android_system_sepolicy

Alistair Delva 1a3ee382ec Add gnss_device dev_type This grants default access to the new GNSS subsystem for Linux to the GNSS HAL default implementation. The GNSS subsystem creates character devices similar to ttys but without much unneeded complexity. The GNSS device class is specific to location use cases. Bug: 151670529 Change-Id: I03b27aa5bbfdf600eb830de1c8748aacb9bf4663	2020-03-17 20:25:51 +00:00
..
compat	Add gnss_device dev_type	2020-03-17 20:25:51 +00:00
access_vectors	access_vectors: add lockdown class	2020-02-13 13:05:54 -08:00
adbd.te	Add adbd_prop, system_adbd_prop property types.	2020-02-20 07:52:34 -08:00
aidl_lazy_test_server.te	Add aidl_lazy_test_server	2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te	Sepolicy: Initial Apexd pre-/postinstall rules	2019-01-24 15:06:17 -08:00
apexd.te	sepolicy(wifi): Allow wifi service access to wifi apex directories	2020-02-21 10:40:32 -08:00
app_neverallows.te	Allow mediaprovider_app access to /proc/filesystems.	2020-02-19 17:24:24 +01:00
app_zygote.te	debug builds: allow perf profiling of most domains	2020-01-22 22:04:02 +00:00
app.te	Prevent apps from causing presubmit failures	2019-12-16 11:19:05 +01:00
art_apex_boot_integrity.te	Sepolicy: Allow everyone to search keyrings	2019-03-14 13:21:07 -07:00
art_apex_postinstall.te	Sepolicy: Fix comment on apexd:fd use	2019-03-15 11:26:05 -07:00
art_apex_preinstall.te	Sepolicy: Fix comment on apexd:fd use	2019-03-15 11:26:05 -07:00
asan_extract.te	Sepolicy: Add ASAN-Extract	2017-04-05 13:09:29 -07:00
atrace.te	More neverallows for default_android_service.	2020-01-21 11:13:22 -08:00
audioserver.te	Allow audio_server to access soundtrigger_middleware service	2019-12-12 10:56:35 -08:00
auditctl.te	Add policy for /system/bin/auditctl	2019-04-09 20:55:30 -07:00
automotive_display_service.te	Update automotive display service rules	2020-02-25 02:02:54 +00:00
binder_in_vendor_violators.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
binderservicedomain.te	Move binderservicedomain policy to private	2017-02-08 09:09:39 -08:00
blank_screen.te	Add rules for Lights AIDL HAL	2020-01-22 20:33:42 +01:00
blkid_untrusted.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
blkid.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
bluetooth.te	Support for more binder caches	2020-01-22 08:21:08 -08:00
bluetoothdomain.te	Move bluetoothdomain policy to private	2017-02-06 15:32:08 -08:00
bootanim.te	Dontaudit denials caused by race with labeling.	2018-02-14 17:07:13 -08:00
bootstat.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
boringssl_self_test.te	SEPolicy changes to allow vendor BoringSSL self test.	2019-10-01 14:14:36 +01:00
bpfloader.te	cut down bpf related privileges	2020-02-22 02:14:58 +00:00
bufferhubd.te	Remove unused bufferhub sepolicy	2018-12-10 13:36:11 -08:00
bug_map	Temporarily whitelist system_server->storage denials	2020-01-06 14:28:31 +01:00
cameraserver.te	Abstract use of cameraserver behind an attribute	2019-03-01 14:02:59 -08:00
charger.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
clatd.te	sepolicy - move public clatd to private	2019-05-11 17:47:25 -07:00
coredomain.te	sepolicy: policies for iorap.inode2filename	2020-02-20 16:38:17 -08:00
cppreopts.te	Sepolicy: Clean up moved files	2019-02-22 08:36:41 -08:00
crash_dump.te	crash_dump: suppress devpts denials	2019-03-19 04:05:51 +00:00
credstore.te	Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.	2020-02-19 13:46:45 -05:00
derive_sdk.te	Rename sdkext sepolicy to sdkextensions	2020-01-08 11:41:18 +00:00
dex2oat.te	Allow `otapreopt_chroot` to use a flattened Runtime APEX package.	2019-03-19 14:44:22 +00:00
dexoptanalyzer.te	Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.	2019-08-16 20:02:32 +01:00
dhcp.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
dnsmasq.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
domain.te	traced_perf sepolicy tweaks	2020-02-24 12:23:13 +00:00
drmserver.te	Tighten restrictions on core <-> vendor socket comms	2017-03-31 09:17:54 -07:00
dumpstate.te	dumpstate: reads ota_metadata_file	2019-10-29 14:29:54 -07:00
