write };
allow otapreopt_chroot postinstall : fd { use };
allow dumpstate dalvikcache_data_file : lnk_file { ioctl read getattr lock open };
allow init surfaceflinger_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow imscm servicemanager : binder { call transfer };
allow mediaserver permission_service : service_manager { find };
allow cnd sysfs_type : dir { ioctl read getattr lock search open };
allow init location_tmpfs : blk_file { relabelto };
allow runas obdm_app : process { dyntransition };
allow wpa wpa : fd { use };
allow wpa wpa : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm wpa wpa : udp_socket ioctl { 0x6900 0x6902 };
allowxperm wpa wpa : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm wpa wpa : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow bootstat bootstat_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
dontaudit su port_type : netlink_connector_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow radio mediaserver_service : service_manager { find };
allow keystore keystore_data_file : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow sgdisk devpts : chr_file { ioctl read write getattr };
allow priv_app ota_package_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow rild sysfs : file { ioctl read getattr lock open };
dontaudit mediadrmserver firmware_file : dir { search };
allow audioserver permission_service : service_manager { find };
allow radio init : unix_stream_socket { connectto };
allow priv_app surfaceflinger_service : service_manager { find };
allow init gps_control : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_server media_rw_data_file : file { read write getattr };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init sysfs_nfc_power_writable : dir { read setattr search open };
allow mediadrmserver mediaserver_service : service_manager { add find };
allow google_camera_app drmserver_service : service_manager { find };
allow drmserver mediaserver : process { getattr };
allow bluetooth mediaserver_service : service_manager { find };
allow init ram_device : chr_file { read setattr open };
allow nfc keystore : keystore_key { get_state get insert delete exist list sign verify };
allow debuggerd themeservice_app : process { ptrace getattr };
allow adbd mnt_user_file : lnk_file { ioctl read getattr lock open };
allow dumpstate uce_service : service_manager { find };
allow init racoon_socket : chr_file { relabelto };
allow su keystore_service : service_manager { find };
allow system_server system_server : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow dumpstate mediacodec : debuggerd { dump_backtrace };
allow clatd clatd : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow logd pstorefs : dir { search };
allow untrusted_app untrusted_app_tmpfs : file { read write execute };
allow mediadrmserver cgroup : file { ioctl read write getattr lock append open };
type_transition init init-qcom-qseecomd-sh_exec : process init-qcom-qseecomd-sh;
allow domain sysfs_devices_system_cpu : file { ioctl read getattr lock open };
allow init logd_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init imscm_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app system_app_data_file : dir { search };
allow system_server usb_device : chr_file { ioctl read write getattr lock append open };
allow audioserver audioserver : fd { use };
allow kernel kernel : socket { create };
allow google_camera_app app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow atrace atrace_tmpfs : file { read write };
allow time time : socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm time time : socket ioctl { 0xc300-0xc305 };
allow proc_kernel_sched proc_kernel_sched : filesystem { associate };
allow installd themeservice_app_data_file : file { getattr setattr relabelfrom relabelto unlink rename };
allow init sysfs_wifi : dir { read setattr search open };
allow hostapd hostapd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow vold vold : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow netd devpts : chr_file { ioctl read write getattr lock append open };
allow init preloads_data_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow autoplay_app autoplay_app : fifo_file { ioctl read write getattr lock append open };
allow init devpts : dir { read setattr search open };
allow ppp ppp : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allowxperm ppp ppp : udp_socket ioctl { 0x6900 0x6902 };
allowxperm ppp ppp : udp_socket ioctl { 0x890b-0x890d 0x8911 0x8914 0x8916 0x8918 0x891a 0x891c-0x8920 0x8922-0x8927 0x8929 0x8930-0x8932 0x8934-0x8937 0x8940-0x8941 0x8943 0x8946-0x894b 0x8953-0x8955 0x8960-0x8962 0x8970-0x8971 0x8980-0x8983 0x8990-0x8995 0x89a0-0x89a3 0x89b0 0x89e0-0x89ff };
