sepolicy/policy/base/genfs_contexts - mirrors/cros/chromiumos/platform2 - Git at Google

 # Label inodes with the fs label.
 genfscon rootfs / u:object_r:rootfs:s0

 # proc labeling.
 genfscon proc / u:object_r:proc:s0
 genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
 genfscon proc /cmdline u:object_r:proc_cmdline:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /filesystems u:object_r:proc_filesystems:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
 genfscon proc /loadavg u:object_r:proc_loadavg:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /diskstats u:object_r:proc_diskstats:s0
 genfscon proc /modules u:object_r:proc_modules:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /swaps u:object_r:proc_swaps:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
 genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
 genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
 genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
 genfscon proc /sys/net u:object_r:proc_net:s0
 genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
 genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
 genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
 genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uptime u:object_r:proc_uptime:s0
 genfscon proc /version u:object_r:proc_version:s0
 genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
 genfscon proc /vmstat u:object_r:proc_vmstat:s0
 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0

 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0

 # sysfs labeling
 genfscon sysfs / u:object_r:sysfs:s0
 genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
 genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0

 # debugfs labeling
 genfscon debugfs / u:object_r:debugfs:s0

 genfscon cgroup / u:object_r:cgroup:s0
 genfscon configfs / u:object_r:configfs:s0
 genfscon functionfs / u:object_r:functionfs:s0
 genfscon fuse / u:object_r:fuse:s0
 genfscon inotifyfs / u:object_r:inotify:s0
 genfscon pstore / u:object_r:pstorefs:s0
 genfscon tracefs / u:object_r:debugfs_tracing:s0
 genfscon usbfs / u:object_r:usbfs:s0
 genfscon vfat / u:object_r:vfat:s0
	# Label inodes with the fs label.
	genfscon rootfs / u:object_r:rootfs:s0

	# proc labeling.
	genfscon proc / u:object_r:proc:s0
	genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
	genfscon proc /cmdline u:object_r:proc_cmdline:s0
	genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
	genfscon proc /filesystems u:object_r:proc_filesystems:s0
	genfscon proc /interrupts u:object_r:proc_interrupts:s0
	genfscon proc /iomem u:object_r:proc_iomem:s0
	genfscon proc /kmsg u:object_r:proc_kmsg:s0
	genfscon proc /loadavg u:object_r:proc_loadavg:s0
	genfscon proc /meminfo u:object_r:proc_meminfo:s0
	genfscon proc /misc u:object_r:proc_misc:s0
	genfscon proc /diskstats u:object_r:proc_diskstats:s0
	genfscon proc /modules u:object_r:proc_modules:s0
	genfscon proc /net u:object_r:proc_net:s0
	genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
	genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
	genfscon proc /stat u:object_r:proc_stat:s0
	genfscon proc /swaps u:object_r:proc_swaps:s0
	genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
	genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
	genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
	genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
	genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
	genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
	genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
	genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
	genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
	genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
	genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
	genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
	genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
	genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
	genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
	genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
	genfscon proc /sys/net u:object_r:proc_net:s0
	genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
	genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
	genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
	genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
	genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
	genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
	genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
	genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
	genfscon proc /timer_list u:object_r:proc_timer:s0
	genfscon proc /timer_stats u:object_r:proc_timer:s0
	genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
	genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
	genfscon proc /uptime u:object_r:proc_uptime:s0
	genfscon proc /version u:object_r:proc_version:s0
	genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
	genfscon proc /vmstat u:object_r:proc_vmstat:s0
	genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0

	# selinuxfs booleans can be individually labeled.
	genfscon selinuxfs / u:object_r:selinuxfs:s0

	# sysfs labeling
	genfscon sysfs / u:object_r:sysfs:s0
	genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
	genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
	genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
	genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0

	# debugfs labeling
	genfscon debugfs / u:object_r:debugfs:s0

	genfscon cgroup / u:object_r:cgroup:s0
	genfscon configfs / u:object_r:configfs:s0
	genfscon functionfs / u:object_r:functionfs:s0
	genfscon fuse / u:object_r:fuse:s0
	genfscon inotifyfs / u:object_r:inotify:s0
	genfscon pstore / u:object_r:pstorefs:s0
	genfscon tracefs / u:object_r:debugfs_tracing:s0
	genfscon usbfs / u:object_r:usbfs:s0
	genfscon vfat / u:object_r:vfat:s0