PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a3ee382ec
android_system_sepolicy/public
History
Alistair Delva 1a3ee382ec Add gnss_device dev_type 
This grants default access to the new GNSS subsystem for Linux to the
GNSS HAL default implementation. The GNSS subsystem creates character
devices similar to ttys but without much unneeded complexity. The GNSS
device class is specific to location use cases.

Bug: 151670529
Change-Id: I03b27aa5bbfdf600eb830de1c8748aacb9bf4663
2020-03-17 20:25:51 +00:00
..
adbd.te Allow adb start/stop mdnsd via ctl.start/stop 2019-04-16 08:39:33 -07:00
aidl_lazy_test_server.te Add aidl_lazy_test_server 2020-01-07 15:11:03 -08:00
apexd.te binder_use: Allow servicemanager callbacks 2019-12-19 23:07:14 +00:00
app_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
app.te Allow apps to use mmap on fuse fds. 2020-03-04 17:21:18 -08:00
asan_extract.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
attributes Sepolicy update for Automotive Display Service 2020-01-21 18:43:27 +00:00
audioserver.te audioserver: allow audioserver to generate audio HAL tombstones 2019-11-04 18:05:28 -08:00
blkid_untrusted.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
blkid.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
bluetooth.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
bootanim.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
bootstat.te bootstat: enhance last reboot reason property with file backing 2020-02-14 13:30:21 -08:00
bufferhubd.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
camera_service_server.te Abstract use of cameraserver behind an attribute 2019-03-01 14:02:59 -08:00
cameraserver.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
charger.te Allow charger to open health passthrough HAL 2019-10-17 16:35:43 -07:00
crash_dump.te crash_dump: suppress denials on properties 2019-02-07 08:45:15 -08:00
credstore.te Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 2020-02-19 13:46:45 -05:00
device.te Add gnss_device dev_type 2020-03-17 20:25:51 +00:00
dhcp.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
display_service_server.te Add fwk_display_hwservice. 2017-05-17 11:00:28 -07:00
dnsmasq.te add dontaudit dnsmasq kernel:system module_request 2020-01-18 18:22:12 -08:00
domain.te Use prefixes for binder cache SELinux properties. 2020-02-21 15:25:46 -08:00
drmserver.te Allow drmserver to communicate with mediametrics 2019-08-22 11:31:03 -07:00
dumpstate.te Add rules to dump fingerprint hal traces 2020-03-03 16:58:58 +08:00
e2fs.te Allow e2fs more ioctls to device-mapper devices. 2019-02-05 18:05:50 -08:00
ephemeral_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
fastbootd.te Allow fastbootd to read virtual_ab_prop 2020-01-24 20:21:24 -08:00
file.te Merge "sepolicy(wifi): Allow wifi service access to wifi apex directories" 2020-02-22 03:56:55 +00:00
fingerprintd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
flags_health_check.te Whitelist prop persist.device_config.configuration. 2020-02-27 14:06:58 -08:00
fsck_untrusted.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
fsck.te fs_mgr: overlayfs support legacy devices (marlin) Part Deux 2019-02-15 15:56:16 +00:00
fwk_bufferhub.te Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
gatekeeperd.te Allow gatekeeperd to read ro.gsid.image_running. 2019-02-19 21:08:22 +00:00
global_macros global_macros: trim back various watch* permissions 2019-08-28 12:36:58 -07:00
gmscore_app.te Create a separate SELinux domain for gmscore 2019-11-22 10:39:19 -08:00
gpuservice.te Game Driver: sepolicy update for plumbing GpuStats into GpuService 2019-02-08 18:15:17 -08:00
hal_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_atrace.te Add atrace HAL 1.0 sepolicy 2018-09-27 23:18:29 +00:00
hal_audio.te sepolicy: allow hal_omx to access audio devices 2019-05-22 10:35:16 -07:00
hal_audiocontrol.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_authsecret.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_bluetooth.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
hal_bootctl.te add hal_bootctl to white-list of sys_rawio 2019-02-13 12:38:22 +00:00
hal_broadcastradio.te Allow radio server to client binder callback 2019-03-29 15:22:16 -07:00
hal_camera.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_can.te Move usb_serial_device to device.te 2019-12-13 17:01:27 -08:00
hal_cas.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_codec2.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_configstore.te debug builds: allow perf profiling of most domains 2020-01-22 22:04:02 +00:00
hal_confirmationui.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_contexthub.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_drm.te Give hal_drm_server appdomain fd access. 2019-06-05 10:12:28 -07:00
hal_dumpstate.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_evs.te Update sepolicy for EVS v1.x 2019-07-30 13:22:03 -07:00
hal_face.te Revert "Allow hal_face to write to /data/vendor/camera_calibration/*." 2019-06-19 20:15:50 +00:00
hal_fingerprint.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
hal_gatekeeper.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_gnss.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_graphics_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_graphics_composer.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
