Google Git
Sign in
fuchsia / fuchsia / dff369ec4bc7e59061a69d077f8d3fc515b37d15 / . / src / security / policy / build / verify_routes_exceptions_allowlist.json5
blob: e7eea56adb4e410f3a584cad83615b7cf7a0fba7 [file] [log] [blame]
[
// List of all directory capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
//
// Format:
// {
// capability_type: "directory",
// results: {
// errors: [ ...as other lists below... ]
// }
// },
{
capability_type: "directory",
results: {
errors: [
{
using_node: "/bootstrap",
capability: "bin",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "bin",
source_moniker: {
component_instance: "/bootstrap/fshost",
},
target_moniker: "/bootstrap",
},
},
},
},
},
message: "security policy disallows \"bin\" from \"/bootstrap/fshost\" being used at \"/bootstrap\"",
},
},
{
using_node: "/bootstrap",
capability: "build-info",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "build-info",
source_moniker: {
component_instance: "/bootstrap/fshost",
},
target_moniker: "/bootstrap",
},
},
},
},
},
message: "security policy disallows \"build-info\" from \"/bootstrap/fshost\" being used at \"/bootstrap\"",
},
},
{
using_node: "/bootstrap",
capability: "deprecated-misc-storage",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "deprecated-misc-storage",
source_moniker: {
component_instance: "/bootstrap/fshost",
},
target_moniker: "/bootstrap",
},
},
},
},
},
message: "security policy disallows \"deprecated-misc-storage\" from \"/bootstrap/fshost\" being used at \"/bootstrap\"",
},
},
{
using_node: "/bootstrap/fshost",
capability: "build-info",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "build-info",
source_moniker: {
component_instance: "/bootstrap/fshost",
},
target_moniker: "/bootstrap/fshost",
},
},
},
},
},
message: "security policy disallows \"build-info\" from \"/bootstrap/fshost\" being used at \"/bootstrap/fshost\"",
},
},
],
},
},
// List of all event capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
//
// This list is currently empty.
// List of all protocol capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
{
capability_type: "protocol",
results: {
errors: [
{
// TODO(fxbug.dev/86464): remove.
using_node: "/core/full-resolver",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/full-resolver",
capability_id: "fuchsia.pkg.PackageResolver",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/full-resolver` for `fuchsia.pkg.PackageResolver`, but no matching `offer` declaration was found in the parent",
},
},
{
// TODO(fxbug.dev/86464): remove.
using_node: "/core/full-resolver",
capability: "fuchsia.component.resolution.Resolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/full-resolver",
capability_id: "fuchsia.component.resolution.Resolver",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/full-resolver` for `fuchsia.component.resolution.Resolver`, but no matching `offer` declaration was found in the parent",
},
},
{
// TODO(fxbug.dev/86464): remove.
using_node: "/core/full-resolver",
capability: "fuchsia.logger.LogSink",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/full-resolver",
capability_id: "fuchsia.logger.LogSink",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/full-resolver` for `fuchsia.logger.LogSink`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/bootstrap/console-launcher",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/bootstrap/console-launcher",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/bootstrap/console-launcher\"",
},
},
{
using_node: "/bootstrap/driver_index",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/bootstrap/driver_index",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/bootstrap/driver_index\"",
},
},
{
using_node: "/bootstrap/driver_manager",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/bootstrap/driver_manager",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/bootstrap/driver_manager\"",
},
},
{
using_node: "/bootstrap/full_resolver",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/bootstrap/full_resolver",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/bootstrap/full_resolver\"",
},
},
{
using_node: "/bootstrap/netsvc",
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/bootstrap/netsvc",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/bootstrap/netsvc\"",
},
},
{
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/core",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/core\"",
},
using_node: "/core",
},
{
capability: "fuchsia.amber.Control",
error: {
error: {
analyzer_model_error: {
routing_error: {
expose_from_child_expose_not_found: {
capability_id: "fuchsia.amber.Control",
child_moniker: "appmgr",
moniker: "/core",
},
},
},
},
message: "An `expose from #appmgr` declaration was found at `/core` for `fuchsia.amber.Control`, but no matching `expose` declaration was found in the child",
},
using_node: "/core",
},
{
using_node: "/core/battery_manager",
