Changeset View
Changeset View
Standalone View
Standalone View
autotests/html/test.cil.html
- This file was added.
| 1 | <!DOCTYPE html> | ||||
|---|---|---|---|---|---|
| 2 | <html><head> | ||||
| 3 | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> | ||||
| 4 | <title>test.cil</title> | ||||
| 5 | <meta name="generator" content="KF5::SyntaxHighlighting (SELinux CIL Policy)"/> | ||||
| 6 | </head><body style="color:#1f1c1b"><pre> | ||||
| 7 | <span style="color:#898887;">; SELinux CIL Policy</span> | ||||
| 8 | | ||||
| 9 | <span style="color:#898887;">; Tests</span> | ||||
| 10 | | ||||
| 11 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">policycap</span> open_perms<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Policy config. statement</span> | ||||
| 12 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">mls</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 13 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#006e28;font-weight:bold;">handleunknown</span> <span style="color:#bf0303;font-weight:bold;">allow</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 14 | | ||||
| 15 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">sid</span> kernel<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declaration type statement</span> | ||||
| 16 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> char_w <span style="color:#ff8800;font-weight:bold;">(</span>char <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">write</span> <span style="color:#bf0303;">setattr</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Other statements</span> | ||||
| 17 | | ||||
| 18 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">user</span> user<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#898887;">; Declare identifier 'user' of user type</span> | ||||
| 19 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">role</span> role<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 20 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 21 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> allow<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span><span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> in<span style="color:#ff0000;font-weight:bold;">)</span> <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">xor</span> xor<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 22 | | ||||
| 23 | <span style="color:#898887;">; List of permissions</span> | ||||
| 24 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> security <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">compute_av</span> <span style="color:#bf0303;">compute_create</span> <span style="color:#bf0303;">compute_member</span> <span style="color:#bf0303;">check_context</span> <span style="color:#bf0303;">load_policy</span> <span style="color:#bf0303;">compute_relabel</span> <span style="color:#bf0303;">compute_user</span> <span style="color:#bf0303;">setenforce</span> <span style="color:#bf0303;">setbool</span> <span style="color:#bf0303;">setsecparam</span> <span style="color:#bf0303;">setcheckreqprot</span> <span style="color:#bf0303;">read_policy</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 25 | | ||||
| 26 | <span style="color:#898887;">; Highlighting permissions only if there is not a statement keyword</span> | ||||
| 27 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> binder <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">impersonate</span> <span style="color:#bf0303;">call</span> <span style="color:#bf0303;">set_context_mgr</span> <span style="color:#bf0303;">transfer</span> <span style="color:#bf0303;">receive</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 28 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> binder <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> impersonate call set_context_mgr transfer receive<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 29 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;">impersonate</span> <span style="color:#bf0303;">call</span> <span style="color:#bf0303;">set_context_mgr</span> <span style="color:#bf0303;">transfer</span> <span style="color:#bf0303;">receive</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 30 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">tunableif</span> impersonate call set_context_mgr transfer receive<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 31 | | ||||
| 32 | <span style="color:#898887;">; This is allowed by the CIL compiler</span> | ||||
| 33 | <span style="color:#ff0000;font-weight:bold;">(</span> <span style="color:#644a9b;font-weight:bold;">typeattribute</span><span style="color:#898887;">;comment</span> | ||||
| 34 | all_fs_type_except_usermodehelper_and_proc_security<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 35 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#898887;">;comment</span> | ||||
| 36 | <span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 37 | <span style="color:#ff0000;font-weight:bold;">(</span> <span style="color:#898887;">;comment</span> | ||||
| 38 | <span style="color:#898887;">;more comments</span> | ||||
| 39 | <span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_fs_type_except_usermodehelper_and_proc_security<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 40 | | ||||
| 41 | <span style="color:#898887;">; Paths</span> | ||||
| 42 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> /true <span style="color:#0095ff;font-weight:bold;">true</span> /true/true/ <span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span>/true <span style="color:#bf0303;">"true"</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 43 | <span style="color:#898887;">; Global namespace</span> | ||||
| 44 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> <span style="color:#0095ff;font-weight:bold;">true</span> .true <span style="color:#0095ff;font-weight:bold;">true</span> true.true <span style="color:#0095ff;font-weight:bold;">true</span> .true.true true.true.true | ||||
| 45 | .<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#0095ff;font-weight:bold;">true</span>.<span style="color:#0095ff;font-weight:bold;">true</span>. <span style="color:#898887;">; invalid</span> | ||||
| 46 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 47 | | ||||
| 48 | <span style="color:#898887;">; Keywords in some rules</span> | ||||
| 49 | | ||||
| 50 | <span style="color:#898887;">; filecon</span> | ||||
| 51 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/system/bin/run-as"</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 52 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/dev/socket/wpa_wlan</span><span style="color:#ff5500;">[0</span><span style="color:#ca60ca;">-</span><span style="color:#ff5500;">9]</span><span style="color:#bf0303;">"</span> <span style="color:#0057ae;">any</span> <span style="color:#ff5500;">u:object_r:wpa.socket:s0-s0</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 53 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/data/local/mine"</span> <span style="color:#0057ae;">dir</span> <span style="color:#ff8800;font-weight:bold;">()</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 54 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classcommon</span> file any dir<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 55 | <span style="color:#ff0000;font-weight:bold;">(</span>file any dir<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 56 | <span style="color:#898887;">; portcon</span> | ||||
