Changeset View
Changeset View
Standalone View
Standalone View
autotests/reference/test.cil.ref
1 | <Comment>; SELinux CIL Policy</Comment><br/> | 1 | <Comment>; SELinux CIL Policy</Comment><br/> | ||
---|---|---|---|---|---|
2 | <Normal Text></Normal Text><br/> | 2 | <Normal Text></Normal Text><br/> | ||
3 | <Comment>; Tests</Comment><br/> | 3 | <Comment>; Tests</Comment><br/> | ||
4 | <Normal Text></Normal Text><br/> | 4 | <Normal Text></Normal Text><br/> | ||
5 | <Brackets1>(</Brackets1><Policy Config. Statements>policycap</Policy Config. Statements><Normal Text> open_perms</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Policy config. statement</Comment><br/> | 5 | <Brackets1>(</Brackets1><Policy Config. Statements>policycap</Policy Config. Statements><Normal Text> </Normal Text><Policy Capability>open_perms</Policy Capability><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Policy config. statement</Comment><br/> | ||
6 | <Brackets1>(</Brackets1><Policy Config. Statements>mls</Policy Config. Statements><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets1>)</Brackets1><br/> | 6 | <Brackets1>(</Brackets1><Policy Config. Statements>mls</Policy Config. Statements><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets1>)</Brackets1><br/> | ||
7 | <Brackets1>(</Brackets1><Policy Config. Statements>handleunknown</Policy Config. Statements><Normal Text> </Normal Text><Access Keys>allow</Access Keys><Brackets1>)</Brackets1><br/> | 7 | <Brackets1>(</Brackets1><Policy Config. Statements>handleunknown</Policy Config. Statements><Normal Text> </Normal Text><Access Keys>allow</Access Keys><Brackets1>)</Brackets1><br/> | ||
8 | <Normal Text></Normal Text><br/> | 8 | <Normal Text></Normal Text><br/> | ||
9 | <Brackets1>(</Brackets1><Type Statements>sid</Type Statements><Normal Text> kernel</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Declaration type statement</Comment><br/> | 9 | <Brackets1>(</Brackets1><Type Statements>sid</Type Statements><Normal Text> kernel</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Declaration type statement</Comment><br/> | ||
10 | <Brackets1>(</Brackets1><Statements>classpermissionset</Statements><Normal Text> char_w </Normal Text><Brackets2>(</Brackets2><Normal Text>char </Normal Text><Brackets3>(</Brackets3><Permissions>write</Permissions><Normal Text> </Normal Text><Permissions>setattr</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Other statements</Comment><br/> | 10 | <Brackets1>(</Brackets1><Statements>classpermissionset</Statements><Normal Text> char_w </Normal Text><Brackets2>(</Brackets2><Normal Text>char </Normal Text><Brackets3>(</Brackets3><AV Permissions>write</AV Permissions><Normal Text> </Normal Text><AV Permissions>setattr</AV Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Other statements</Comment><br/> | ||
11 | <Normal Text></Normal Text><br/> | 11 | <Normal Text></Normal Text><br/> | ||
12 | <Brackets1>(</Brackets1><Type Statements>user</Type Statements><Normal Text> user</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Declare identifier 'user' of user type</Comment><br/> | 12 | <Brackets1>(</Brackets1><Type Statements>user</Type Statements><Normal Text> user</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; Declare identifier 'user' of user type</Comment><br/> | ||
13 | <Brackets1>(</Brackets1><Type Statements>role</Type Statements><Normal Text> role</Normal Text><Brackets1>)</Brackets1><br/> | 13 | <Brackets1>(</Brackets1><Type Statements>role</Type Statements><Normal Text> role</Normal Text><Brackets1>)</Brackets1><br/> | ||
14 | <Brackets1>(</Brackets1><Type Statements>type</Type Statements><Normal Text> type</Normal Text><Brackets1>)</Brackets1><br/> | 14 | <Brackets1>(</Brackets1><Type Statements>type</Type Statements><Normal Text> type</Normal Text><Brackets1>)</Brackets1><br/> | ||
15 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> allow</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Statements>in</Statements><Normal Text> in</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Expression Keys>xor</Expression Keys><Normal Text> xor</Normal Text><Brackets1>)</Brackets1><br/> | 15 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> allow</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Statements>in</Statements><Normal Text> in</Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Brackets1>(</Brackets1><Expression Keys>xor</Expression Keys><Normal Text> xor</Normal Text><Brackets1>)</Brackets1><br/> | ||
16 | <Normal Text></Normal Text><br/> | 16 | <Normal Text></Normal Text><br/> | ||
17 | <Comment>; List of permissions</Comment><br/> | 17 | <Comment>; List of permissions</Comment><br/> | ||
18 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> security </Normal Text><Brackets2>(</Brackets2><Permissions>compute_av</Permissions><Normal Text> </Normal Text><Permissions>compute_create</Permissions><Normal Text> </Normal Text><Permissions>compute_member</Permissions><Normal Text> </Normal Text><Permissions>check_context</Permissions><Normal Text> </Normal Text><Permissions>load_policy</Permissions><Normal Text> </Normal Text><Permissions>compute_relabel</Permissions><Normal Text> </Normal Text><Permissions>compute_user</Permissions><Normal Text> </Normal Text><Permissions>setenforce</Permissions><Normal Text> </Normal Text><Permissions>setbool</Permissions><Normal Text> </Normal Text><Permissions>setsecparam</Permissions><Normal Text> </Normal Text><Permissions>setcheckreqprot</Permissions><Normal Text> </Normal Text><Permissions>read_policy</Permissions><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 18 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> security </Normal Text><Brackets2>(</Brackets2><AV Permissions>compute_av</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_create</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_member</AV Permissions><Normal Text> </Normal Text><AV Permissions>check_context</AV Permissions><Normal Text> </Normal Text><AV Permissions>load_policy</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_relabel</AV Permissions><Normal Text> </Normal Text><AV Permissions>compute_user</AV Permissions><Normal Text> </Normal Text><AV Permissions>setenforce</AV Permissions><Normal Text> </Normal Text><AV Permissions>setbool</AV Permissions><Normal Text> </Normal Text><AV Permissions>setsecparam</AV Permissions><Normal Text> </Normal Text><AV Permissions>setcheckreqprot</AV Permissions><Normal Text> </Normal Text><AV Permissions>read_policy</AV Permissions><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