capability: "fuchsia.hardware.power.Source",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/battery_manager",
capability_id: "fuchsia.hardware.power.Source",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/battery_manager` for `fuchsia.hardware.power.Source`, but no matching `offer` declaration was found in the parent",
},
},
{
capability: "fuchsia.kernel.RootJobForInspect",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.kernel.RootJobForInspect",
source_moniker: "component_manager",
target_moniker: "/core/mem",
},
},
},
},
},
message: "security policy disallows \"fuchsia.kernel.RootJobForInspect\" from \"<component_manager>\" being used at \"/core/mem\"",
},
using_node: "/core/mem",
},
{
using_node: "/core/system-metrics-logger",
capability: "fuchsia.device.Controller",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/system-metrics-logger",
capability_id: "fuchsia.device.Controller",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/system-metrics-logger` for `fuchsia.device.Controller`, but no matching `offer` declaration was found in the parent",
},
},
{
capability: "fuchsia.pkg.LocalMirror",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
capability_id: "fuchsia.pkg.LocalMirror",
moniker: "/core/pkg-resolver",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/pkg-resolver` for `fuchsia.pkg.LocalMirror`, but no matching `offer` declaration was found in the parent",
},
using_node: "/core/pkg-resolver",
},
{
capability: "fuchsia.pkg.PackageCache",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageCache",
source_moniker: {
component_instance: "/core/pkg-cache",
},
target_moniker: "/core/pkg-cache",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageCache\" from \"/core/pkg-cache\" being used at \"/core/pkg-cache\"",
},
using_node: "/core/pkg-cache",
},
{
capability: "fuchsia.pkg.PackageResolver",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.PackageResolver",
source_moniker: {
component_instance: "/core/pkg-resolver",
},
target_moniker: "/core/pkg-resolver",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.PackageResolver\" from \"/core/pkg-resolver\" being used at \"/core/pkg-resolver\"",
},
using_node: "/core/pkg-resolver",
},
{
capability: "fuchsia.pkg.RetainedPackages",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.pkg.RetainedPackages",
source_moniker: {
component_instance: "/core/pkg-cache",
},
target_moniker: "/core/pkg-cache",
},
},
},
},
},
message: "security policy disallows \"fuchsia.pkg.RetainedPackages\" from \"/core/pkg-cache\" being used at \"/core/pkg-cache\"",
},
using_node: "/core/pkg-cache",
},
{
using_node: "/core/temperature-logger",
capability: "fuchsia.device.Controller",
error: {
error: {
analyzer_model_error: {
routing_error: {
offer_from_parent_not_found: {
moniker: "/core",
capability_id: "fuchsia.device.Controller",
},
},
},
},
message: "An `offer from parent` declaration was found at `/core` for `fuchsia.device.Controller`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/core/temperature-logger",
capability: "fuchsia.hardware.temperature.Device",
error: {
error: {
analyzer_model_error: {
routing_error: {
offer_from_parent_not_found: {
moniker: "/core",
capability_id: "fuchsia.hardware.temperature.Device",
},
},
},
},
message: "An `offer from parent` declaration was found at `/core` for `fuchsia.hardware.temperature.Device`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/core/test_manager/starnix_test_runner/starnix_runner",
capability: "fuchsia.component.runner.ComponentRunner",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/test_manager/starnix_test_runner/starnix_runner",
capability_id: "fuchsia.component.runner.ComponentRunner",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/test_manager/starnix_test_runner/starnix_runner` for `fuchsia.component.runner.ComponentRunner`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/core/test_manager/starnix_test_runner/starnix_runner",
capability: "fuchsia.component.Realm",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/test_manager/starnix_test_runner/starnix_runner",
capability_id: "fuchsia.component.Realm",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/test_manager/starnix_test_runner/starnix_runner` for `fuchsia.component.Realm`, but no matching `offer` declaration was found in the parent",
},
},
{
capability: "fuchsia.kernel.VmexResource",
error: {
error: {
analyzer_model_error: {
routing_error: {
policy_error: {
capability_use_disallowed: {
cap: "fuchsia.kernel.VmexResource",
source_moniker: "component_manager",
target_moniker: "/core/test_manager/starnix_unit_test_runner",
},
},
},
},
},
message: "security policy disallows \"fuchsia.kernel.VmexResource\" from \"<component_manager>\" being used at \"/core/test_manager/starnix_unit_test_runner\"",
},
using_node: "/core/test_manager/starnix_unit_test_runner",
},
{
// `BatteryManager` is not present in all products.