allowxperm ppp ppp : udp_socket ioctl { 0x8b00 0x8b02 0x8b04 0x8b06 0x8b08 0x8b0a 0x8b0c 0x8b0e 0x8b10 0x8b14-0x8b1d 0x8b20 0x8b22 0x8b24 0x8b26 0x8b28 0x8b2a-0x8b2c 0x8b30-0x8b36 0x8be0-0x8bff };
allow zygote resourcecache_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init nfc_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager init_power : binder { transfer };
allow update_engine sysfs_wake_lock : file { ioctl read write getattr lock append open };
allow google_camera_app google_camera_app : lnk_file { ioctl read getattr lock open };
allow init ims : process { transition siginh rlimitinh };
dontaudit init ims : process { noatsecure };
allow update_engine priv_app : binder { call transfer };
allow per_mgr rild : fd { use };
allow time time : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow bootanim servicemanager : binder { call transfer };
allow system_server nfc_data_file : file { read write getattr };
allow dumpstate netstats_service : service_manager { find };
allow init asec_image_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow perfprofd perfprofd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow profman profman : lnk_file { ioctl read getattr lock open };
allow init init_power_exec : file { read getattr execute open };
allow init dalvikcache_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit su domain : shm { create destroy getattr setattr read write associate unix_read unix_write lock };
allow shell powerctl_prop : file { ioctl read getattr lock open };
allow system_server logdr_socket : sock_file { write };
allow init_foreground init_foreground : fifo_file { ioctl read write getattr lock append open };
allow logd proc : dir { ioctl read getattr lock search open };
allow domain cgroup : file { write lock append open };
allow tee tee : lnk_file { ioctl read getattr lock open };
allow runas runas : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow toolbox toolbox : dir { ioctl read getattr lock search open };
allow qti-testscripts su : binder { call transfer };
allow ntfs ntfs : filesystem { associate };
dontaudit sudaemon file_type : blk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow perfd su : binder { call transfer };
allow sdcardd cgroup : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init logdr_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
dontaudit adsprpcd adsprpcd : capability { sys_module };
allow init keystore_data_file : fifo_file { relabelto };
allow cameraserver cameraserver : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow init_mid init_mid : lnk_file { ioctl read getattr lock open };
allow otapreopt_chroot su : binder { call transfer };
allow htc_ramdump misc_block_device : blk_file { ioctl read write getattr lock append open };
allow themeservice_app app_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
allow netd shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow nanohub_slpi su : fd { use };
allow init proc_drop_caches : file { read setattr open };
allow init platform_app_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow logd misc_logd_file : dir { ioctl read write getattr lock add_name remove_name search open };
dontaudit su port_type : udp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow debuggerd zygote : process { ptrace getattr };
allow domain_deprecated system_data_file : file { read getattr };
allow dumpstate netd_service : service_manager { find };
allow healthd healthd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_server cppreopt_prop : property_service { set };
allow installd autoplay_data_file : fifo_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow shell boottrace_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
type_transition shell su_exec : process su;
allow dumpstate servicemanager : binder { call transfer };
allow fsck_untrusted sysfs : dir { ioctl read getattr lock search open };
allow rild rild : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow keystore radio : file { read open };
allowxperm su su : udp_socket ioctl { 0x5411 0x5451 };
allowxperm su su : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm su su : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow su su : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow system_server fscklogs : file { ioctl read getattr lock unlink open };
allow system_app audioserver_service : service_manager { find };
allow shell serial_service : service_manager { find };
allow mediacodec appdomain : fd { use };
allow wcnss_filter wcnss_filter : fd { use };
allow untrusted_app untrusted_app : dir { ioctl read getattr lock search open };
allow google_camera_app gpu_device : chr_file { ioctl read write getattr lock append open };
allowxperm google_camera_app gpu_device : chr_file ioctl { 0x902 0x907 0x913-0x915 0x921 0x932-0x933 0x938-0x939 0x940-0x943 0x945-0x94a };
