Update language to comply with Android's inclusive language guidance …

…am: a0e7a6d am: bf4ffe3

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1382607

Change-Id: Ie620bda6a353f992c6901ba4399e403827005826

prebuilts/api/26.0/private/app.te

@@ -494,7 +494,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -515,7 +515,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/26.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/26.0/private/incidentd.te

@@ -66,7 +66,7 @@ allow incidentd shell_exec:file rx_file_perms;
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/26.0/private/system_server.te

@@ -50,7 +50,7 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
@@ -92,7 +92,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/26.0/public/domain.te

@@ -195,19 +195,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -223,7 +223,7 @@ allow { domain -domain } vndservice_manager_type:service_manager { add find };
 ### neverallow rules
 ###
 
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
 # TIOCSTI is only ever used for exploits. Block it.
@@ -234,7 +234,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init or recovery to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -243,7 +243,7 @@ neverallow {
   -vold
 } self:capability mknod;
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')
@@ -343,7 +343,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 #
 neverallow {
     domain
@@ -445,7 +445,7 @@ neverallow { domain -init } default_prop:property_service set;
 neverallow { domain -init } mmc_prop:property_service set;
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -668,7 +668,7 @@ full_treble_only(`
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {
@@ -722,7 +722,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -923,7 +923,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/26.0/public/hal_wifi_supplicant.te

@@ -5,7 +5,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
 allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/26.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/26.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/27.0/private/app.te

@@ -512,7 +512,7 @@ neverallow appdomain {
   tmpfs
 }:lnk_file no_w_file_perms;
 
-# Blacklist app domains not allowed to execute from /data
+# Denylist app domains not allowed to execute from /data
 neverallow {
   bluetooth
   isolated_app
@@ -533,7 +533,7 @@ neverallow {
   -shell # bugreport
 } input_device:chr_file ~getattr;
 
-# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# Do not allow access to Bluetooth-related system properties except for a few allowlisted domains.
 # neverallow rules for access to Bluetooth-related data files are above.
 neverallow {
   appdomain

prebuilts/api/27.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/27.0/private/incidentd.te

@@ -66,7 +66,7 @@ allow incidentd shell_exec:file rx_file_perms;
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/27.0/private/isolated_app.te

@@ -74,7 +74,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/27.0/private/system_server.te

@@ -50,7 +50,7 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
 
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
-# in addition to ioctls whitelisted for all domains, also allow system_server
+# in addition to ioctls allowlisted for all domains, also allow system_server
 # to use privileged ioctls commands. Needed to set up VPNs.
 allowxperm system_server self:udp_socket ioctl priv_sock_ioctls;
 bluetooth_domain(system_server)
@@ -95,7 +95,7 @@ allow system_server config_gz:file { read open };
 # Use generic "sockets" where the address family is not known
 # to the kernel. The ioctl permission is specifically omitted here, but may
 # be added to device specific policy along with the ioctl commands to be
-# whitelisted.
+# allowlisted.
 allow system_server self:socket create_socket_perms_no_ioctl;
 
 # Set and get routes directly via netlink.

prebuilts/api/27.0/public/domain.te

@@ -195,19 +195,19 @@ allow domain debugfs_trace_marker:file w_file_perms;
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;
 
-# Restrict all domains to a whitelist for common socket types. Additional
+# Restrict all domains to a allowlist for common socket types. Additional
 # ioctl commands may be added to individual domains, but this sets safe
-# defaults for all processes. Note that granting this whitelist to domain does
+# defaults for all processes. Note that granting this allowlist to domain does
 # not grant the ioctl permission on these socket types. That must be granted
 # separately.
 allowxperm domain domain:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-# default whitelist for unix sockets.
+# default allowlist for unix sockets.
 allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
   ioctl unpriv_unix_sock_ioctls;
 
-# Restrict PTYs to only whitelisted ioctls.
-# Note that granting this whitelist to domain does
+# Restrict PTYs to only allowlisted ioctls.
+# Note that granting this allowlist to domain does
 # not grant the wider ioctl permission. That must be granted
 # separately.
 allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls;
@@ -226,7 +226,7 @@ with_asan(`allow domain system_data_file:dir getattr;')
 ### neverallow rules
 ###
 
-# All socket ioctls must be restricted to a whitelist.
+# All socket ioctls must be restricted to a allowlist.
 neverallowxperm domain domain:socket_class_set ioctl { 0 };
 
