sepolicy/file_contexts/chromeos_file_contexts - mirrors/cros/chromiumos/platform2 - Git at Google

 # Chrome OS file contexts.
 /sbin/init                      u:object_r:chromeos_init_exec:s0
 /sbin/crash_reporter            u:object_r:cros_crash_reporter_exec:s0

 /usr/bin/shill                  u:object_r:cros_shill_exec:s0

 /var/log/messages               u:object_r:cros_syslog:s0

 # /opt/google
 /opt/google/chrome/chrome       u:object_r:chrome_browser_exec:s0

 # /etc
 /etc/init(/.*)?                 u:object_r:cros_init_conf_file:s0

 # These files are mounted into the mini-container before real /data, /cache are
 # available.
 /opt/google/containers/android/rootfs/android-data/cache                   u:object_r:cache_file:s0
 /opt/google/containers/android/rootfs/android-data/data                    u:object_r:system_data_file:s0
 /opt/google/containers/android/rootfs/android-data/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0

 # All the following files are created dynamically and need to be labeled at
 # runtime.

 has_arc(`
 /run/arc/cmdline.android        u:object_r:is_arc_nyc(proc, proc_cmdline):s0
 ')

 /run/arc/sdcard(/.*)?           u:object_r:storage_file:s0

 /run/arc/debugfs                           u:object_r:debugfs:s0

 /sys/kernel/debug(/.*)?                    u:object_r:debugfs:s0
 /sys/kernel/debug/tracing(/.*)?            u:object_r:debugfs_tracing:s0
 /sys/kernel/debug/tracing/trace_marker     u:object_r:debugfs_trace_marker:s0
 /sys/kernel/debug/sync(/.*)?               u:object_r:debugfs_sync:s0
 /sys/kernel/debug/sync/sw_sync             u:object_r:debugfs_sw_sync:s0

 /sys/devices/system/cpu(/.*)?                                   u:object_r:sysfs_devices_system_cpu:s0
 # Use u:object_r:sysfs:s0 for writable files to disallow regular apps to
 # access them.
 /sys/devices/system/cpu/cpufreq/ondemand/ignore_nice_load       u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/ondemand/io_is_busy             u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/ondemand/powersave_bias         u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor   u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/ondemand/sampling_rate          u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/ondemand/up_threshold           u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/cpb                u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/stats/reset        u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?hotplug/fail               u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?hotplug/target             u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/async                u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/autosuspend_delay_ms u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/control              u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/pm_qos_resume_latency_us     u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?uevent                     u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?above_hispeed_delay u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boost               u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boostpulse          u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boostpulse_duration u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?go_hispeed_load     u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?hispeed_freq        u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?io_is_busy          u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?min_sample_time     u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?target_loads        u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?timer_rate          u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?timer_slack         u:object_r:sysfs:s0
 /sys/devices/system/cpu/(cpu[0-9]+/)?cpuidle/(state[0-9]+/)?disable             u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_governor      u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_max_freq      u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_min_freq      u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_setspeed      u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpu[0-9]+/cpuidle/state[0-9]+/disable   u:object_r:sysfs:s0
 # For Intel
 /sys/devices/system/cpu/intel_pstate/max_perf_pct               u:object_r:sysfs:s0
 /sys/devices/system/cpu/intel_pstate/min_perf_pct               u:object_r:sysfs:s0
 /sys/devices/system/cpu/intel_pstate/no_turbo                   u:object_r:sysfs:s0
 /sys/devices/system/cpu/microcode/reload                        u:object_r:sysfs:s0
 # For ARM
 /sys/devices/system/cpu/cpu[0-9]+/online                        u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_governor   u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_max_freq   u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_min_freq   u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_setspeed   u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/sched/down_throttle_nsec u:object_r:sysfs:s0
 /sys/devices/system/cpu/cpufreq/policy[0-9]+/sched/up_throttle_nsec   u:object_r:sysfs:s0

 # Chrome OS shared memory files.
 /dev/shm(/.*)?                  u:object_r:cros_shm:s0
 /dev/console                    u:object_r:console_device:s0

 is_arc_nyc(`
 # Label /dev/bus/usb/NNN/MMM
 # (USB device nodes passed by Chrome / permission broker)
 /dev/bus/usb(/.*)?              u:object_r:usb_device:s0
 ')


 (/usr)?/lib64(/.*)?                    u:object_r:cros_system_file:s0
 (/usr)?/lib(/.*)?                      u:object_r:cros_system_file:s0