allowxperm google_camera_app gpu_device : chr_file ioctl { 0x5411 0x5451 };
allow update_engine_common labeledfs : filesystem { relabelfrom };
allowxperm obdm_app obdm_app : rawip_socket ioctl { 0x5411 0x5451 };
allowxperm obdm_app obdm_app : rawip_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm obdm_app obdm_app : rawip_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow obdm_app obdm_app : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init dumpstate_socket : chr_file { relabelto };
allow servicemanager irqbalance : binder { transfer };
allow init perfprofd_data_file : blk_file { relabelto };
allow shell media_projection_service : service_manager { find };
allow autoplay_app autoplay_app : fd { use };
allow init ims_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server audio_device : chr_file { ioctl read write getattr lock append open };
allow logd misc_logd_file : file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit sudaemon fs_type : sock_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton open audit_access execmod };
allow init init : capability2 { syslog };
allow toolbox tmpfs : chr_file { ioctl read write };
allow init init_foreground_tmpfs : chr_file { relabelto };
allow init bootchart_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init qmuxd_tmpfs : blk_file { relabelto };
allow dumpstate dumpstate : dir { ioctl read getattr lock search open };
allow init cnd_socket : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow vold fuseblk : chr_file { ioctl read write getattr lock append open };
allow system_server mediaextractor_service : service_manager { find };
allow system_server system_data_file : fifo_file { ioctl read write create getattr setattr lock append unlink rename open };
dontaudit bootstat bootstat : capability { sys_module };
allow init postinstall_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow lmkd lmkd : file { ioctl read write getattr lock append open };
allow init rild_debug_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init coredump_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow wpa wpa : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow healthd input_device : chr_file { ioctl read getattr lock open };
allow system_app midi_service : service_manager { find };
allow init devpts : chr_file { read write open };
allow gatekeeperd keystore : binder { call transfer };
allow kernel firmware_file : lnk_file { ioctl read getattr lock open };
allow init zygote_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow drmserver init : process { sigchld };
allow init fsck_tmpfs : chr_file { relabelto };
allow watchdogd watchdog_device : chr_file { ioctl read write getattr lock append open };
allow drmserver drmserver : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
type_transition recovery_refresh tmpfs : file recovery_refresh_tmpfs;
allow shell pstorefs : dir { search };
allow recovery recovery : fd { use };
allow mediaserver proc : lnk_file { getattr };
allow debuggerd debuggerd : lnk_file { ioctl read getattr lock open };
allow adsprpcd adsprpcd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow debuggerd irqbalance : process { ptrace getattr };
allow mtp su : fd { use };
allow blkid_untrusted vold : fifo_file { read write getattr };
allow init sysfs_fingerprint : dir { read setattr search open };
allow atrace atrace : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow debuggerd gpsd : process { ptrace getattr };
allow kernel sudaemon : fd { use };
allow dhcp su : fd { use };
allow init init-qcom-qseecomd-sh_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init perfprofd_tmpfs : chr_file { relabelto };
allow google_camera_app keystore_service : service_manager { find };
allow adbd adbsecure_prop : file { ioctl read getattr lock open };
allow init mdns_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow init platform_app_tmpfs : blk_file { relabelto };
allow appdomain wallpaper_file : file { read write getattr };
allow shell commontime_management_service : service_manager { find };
allow netmgrd init : process { sigchld };
allow init gps_control : blk_file { relabelto };
allow platform_app keystore_service : service_manager { find };
allow mediaserver media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow perfprofd perfprofd_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow netmgrd netmgrd : fd { use };
allow wpa sysfs_type : dir { ioctl read getattr lock search open };
allow init recovery_refresh_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app system_prop : property_service { set };
allow htc_ramdump property_socket : sock_file { write };
allow shell debug_prop : file { ioctl read getattr lock open };
type_transition platform_app tmpfs : file platform_app_tmpfs;