 # TIOCSTI is only ever used for exploits. Block it.
@@ -237,7 +237,7 @@ neverallowxperm * devpts:chr_file ioctl TIOCSTI;
 # Do not allow any domain other than init or recovery to create unlabeled files.
 neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 
-# Limit device node creation to these whitelisted domains.
+# Limit device node creation to these allowlisted domains.
 neverallow {
   domain
   -kernel
@@ -246,7 +246,7 @@ neverallow {
   -vold
 } self:capability mknod;
 
-# Limit raw I/O to these whitelisted domains. Do not apply to debug builds.
+# Limit raw I/O to these allowlisted domains. Do not apply to debug builds.
 neverallow {
   domain
   userdebug_or_eng(`-domain')
@@ -347,7 +347,7 @@ neverallow { domain -kernel -init -recovery -vold -zygote -update_engine -otapre
 
 #
 # Assert that, to the extent possible, we're not loading executable content from
-# outside the rootfs or /system partition except for a few whitelisted domains.
+# outside the rootfs or /system partition except for a few allowlisted domains.
 #
 neverallow {
     domain
@@ -448,7 +448,7 @@ neverallow { domain -init } default_prop:property_service set;
 neverallow { domain -init } mmc_prop:property_service set;
 
 # Do not allow reading device's serial number from system properties except form
-# a few whitelisted domains.
+# a few allowlisted domains.
 neverallow {
   domain
   -adbd
@@ -664,7 +664,7 @@ full_treble_only(`
 ')
 
 # On TREBLE devices, a limited set of files in /vendor are accessible to
-# only a few whitelisted coredomains to keep system/vendor separation.
+# only a few allowlisted coredomains to keep system/vendor separation.
 full_treble_only(`
     # Limit access to /vendor/app
     neverallow {
@@ -718,7 +718,7 @@ full_treble_only(`
     } vendor_shell_exec:file { execute execute_no_trans };
 
     # Do not allow vendor components to execute files from system
-    # except for the ones whitelist here.
+    # except for the ones allowlist here.
     neverallow {
         domain
         -coredomain
@@ -916,7 +916,7 @@ neverallow {
 
 # In addition to the symlink reading restrictions above, restrict
 # write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-whitelisted domains should
+# directory is untrustworthy, and non-allowlisted domains should
 # not be trusting any content in those directories.
 neverallow {
   domain

prebuilts/api/27.0/public/hal_wifi_supplicant.te

@@ -5,7 +5,7 @@ binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
 allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
 
-# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(hal_wifi_supplicant, sysfs_type)

prebuilts/api/27.0/public/netd.te

@@ -3,7 +3,7 @@ type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 net_domain(netd)
-# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls.
+# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
 
 r_dir_file(netd, cgroup)

prebuilts/api/27.0/public/vendor_toolbox.te

@@ -7,7 +7,7 @@ type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
-    # to vendor toolbox except for the whitelisted domains.
+    # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init

prebuilts/api/28.0/private/domain.te

@@ -4,7 +4,7 @@ domain_auto_trans(domain, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
-# with other UIDs to these whitelisted domains.
+# with other UIDs to these allowlisted domains.
 neverallow {
   domain
   -vold

prebuilts/api/28.0/private/incidentd.te

@@ -115,7 +115,7 @@ userdebug_or_eng(`read_logd(incidentd)')
 # TODO control_logd(incidentd)
 
 # Allow incidentd to find these standard groups of services.
-# Others can be whitelisted individually.
+# Others can be allowlisted individually.
 allow incidentd {
   system_server_service
   app_api_service

prebuilts/api/28.0/private/isolated_app.te

@@ -77,7 +77,7 @@ neverallow isolated_app *:hwservice_manager *;
 neverallow isolated_app vndbinder_device:chr_file *;
 
 # Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services whitelisted below.
+# except the find actions for services allowlisted below.
 neverallow isolated_app *:service_manager ~find;
 
 # b/17487348

prebuilts/api/28.0/private/perfetto.te

@@ -1,5 +1,5 @@
 # Perfetto command-line client. Can be used only from the domains that are
-# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
+# explicitly allowlisted with a domain_auto_trans(X, perfetto_exec, perfetto).
 # This command line client accesses the privileged socket of the traced
 # daemon.