using_node: "/core/bt-a2dp",
capability: "fuchsia.power.battery.BatteryManager",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/bt-a2dp",
capability_id: "fuchsia.power.battery.BatteryManager",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/bt-a2dp` for `fuchsia.power.battery.BatteryManager`, but no matching `offer` declaration was found in the parent",
},
},
{
// `BatteryManager` is not present in all products.
using_node: "/core/bt-a2dp/bt-avrcp-target",
capability: "fuchsia.power.battery.BatteryManager",
error: {
error: {
analyzer_model_error: {
routing_error: {
offer_from_parent_not_found: {
moniker: "/core/bt-a2dp",
capability_id: "fuchsia.power.battery.BatteryManager",
},
},
},
},
message: "An `offer from parent` declaration was found at `/core/bt-a2dp` for `fuchsia.power.battery.BatteryManager`, but no matching `offer` declaration was found in the parent",
},
},
{
// `BatteryManager` is not present in all products.
using_node: "/core/bt-hfp-audio-gateway",
capability: "fuchsia.power.battery.BatteryManager",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/bt-hfp-audio-gateway",
capability_id: "fuchsia.power.battery.BatteryManager",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/bt-hfp-audio-gateway` for `fuchsia.power.battery.BatteryManager`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/core/vulkan_loader",
capability: "fuchsia.memorypressure.Provider",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/vulkan_loader",
capability_id: "fuchsia.memorypressure.Provider",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/vulkan_loader` for `fuchsia.memorypressure.Provider`, but no matching `offer` declaration was found in the parent",
},
},
{
// Emergency location is not present in all products.
using_node: "/core/wlancfg",
capability: "fuchsia.location.sensor.WlanBaseStationWatcher",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/wlancfg",
capability_id: "fuchsia.location.sensor.WlanBaseStationWatcher",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/wlancfg` for `fuchsia.location.sensor.WlanBaseStationWatcher`, but no matching `offer` declaration was found in the parent",
},
},
{
// system-update-configurator is not present in all products.
using_node: "/core/omaha-client-service",
capability: "fuchsia.update.config.OptOut",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/omaha-client-service",
capability_id: "fuchsia.update.config.OptOut",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/omaha-client-service` for `fuchsia.update.config.OptOut`, but no matching `offer` declaration was found in the parent",
},
},
{
// `ProcessorCreator` is not present in all products.
using_node: "/core/audio_core",
capability: "fuchsia.audio.effects.ProcessorCreator",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/audio_core",
capability_id: "fuchsia.audio.effects.ProcessorCreator",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/audio_core` for `fuchsia.audio.effects.ProcessorCreator`, but no matching `offer` declaration was found in the parent",
},
},
{
using_node: "/core/linux_runner",
capability: "fuchsia.wayland.Server",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
moniker: "/core/linux_runner",
capability_id: "fuchsia.wayland.Server",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/linux_runner` for `fuchsia.wayland.Server`, but no matching `offer` declaration was found in the parent",
},
},
],
},
},
// List of all resolver capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
//
// This list is currently empty.
// List of all runner capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
//
// This list is currently empty.
// List of all service capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
//
// This list is currently empty.
// List of all storage capabilities that are exempt from the verify
// routes checker. Only add to this list if you cannot remove the
// unused route.
{
capability_type: "storage",
results: {
errors: [
{
capability: "data",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
capability_id: "data",
moniker: "/core/test_manager/go_test_runner",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/test_manager/go_test_runner` for `data`, but no matching `offer` declaration was found in the parent",
},
using_node: "/core/test_manager/go_test_runner",
},
{
capability: "data",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
capability_id: "data",
moniker: "/core/test_manager/starnix_test_runner/starnix_test_runner",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/test_manager/starnix_test_runner/starnix_test_runner` for `data`, but no matching `offer` declaration was found in the parent",
},
using_node: "/core/test_manager/starnix_test_runner/starnix_test_runner",
},
{
capability: "tmp",
error: {
error: {
analyzer_model_error: {
routing_error: {
use_from_parent_not_found: {
capability_id: "tmp",
moniker: "/core/test_manager/starnix_test_runner/starnix_test_runner",
},
},
},
},
message: "A `use from parent` declaration was found at `/core/test_manager/starnix_test_runner/starnix_test_runner` for `tmp`, but no matching `offer` declaration was found in the parent",
},
using_node: "/core/test_manager/starnix_test_runner/starnix_test_runner",
},
],
},
},
]