allow dumpstate window_service : service_manager { find };
allow init nativetest_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app tun_device : chr_file { ioctl read write getattr append };
allow blkid block_device : dir { search };
allow keystore sudaemon : dir { search };
allow install_recovery install_recovery : capability { dac_override };
dontaudit install_recovery install_recovery : capability { sys_module };
allow init console_device : chr_file { ioctl read write getattr setattr lock append open };
allow init persist_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow themeservice_app themeservice_app : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow shell hardware_service : service_manager { find };
allow shell persist_debug_prop : file { ioctl read getattr lock open };
allow init sysfs_power_management : file { read setattr open };
allow mediaserver preloads_data_file : file { ioctl read getattr };
dontaudit sudaemon port_type : netlink_scsitransport_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow system_server method_trace_data_file : file { write create lock append open };
allow zygote zygote : lnk_file { ioctl read getattr lock open };
allow mediaserver perfd_data_file : sock_file { write };
allow init_foreground init_foreground_exec : file { read getattr execute entrypoint open };
allow sdcardd sdcardd : dir { ioctl read getattr lock search open };
allow init cache_backup_file : chr_file { relabelto };
allow themeservice_app themeservice_app_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow servicemanager qti-testscripts : binder { transfer };
allow system_server system_ndebug_socket : sock_file { ioctl read write create getattr setattr lock append unlink rename open };
allow audioserver audioserver : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
dontaudit su kernel : system { ipc_info syslog_read syslog_mod syslog_console module_request module_load };
allow sudaemon sudaemon : fifo_file { ioctl read write getattr lock append open };
allow init rild_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow time time : lnk_file { ioctl read getattr lock open };
allow adbd adbd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow dex2oat installd : process { sigchld };
type_transition netd tmpfs : file netd_tmpfs;
allow system_server netd : fd { use };
allow system_server sysfs_type : dir { ioctl read getattr lock search open };
allow gpsd gpsd_tmpfs : file { read write };
allow htc_ramdump htc_ramdump : file { ioctl read write getattr lock append open };
allow init pipefs : dir { read setattr search open };
allow appdomain apk_data_file : file { ioctl read getattr lock execute execute_no_trans execmod open };
allow wpa wpa_socket : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init camera_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init perfprofd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init ssd_block_device : chr_file { read setattr open };
allow shell network_time_update_service : service_manager { find };
allow netd hostapd_exec : file { read getattr execute open };
allow drmserver drmserver : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow init obdm_app_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init fingerprintd : process { transition siginh rlimitinh };
dontaudit init fingerprintd : process { noatsecure };
allow shell servicemanager : service_manager { list };
allow init device : dir { read setattr relabelto mounton search open };
allow init_foreground proc_iomem : file { getattr };
allow init bootanim_tmpfs : chr_file { relabelto };
allow init netd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow otapreopt_slot toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow shell sysfs : dir { ioctl read getattr lock search open };
allow init audioserver_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init user_profile_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_rmtfs : file { read setattr open };
allow port-bridge port-bridge : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow profman profman : file { ioctl read write getattr lock append open };
allow servicemanager recovery_refresh : binder { transfer };
allow init vpn_data_file : chr_file { relabelto };
allow init bootstat_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow adbd autoplay_data_file : sock_file { write };
allow dumpstate keystore_service : service_manager { find };
allow dumpstate init : unix_stream_socket { connectto };
allow init vdc_tmpfs : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init sap_uim_socket : chr_file { relabelto };
allow google_camera_app google_camera_app : process { fork sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit execmem };