hal_health_storage.te health.filesystem HAL renamed to health.storage 2018-09-20 04:12:45 +00:00
hal_health.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
hal_identity.te Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 2020-02-19 13:46:45 -05:00
hal_input_classifier.te Permissions for InputClassifier HAL 2019-01-11 02:08:19 +00:00
hal_ir.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_keymaster.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_light.te Add rules for Lights AIDL HAL 2020-01-22 20:33:42 +01:00
hal_lowpan.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_memtrack.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_neuralnetworks.te Allow NNAPI HAL services access model files provided by privapp. 2019-04-24 21:15:45 -07:00
hal_neverallows.te SEPolicy rules for CAN bus HAL 2019-08-01 10:24:00 -07:00
hal_nfc.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_oemlock.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_omx.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_power_stats.te Add power.stats HAL 1.0 sepolicy 2018-12-11 00:11:08 +00:00
hal_power.te grant power hal client to access stable power hal service 2020-02-10 16:32:35 -08:00
hal_rebootescrow.te Support Resume on Reboot 2019-12-09 14:25:04 -08:00
hal_secure_element.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_sensors.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_telephony.te Remove sepolicy for /dev/alarm. 2018-12-06 04:23:22 +00:00
hal_tetheroffload.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_thermal.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_cec.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_input.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_tuner.te Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
hal_usb_gadget.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_usb.te Allow hal_usb to call getsockopt on uevent socket 2018-12-03 18:37:25 +00:00
hal_vehicle.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_vibrator.te Allow dumping vibrator HAL. 2019-12-09 11:17:55 -08:00
hal_vr.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_weaver.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_hostapd.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_offload.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_supplicant.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi.te Allow dumpstate to dump wlan hal log on userbuild 2019-03-21 12:27:44 +08:00
healthd.te drop "allow healthd self:process execmem;" 2019-05-23 11:17:21 -07:00
heapprofd.te Add userdebug selinux config for heapprofd. 2018-11-14 09:22:07 +00:00
hwservice.te Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 2020-02-19 13:46:45 -05:00
hwservicemanager.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
idmap.te idmap: add binderservice permissions 2019-09-18 13:47:09 +02:00
incident_helper.te Selinux permissions for incidentd project 2018-01-23 19:08:49 +00:00
incident.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
incidentd.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
init.te Merge "Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL." 2020-02-19 21:14:40 +00:00
inputflinger.te SEPolicy for InputFlinger Service. 2018-11-16 21:52:01 +00:00
installd.te Allow installd to read /proc/filesystems. 2020-02-20 14:05:18 +01:00
ioctl_defines permissions for incremental control file 2020-02-13 12:53:36 -08:00
ioctl_macros more ioctl work 2018-10-17 11:12:18 -07:00
iorap_inode2filename.te sepolicy: policies for iorap.inode2filename 2020-02-20 16:38:17 -08:00
iorap_prefetcherd.te sepolicy: Add iorap_prefetcherd rules 2019-10-22 12:45:46 -07:00
iorapd.te Using macro "rx_file_perms" instead of "execute_no_trans". 2020-01-09 13:23:01 -08:00
isolated_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
kernel.te Allow kernel to write to update_engine_data_file 2020-02-18 23:43:00 -08:00
keystore.te sepolicy(wifi): Allow keystore-wificond communication 2020-01-17 21:14:25 +00:00
llkd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
lmkd.te allow init to communicate with lmkd and lmkd to kill native processes 2019-11-07 18:19:44 +00:00
logd.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
logpersist.te logpersist is now a shell script, so give it the appropriate permissions 2019-10-30 13:54:35 -07:00
mdnsd.te Move mdnsd policy to private 2017-02-06 15:02:32 -08:00
mediadrmserver.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediaextractor.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
mediametrics.te Allow mediametrics to log records to statsd 2019-02-25 20:09:54 -08:00
mediaprovider.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
mediaserver.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
mediaswcodec.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
mediatranscoding.te MediaTranscodingService: Add sepolicy for MediaTranscodingService. 2019-12-02 13:57:28 -08:00
modprobe.te modprobe: shouldn't load kernel modules from /system 2018-03-23 14:16:25 -07:00
mtp.te mtp: support using pppox_socket family 2019-05-08 06:01:58 -07:00