ephemeral_app.te	initial policy for traced_perf daemon (perf profiler)	2020-01-22 22:04:01 +00:00
fastbootd.te	Add sepolicy for fastbootd	2018-08-15 08:45:22 -07:00
file_contexts	Add gnss_device dev_type	2020-03-17 20:25:51 +00:00
file_contexts_asan	fix data/asan/product/lib(64) can't access by platform_app issue	2019-07-19 03:23:47 +00:00
file_contexts_overlayfs	fs_mgr: add /mnt/scratch to possible overlayfs support directories	2018-10-08 14:23:01 +00:00
file.te	Move linker config under /linkerconfig	2019-12-05 12:42:29 +09:00
fingerprintd.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
flags_health_check.te	sepolicy for server configurable flags	2018-11-01 03:28:56 +00:00
fs_use	Use setxattr for incremental-fs	2020-02-11 14:33:08 -08:00
fsck_untrusted.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
fsck.te	Allow access to the metadata partition for metadata encryption.	2018-01-19 14:45:08 -08:00
fsverity_init.te	Merge "Revert "sepolicy: dontaudit cap_sys_admin on userdebug/eng""	2019-11-21 22:27:37 +00:00
fwk_bufferhub.te	Allow bufferhub service to allocate buffer	2018-11-07 13:57:55 -08:00
gatekeeperd.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
genfs_contexts	remove incfs genfscon label	2020-02-13 08:44:48 -08:00
gmscore_app.te	Allow gmscore to read tcp sockets passed by priv-apps	2020-02-18 08:38:44 -08:00
gpuservice.te	GpuService binder call StatsManagerService	2020-02-06 11:54:33 -08:00
gsid.te	Allow gsid to callback system server for oneway method	2020-02-27 16:32:25 +08:00
hal_allocator_default.te	sepolicy: remove ashmemd	2019-09-27 17:43:53 +00:00
halclientdomain.te	Restrict access to hwservicemanager	2017-04-21 09:54:53 -07:00
halserverdomain.te	Allow hals to read hwservicemanager prop.	2017-03-23 01:50:50 +00:00
healthd.te	healthd provides health@2.0 service.	2017-10-17 13:48:42 -07:00
heapprofd.te	Allow Java domains to be Perfetto producers.	2019-10-10 10:40:26 +01:00
hwservice_contexts	Update automotive display service rules	2020-02-25 02:02:54 +00:00
hwservicemanager.te	Finer grained permissions for ctl. properties	2018-05-22 13:47:16 -07:00
idmap.te	Add idmap2 and idmap2d	2018-11-15 14:42:10 +00:00
incident_helper.te	Allow dumpstate to dump incidentd	2018-12-04 15:42:56 -08:00
incident.te	Allow dumpstate to call incident CLI	2019-08-21 16:10:39 -07:00
incidentd.te	Fix selinux denials for incidentd	2020-02-18 21:51:40 -08:00
init.te	Add userspace_reboot_log_prop	2020-02-07 01:57:55 +00:00
initial_sid_contexts	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
initial_sids	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
inputflinger.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
installd.te	sepolicy: allow rules for apk verify system property	2019-12-03 10:09:35 -08:00
iorap_inode2filename.te	sepolicy: policies for iorap.inode2filename	2020-02-20 16:38:17 -08:00
iorap_prefecherd.te	sepolicy: Add iorap_prefetcherd rules	2019-10-22 12:45:46 -07:00
iorapd.te	sepolicy: policies for iorap.inode2filename	2020-02-20 16:38:17 -08:00
isolated_app.te	initial policy for traced_perf daemon (perf profiler)	2020-01-22 22:04:01 +00:00
iw.te	Allow iw to be run at init phase.	2018-11-14 19:10:12 +00:00
kernel.te	Sepolicy: Move otapreopt_chroot to private	2019-03-18 10:54:42 -07:00
keys.conf	Don't require seinfo for priv-apps	2019-11-06 08:37:03 -08:00
keystore.te	sepolicy: Move wifi keystore HAL service to wificond	2019-10-28 14:06:17 -07:00
linkerconfig.te	Update linkerconfig to generate APEX binary config	2020-01-20 13:40:08 +09:00
llkd.te	llkd: requires sys_admin permissions	2020-01-15 08:08:59 -08:00
lmkd.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
logd.te	Revert "sepolicy: Permission changes for new wifi mainline module"	2019-11-22 09:49:32 -08:00
logpersist.te	Allow incidentd to parse persisted log	2020-01-18 16:18:18 -08:00
lpdumpd.te	binder_use: Allow servicemanager callbacks	2019-12-19 23:07:14 +00:00
mac_permissions.xml	Don't require seinfo for priv-apps	2019-11-06 08:37:03 -08:00
mdnsd.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
mediadrmserver.te	update sepolicy for gralloc HAL	2017-03-30 14:43:35 -07:00
mediaextractor.te	Initial selinux policy support for memfd	2019-01-30 19:11:49 +00:00