allow shell alarm_service : service_manager { find };
allow init zoneinfo_data_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init storage_file : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow system_app update_engine_service : service_manager { find };
allow uncrypt cache_recovery_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow untrusted_app radio_service : service_manager { find };
allow init ota_package_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow netmgrd netmgrd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow init persist_data_file : chr_file { relabelto };
allow init asec_apk_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow system_server toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow netd clatd_exec : file { read getattr execute open };
allow init qtaguid_proc : dir { read setattr search open };
allow mediaserver sdcard_type : file { ioctl read write getattr lock open };
allow system_app system_radio_prop : property_service { set };
auditallow system_app system_radio_prop : property_service { set };
allow installd app_data_file : lnk_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink rename open };
allow installd toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init htc_ramdump_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init fwmarkd_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow init wpa_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow location location_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow audioserver audioserver : fifo_file { ioctl read write getattr lock append open };
allow system_server qtaguid_device : chr_file { ioctl read write getattr lock append open };
allow init mnt_media_rw_stub_file : dir { ioctl read write create getattr setattr relabelfrom relabelto add_name remove_name search rmdir open };
allow init update_verifier_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow vdc vdc : dir { ioctl read getattr lock search open };
allow init mtpd_socket : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow shell dns_listener_service : service_manager { find };
dontaudit fsck fsck : capability { sys_module };
allow vold vold : lnk_file { ioctl read getattr lock open };
allowxperm obdm_app obdm_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm obdm_app obdm_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm obdm_app obdm_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow obdm_app obdm_app : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init netd_tmpfs : file { read write create getattr setattr relabelfrom relabelto unlink open };
dontaudit sudaemon domain : fd { use };
allow init boot_block_device : chr_file { read setattr open };
allow mediadrmserver tee_device : chr_file { ioctl read write getattr lock append open };
allow netd sysfs_net : dir { search };
allow clatd clatd : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow drmserver autoplay_app : fd { use };
allow install_recovery cache_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow init rootfs : file { read getattr relabelfrom execute open };
allow blkid_untrusted su : binder { call transfer };
allow drmserver appdomain : binder { call transfer };
allow keystore sudaemon : binder { transfer };
allow surfaceflinger shell : fd { use };
allow inputflinger inputflinger : file { ioctl read write getattr lock append open };
allow init tee_data_file : chr_file { relabelto };
allow system_server zygote_exec : file { ioctl read getattr lock open };
allow init shell_data_file : file { getattr relabelto };
allow system_server input_device : dir { ioctl read getattr lock search open };
type_transition init init_radio_exec : process init_radio;
allow init mediaextractor_exec : file { read getattr execute open };
allow ueventd dev_type : chr_file { create setattr unlink };
allow gpsd gpsd_exec : file { read getattr execute entrypoint open };
allow dumpstate block_device : dir { getattr search };
allow init cnss_diag_exec : file { read getattr execute open };
dontaudit sudaemon node_type : tcp_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind connectto newconn acceptfrom node_bind name_connect };
allow camera camera_prop : property_service { set };
allow init dalvikcache_data_file : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager system_app : binder { transfer };
allow dumpstate samplingprofiler_service : service_manager { find };
allow dumpstate scheduling_policy_service : service_manager { find };
allow hostapd hostapd : rawip_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow init atfwd_tmpfs : blk_file { relabelto };
allow logd proc : file { ioctl read getattr lock open };
dontaudit sudaemon sudaemon : capability2 { mac_override mac_admin syslog wake_alarm block_suspend audit_read };