net.te untrusted_app: disallow bind RTM_ROUTE socket 2020-01-28 10:49:50 +01:00
netd.te cut down bpf related privileges 2020-02-22 02:14:58 +00:00
netutils_wrapper.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
network_stack.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
neverallow_macros neverallow_macros: add watch* perms 2019-09-05 09:54:43 -07:00
nfc.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
perfetto.te Allow to signal perfetto from shell. 2018-12-13 10:46:42 +00:00
performanced.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
platform_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
postinstall.te Allow postinstall scripts to trigger F2FS GC 2019-02-20 22:40:53 +00:00
ppp.te ppp: support using pppox_socket family 2019-05-06 14:11:02 -07:00
priv_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
profman.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
property_contexts Merge "sepolicy: Add context for ro.boot.product.vendor.sku" 2020-03-09 20:08:55 +00:00
property.te Whitelist prop persist.device_config.configuration. 2020-02-27 14:06:58 -08:00
racoon.te racoon: allow ioctl TUNSETIFF 2018-11-15 10:32:45 -08:00
radio.te Add new time zone detection service 2019-11-15 13:33:23 +00:00
recovery_persist.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery_refresh.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery.te recovery: Allow BLKPBSZGET on cache_block_device 2020-01-21 16:34:42 +00:00
roles sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rs.te sepolicy: Add "rs" and "rs_exec" to public policy 2018-12-21 17:47:54 +00:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
runas.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
scheduler_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
sdcardd.te Move layout_version to /data/misc/installd 2019-08-21 10:11:35 -07:00
secure_element.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
sensor_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
service.te Adding sepolicy of tuner resource manager service 2020-02-21 23:33:46 +00:00
servicemanager.te Service context for servicemanager. 2019-10-16 16:31:42 -07:00
sgdisk.te sgdisk: allow BLKRRPART 2018-11-02 14:26:23 -07:00
shared_relro.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
shell.te traced_perf sepolicy tweaks 2020-02-24 12:23:13 +00:00
simpleperf_app_runner.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
simpleperf.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
slideshow.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
stats_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
statsd.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
su.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
surfaceflinger.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
system_server.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_suspend_server.te Decouple system_suspend from hal attributes. 2019-02-26 18:10:28 -08:00
te_macros Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 2020-02-19 13:46:45 -05:00
tee.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
tombstoned.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
toolbox.te Allow setattr for chattr 2020-02-03 17:57:03 -08:00
traced_perf.te initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
traced_probes.te Make traced_probes mlstrustedsubject. 2018-04-17 18:12:28 +00:00
traced.te Allow iorapd to access perfetto 2019-01-23 22:43:47 +00:00
traceur_app.te More neverallows for default_android_service. 2020-01-21 11:13:22 -08:00
tzdatacheck.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
ueventd.te ueventd: allow using external firmware handlers 2019-08-15 11:34:07 +09:00
uncrypt.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
untrusted_app.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
update_engine_common.te Allow update_engine to search metadata_file:dir. 2020-03-02 18:20:37 -08:00
update_engine.te Allow update_engine to write snapshotctl log data 2020-02-04 16:56:59 -08:00
update_verifier.te Add a new context for property ota.warm_reset 2019-11-14 15:24:25 -08:00
usbd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vdc.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
vendor_init.te Move virtual_ab_prop to vendor partition. 2020-02-03 10:42:35 -08:00
vendor_misc_writer.te Ignore the denial due to vendor_misc_writer reading DT fstab. 2019-10-10 22:17:53 -07:00
vendor_shell.te Allow shell to start vendor shell 2018-01-16 18:28:51 +00:00
vendor_toolbox.te Allow init to run vendor toybox for modprobe 2017-05-24 15:01:20 -07:00
virtual_touchpad.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vndservice.te Allow vndservicemanager to self-register. 2020-03-05 17:43:35 +00:00
vndservicemanager.te Initial sepolicy for vndservicemanager. 2017-03-23 00:20:43 +00:00
vold_prepare_subdirs.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vold.te Merge "vold: allow to set boottime prop" 2020-03-03 00:33:50 +00:00
vr_hwc.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
webview_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
wificond.te sepolicy(wifi): Allow keystore-wificond communication 2020-01-17 21:14:25 +00:00
wpantund.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00