mediametrics.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
mediaprovider_app.te	Allow mediaprovider_app access to /proc/filesystems.	2020-02-19 17:24:24 +01:00
mediaprovider.te	Merge "Revert "Allow MediaProvider to host FUSE devices.""	2020-01-10 21:17:15 +00:00
mediaserver.te	allow mediaserver to use appdomain_tmpfs	2019-12-05 12:14:13 -08:00
mediaswcodec.te	add mediaswcodec service	2018-10-11 15:10:17 -07:00
mediatranscoding.te	MediaTranscodingService: Add sepolicy for MediaTranscodingService.	2019-12-02 13:57:28 -08:00
migrate_legacy_obb_data.te	sepolicy: Adjust policy for migrate_legacy_obb_data.sh	2019-07-16 02:55:25 +00:00
mls	Initial selinux policy support for memfd	2019-01-30 19:11:49 +00:00
mls_decl	sepolicy: add version_policy tool and version non-platform policy.	2016-12-06 08:56:02 -08:00
mls_macros	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
modprobe.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
mtp.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
netd.te	sepolicy - move public clatd to private	2019-05-11 17:47:25 -07:00
netutils_wrapper.te	Sepolicy for netutils_wrapper to use binder call	2019-04-26 02:46:39 +00:00
network_stack.te	Allow tethering find netork stack service	2019-12-12 12:54:57 +08:00
nfc.te	Remove mediacodec_service.	2019-08-21 01:19:20 +00:00
notify_traceur.te	Allow the init process to execute the notify_traceur.sh script	2019-02-07 00:28:40 +00:00
otapreopt_chroot.te	Sepolicy: Allow otapreopt to mount logical partitions	2019-03-22 12:13:05 -07:00
otapreopt_slot.te	Sepolicy: Clean up moved files	2019-02-22 08:36:41 -08:00
perfetto.te	Allow Perfetto to log to statsd	2019-11-04 12:23:27 +00:00
performanced.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
permissioncontroller_app.te	Don't run permissioncontroller_app in permissive mode	2020-01-06 09:41:22 -08:00
platform_app.te	Make platform_compat discoverable everywhere	2020-02-06 12:11:37 +00:00
policy_capabilities	Add nnp_nosuid_transition policycap and related class/perm definitions.	2018-09-07 10:52:31 -07:00
port_contexts	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
postinstall_dexopt.te	Sepolicy: Allow otapreopt access to vendor overlay files	2019-03-22 12:13:53 -07:00
postinstall.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
ppp.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
preloads_copy.te	Add sepolicy for preloads_copy script	2018-10-23 17:11:36 +01:00
preopt2cachename.te	Sepolicy: Clean up moved files	2019-02-22 08:36:41 -08:00
priv_app.te	allow priv_apps to read from incremental_control_file	2020-02-24 18:26:47 +00:00
profman.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
property_contexts	Whitelist prop persist.device_config.configuration.	2020-02-27 14:06:58 -08:00
racoon.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
radio.te	Use prefixes for binder cache SELinux properties.	2020-02-21 15:25:46 -08:00
recovery_persist.te	In native coverage builds, allow all domains to access /data/misc/trace	2019-06-19 16:27:17 -07:00
recovery_refresh.te	In native coverage builds, allow all domains to access /data/misc/trace	2019-06-19 16:27:17 -07:00
recovery.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
roles_decl	sepolicy: add version_policy tool and version non-platform policy.	2016-12-06 08:56:02 -08:00
rs.te	rs.te: Allow ephemeral_app FD use	2019-04-02 13:59:39 -07:00
rss_hwm_reset.te	SELinux policy for rss_hwm_reset	2018-12-15 10:13:03 +00:00
runas_app.te	perf_event: rules for system and simpleperf domain	2020-01-15 16:56:41 +00:00
runas.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
sdcardd.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
seapp_contexts	Create new mediaprovider_app domain.	2020-02-04 16:53:18 +01:00
secure_element.te	SE Policy for Secure Element app and Secure Element HAL	2018-01-29 21:31:42 +00:00
security_classes	access_vectors: add lockdown class	2020-02-13 13:05:54 -08:00
service_contexts	Adding sepolicy of tuner resource manager service	2020-02-21 23:33:46 +00:00
service.te	system_server: create StatsManagerService	2019-12-16 11:50:16 -08:00