allow system_server zygote_socket : sock_file { write };
allow sdcardd sdcardd : file { ioctl read write getattr lock append open };
allow init toolbox_exec : file { read getattr execute open };
dontaudit su fs_type : chr_file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow init_power init_power : lnk_file { ioctl read getattr lock open };
allow system_server cameraserver : debuggerd { dump_backtrace };
allow perfd perfd_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow racoon kernel : system { module_request };
allow lmkd lmkd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow dumpstate logd_socket : sock_file { write };
allow init wpa_socket : chr_file { relabelto };
allow init apk_private_tmp_file : blk_file { relabelto };
allow servicemanager sgdisk : binder { transfer };
allow servicemanager per_mgr : dir { search };
allow servicemanager themeservice_app : binder { transfer };
allow init adb_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init cache_recovery_file : blk_file { relabelto };
allow dumpstate statusbar_service : service_manager { find };
allow tzdatacheck zoneinfo_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow init keystore_tmpfs : blk_file { relabelto };
allow appdomain zygote : unix_dgram_socket { write };
allow init_power sysfs_type : dir { ioctl read getattr lock search open };
allow binderservicedomain devpts : chr_file { ioctl read write getattr lock append open };
allow platform_app platform_app : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow tee tee : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow mtp mtp : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow bluetooth bluetooth_prop : property_service { set };
allow init_foreground init_foreground_tmpfs : file { read write };
allow ppp mtp : fd { use };
allow debuggerd perfd : process { ptrace getattr };
type_transition init fsck_exec : process fsck;
allow init wifi_data_file : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow mediadrmserver system_data_file : file { read getattr };
allow vold storage_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow platform_app preloads_data_file : file { ioctl read getattr lock open };
allow system_app inputflinger_service : service_manager { find };
allow system_app dbinfo_service : service_manager { find };
allow ueventd ueventd : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow system_app battery_service : service_manager { find };
allow radio system_radio_prop : property_service { set };
auditallow radio system_radio_prop : property_service { set };
dontaudit su property_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton execute_no_trans entrypoint execmod open audit_access };
allow perfprofd perfprofd : dir { ioctl read getattr lock search open };
allow system_app cpuinfo_service : service_manager { find };
allow mdnsd mdnsd : tcp_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown };
allow bluetooth bluetooth : fifo_file { ioctl read write getattr lock append open };
allow init property_socket : blk_file { relabelto };
allow init vdc : process { transition siginh rlimitinh };
dontaudit init vdc : process { noatsecure };
allow init wifi_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow system_server location_data_file : sock_file { write };
allow irqbalance irqbalance : dir { ioctl read getattr lock search open };
allow google_camera_app app_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow camera property_socket : sock_file { write };
allow sysinit userinit_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow sdcardd media_rw_data_file : dir { ioctl read write create getattr setattr lock rename add_name remove_name reparent search rmdir open };
allow keystore priv_app : process { getattr };
allow system_app time : unix_stream_socket { connectto };
allow hci_attach hci_attach : file { ioctl read write getattr lock append open };
allow kernel media_rw_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init gps_socket : blk_file { relabelto };
allow init unencrypted_data_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow dhcp netd : netlink_route_socket { read write };
allow system_app package_service : service_manager { find };
allow isolated_app app_data_file : file { read write getattr lock };
allow fingerprintd system_server : binder { call transfer };
allow init keychain_data_file : chr_file { relabelto };
allow init_power init_power : fifo_file { ioctl read write getattr lock append open };
allow init tee_data_file : blk_file { relabelto };
allow camera camera_data_file : sock_file { create unlink };
allow init init_mid_tmpfs : blk_file { relabelto };
allow logd init : process { sigchld };
allow untrusted_app asec_apk_file : dir { ioctl read getattr lock search open };