| 57 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">tcp</span> <span style="color:#b08000;">3333</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object levelrange_1<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 58 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">portcon</span> <span style="color:#0057ae;">udp</span> <span style="color:#b08000;">4444</span> <span style="color:#ff8800;font-weight:bold;">(</span>unconfined.user <span style="font-style:italic;">object_r</span> unconfined.object <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span>s0<span style="color:#008800;font-weight:bold;">)</span> level_2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 59 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">defaultrole</span> tcp udp<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 60 | <span style="color:#ff0000;font-weight:bold;">(</span>tcp udp<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 61 | <span style="color:#898887;">; fsuse</span> | ||||
| 62 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">xattr</span> <span style="font-style:italic;">ext4</span> file.labeledfs_context<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 63 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">task</span> <span style="font-style:italic;">pipefs</span> file.pipefs_context<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 64 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">fsuse</span> <span style="color:#0057ae;">trans</span> <span style="font-style:italic;">tmpfs</span> file.tmpfs_context<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 65 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">typemember</span> xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 66 | <span style="color:#ff0000;font-weight:bold;">(</span>xattr task trans<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 67 | | ||||
| 68 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 69 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process httpd.object <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 70 | | ||||
| 71 | <span style="color:#898887;">; Paths</span> | ||||
| 72 | <span style="color:#bf0303;">"/system/</span><span style="color:#ff5500;">(foo</span><span style="color:#ca60ca;">|</span><span style="color:#ff5500;">bar)</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">[</span><span style="color:#ca60ca;">^</span><span style="color:#ff5500;">/]</span><span style="color:#3daee9;">*</span><span style="color:#bf0303;">/</span><span style="color:#ff5500;">(hi){2,6}(</span><span style="color:#3daee9;">.*</span><span style="color:#ff5500;">)</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">"</span> | ||||
| 73 | <span style="color:#bf0303;">"/pa</span><span style="color:#3daee9;">\12</span><span style="color:#bf0303;">th</span><span style="color:#3daee9;">.*</span><span style="color:#bf0303;">a</span><span style="color:#3daee9;">+</span><span style="color:#bf0303;">b</span><span style="color:#3daee9;">?</span><span style="color:#bf0303;">"</span> | ||||
| 74 | /usr/hi<span style="color:#3daee9;">\"</span>esc<span style="color:#3daee9;">\032</span>esc<span style="color:#3daee9;">\*</span>3es<span style="color:#ff5500;">{2,2}</span>ds | ||||
| 75 | <span style="color:#bf0303;">"/data/</span><span style="color:#ff5500;">(ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#bf0303;"> "</span> | ||||
| 76 | <span style="color:#bf0303;">"/data/</span><span style="color:#ff5500;">[ope</span><span style="color:#ff5500;text-decoration:underline;">n</span><span style="color:#bf0303;"> "</span> | ||||
| 77 | | ||||
| 78 | | ||||
| 79 | <span style="color:#898887;">; Some rules</span> | ||||
| 80 | | ||||
| 81 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">call</span> macro1<span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;">"__kmsg__"</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 82 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> macro1 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">string</span> ARG1<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 83 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> audit.process device.device chr_file ARG1 device.klog_device<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 84 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 85 | | ||||
| 86 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> unconfined.process <span style="color:#006e28;">self</span> <span style="color:#ff8800;font-weight:bold;">(</span>file <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">write</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 87 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">auditallow</span> release_app.process secmark_demo.browser_packet <span style="color:#ff8800;font-weight:bold;">(</span>packet <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;">send</span> <span style="color:#bf0303;">recv</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 88 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x2000</span> <span style="color:#b08000;">0x20FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 89 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_nodebug <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> udp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x4000</span> <span style="color:#b08000;">0x4010</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 90 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allowx</span> type_3 type_4 ioctl_nodebug<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 91 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">dontauditx</span> type_1 type_2 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x3000</span> <span style="color:#b08000;">0x30FF</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 92 | | ||||
| 93 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> property_service <span style="color:#ff8800;font-weight:bold;">(</span>set<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 94 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> av_rules | ||||
| 95 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_1<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 96 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> type_2<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 97 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">typeattribute</span> all_types<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 98 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">typeattributeset</span> all_types <span style="color:#888800;font-weight:bold;">(</span><span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 99 | | ||||
| 100 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">neverallow</span> type_2 all_types <span style="color:#888800;font-weight:bold;">(</span>property_service <span style="color:#008800;font-weight:bold;">(</span>set<span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 101 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 102 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">macro</span> binder_call <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG1<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> ARG2<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 103 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> ARG1 ARG2 <span style="color:#888800;font-weight:bold;">(</span>binder <span style="color:#008800;font-weight:bold;">(</span><span style="color:#bf0303;">transfer</span> <span style="color:#bf0303;">call</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 104 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 105 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">ipaddr</span> netmask_1 <span style="color:#b08000;">255.255.255.0</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 106 | | ||||