servicemanager.te	Allow servicemanager to start processes	2019-08-02 00:23:16 +00:00
sgdisk.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
shared_relro.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
shell.te	Remove sys.linker property	2020-02-19 10:16:06 +09:00
simpleperf_app_runner.te	Add sepolicy for simpleperf_app_runner.	2019-01-23 23:23:09 +00:00
simpleperf.te	perf_event: rules for system and simpleperf domain	2020-01-15 16:56:41 +00:00
slideshow.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
snapshotctl.te	snapshotctl: allow to write stats	2020-02-14 20:51:53 +00:00
stats.te	GpuStats: sepolicy change for using new statsd puller api	2020-02-04 15:55:59 -08:00
statsd.te	Allow system server to add StatsHal	2020-02-05 17:24:48 -08:00
storaged.te	Allow GMS core to call dumpsys storaged	2019-12-11 12:49:04 -08:00
su.te	SELinux policies for Perfetto cmdline client (/system/bin/perfetto)	2018-01-29 11:06:00 +00:00
surfaceflinger.te	Update sepolicy to allow pushing atoms from surfaceflinger to statsd	2020-02-10 09:50:53 -08:00
system_app.te	Merge "Allow system_app to interact with Dumpstate HAL"	2020-02-20 04:07:09 +00:00
system_server_startup.te	system_server_startup: allow SIGCHLD to zygote	2019-06-14 16:56:05 -07:00
system_server.te	Add rules to dump fingerprint hal traces	2020-03-03 16:58:58 +08:00
system_suspend.te	system_suspend: sysfs path resolution	2019-11-12 13:47:26 -08:00
technical_debt.cil	Allow apps to access hal_drm	2019-09-30 04:51:24 +00:00
tombstoned.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
toolbox.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
traced_perf.te	traced_perf sepolicy tweaks	2020-02-24 12:23:13 +00:00
traced_probes.te	perfetto: allow producers to supply shared memory	2020-02-04 13:47:42 +00:00
traced.te	perfetto: allow producers to supply shared memory	2020-02-04 13:47:42 +00:00
traceur_app.te	Allow the Traceur app to start Perfetto.	2018-12-10 18:51:29 -08:00
tzdatacheck.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
ueventd.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
uncrypt.te	domain_deprecated is dead	2017-07-28 22:01:46 +00:00
untrusted_app_25.te	reland: untrusted_app_29: add new targetSdk domain	2020-01-22 09:47:53 +00:00
untrusted_app_27.te	reland: untrusted_app_29: add new targetSdk domain	2020-01-22 09:47:53 +00:00
untrusted_app_29.te	reland: untrusted_app_29: add new targetSdk domain	2020-01-22 09:47:53 +00:00
untrusted_app_all.te	initial policy for traced_perf daemon (perf profiler)	2020-01-22 22:04:01 +00:00
untrusted_app.te	reland: untrusted_app_29: add new targetSdk domain	2020-01-22 09:47:53 +00:00
update_engine_common.te	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
update_engine.te	update_engine: rules to apply virtual A/B OTA	2019-10-02 12:46:47 -07:00
update_verifier.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
usbd.te	usbd sepolicy	2018-01-20 03:41:21 +00:00
users	Split general policy into public and private components.	2016-10-06 13:09:06 -07:00
vdc.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
vendor_init.te	Root of /data belongs to init (re-landing)	2019-09-09 14:42:01 -07:00
viewcompiler.te	Give map permission to viewcompiler	2019-08-27 10:43:55 -07:00
virtual_touchpad.te	Vendor domains must not use Binder	2017-03-24 07:54:00 -07:00
vold_prepare_subdirs.te	sepolicy(wifi): Allow wifi service access to wifi apex directories	2020-02-21 10:40:32 -08:00
vold.te	Abolish calls to shell in vold	2018-11-30 16:02:04 -08:00
vr_hwc.te	Restrict access to hwservicemanager	2017-04-21 09:54:53 -07:00
vzwomatrigger_app.te	Don't run vzwomatrigger_app in permissive mode	2019-12-02 09:41:54 -08:00
wait_for_keymaster.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
watchdogd.te	Move watchdogd out of init and into its own domain	2018-08-03 19:28:05 +00:00
webview_zygote.te	Add getattr access on tmpfs_zygote files for webview_zygote.	2020-01-30 21:29:19 +00:00
wificond.te	SE Policy for Wifi Offload HAL	2017-05-18 09:49:55 -07:00
wpantund.te	lowpan: Add wpantund to SEPolicy	2017-10-16 14:10:40 -07:00
zygote.te	Allow zygote to go into media directory to bind mount obb dir	2020-02-19 14:24:27 +00:00