 # Downloads files
 /home/chronos/user/Downloads(/.*)*   u:object_r:cros_downloads_file:s0
	# Chrome OS file contexts.
	/sbin/init u:object_r:chromeos_init_exec:s0
	/sbin/crash_reporter u:object_r:cros_crash_reporter_exec:s0

	/usr/bin/shill u:object_r:cros_shill_exec:s0

	/var/log/messages u:object_r:cros_syslog:s0

	# /opt/google
	/opt/google/chrome/chrome u:object_r:chrome_browser_exec:s0

	# /etc
	/etc/init(/.*)? u:object_r:cros_init_conf_file:s0

	# These files are mounted into the mini-container before real /data, /cache are
	# available.
	/opt/google/containers/android/rootfs/android-data/cache u:object_r:cache_file:s0
	/opt/google/containers/android/rootfs/android-data/data u:object_r:system_data_file:s0
	/opt/google/containers/android/rootfs/android-data/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0

	# All the following files are created dynamically and need to be labeled at
	# runtime.

	has_arc(`
	/run/arc/cmdline.android u:object_r:is_arc_nyc(proc, proc_cmdline):s0
	')

	/run/arc/sdcard(/.*)? u:object_r:storage_file:s0

	/run/arc/debugfs u:object_r:debugfs:s0

	/sys/kernel/debug(/.*)? u:object_r:debugfs:s0
	/sys/kernel/debug/tracing(/.*)? u:object_r:debugfs_tracing:s0
	/sys/kernel/debug/tracing/trace_marker u:object_r:debugfs_trace_marker:s0
	/sys/kernel/debug/sync(/.*)? u:object_r:debugfs_sync:s0
	/sys/kernel/debug/sync/sw_sync u:object_r:debugfs_sw_sync:s0

	/sys/devices/system/cpu(/.*)? u:object_r:sysfs_devices_system_cpu:s0
	# Use u:object_r:sysfs:s0 for writable files to disallow regular apps to
	# access them.
	/sys/devices/system/cpu/cpufreq/ondemand/ignore_nice_load u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/ondemand/io_is_busy u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/ondemand/powersave_bias u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/ondemand/sampling_rate u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/ondemand/up_threshold u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/cpb u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/stats/reset u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?hotplug/fail u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?hotplug/target u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/async u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/autosuspend_delay_ms u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/control u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?power/pm_qos_resume_latency_us u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?(cache/)?(index[0-9]+/)?uevent u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?above_hispeed_delay u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boost u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boostpulse u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?boostpulse_duration u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?go_hispeed_load u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?hispeed_freq u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?io_is_busy u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?min_sample_time u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?target_loads u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?timer_rate u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpufreq/(interactive/)?timer_slack u:object_r:sysfs:s0
	/sys/devices/system/cpu/(cpu[0-9]+/)?cpuidle/(state[0-9]+/)?disable u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_governor u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_max_freq u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_min_freq u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpu[0-9]+/cpufreq/scaling_setspeed u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpu[0-9]+/cpuidle/state[0-9]+/disable u:object_r:sysfs:s0
	# For Intel
	/sys/devices/system/cpu/intel_pstate/max_perf_pct u:object_r:sysfs:s0
	/sys/devices/system/cpu/intel_pstate/min_perf_pct u:object_r:sysfs:s0
	/sys/devices/system/cpu/intel_pstate/no_turbo u:object_r:sysfs:s0
	/sys/devices/system/cpu/microcode/reload u:object_r:sysfs:s0
	# For ARM
	/sys/devices/system/cpu/cpu[0-9]+/online u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_governor u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_max_freq u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_min_freq u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/scaling_setspeed u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/sched/down_throttle_nsec u:object_r:sysfs:s0
	/sys/devices/system/cpu/cpufreq/policy[0-9]+/sched/up_throttle_nsec u:object_r:sysfs:s0

	# Chrome OS shared memory files.
	/dev/shm(/.*)? u:object_r:cros_shm:s0
	/dev/console u:object_r:console_device:s0

	is_arc_nyc(`
	# Label /dev/bus/usb/NNN/MMM
	# (USB device nodes passed by Chrome / permission broker)
	/dev/bus/usb(/.*)? u:object_r:usb_device:s0
	')


	(/usr)?/lib64(/.*)? u:object_r:cros_system_file:s0
	(/usr)?/lib(/.*)? u:object_r:cros_system_file:s0

	# Downloads files
	/home/chronos/user/Downloads(/.) u:object_r:cros_downloads_file:s0