| 107 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> dir<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 108 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> foo<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 109 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> bar<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 110 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> baz<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 111 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classorder</span> <span style="color:#ff8800;font-weight:bold;">(</span>dir foo<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 112 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classorder</span> <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">unordered</span> bar foo baz<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 113 | | ||||
| 114 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">classpermission</span> zygote_2<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 115 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">classpermissionset</span> zygote_2 <span style="color:#ff8800;font-weight:bold;">(</span>zygote | ||||
| 116 | <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> | ||||
| 117 | <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">all</span><span style="color:#008800;font-weight:bold;">)</span> | ||||
| 118 | <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#000088;font-weight:bold;">(</span>specifyinvokewith specifyseinfo<span style="color:#000088;font-weight:bold;">)</span><span style="color:#008800;font-weight:bold;">)</span> | ||||
| 119 | <span style="color:#888800;font-weight:bold;">)</span> | ||||
| 120 | <span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 121 | | ||||
| 122 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">permissionx</span> ioctl_3 <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">ioctl</span> tcp_socket <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x8000</span> <span style="color:#b08000;">0x90FF</span><span style="color:#008800;font-weight:bold;">)</span> <span style="color:#008800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> <span style="color:#000088;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">range</span> <span style="color:#b08000;">0x8100</span> <span style="color:#b08000;">0x82FF</span><span style="color:#000088;font-weight:bold;">)</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 123 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">boolean</span> disableAudioCapture <span style="color:#0095ff;font-weight:bold;">false</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 124 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">booleanif</span> <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">and</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> disableAudio<span style="color:#888800;font-weight:bold;">)</span> <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">not</span> disableAudioCapture<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 125 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> | ||||
| 126 | <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process mediaserver.audio_capture_device <span style="color:#008800;font-weight:bold;">(</span>chr_file_set <span style="color:#000088;font-weight:bold;">(</span>rw_file_perms<span style="color:#000088;font-weight:bold;">)</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span> | ||||
| 127 | <span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 128 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 129 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">tunable</span> range_trans_rule <span style="color:#0095ff;font-weight:bold;">false</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 130 | | ||||
| 131 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> init | ||||
| 132 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">class</span> process <span style="color:#888800;font-weight:bold;">(</span>process<span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 133 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">type</span> process<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 134 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">tunableif</span> range_trans_rule | ||||
| 135 | <span style="color:#888800;font-weight:bold;">(</span><span style="color:#0095ff;font-weight:bold;">true</span> | ||||
| 136 | <span style="color:#008800;font-weight:bold;">(</span><span style="font-weight:bold;">rangetransition</span> process sshd.exec process low_high<span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 137 | | ||||
| 138 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">validatetrans</span> file <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#0057ae;font-weight:bold;">eq</span> <span style="font-style:italic;">t1</span> unconfined.process<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 139 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">block</span> ext_gateway | ||||
| 140 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">optional</span> move_file | ||||
| 141 | <span style="color:#888800;font-weight:bold;">(</span><span style="font-weight:bold;">typetransition</span> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file<span style="color:#888800;font-weight:bold;">)</span> | ||||
| 142 | <span style="color:#888800;font-weight:bold;">(</span><span style="color:#bf0303;font-weight:bold;">allow</span> process msg_filter.move_file.in_queue <span style="color:#008800;font-weight:bold;">(</span>dir <span style="color:#000088;font-weight:bold;">(</span><span style="color:#bf0303;">read</span> <span style="color:#bf0303;">getattr</span> <span style="color:#bf0303;">write</span> <span style="color:#bf0303;">search</span> <span style="color:#bf0303;">add_name</span><span style="color:#000088;font-weight:bold;">)</span><span style="color:#008800;font-weight:bold;">)</span><span style="color:#888800;font-weight:bold;">)</span><span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 143 | | ||||
| 144 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="color:#644a9b;font-weight:bold;">context</span> runas_exec_context <span style="color:#ff8800;font-weight:bold;">(</span>u <span style="font-style:italic;">object_r</span> exec low_low<span style="color:#ff8800;font-weight:bold;">)</span><span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 145 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">filecon</span> <span style="color:#bf0303;">"/system/bin/run-as"</span> <span style="color:#0057ae;">file</span> runas_exec_context<span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 146 | | ||||
| 147 | <span style="color:#ff0000;font-weight:bold;">(</span><span style="font-weight:bold;">in</span> file | ||||
| 148 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">rootfs</span> / rootfs_context<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 149 | <span style="color:#ff8800;font-weight:bold;">(</span><span style="font-weight:bold;">genfscon</span> <span style="font-style:italic;">selinuxfs</span> / selinuxfs_context<span style="color:#ff8800;font-weight:bold;">)</span> | ||||
| 150 | <span style="color:#ff0000;font-weight:bold;">)</span> | ||||
| 151 | </pre></body></html> | ||||