compat

Add gnss_device dev_type

2020-03-17 20:25:51 +00:00

access_vectors

access_vectors: add lockdown class

2020-02-13 13:05:54 -08:00

adbd.te

Add adbd_prop, system_adbd_prop property types.

2020-02-20 07:52:34 -08:00

aidl_lazy_test_server.te

Add aidl_lazy_test_server

2020-01-07 15:11:03 -08:00

apex_test_prepostinstall.te

Sepolicy: Initial Apexd pre-/postinstall rules

2019-01-24 15:06:17 -08:00

apexd.te

sepolicy(wifi): Allow wifi service access to wifi apex directories

2020-02-21 10:40:32 -08:00

app_neverallows.te

Allow mediaprovider_app access to /proc/filesystems.

2020-02-19 17:24:24 +01:00

app_zygote.te

debug builds: allow perf profiling of most domains

2020-01-22 22:04:02 +00:00

app.te

Prevent apps from causing presubmit failures

2019-12-16 11:19:05 +01:00

art_apex_boot_integrity.te

Sepolicy: Allow everyone to search keyrings

2019-03-14 13:21:07 -07:00

art_apex_postinstall.te

Sepolicy: Fix comment on apexd:fd use

2019-03-15 11:26:05 -07:00

art_apex_preinstall.te

Sepolicy: Fix comment on apexd:fd use

2019-03-15 11:26:05 -07:00

asan_extract.te

Sepolicy: Add ASAN-Extract

2017-04-05 13:09:29 -07:00

atrace.te

More neverallows for default_android_service.

2020-01-21 11:13:22 -08:00

audioserver.te

Allow audio_server to access soundtrigger_middleware service

2019-12-12 10:56:35 -08:00

auditctl.te

Add policy for /system/bin/auditctl

2019-04-09 20:55:30 -07:00

automotive_display_service.te

Update automotive display service rules

2020-02-25 02:02:54 +00:00

binder_in_vendor_violators.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

binderservicedomain.te

Move binderservicedomain policy to private

2017-02-08 09:09:39 -08:00

blank_screen.te

Add rules for Lights AIDL HAL

2020-01-22 20:33:42 +01:00

blkid_untrusted.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

blkid.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

bluetooth.te

Support for more binder caches

2020-01-22 08:21:08 -08:00

bluetoothdomain.te

Move bluetoothdomain policy to private

2017-02-06 15:32:08 -08:00

bootanim.te

Dontaudit denials caused by race with labeling.

2018-02-14 17:07:13 -08:00

bootstat.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

boringssl_self_test.te

SEPolicy changes to allow vendor BoringSSL self test.

2019-10-01 14:14:36 +01:00

bpfloader.te

cut down bpf related privileges

2020-02-22 02:14:58 +00:00

bufferhubd.te

Remove unused bufferhub sepolicy

2018-12-10 13:36:11 -08:00

bug_map

Temporarily whitelist system_server->storage denials

2020-01-06 14:28:31 +01:00

cameraserver.te

Abstract use of cameraserver behind an attribute

2019-03-01 14:02:59 -08:00

charger.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

clatd.te

sepolicy - move public clatd to private

2019-05-11 17:47:25 -07:00

coredomain.te

sepolicy: policies for iorap.inode2filename

2020-02-20 16:38:17 -08:00

cppreopts.te

Sepolicy: Clean up moved files

2019-02-22 08:36:41 -08:00

crash_dump.te

crash_dump: suppress devpts denials

2019-03-19 04:05:51 +00:00

credstore.te

Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.

2020-02-19 13:46:45 -05:00

derive_sdk.te

Rename sdkext sepolicy to sdkextensions

2020-01-08 11:41:18 +00:00

dex2oat.te

Allow otapreopt_chroot to use a flattened Runtime APEX package.

2019-03-19 14:44:22 +00:00

dexoptanalyzer.te

Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.

2019-08-16 20:02:32 +01:00

dhcp.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

dnsmasq.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

domain.te

traced_perf sepolicy tweaks

2020-02-24 12:23:13 +00:00

drmserver.te

Tighten restrictions on core <-> vendor socket comms

2017-03-31 09:17:54 -07:00

dumpstate.te

dumpstate: reads ota_metadata_file

2019-10-29 14:29:54 -07:00

ephemeral_app.te

initial policy for traced_perf daemon (perf profiler)

2020-01-22 22:04:01 +00:00

fastbootd.te

Add sepolicy for fastbootd

2018-08-15 08:45:22 -07:00

file_contexts

Add gnss_device dev_type

2020-03-17 20:25:51 +00:00

file_contexts_asan

fix data/asan/product/lib(64) can't access by platform_app issue

2019-07-19 03:23:47 +00:00

file_contexts_overlayfs

fs_mgr: add /mnt/scratch to possible overlayfs support directories

2018-10-08 14:23:01 +00:00

file.te

Move linker config under /linkerconfig

2019-12-05 12:42:29 +09:00

fingerprintd.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

flags_health_check.te

sepolicy for server configurable flags

2018-11-01 03:28:56 +00:00

fs_use

Use setxattr for incremental-fs

2020-02-11 14:33:08 -08:00

fsck_untrusted.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

fsck.te

Allow access to the metadata partition for metadata encryption.

2018-01-19 14:45:08 -08:00

fsverity_init.te

Merge "Revert "sepolicy: dontaudit cap_sys_admin on userdebug/eng""

2019-11-21 22:27:37 +00:00

fwk_bufferhub.te

Allow bufferhub service to allocate buffer

2018-11-07 13:57:55 -08:00

gatekeeperd.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

genfs_contexts

remove incfs genfscon label

2020-02-13 08:44:48 -08:00

gmscore_app.te

Allow gmscore to read tcp sockets passed by priv-apps

2020-02-18 08:38:44 -08:00

gpuservice.te

GpuService binder call StatsManagerService

2020-02-06 11:54:33 -08:00

gsid.te

Allow gsid to callback system server for oneway method

2020-02-27 16:32:25 +08:00

hal_allocator_default.te

sepolicy: remove ashmemd

2019-09-27 17:43:53 +00:00

halclientdomain.te

Restrict access to hwservicemanager

2017-04-21 09:54:53 -07:00

halserverdomain.te

Allow hals to read hwservicemanager prop.

2017-03-23 01:50:50 +00:00

healthd.te

healthd provides health@2.0 service.

2017-10-17 13:48:42 -07:00

heapprofd.te

Allow Java domains to be Perfetto producers.

2019-10-10 10:40:26 +01:00

hwservice_contexts

Update automotive display service rules

2020-02-25 02:02:54 +00:00

hwservicemanager.te

Finer grained permissions for ctl. properties

2018-05-22 13:47:16 -07:00

idmap.te

Add idmap2 and idmap2d

2018-11-15 14:42:10 +00:00

incident_helper.te

Allow dumpstate to dump incidentd

2018-12-04 15:42:56 -08:00

incident.te

Allow dumpstate to call incident CLI

2019-08-21 16:10:39 -07:00

incidentd.te

Fix selinux denials for incidentd

2020-02-18 21:51:40 -08:00

init.te

Add userspace_reboot_log_prop

2020-02-07 01:57:55 +00:00

initial_sid_contexts

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

initial_sids

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

inputflinger.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

installd.te

sepolicy: allow rules for apk verify system property

2019-12-03 10:09:35 -08:00

iorap_inode2filename.te

sepolicy: policies for iorap.inode2filename

2020-02-20 16:38:17 -08:00

iorap_prefecherd.te

sepolicy: Add iorap_prefetcherd rules

2019-10-22 12:45:46 -07:00

iorapd.te

sepolicy: policies for iorap.inode2filename

2020-02-20 16:38:17 -08:00

isolated_app.te

initial policy for traced_perf daemon (perf profiler)

2020-01-22 22:04:01 +00:00

iw.te

Allow iw to be run at init phase.

2018-11-14 19:10:12 +00:00

kernel.te

Sepolicy: Move otapreopt_chroot to private

2019-03-18 10:54:42 -07:00

keys.conf

Don't require seinfo for priv-apps

2019-11-06 08:37:03 -08:00

keystore.te

sepolicy: Move wifi keystore HAL service to wificond

2019-10-28 14:06:17 -07:00

linkerconfig.te

Update linkerconfig to generate APEX binary config

2020-01-20 13:40:08 +09:00

llkd.te

llkd: requires sys_admin permissions

2020-01-15 08:08:59 -08:00

lmkd.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

logd.te

Revert "sepolicy: Permission changes for new wifi mainline module"

2019-11-22 09:49:32 -08:00

logpersist.te

Allow incidentd to parse persisted log

2020-01-18 16:18:18 -08:00

lpdumpd.te

binder_use: Allow servicemanager callbacks

2019-12-19 23:07:14 +00:00

mac_permissions.xml

Don't require seinfo for priv-apps

2019-11-06 08:37:03 -08:00

mdnsd.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

mediadrmserver.te

update sepolicy for gralloc HAL

2017-03-30 14:43:35 -07:00

mediaextractor.te

Initial selinux policy support for memfd

2019-01-30 19:11:49 +00:00

mediametrics.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

mediaprovider_app.te

Allow mediaprovider_app access to /proc/filesystems.