allow time sysfs_msm_subsys : lnk_file { ioctl read getattr lock open };
allow bluetooth bluetooth_efs_file : file { ioctl read getattr lock open };
allow init mtp_tmpfs : chr_file { relabelto };
allow blkid_untrusted su : fd { use };
allow installd keychain_data_file : file { ioctl read getattr lock unlink open };
allow healthd healthd : fd { use };
allow location sysfs_type : lnk_file { ioctl read getattr lock open };
allow racoon keystore : keystore_key { get sign verify };
allow cameraserver scheduling_policy_service : service_manager { find };
allow init qmuxd_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow servicemanager port-bridge : binder { transfer };
allow tzdatacheck tzdatacheck : file { ioctl read write getattr lock append open };
allow system_app appwidget_service : service_manager { find };
allow servicemanager dumpstate : dir { search };
allow init_mid init_mid : dir { ioctl read getattr lock search open };
allow untrusted_app proc_meminfo : file { ioctl read getattr lock open };
allow installd init : process { sigchld };
allow dumpstate net_data_file : dir { search };
allow blkid vold : fifo_file { read write getattr };
allow system_server autoplay_app : binder { call transfer };
allow debuggerd tzdatacheck : process { ptrace getattr };
dontaudit sudaemon domain : netlink_generic_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow bluetooth keystore_service : service_manager { find };
allow installd resourcecache_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init lmkd_tmpfs : fifo_file { read create getattr setattr relabelfrom relabelto unlink open };
allow lmkd sysfs : file { ioctl read getattr lock open };
allow shared_relro keystore : fd { use };
allow init_radio init : process { sigchld };
allow init dumpstate_socket : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
allow su su : lnk_file { ioctl read getattr lock open };
allow rild radio_data_file : dir { ioctl read write getattr lock add_name remove_name search open };
allow wcnss_filter su : binder { call transfer };
allow init tun_device : chr_file { read setattr open };
allow ueventd ueventd : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setfscreate setrlimit };
allow system_app diskstats_service : service_manager { find };
allow system_app mnt_media_rw_file : dir { search };
allow system_server fingerprintd_service : service_manager { find };
allow dumpstate cm_iconcache_service : service_manager { find };
allow shared_relro shared_relro_tmpfs : file { read write execute };
allow vdc dumpstate : unix_stream_socket { read write getattr };
allow atfwd init : unix_stream_socket { connectto };
allow init_radio init_radio : dir { ioctl read getattr lock search open };
allow adbd appdomain : unix_stream_socket { connectto };
allow init sysfs_devices_system_iosched : blk_file { relabelto };
allow adsprpcd ion_device : chr_file { ioctl read write getattr lock append open };
allow init installd_socket : blk_file { relabelto };
allow init init_tmpfs : sock_file { read create getattr setattr relabelfrom relabelto unlink open };
type_transition init imscm_exec : process imscm;
allow postinstall postinstall_file : file { ioctl read write create getattr setattr lock append unlink rename execute execute_no_trans entrypoint open };
allow atrace atrace : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow recovery_refresh pstorefs : dir { search };
allow init netd_socket : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow servicemanager servicemanager : fifo_file { ioctl read write getattr lock append open };
allow installd installd : fd { use };
allow gatekeeperd hardware_properties_service : service_manager { find };
allow shell shell : unix_dgram_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown sendto };
allow servicemanager gpsd : binder { transfer };
allow toolbox toolbox_tmpfs : file { read write };
allow init rild_debug_socket : lnk_file { create getattr setattr relabelfrom relabelto unlink };
allow mkfs mkfs : file { ioctl read write getattr lock append open };
allow idmap idmap : unix_stream_socket { ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown connectto };
allow fingerprintd servicemanager : binder { call transfer };
allow init cache_recovery_file : file { read write create getattr setattr relabelfrom relabelto unlink open };
allow init sysfs_power_management : dir { read setattr search open };
allow qti-testscripts qti-testscripts : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
allow servicemanager dnsmasq : binder { transfer };
allow recovery_persist recovery_persist : dir { ioctl read getattr lock search open };
allow zygote zygote : netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow init system_app_tmpfs : chr_file { relabelto };