19 | <Normal Text></Normal Text><br/> | 19 | <Normal Text></Normal Text><br/> | ||
20 | <Comment>; Highlighting permissions only if there is not a statement keyword</Comment><br/> | 20 | <Comment>; Highlighting permissions only if there is not a statement keyword</Comment><br/> | ||
21 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets2>(</Brackets2><Permissions>impersonate</Permissions><Normal Text> </Normal Text><Permissions>call</Permissions><Normal Text> </Normal Text><Permissions>set_context_mgr</Permissions><Normal Text> </Normal Text><Permissions>transfer</Permissions><Normal Text> </Normal Text><Permissions>receive</Permissions><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 21 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets2>(</Brackets2><AV Permissions>impersonate</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text> </Normal Text><AV Permissions>set_context_mgr</AV Permissions><Normal Text> </Normal Text><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>receive</AV Permissions><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
22 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets2>(</Brackets2><Statements>classcommon</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 22 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> binder </Normal Text><Brackets2>(</Brackets2><Statements>classcommon</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
23 | <Brackets1>(</Brackets1><Permissions>impersonate</Permissions><Normal Text> </Normal Text><Permissions>call</Permissions><Normal Text> </Normal Text><Permissions>set_context_mgr</Permissions><Normal Text> </Normal Text><Permissions>transfer</Permissions><Normal Text> </Normal Text><Permissions>receive</Permissions><Brackets1>)</Brackets1><br/> | 23 | <Brackets1>(</Brackets1><AV Permissions>impersonate</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text> </Normal Text><AV Permissions>set_context_mgr</AV Permissions><Normal Text> </Normal Text><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>receive</AV Permissions><Brackets1>)</Brackets1><br/> | ||
24 | <Brackets1>(</Brackets1><Statements>tunableif</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets1>)</Brackets1><br/> | 24 | <Brackets1>(</Brackets1><Statements>tunableif</Statements><Normal Text> impersonate call set_context_mgr transfer receive</Normal Text><Brackets1>)</Brackets1><br/> | ||
25 | <Normal Text></Normal Text><br/> | 25 | <Normal Text></Normal Text><br/> | ||
26 | <Comment>; This is allowed by the CIL compiler</Comment><br/> | 26 | <Comment>; This is allowed by the CIL compiler</Comment><br/> | ||
27 | <Brackets1>(</Brackets1><Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Comment>;comment</Comment><br/> | 27 | <Brackets1>(</Brackets1><Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Comment>;comment</Comment><br/> | ||
28 | <Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | 28 | <Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | ||
29 | <Brackets1>(</Brackets1><Comment>;comment</Comment><br/> | 29 | <Brackets1>(</Brackets1><Comment>;comment</Comment><br/> | ||
30 | <Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | 30 | <Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | ||
31 | <Brackets1>(</Brackets1><Normal Text> </Normal Text><Comment>;comment</Comment><br/> | 31 | <Brackets1>(</Brackets1><Normal Text> </Normal Text><Comment>;comment</Comment><br/> | ||
32 | <Normal Text> </Normal Text><Comment>;more comments</Comment><br/> | 32 | <Normal Text> </Normal Text><Comment>;more comments</Comment><br/> | ||
33 | <Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | 33 | <Normal Text> </Normal Text><Type Statements>typeattribute</Type Statements><Normal Text> all_fs_type_except_usermodehelper_and_proc_security</Normal Text><Brackets1>)</Brackets1><br/> | ||
34 | <Normal Text> </Normal Text><br/> | 34 | <Normal Text> </Normal Text><br/> | ||
35 | <Comment>; Paths</Comment><br/> | 35 | <Comment>; Paths</Comment><br/> | ||
36 | <Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true/true/</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Path>/true</Path><Normal Text> </Normal Text><Text Quoted>"true"</Text Quoted><Brackets1>)</Brackets1><br/> | 36 | <Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Path>/true/true/</Path><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Path>/true</Path><Normal Text> </Normal Text><Text Quoted>"true"</Text Quoted><Brackets1>)</Brackets1><br/> | ||
37 | <Comment>; Global namespace</Comment><br/> | 37 | <Comment>; Global namespace</Comment><br/> | ||
38 | <Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> .true </Normal Text><Booleans>true</Booleans><Normal Text> true.true </Normal Text><Booleans>true</Booleans><Normal Text> .true.true true.true.true</Normal Text><br/> | 38 | <Brackets1>(</Brackets1><Booleans>true</Booleans><Normal Text> </Normal Text><Booleans>true</Booleans><Normal Text> .true </Normal Text><Booleans>true</Booleans><Normal Text> true.true </Normal Text><Booleans>true</Booleans><Normal Text> .true.true true.true.true</Normal Text><br/> | ||
39 | <Normal Text> .</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>.</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Comment>; invalid</Comment><br/> | 39 | <Normal Text> .</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Booleans>true</Booleans><Normal Text>.</Normal Text><Booleans>true</Booleans><Normal Text>. </Normal Text><Comment>; invalid</Comment><br/> | ||
40 | <Brackets1>)</Brackets1><br/> | 40 | <Brackets1>)</Brackets1><br/> | ||
41 | <Normal Text></Normal Text><br/> | 41 | <Normal Text></Normal Text><br/> | ||
42 | <Comment>; Keywords in some rules</Comment><br/> | 42 | <Comment>; Keywords in some rules</Comment><br/> | ||
43 | <Normal Text></Normal Text><br/> | 43 | <Normal Text></Normal Text><br/> | ||
44 | <Comment>; filecon</Comment><br/> | 44 | <Comment>; filecon</Comment><br/> | ||
45 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets1>)</Brackets1><br/> | 45 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets1>)</Brackets1><br/> | ||
46 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/dev/socket/wpa_wlan</Text Quoted><Pattern Brackets>[0</Pattern Brackets><Special Char 2>-</Special Char 2><Pattern Brackets>9]</Pattern Brackets><Text Quoted>"</Text Quoted><Normal Text> </Normal Text><Types>any</Types><Normal Text> </Normal Text><File Contexts>u:object_r:wpa.socket:s0-s0</File Contexts><Brackets1>)</Brackets1><br/> | 46 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/dev/socket/wpa_wlan</Text Quoted><RegExp Brackets>[</RegExp Brackets><RegExp Brackets Content>0-9</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Text Quoted>"</Text Quoted><Normal Text> </Normal Text><Types>any</Types><Normal Text> </Normal Text><File Contexts>u</File Contexts><Normal Text>:</Normal Text><File Contexts>object_r</File Contexts><Normal Text>:</Normal Text><File Contexts (Type Enforcement)>wpa.socket</File Contexts (Type Enforcement)><Normal Text>:</Normal Text><File Contexts>s0</File Contexts><Normal Text>-</Normal Text><File Contexts>s0</File Contexts><Brackets1>)</Brackets1><br/> | ||
47 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/data/local/mine"</Text Quoted><Normal Text> </Normal Text><Types>dir</Types><Normal Text> </Normal Text><Brackets2>()</Brackets2><Brackets1>)</Brackets1><br/> | 47 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/data/local/mine"</Text Quoted><Normal Text> </Normal Text><Types>dir</Types><Normal Text> </Normal Text><Brackets2>()</Brackets2><Brackets1>)</Brackets1><br/> | ||
48 | <Brackets1>(</Brackets1><Statements>classcommon</Statements><Normal Text> file any dir</Normal Text><Brackets1>)</Brackets1><br/> | 48 | <Brackets1>(</Brackets1><Statements>classcommon</Statements><Normal Text> file any dir</Normal Text><Brackets1>)</Brackets1><br/> | ||
49 | <Brackets1>(</Brackets1><Normal Text>file any dir</Normal Text><Brackets1>)</Brackets1><br/> | 49 | <Brackets1>(</Brackets1><Normal Text>file any dir</Normal Text><Brackets1>)</Brackets1><br/> | ||
50 | <Comment>; portcon</Comment><br/> | 50 | <Comment>; portcon</Comment><br/> | ||
51 | <Brackets1>(</Brackets1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>tcp</Types><Normal Text> </Normal Text><Number>3333</Number><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object levelrange_1</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 51 | <Brackets1>(</Brackets1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>sctp</Types><Normal Text> </Normal Text><Number>3333</Number><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object levelrange_1</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
52 | <Brackets1>(</Brackets1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>udp</Types><Normal Text> </Normal Text><Number>4444</Number><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object </Normal Text><Brackets3>(</Brackets3><Brackets4>(</Brackets4><Normal Text>s0</Normal Text><Brackets4>)</Brackets4><Normal Text> level_2</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 52 | <Brackets1>(</Brackets1><Statements>portcon</Statements><Normal Text> </Normal Text><Types>udp</Types><Normal Text> </Normal Text><Number>4444</Number><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>unconfined.user </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> unconfined.object </Normal Text><Brackets3>(</Brackets3><Brackets4>(</Brackets4><Normal Text>s0</Normal Text><Brackets4>)</Brackets4><Normal Text> level_2</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
53 | <Brackets1>(</Brackets1><Statements>defaultrole</Statements><Normal Text> tcp udp</Normal Text><Brackets1>)</Brackets1><br/> | 53 | <Brackets1>(</Brackets1><Statements>defaultrole</Statements><Normal Text> tcp udp</Normal Text><Brackets1>)</Brackets1><br/> | ||
54 | <Brackets1>(</Brackets1><Normal Text>tcp udp</Normal Text><Brackets1>)</Brackets1><br/> | 54 | <Brackets1>(</Brackets1><Normal Text>tcp udp</Normal Text><Brackets1>)</Brackets1><br/> | ||
55 | <Comment>; fsuse</Comment><br/> | 55 | <Comment>; fsuse</Comment><br/> | ||
56 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>xattr</Types><Normal Text> </Normal Text><Other Keywords>ext4</Other Keywords><Normal Text> file.labeledfs_context</Normal Text><Brackets1>)</Brackets1><br/> | 56 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>xattr</Types><Normal Text> </Normal Text><Filesystem>ext4</Filesystem><Normal Text> file.labeledfs_context</Normal Text><Brackets1>)</Brackets1><br/> | ||
57 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>task</Types><Normal Text> </Normal Text><Other Keywords>pipefs</Other Keywords><Normal Text> file.pipefs_context</Normal Text><Brackets1>)</Brackets1><br/> | 57 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>task</Types><Normal Text> </Normal Text><Filesystem>pipefs</Filesystem><Normal Text> file.pipefs_context</Normal Text><Brackets1>)</Brackets1><br/> | ||
58 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>trans</Types><Normal Text> </Normal Text><Other Keywords>tmpfs</Other Keywords><Normal Text> file.tmpfs_context</Normal Text><Brackets1>)</Brackets1><br/> | 58 | <Brackets1>(</Brackets1><Statements>fsuse</Statements><Normal Text> </Normal Text><Types>trans</Types><Normal Text> </Normal Text><Filesystem>tmpfs</Filesystem><Normal Text> file.tmpfs_context</Normal Text><Brackets1>)</Brackets1><br/> | ||
59 | <Brackets1>(</Brackets1><Statements>typemember</Statements><Normal Text> xattr task trans</Normal Text><Brackets1>)</Brackets1><br/> | 59 | <Brackets1>(</Brackets1><Statements>typemember</Statements><Normal Text> xattr task trans</Normal Text><Brackets1>)</Brackets1><br/> | ||
60 | <Brackets1>(</Brackets1><Normal Text>xattr task trans</Normal Text><Brackets1>)</Brackets1><br/> | 60 | <Brackets1>(</Brackets1><Normal Text>xattr task trans</Normal Text><Brackets1>)</Brackets1><br/> | ||
61 | <Normal Text> </Normal Text><br/> | 61 | <Normal Text></Normal Text><br/> | ||
62 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><Permissions>read</Permissions><Normal Text> </Normal Text><Permissions>write</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 62 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
63 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> process httpd.object </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><Permissions>read</Permissions><Normal Text> </Normal Text><Permissions>write</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 63 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> process httpd.object </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
64 | <Normal Text></Normal Text><br/> | 64 | <Normal Text></Normal Text><br/> | ||
65 | <Comment>; Paths</Comment><br/> | 65 | <Comment>; Paths</Comment><br/> | ||
66 | <Text Quoted>"/system/</Text Quoted><Pattern Brackets>(foo</Pattern Brackets><Special Char 2>|</Special Char 2><Pattern Brackets>bar)</Pattern Brackets><Text Quoted>/</Text Quoted><Pattern Brackets>[</Pattern Brackets><Special Char 2>^</Special Char 2><Pattern Brackets>/]</Pattern Brackets><Special Char>*</Special Char><Text Quoted>/</Text Quoted><Pattern Brackets>(hi){2,6}(</Pattern Brackets><Special Char>.*</Special Char><Pattern Brackets>)</Pattern Brackets><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/> | 66 | <Text Quoted>"/system/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>foo</RegExp Brackets Content><Special Char of Brackets>|</Special Char of Brackets><RegExp Brackets Content>bar</RegExp Brackets Content><RegExp Brackets>)</RegExp Brackets><Text Quoted>/</Text Quoted><RegExp Brackets>[</RegExp Brackets><Special Char of Brackets>^</Special Char of Brackets><RegExp Brackets Content>/</RegExp Brackets Content><RegExp Brackets>]</RegExp Brackets><Special Char>*</Special Char><Text Quoted>/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>hi</RegExp Brackets Content><RegExp Brackets>){</RegExp Brackets><RegExp Brackets Content>2</RegExp Brackets Content><Special Char of Brackets>,</Special Char of Brackets><RegExp Brackets Content>6</RegExp Brackets Content><RegExp Brackets>}(</RegExp Brackets><Special Char>.*</Special Char><RegExp Brackets>)</RegExp Brackets><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/> | ||
67 | <Text Quoted>"/pa</Text Quoted><Escape Expression>\12</Escape Expression><Text Quoted>th</Text Quoted><Special Char>.*</Special Char><Text Quoted>a</Text Quoted><Special Char>+</Special Char><Text Quoted>b</Text Quoted><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/> | 67 | <Text Quoted>"/pa</Text Quoted><Escape Char>\12</Escape Char><Text Quoted>th</Text Quoted><Special Char>.*</Special Char><Text Quoted>a</Text Quoted><Special Char>+</Special Char><Text Quoted>b</Text Quoted><Special Char>?</Special Char><Text Quoted>"</Text Quoted><br/> | ||
68 | <Path>/usr/hi</Path><Escape Expression>\"</Escape Expression><Path>esc</Path><Escape Expression>\032</Escape Expression><Path>esc</Path><Escape Expression>\*</Escape Expression><Path>3es</Path><Pattern Brackets>{2,2}</Pattern Brackets><Path>ds</Path><br/> | 68 | <Path>/usr/hi</Path><Escape Char>\"</Escape Char><Path>esc</Path><Escape Char>\032</Escape Char><Path>esc</Path><Escape Char>\*</Escape Char><Path>3es</Path><RegExp Brackets>{</RegExp Brackets><RegExp Brackets Content>2</RegExp Brackets Content><Special Char of Brackets>,</Special Char of Brackets><RegExp Brackets Content>2</RegExp Brackets Content><RegExp Brackets>}</RegExp Brackets><Path>ds</Path><br/> | ||
69 | <Text Quoted>"/data/</Text Quoted><Pattern Brackets>(ope</Pattern Brackets><Open Pattern Brackets>n</Open Pattern Brackets><Text Quoted> "</Text Quoted><br/> | 69 | <Text Quoted>"/data/</Text Quoted><RegExp Brackets>(</RegExp Brackets><RegExp Brackets Content>ope</RegExp Brackets Content><Open RegExp Brackets>n</Open RegExp Brackets><RegExp Brackets Content> </RegExp Brackets Content><Text Quoted>"</Text Quoted><br/> | ||
70 | <Text Quoted>"/data/</Text Quoted><Pattern Brackets>[ope</Pattern Brackets><Open Pattern Brackets>n</Open Pattern Brackets><Text Quoted> "</Text Quoted><br/> | 70 | <Text Quoted>"/data/</Text Quoted><RegExp Brackets>[</RegExp Brackets><RegExp Brackets Content>ope</RegExp Brackets Content><Open RegExp Brackets>n</Open RegExp Brackets><RegExp Brackets Content> </RegExp Brackets Content><Text Quoted>"</Text Quoted><br/> | ||
71 | <Normal Text></Normal Text><br/> | 71 | <Normal Text></Normal Text><br/> | ||
72 | <Normal Text></Normal Text><br/> | 72 | <Normal Text></Normal Text><br/> | ||
73 | <Comment>; Some rules</Comment><br/> | 73 | <Comment>; Some rules</Comment><br/> | ||
74 | <Normal Text></Normal Text><br/> | 74 | <Normal Text></Normal Text><br/> | ||
75 | <Brackets1>(</Brackets1><Statements>call</Statements><Normal Text> macro1</Normal Text><Brackets2>(</Brackets2><Text Quoted>"__kmsg__"</Text Quoted><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 75 | <Brackets1>(</Brackets1><Statements>call</Statements><Normal Text> macro1</Normal Text><Brackets2>(</Brackets2><Text Quoted>"__kmsg__"</Text Quoted><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
76 | <Brackets1>(</Brackets1><Type Statements>macro</Type Statements><Normal Text> macro1 </Normal Text><Brackets2>(</Brackets2><Brackets3>(</Brackets3><Type Name>string</Type Name><Normal Text> ARG1</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 76 | <Brackets1>(</Brackets1><Type Statements>macro</Type Statements><Normal Text> macro1 </Normal Text><Brackets2>(</Brackets2><Brackets3>(</Brackets3><Type Name Statements>string</Type Name Statements><Normal Text> ARG1</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
77 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>typetransition</Statements><Normal Text> audit.process device.device chr_file ARG1 device.klog_device</Normal Text><Brackets2>)</Brackets2><br/> | 77 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>typetransition</Statements><Normal Text> audit.process device.device chr_file ARG1 device.klog_device</Normal Text><Brackets2>)</Brackets2><br/> | ||
78 | <Brackets1>)</Brackets1><br/> | 78 | <Brackets1>)</Brackets1><br/> | ||
79 | <Normal Text></Normal Text><br/> | 79 | <Normal Text></Normal Text><br/> | ||
80 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><Permissions>read</Permissions><Normal Text> </Normal Text><Permissions>write</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 80 | <Brackets1>(</Brackets1><Access Keys>allow</Access Keys><Normal Text> unconfined.process </Normal Text><Special Keys>self</Special Keys><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>file </Normal Text><Brackets3>(</Brackets3><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
81 | <Brackets1>(</Brackets1><Access Keys>auditallow</Access Keys><Normal Text> release_app.process secmark_demo.browser_packet </Normal Text><Brackets2>(</Brackets2><Normal Text>packet </Normal Text><Brackets3>(</Brackets3><Permissions>send</Permissions><Normal Text> </Normal Text><Permissions>recv</Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 81 | <Brackets1>(</Brackets1><Access Keys>auditallow</Access Keys><Normal Text> release_app.process secmark_demo.browser_packet </Normal Text><Brackets2>(</Brackets2><Normal Text>packet </Normal Text><Brackets3>(</Brackets3><AV Permissions>send</AV Permissions><Normal Text> </Normal Text><AV Permissions>recv</AV Permissions><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
82 | <Brackets1>(</Brackets1><Access Keys>allowx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets2>(</Brackets2><Type Name>ioctl</Type Name><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hex>0x2000</Hex><Normal Text> </Normal Text><Hex>0x20FF</Hex><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 82 | <Brackets1>(</Brackets1><Access Keys>allowx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets2>(</Brackets2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x2000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x20FF</Hexadecimal><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
83 | <Brackets1>(</Brackets1><Statements>permissionx</Statements><Normal Text> ioctl_nodebug </Normal Text><Brackets2>(</Brackets2><Type Name>ioctl</Type Name><Normal Text> udp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hex>0x4000</Hex><Normal Text> </Normal Text><Hex>0x4010</Hex><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 83 | <Brackets1>(</Brackets1><Statements>permissionx</Statements><Normal Text> ioctl_nodebug </Normal Text><Brackets2>(</Brackets2><Type Name Statements>ioctl</Type Name Statements><Normal Text> udp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x4000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x4010</Hexadecimal><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
84 | <Brackets1>(</Brackets1><Access Keys>allowx</Access Keys><Normal Text> type_3 type_4 ioctl_nodebug</Normal Text><Brackets1>)</Brackets1><br/> | 84 | <Brackets1>(</Brackets1><Access Keys>allowx</Access Keys><Normal Text> type_3 type_4 ioctl_nodebug</Normal Text><Brackets1>)</Brackets1><br/> | ||
85 | <Brackets1>(</Brackets1><Access Keys>dontauditx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets2>(</Brackets2><Type Name>ioctl</Type Name><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hex>0x3000</Hex><Normal Text> </Normal Text><Hex>0x30FF</Hex><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 85 | <Brackets1>(</Brackets1><Access Keys>dontauditx</Access Keys><Normal Text> type_1 type_2 </Normal Text><Brackets2>(</Brackets2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x3000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x30FF</Hexadecimal><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
86 | <Normal Text></Normal Text><br/> | 86 | <Normal Text></Normal Text><br/> | ||
87 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> property_service </Normal Text><Brackets2>(</Brackets2><Normal Text>set</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 87 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> property_service </Normal Text><Brackets2>(</Brackets2><Android AV Permissions>set</Android AV Permissions><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
88 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> av_rules</Normal Text><br/> | 88 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> av_rules</Normal Text><br/> | ||
89 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> type_1</Normal Text><Brackets2>)</Brackets2><br/> | 89 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> type_1</Normal Text><Brackets2>)</Brackets2><br/> | ||
90 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> type_2</Normal Text><Brackets2>)</Brackets2><br/> | 90 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> type_2</Normal Text><Brackets2>)</Brackets2><br/> | ||
91 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>typeattribute</Type Statements><Normal Text> all_types</Normal Text><Brackets2>)</Brackets2><br/> | 91 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>typeattribute</Type Statements><Normal Text> all_types</Normal Text><Brackets2>)</Brackets2><br/> | ||
92 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>typeattributeset</Statements><Normal Text> all_types </Normal Text><Brackets3>(</Brackets3><Brackets4>(</Brackets4><Expression Keys>all</Expression Keys><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 92 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>typeattributeset</Statements><Normal Text> all_types </Normal Text><Brackets3>(</Brackets3><Brackets4>(</Brackets4><Expression Keys>all</Expression Keys><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
93 | <Normal Text></Normal Text><br/> | 93 | <Normal Text></Normal Text><br/> | ||
94 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Access Keys>neverallow</Access Keys><Normal Text> type_2 all_types </Normal Text><Brackets3>(</Brackets3><Normal Text>property_service </Normal Text><Brackets4>(</Brackets4><Normal Text>set</Normal Text><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 94 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Access Keys>neverallow</Access Keys><Normal Text> type_2 all_types </Normal Text><Brackets3>(</Brackets3><Normal Text>property_service </Normal Text><Brackets4>(</Brackets4><Android AV Permissions>set</Android AV Permissions><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
95 | <Brackets1>)</Brackets1><br/> | 95 | <Brackets1>)</Brackets1><br/> | ||
96 | <Brackets1>(</Brackets1><Type Statements>macro</Type Statements><Normal Text> binder_call </Normal Text><Brackets2>(</Brackets2><Brackets3>(</Brackets3><Type Statements>type</Type Statements><Normal Text> ARG1</Normal Text><Brackets3>)</Brackets3><Normal Text> </Normal Text><Brackets3>(</Brackets3><Type Statements>type</Type Statements><Normal Text> ARG2</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 96 | <Brackets1>(</Brackets1><Type Statements>macro</Type Statements><Normal Text> binder_call </Normal Text><Brackets2>(</Brackets2><Brackets3>(</Brackets3><Type Statements>type</Type Statements><Normal Text> ARG1</Normal Text><Brackets3>)</Brackets3><Normal Text> </Normal Text><Brackets3>(</Brackets3><Type Statements>type</Type Statements><Normal Text> ARG2</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
97 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Access Keys>allow</Access Keys><Normal Text> ARG1 ARG2 </Normal Text><Brackets3>(</Brackets3><Normal Text>binder </Normal Text><Brackets4>(</Brackets4><Permissions>transfer</Permissions><Normal Text> </Normal Text><Permissions>call</Permissions><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 97 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Access Keys>allow</Access Keys><Normal Text> ARG1 ARG2 </Normal Text><Brackets3>(</Brackets3><Normal Text>binder </Normal Text><Brackets4>(</Brackets4><AV Permissions>transfer</AV Permissions><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
98 | <Brackets1>)</Brackets1><br/> | 98 | <Brackets1>)</Brackets1><br/> | ||
99 | <Brackets1>(</Brackets1><Type Statements>ipaddr</Type Statements><Normal Text> netmask_1 </Normal Text><IP Address>255.255.255.0</IP Address><Brackets1>)</Brackets1><br/> | 99 | <Brackets1>(</Brackets1><Type Statements>ipaddr</Type Statements><Normal Text> netmask_1 </Normal Text><IP Address>255.255.255.0</IP Address><Brackets1>)</Brackets1><br/> | ||
100 | <Normal Text></Normal Text><br/> | 100 | <Normal Text></Normal Text><br/> | ||
101 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> dir</Normal Text><Brackets1>)</Brackets1><br/> | 101 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> dir</Normal Text><Brackets1>)</Brackets1><br/> | ||
102 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> foo</Normal Text><Brackets1>)</Brackets1><br/> | 102 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> foo</Normal Text><Brackets1>)</Brackets1><br/> | ||
103 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> bar</Normal Text><Brackets1>)</Brackets1><br/> | 103 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> bar</Normal Text><Brackets1>)</Brackets1><br/> | ||
104 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> baz</Normal Text><Brackets1>)</Brackets1><br/> | 104 | <Brackets1>(</Brackets1><Type Statements>class</Type Statements><Normal Text> baz</Normal Text><Brackets1>)</Brackets1><br/> | ||
105 | <Brackets1>(</Brackets1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>dir foo</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 105 | <Brackets1>(</Brackets1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Normal Text>dir foo</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
106 | <Brackets1>(</Brackets1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Name>unordered</Type Name><Normal Text> bar foo baz</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 106 | <Brackets1>(</Brackets1><Statements>classorder</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Name Statements>unordered</Type Name Statements><Normal Text> bar foo baz</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
107 | <Normal Text></Normal Text><br/> | 107 | <Normal Text></Normal Text><br/> | ||
108 | <Brackets1>(</Brackets1><Type Statements>classpermission</Type Statements><Normal Text> zygote_2</Normal Text><Brackets1>)</Brackets1><br/> | 108 | <Brackets1>(</Brackets1><Type Statements>classpermission</Type Statements><Normal Text> zygote_2</Normal Text><Brackets1>)</Brackets1><br/> | ||
109 | <Brackets1>(</Brackets1><Statements>classpermissionset</Statements><Normal Text> zygote_2 </Normal Text><Brackets2>(</Brackets2><Normal Text>zygote</Normal Text><br/> | 109 | <Brackets1>(</Brackets1><Statements>classpermissionset</Statements><Normal Text> zygote_2 </Normal Text><Brackets2>(</Brackets2><Normal Text>zygote</Normal Text><br/> | ||
110 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>and</Expression Keys><br/> | 110 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>and</Expression Keys><br/> | ||
111 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>all</Expression Keys><Brackets4>)</Brackets4><br/> | 111 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>all</Expression Keys><Brackets4>)</Brackets4><br/> | ||
112 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets5>(</Brackets5><Normal Text>specifyinvokewith specifyseinfo</Normal Text><Brackets5>)</Brackets5><Brackets4>)</Brackets4><br/> | 112 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets5>(</Brackets5><Normal Text>specifyinvokewith specifyseinfo</Normal Text><Brackets5>)</Brackets5><Brackets4>)</Brackets4><br/> | ||
113 | <Normal Text> </Normal Text><Brackets3>)</Brackets3><br/> | 113 | <Normal Text> </Normal Text><Brackets3>)</Brackets3><br/> | ||
114 | <Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 114 | <Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
115 | <Normal Text></Normal Text><br/> | 115 | <Normal Text></Normal Text><br/> | ||
116 | <Brackets1>(</Brackets1><Statements>permissionx</Statements><Normal Text> ioctl_3 </Normal Text><Brackets2>(</Brackets2><Type Name>ioctl</Type Name><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hex>0x8000</Hex><Normal Text> </Normal Text><Hex>0x90FF</Hex><Brackets4>)</Brackets4><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets5>(</Brackets5><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hex>0x8100</Hex><Normal Text> </Normal Text><Hex>0x82FF</Hex><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 116 | <Brackets1>(</Brackets1><Statements>permissionx</Statements><Normal Text> ioctl_3 </Normal Text><Brackets2>(</Brackets2><Type Name Statements>ioctl</Type Name Statements><Normal Text> tcp_socket </Normal Text><Brackets3>(</Brackets3><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x8000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x90FF</Hexadecimal><Brackets4>)</Brackets4><Normal Text> </Normal Text><Brackets4>(</Brackets4><Expression Keys>not</Expression Keys><Normal Text> </Normal Text><Brackets5>(</Brackets5><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x8100</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x82FF</Hexadecimal><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
117 | <Brackets1>(</Brackets1><Type Statements>boolean</Type Statements><Normal Text> disableAudioCapture </Normal Text><Booleans>false</Booleans><Brackets1>)</Brackets1><br/> | 117 | <Brackets1>(</Brackets1><Type Statements>boolean</Type Statements><Normal Text> disableAudioCapture </Normal Text><Booleans>false</Booleans><Brackets1>)</Brackets1><br/> | ||
118 | <Brackets1>(</Brackets1><Statements>booleanif</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> disableAudio</Normal Text><Brackets3>)</Brackets3><Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> disableAudioCapture</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 118 | <Brackets1>(</Brackets1><Statements>booleanif</Statements><Normal Text> </Normal Text><Brackets2>(</Brackets2><Expression Keys>and</Expression Keys><Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> disableAudio</Normal Text><Brackets3>)</Brackets3><Normal Text> </Normal Text><Brackets3>(</Brackets3><Expression Keys>not</Expression Keys><Normal Text> disableAudioCapture</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
119 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Booleans>true</Booleans><br/> | 119 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Booleans>true</Booleans><br/> | ||
120 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Access Keys>allow</Access Keys><Normal Text> process mediaserver.audio_capture_device </Normal Text><Brackets4>(</Brackets4><Normal Text>chr_file_set </Normal Text><Brackets5>(</Brackets5><Normal Text>rw_file_perms</Normal Text><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><br/> | 120 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Access Keys>allow</Access Keys><Normal Text> process mediaserver.audio_capture_device </Normal Text><Brackets4>(</Brackets4><Normal Text>chr_file_set </Normal Text><Brackets5>(</Brackets5><Normal Text>rw_file_perms</Normal Text><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><br/> | ||
121 | <Normal Text> </Normal Text><Brackets2>)</Brackets2><br/> | 121 | <Normal Text> </Normal Text><Brackets2>)</Brackets2><br/> | ||
122 | <Brackets1>)</Brackets1><br/> | 122 | <Brackets1>)</Brackets1><br/> | ||
123 | <Brackets1>(</Brackets1><Type Statements>tunable</Type Statements><Normal Text> range_trans_rule </Normal Text><Booleans>false</Booleans><Brackets1>)</Brackets1><br/> | 123 | <Brackets1>(</Brackets1><Type Statements>tunable</Type Statements><Normal Text> range_trans_rule </Normal Text><Booleans>false</Booleans><Brackets1>)</Brackets1><br/> | ||
124 | <Normal Text></Normal Text><br/> | 124 | <Normal Text></Normal Text><br/> | ||
125 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> init</Normal Text><br/> | 125 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> init</Normal Text><br/> | ||
126 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>class</Type Statements><Normal Text> process </Normal Text><Brackets3>(</Brackets3><Normal Text>process</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | 126 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>class</Type Statements><Normal Text> process </Normal Text><Brackets3>(</Brackets3><Normal Text>process</Normal Text><Brackets3>)</Brackets3><Brackets2>)</Brackets2><br/> | ||
127 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> process</Normal Text><Brackets2>)</Brackets2><br/> | 127 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>type</Type Statements><Normal Text> process</Normal Text><Brackets2>)</Brackets2><br/> | ||
128 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>tunableif</Statements><Normal Text> range_trans_rule</Normal Text><br/> | 128 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>tunableif</Statements><Normal Text> range_trans_rule</Normal Text><br/> | ||
129 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Booleans>true</Booleans><br/> | 129 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Booleans>true</Booleans><br/> | ||
130 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Statements>rangetransition</Statements><Normal Text> process sshd.exec process low_high</Normal Text><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 130 | <Normal Text> </Normal Text><Brackets4>(</Brackets4><Statements>rangetransition</Statements><Normal Text> process sshd.exec process low_high</Normal Text><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
131 | <Normal Text></Normal Text><br/> | 131 | <Normal Text></Normal Text><br/> | ||
132 | <Brackets1>(</Brackets1><Statements>validatetrans</Statements><Normal Text> file </Normal Text><Brackets2>(</Brackets2><Expression Keys>eq</Expression Keys><Normal Text> </Normal Text><Other Keywords>t1</Other Keywords><Normal Text> unconfined.process</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 132 | <Brackets1>(</Brackets1><Statements>validatetrans</Statements><Normal Text> file </Normal Text><Brackets2>(</Brackets2><Expression Keys>eq</Expression Keys><Normal Text> </Normal Text><Other Keywords>t1</Other Keywords><Normal Text> unconfined.process</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
133 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> ext_gateway</Normal Text><br/> | 133 | <Brackets1>(</Brackets1><Type Statements>block</Type Statements><Normal Text> ext_gateway</Normal Text><br/> | ||
134 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>optional</Type Statements><Normal Text> move_file</Normal Text><br/> | 134 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Type Statements>optional</Type Statements><Normal Text> move_file</Normal Text><br/> | ||
135 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Statements>typetransition</Statements><Normal Text> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file</Normal Text><Brackets3>)</Brackets3><br/> | 135 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Statements>typetransition</Statements><Normal Text> process msg_filter.move_file.in_queue file msg_filter.move_file.in_file</Normal Text><Brackets3>)</Brackets3><br/> | ||
136 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Access Keys>allow</Access Keys><Normal Text> process msg_filter.move_file.in_queue </Normal Text><Brackets4>(</Brackets4><Normal Text>dir </Normal Text><Brackets5>(</Brackets5><Permissions>read</Permissions><Normal Text> </Normal Text><Permissions>getattr</Permissions><Normal Text> </Normal Text><Permissions>write</Permissions><Normal Text> </Normal Text><Permissions>search</Permissions><Normal Text> </Normal Text><Permissions>add_name</Permissions><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 136 | <Normal Text> </Normal Text><Brackets3>(</Brackets3><Access Keys>allow</Access Keys><Normal Text> process msg_filter.move_file.in_queue </Normal Text><Brackets4>(</Brackets4><Normal Text>dir </Normal Text><Brackets5>(</Brackets5><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><AV Permissions>getattr</AV Permissions><Normal Text> </Normal Text><AV Permissions>write</AV Permissions><Normal Text> </Normal Text><AV Permissions>search</AV Permissions><Normal Text> </Normal Text><AV Permissions>add_name</AV Permissions><Brackets5>)</Brackets5><Brackets4>)</Brackets4><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
137 | <Normal Text></Normal Text><br/> | 137 | <Normal Text></Normal Text><br/> | ||
138 | <Brackets1>(</Brackets1><Type Statements>context</Type Statements><Normal Text> runas_exec_context </Normal Text><Brackets2>(</Brackets2><Normal Text>u </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> exec low_low</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | 138 | <Brackets1>(</Brackets1><Type Statements>context</Type Statements><Normal Text> runas_exec_context </Normal Text><Brackets2>(</Brackets2><Normal Text>u </Normal Text><Other Keywords>object_r</Other Keywords><Normal Text> exec low_low</Normal Text><Brackets2>)</Brackets2><Brackets1>)</Brackets1><br/> | ||
139 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets1>)</Brackets1><br/> | 139 | <Brackets1>(</Brackets1><Statements>filecon</Statements><Normal Text> </Normal Text><Text Quoted>"/system/bin/run-as"</Text Quoted><Normal Text> </Normal Text><Types>file</Types><Normal Text> runas_exec_context</Normal Text><Brackets1>)</Brackets1><br/> | ||
140 | <Normal Text></Normal Text><br/> | 140 | <Normal Text></Normal Text><br/> | ||
141 | <Brackets1>(</Brackets1><Statements>in</Statements><Normal Text> file</Normal Text><br/> | 141 | <Brackets1>(</Brackets1><Statements>in</Statements><Normal Text> file</Normal Text><br/> | ||
142 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>genfscon</Statements><Normal Text> </Normal Text><Other Keywords>rootfs</Other Keywords><Normal Text> </Normal Text><Path>/</Path><Normal Text> rootfs_context</Normal Text><Brackets2>)</Brackets2><br/> | 142 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>rootfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> rootfs_context</Normal Text><Brackets2>)</Brackets2><br/> | ||
143 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>genfscon</Statements><Normal Text> </Normal Text><Other Keywords>selinuxfs</Other Keywords><Normal Text> </Normal Text><Path>/</Path><Normal Text> selinuxfs_context</Normal Text><Brackets2>)</Brackets2><br/> | 143 | <Normal Text> </Normal Text><Brackets2>(</Brackets2><Statements>genfscon</Statements><Normal Text> </Normal Text><Filesystem>selinuxfs</Filesystem><Normal Text> </Normal Text><Path>/</Path><Normal Text> selinuxfs_context</Normal Text><Brackets2>)</Brackets2><br/> | ||
144 | <Brackets1>)</Brackets1><br/> | 144 | <Brackets1>)</Brackets1><br/> | ||
145 | <Normal Text></Normal Text><br/> | ||||
146 | <Comment>; ioctl & call</Comment><br/> | ||||
147 | <Brackets1>(</Brackets1><Access Keys>allowx</Access Keys><Normal Text> x bin_t </Normal Text><Brackets2>(</Brackets2><Type Name Statements>ioctl</Type Name Statements><Normal Text> policy.file </Normal Text><Brackets3>(</Brackets3><Expression Keys>range</Expression Keys><Normal Text> </Normal Text><Hexadecimal>0x1000</Hexadecimal><Normal Text> </Normal Text><Hexadecimal>0x11FF</Hexadecimal><Brackets3>)</Brackets3><Brackets2>)</Brackets2><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; ioctl kind</Comment><br/> | ||||
148 | <Brackets1>(</Brackets1><Type Name Statements>ioctl</Type Name Statements><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><br/> | ||||
149 | <Normal Text> </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; kind or permission?</Comment><br/> | ||||
150 | <Brackets1>(</Brackets1><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; ioctl permission</Comment><br/> | ||||
151 | <Brackets1>(</Brackets1><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><Brackets1>)</Brackets1><br/> | ||||
152 | <Brackets1>(</Brackets1><Statements>call</Statements><Normal Text> </Normal Text><AV Permissions>ioctl</AV Permissions><Normal Text> </Normal Text><AV Permissions>read</AV Permissions><Normal Text> </Normal Text><Android AV Permissions>find</Android AV Permissions><Normal Text> </Normal Text><AV Permissions>connectto</AV Permissions><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; statement or permission?</Comment><br/> | ||||
153 | <Brackets1>(</Brackets1><Normal Text> </Normal Text><AV Permissions>call</AV Permissions><Normal Text> </Normal Text><Brackets1>)</Brackets1><Normal Text> </Normal Text><Comment>; call permission</Comment><br/> |