2020-02-19 17:24:24 +01:00

mediaprovider.te

Merge "Revert "Allow MediaProvider to host FUSE devices.""

2020-01-10 21:17:15 +00:00

mediaserver.te

allow mediaserver to use appdomain_tmpfs

2019-12-05 12:14:13 -08:00

mediaswcodec.te

add mediaswcodec service

2018-10-11 15:10:17 -07:00

mediatranscoding.te

MediaTranscodingService: Add sepolicy for MediaTranscodingService.

2019-12-02 13:57:28 -08:00

migrate_legacy_obb_data.te

sepolicy: Adjust policy for migrate_legacy_obb_data.sh

2019-07-16 02:55:25 +00:00

mls

Initial selinux policy support for memfd

2019-01-30 19:11:49 +00:00

mls_decl

sepolicy: add version_policy tool and version non-platform policy.

2016-12-06 08:56:02 -08:00

mls_macros

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

modprobe.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

mtp.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

netd.te

sepolicy - move public clatd to private

2019-05-11 17:47:25 -07:00

netutils_wrapper.te

Sepolicy for netutils_wrapper to use binder call

2019-04-26 02:46:39 +00:00

network_stack.te

Allow tethering find netork stack service

2019-12-12 12:54:57 +08:00

nfc.te

Remove mediacodec_service.

2019-08-21 01:19:20 +00:00

notify_traceur.te

Allow the init process to execute the notify_traceur.sh script

2019-02-07 00:28:40 +00:00

otapreopt_chroot.te

Sepolicy: Allow otapreopt to mount logical partitions

2019-03-22 12:13:05 -07:00

otapreopt_slot.te

Sepolicy: Clean up moved files

2019-02-22 08:36:41 -08:00

perfetto.te

Allow Perfetto to log to statsd

2019-11-04 12:23:27 +00:00

performanced.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

permissioncontroller_app.te

Don't run permissioncontroller_app in permissive mode

2020-01-06 09:41:22 -08:00

platform_app.te

Make platform_compat discoverable everywhere

2020-02-06 12:11:37 +00:00

policy_capabilities

Add nnp_nosuid_transition policycap and related class/perm definitions.

2018-09-07 10:52:31 -07:00

port_contexts

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

postinstall_dexopt.te

Sepolicy: Allow otapreopt access to vendor overlay files

2019-03-22 12:13:53 -07:00

postinstall.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

ppp.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

preloads_copy.te

Add sepolicy for preloads_copy script

2018-10-23 17:11:36 +01:00

preopt2cachename.te

Sepolicy: Clean up moved files

2019-02-22 08:36:41 -08:00

priv_app.te

allow priv_apps to read from incremental_control_file

2020-02-24 18:26:47 +00:00

profman.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

property_contexts

Whitelist prop persist.device_config.configuration.

2020-02-27 14:06:58 -08:00

racoon.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

radio.te

Use prefixes for binder cache SELinux properties.

2020-02-21 15:25:46 -08:00

recovery_persist.te

In native coverage builds, allow all domains to access /data/misc/trace

2019-06-19 16:27:17 -07:00

recovery_refresh.te

In native coverage builds, allow all domains to access /data/misc/trace

2019-06-19 16:27:17 -07:00

recovery.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

roles_decl

sepolicy: add version_policy tool and version non-platform policy.

2016-12-06 08:56:02 -08:00

rs.te

rs.te: Allow ephemeral_app FD use

2019-04-02 13:59:39 -07:00

rss_hwm_reset.te

SELinux policy for rss_hwm_reset

2018-12-15 10:13:03 +00:00

runas_app.te

perf_event: rules for system and simpleperf domain

2020-01-15 16:56:41 +00:00

runas.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

sdcardd.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

seapp_contexts

Create new mediaprovider_app domain.

2020-02-04 16:53:18 +01:00

secure_element.te

SE Policy for Secure Element app and Secure Element HAL

2018-01-29 21:31:42 +00:00

security_classes

access_vectors: add lockdown class

2020-02-13 13:05:54 -08:00

service_contexts

Adding sepolicy of tuner resource manager service

2020-02-21 23:33:46 +00:00

service.te

system_server: create StatsManagerService

2019-12-16 11:50:16 -08:00

servicemanager.te

Allow servicemanager to start processes

2019-08-02 00:23:16 +00:00

sgdisk.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

shared_relro.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

shell.te

Remove sys.linker property

2020-02-19 10:16:06 +09:00

simpleperf_app_runner.te

Add sepolicy for simpleperf_app_runner.

2019-01-23 23:23:09 +00:00

simpleperf.te

perf_event: rules for system and simpleperf domain

2020-01-15 16:56:41 +00:00

slideshow.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

snapshotctl.te

snapshotctl: allow to write stats

2020-02-14 20:51:53 +00:00

stats.te

GpuStats: sepolicy change for using new statsd puller api

2020-02-04 15:55:59 -08:00

statsd.te

Allow system server to add StatsHal

2020-02-05 17:24:48 -08:00

storaged.te

Allow GMS core to call dumpsys storaged

2019-12-11 12:49:04 -08:00

su.te

SELinux policies for Perfetto cmdline client (/system/bin/perfetto)

2018-01-29 11:06:00 +00:00

surfaceflinger.te

Update sepolicy to allow pushing atoms from surfaceflinger to statsd

2020-02-10 09:50:53 -08:00

system_app.te

Merge "Allow system_app to interact with Dumpstate HAL"

2020-02-20 04:07:09 +00:00

system_server_startup.te

system_server_startup: allow SIGCHLD to zygote

2019-06-14 16:56:05 -07:00

system_server.te

Add rules to dump fingerprint hal traces

2020-03-03 16:58:58 +08:00

system_suspend.te

system_suspend: sysfs path resolution

2019-11-12 13:47:26 -08:00

technical_debt.cil

Allow apps to access hal_drm

2019-09-30 04:51:24 +00:00

tombstoned.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

toolbox.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

traced_perf.te

traced_perf sepolicy tweaks

2020-02-24 12:23:13 +00:00

traced_probes.te

perfetto: allow producers to supply shared memory

2020-02-04 13:47:42 +00:00

traced.te

perfetto: allow producers to supply shared memory

2020-02-04 13:47:42 +00:00

traceur_app.te

Allow the Traceur app to start Perfetto.

2018-12-10 18:51:29 -08:00

tzdatacheck.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

ueventd.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

uncrypt.te

domain_deprecated is dead

2017-07-28 22:01:46 +00:00

untrusted_app_25.te

reland: untrusted_app_29: add new targetSdk domain

2020-01-22 09:47:53 +00:00

untrusted_app_27.te

reland: untrusted_app_29: add new targetSdk domain

2020-01-22 09:47:53 +00:00

untrusted_app_29.te

reland: untrusted_app_29: add new targetSdk domain

2020-01-22 09:47:53 +00:00

untrusted_app_all.te

initial policy for traced_perf daemon (perf profiler)

2020-01-22 22:04:01 +00:00

untrusted_app.te

reland: untrusted_app_29: add new targetSdk domain

2020-01-22 09:47:53 +00:00

update_engine_common.te

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

update_engine.te

update_engine: rules to apply virtual A/B OTA

2019-10-02 12:46:47 -07:00

update_verifier.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

usbd.te

usbd sepolicy

2018-01-20 03:41:21 +00:00

users

Split general policy into public and private components.

2016-10-06 13:09:06 -07:00

vdc.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

vendor_init.te

Root of /data belongs to init (re-landing)

2019-09-09 14:42:01 -07:00

viewcompiler.te

Give map permission to viewcompiler

2019-08-27 10:43:55 -07:00

virtual_touchpad.te

Vendor domains must not use Binder

2017-03-24 07:54:00 -07:00

vold_prepare_subdirs.te

sepolicy(wifi): Allow wifi service access to wifi apex directories

2020-02-21 10:40:32 -08:00

vold.te

Abolish calls to shell in vold

2018-11-30 16:02:04 -08:00

vr_hwc.te

Restrict access to hwservicemanager

2017-04-21 09:54:53 -07:00

vzwomatrigger_app.te

Don't run vzwomatrigger_app in permissive mode

2019-12-02 09:41:54 -08:00

wait_for_keymaster.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

watchdogd.te

Move watchdogd out of init and into its own domain

2018-08-03 19:28:05 +00:00

webview_zygote.te

Add getattr access on tmpfs_zygote files for webview_zygote.

2020-01-30 21:29:19 +00:00

wificond.te

SE Policy for Wifi Offload HAL

2017-05-18 09:49:55 -07:00

wpantund.te

lowpan: Add wpantund to SEPolicy

2017-10-16 14:10:40 -07:00

zygote.te

Allow zygote to go into media directory to bind mount obb dir

2020-02-19 14:24:27 +00:00