allow lmkd autoplay_app : dir { ioctl read getattr lock search open };
allow netd netd : packet_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow logd init : unix_stream_socket { connectto };
dontaudit su domain : netlink_ip6fw_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind nlmsg_read nlmsg_write };
type_transition init_mid tmpfs : file init_mid_tmpfs;
type_transition init ims_exec : process ims;
type_transition init nanohub_slpi_exec : process nanohub_slpi;
allow system_app gpu_service : service_manager { find };
allow domain debugfs_tracing : dir { search };
allow camera gpu_device : chr_file { ioctl read write getattr lock append open };
allow cnss_diag sysfs_type : dir { ioctl read getattr lock search open };
allow ppp ppp : fifo_file { ioctl read write getattr lock append open };
allow fingerprintd fingerprintd_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init recovery_persist_tmpfs : blk_file { relabelto };
allowxperm system_app system_app : udp_socket ioctl { 0x5411 0x5451 };
allowxperm system_app system_app : udp_socket ioctl { 0x8906-0x8907 0x8910 0x8912-0x8913 0x8915 0x8917 0x8919 0x891b 0x8921 0x8933 0x8938 0x8942 };
allowxperm system_app system_app : udp_socket ioctl { 0x8b01 0x8b05 0x8b07 0x8b09 0x8b0b 0x8b0d 0x8b0f 0x8b11-0x8b13 0x8b21 0x8b23 0x8b25 0x8b27 0x8b29 0x8b2d };
allow system_app system_app : udp_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown };
allow obdm_app app_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init toolbox : process { transition siginh rlimitinh };
dontaudit init toolbox : process { noatsecure };
allow radio radio : file { ioctl read write getattr lock append open };
allow init-qcom-qseecomd-sh init-qcom-qseecomd-sh : file { ioctl read write getattr lock append open };
allow per_mgr sysfs_msm_subsys : dir { ioctl read getattr lock search open };
allow surfaceflinger autoplay_app : binder { call transfer };
allow system_server wpa : unix_dgram_socket { sendto };
allow otapreopt_chroot otapreopt_chroot : dir { ioctl read getattr lock search open };
allow postinstall_dexopt ota_data_file : lnk_file { ioctl read write create getattr setattr lock append unlink rename open };
allow mtp mtp : dir { ioctl read getattr lock search open };
allow blkid vold : process { sigchld };
allow dhcp toolbox_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow shell cm_telephony_service : service_manager { find };
allow atfwd atfwd : file { ioctl read write getattr lock append open };
allow isolated_app isolated_app : fd { use };
allow priv_app apk_private_tmp_file : dir { ioctl read getattr lock search open };
allow radio keystore : binder { call transfer };
allow servicemanager sysfs : lnk_file { ioctl read getattr lock open };
allow init sap_uim_socket : blk_file { relabelto };
allow shell cne_service : service_manager { find };
allow subsystem_ramdump ramdump_device : chr_file { ioctl read getattr lock open };
allow clatd su : fd { use };
allow mtp sysfs : dir { ioctl read getattr lock search open };
allow mediaserver sysfs_soc : file { ioctl read getattr lock open };
allow init debugfs_type : lnk_file { relabelto };
dontaudit sudaemon port_type : netlink_iscsi_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind };
allow servicemanager autoplay_app : dir { search };
allow nanohub_slpi nanohub_slpi : lnk_file { ioctl read getattr lock open };
allow init uncrypt_exec : file { read getattr execute open };
allow init shared_relro_tmpfs : chr_file { relabelto };
allow mkfs su : binder { call transfer };
allow servicemanager runas : binder { transfer };
allow domain fs_type : filesystem { getattr };
allow sudaemon sudaemon_tmpfs : file { read write execute };
allow lmkd lmkd : dir { ioctl read getattr lock search open };
allow debuggerd atrace : process { ptrace getattr };
allow init per_proxy_tmpfs : chr_file { relabelto };
allow audioserver audioserver_exec : file { read getattr execute entrypoint open };
allow idmap idmap : process { fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit };
dontaudit su node_type : rawip_socket { ioctl read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto recv_msg send_msg name_bind node_bind };
allow htc_ramdump ramdump_data_file : file { ioctl read write create getattr setattr lock append unlink rename open };
allow init graphics_device : chr_file { read setattr open };
allow mdnsd mdnsd : netlink_route_socket { read write create getattr setattr lock append bind connect getopt setopt shutdown nlmsg_read };
allow dhcp shell_exec : file { ioctl read getattr lock execute execute_no_trans open };
allow init inputflinger : process { transition siginh rlimitinh };
dontaudit init inputflinger : process { noatsecure };
allow mediaserver su : binder { call transfer };
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment