path: root/shared/sepolicy/vendor/file_contexts

##########################
# Devices
#

/dev/block/by-name/misc u:object_r:misc_block_device:s0
/dev/block/by-name/boot_[ab] u:object_r:boot_block_device:s0
/dev/block/by-name/init_boot_[ab] u:object_r:boot_block_device:s0
/dev/block/by-name/vendor_boot_[ab] u:object_r:boot_block_device:s0
/dev/block/by-name/vbmeta_[ab] u:object_r:ab_block_device:s0
/dev/block/by-name/vbmeta_system_[ab] u:object_r:ab_block_device:s0
/dev/block/by-name/vbmeta_vendor_dlkm_[ab] u:object_r:ab_block_device:s0
/dev/block/by-name/vbmeta_system_dlkm_[ab] u:object_r:ab_block_device:s0
/dev/block/by-name/super u:object_r:super_block_device:s0
/dev/block/by-name/userdata u:object_r:userdata_block_device:s0
/dev/block/by-name/metadata u:object_r:metadata_block_device:s0

/dev/block/by-name/frp  u:object_r:frp_block_device:s0

/dev/block/zram0  u:object_r:swap_block_device:s0
# /dev/hvc0 is only used by the kernel directly
/dev/hvc1  u:object_r:serial_device:s0
# /dev/hvc2 handled in seriallogging/file_contexts
/dev/hvc3  u:object_r:keymaster_device:s0
/dev/hvc4  u:object_r:gatekeeper_device:s0

# hvc8 for confirmation UI
/dev/hvc8  u:object_r:confirmationui_device:s0

# hvc9 for uwb
/dev/hvc9  u:object_r:uwb_device:s0

# hvc10 for oemlock
/dev/hvc10  u:object_r:oemlock_device:s0

# hvc11 for keymint / Rust
/dev/hvc11  u:object_r:keymint_device:s0

# hvc12 for NFC
/dev/hvc12  u:object_r:nfc_device:s0

# hvc13 for Sensors
/dev/hvc13  u:object_r:sensors_device:s0

# hvc14 for MCU control
/dev/hvc14  u:object_r:mcu_control_device:s0
# hvc14 for MCU UART
/dev/hvc15  u:object_r:mcu_uart_device:s0

# ARM serial console device
/dev/ttyAMA[0-9]*  u:object_r:serial_device:s0

#############################
# data files
/data/vendor/mediadrm(/.*)?  u:object_r:mediadrm_vendor_data_file:s0

#############################
# sys files
# x86
/sys/devices/pci0000:00/0000:00:[0-9a-fA-F]{2}\.[0-7]/virtio[0-9]+/net(/.*)? u:object_r:sysfs_net:s0
/sys/devices/pci0000:00/0000:00:[0-9a-fA-F]{2}\.[0-7]/virtio[0-9]+/(block|ndbus[0-9]+)(/.*)? u:object_r:sysfs_devices_block:s0
# crosvm (arm64)
/sys/devices/platform/10000.pci/pci0000:00/0000:00:[0-9a-fA-F]{2}\.[0-7]/virtio[0-9]+/net(/.*)? u:object_r:sysfs_net:s0
/sys/devices/platform/10000.pci/pci0000:00/0000:00:[0-9a-fA-F]{2}\.[0-7]/virtio[0-9]+/(block|ndbus[0-9]+)(/.*)? u:object_r:sysfs_devices_block:s0
# qemu (x86)
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00(/device:[0-9a-fA-F]{2})?/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
# crosvm (x86)
/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00(/device:[0-9a-fA-F]{2})?/wakeup/wakeup[0-9]+(/.*)? u:object_r:sysfs_wakeup:s0
# qemu (aarch64)
/sys/devices/platform/4010000000.pcie/pci0000:00/0000:00:[0-9a-fA-F]{2}.0/virtio[0-9]+/net u:object_r:sysfs_net:s0
/sys/devices/platform/4010000000.pcie/pci0000:00/0000:00:[0-9a-fA-F]{2}.0/virtio[0-9]+/(block|ndbus[0-9]+)(/.*)? u:object_r:sysfs_devices_block:s0
# qemu (arm)
/sys/devices/platform/3f000000.pcie/pci0000:00/0000:00:[0-9a-fA-F]{2}.0/virtio[0-9]+/net u:object_r:sysfs_net:s0
/sys/devices/platform/3f000000.pcie/pci0000:00/0000:00:[0-9a-fA-F]{2}.0/virtio[0-9]+/(block|ndbus[0-9]+)(/.*)? u:object_r:sysfs_devices_block:s0
# qemu (riscv64)
/sys/devices/platform/soc/30000000.pci/pci0000:00/0000:00:[0-9a-fA-F]{2}.0/virtio[0-9]+/(block|ndbus[0-9]+)(/.*)? u:object_r:sysfs_devices_block:s0

# virtio-gpu
# VMM is configured to always assign the GPU to PCI address 00:02.0 (if present).
# LINT.IfChange(virtio_gpu_pci_address)
/sys/devices/(.*/)?pci0000:00/0000:00:02.0/device(/.*)?           u:object_r:sysfs_gpu:s0
/sys/devices/(.*/)?pci0000:00/0000:00:02.0/subsystem_device(/.*)? u:object_r:sysfs_gpu:s0
/sys/devices/(.*/)?pci0000:00/0000:00:02.0/subsystem_vendor(/.*)? u:object_r:sysfs_gpu:s0
/sys/devices/(.*/)?pci0000:00/0000:00:02.0/uevent(/.*)?           u:object_r:sysfs_gpu:s0
/sys/devices/(.*/)?pci0000:00/0000:00:02.0/vendor(/.*)?           u:object_r:sysfs_gpu:s0
# LINT.ThenChange(../../../host/libs/vm_manager/vm_manager.h:virtio_gpu_pci_address)

#############################
# Vendor files
#
/vendor/bin/mac80211_create_radios u:object_r:mac80211_create_radios_exec:s0
/vendor/bin/socket_vsock_proxy  u:object_r:socket_vsock_proxy_exec:s0
/vendor/bin/rename_netiface  u:object_r:rename_netiface_exec:s0
/vendor/bin/suspend_blocker  u:object_r:suspend_blocker_exec:s0
/vendor/bin/metrics_helper   u:object_r:metrics_helper_exec:s0
/vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock  u:object_r:hal_power_stats_default_exec:s0
/vendor/bin/hw/android\.hardware\.audio\.service u:object_r:hal_audio_cuttlefish_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub@1\.2-service\.mock  u:object_r:hal_contexthub_default_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey  u:object_r:hal_drm_clearkey_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.clearkey  u:object_r:hal_drm_clearkey_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.widevine  u:object_r:hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.drm-service\.widevine  u:object_r:hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service-lazy\.widevine  u:object_r:hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.software  u:object_r:hal_gatekeeper_default_exec:s0
/vendor/bin/hw/android\.hardware\.health-service\.cuttlefish u:object_r:hal_health_default_exec:s0
/vendor/bin/hw/android\.hardware\.health\.storage-service\.cuttlefish u:object_r:hal_health_storage_default_exec:s0
/vendor/bin/hw/android\.hardware\.lights-service\.cuttlefish u:object_r:hal_light_cuttlefish_exec:s0
/vendor/bin/hw/android\.hardware\.neuralnetworks-shim-service-sample   u:object_r:hal_neuralnetworks_sample_exec:s0
/vendor/bin/hw/android\.hardware\.neuralnetworks-service-sample-.*   u:object_r:hal_neuralnetworks_sample_exec:s0
/vendor/bin/hw/android\.hardware\.nfc-service\.cuttlefish  u:object_r:hal_nfc_default_exec:s0
/vendor/bin/hw/android\.hardware\.net\.nlinterceptor-service\.default  u:object_r:hal_nlinterceptor_default_exec:s0
/vendor/bin/setup_wifi  u:object_r:setup_wifi_exec:s0
/vendor/bin/hw/android\.hardware\.input\.classifier@1\.0-service.default  u:object_r:hal_input_classifier_default_exec:s0
/vendor/bin/hw/android\.hardware\.input\.processor-service\.example  u:object_r:hal_input_processor_default_exec:s0
/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock  u:object_r:hal_thermal_default_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote  u:object_r:hal_keymint_remote_exec:s0
/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust  u:object_r:hal_keymint_rust_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote  u:object_r:hal_keymaster_remote_exec:s0
/vendor/bin/hw/android\.hardware\.gatekeeper-service.remote  u:object_r:hal_gatekeeper_remote_exec:s0
/vendor/bin/hw/android\.hardware\.confirmationui-service.cuttlefish  u:object_r:hal_confirmationui_cuttlefish_exec:s0
/vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0
/vendor/bin/hw/android\.hardware\.oemlock-service.remote  u:object_r:hal_oemlock_remote_exec:s0
/vendor/bin/hw/android\.hardware\.weaver-service.example u:object_r:hal_weaver_default_exec:s0
/vendor/bin/hw/android\.hardware\.authsecret@1\.0-service  u:object_r:hal_authsecret_default_exec:s0
/vendor/bin/hw/android\.hardware\.authsecret-service.example u:object_r:hal_authsecret_default_exec:s0
/vendor/bin/dlkm_loader  u:object_r:dlkm_loader_exec:s0
/vendor/bin/init\.wifi    u:object_r:init_wifi_sh_exec:s0

/vendor/lib(64)?/hw/android\.hardware\.health@2\.0-impl-2\.1-cuttlefish\.so  u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libcuttlefish_fs.so  u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/vsoc_lib.so  u:object_r:same_process_hal_file:s0