..
adbd.te
Move adbd policy to private
2017-02-07 09:55:05 -08:00
asan_extract.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
attributes
Merge "Add sepolicy for tv.cec" into oc-dev
2017-04-12 08:13:40 +00:00
audioserver.te
Move audioserver policy to private
2017-02-07 10:47:18 -08:00
blkid_untrusted.te
Move blkid policy to private
2017-02-07 23:57:53 +00:00
blkid.te
Move blkid policy to private
2017-02-07 23:57:53 +00:00
bluetooth.te
Move bluetooth policy to private
2017-02-06 15:29:10 -08:00
bootanim.te
Allow hals to read hwservicemanager prop. am: d3ce5dc38c am: d437f0e09d
2017-03-23 03:53:11 +00:00
bootstat.te
logd: restrict access to /dev/event-log-tags
2017-01-31 15:50:15 +00:00
bufferhubd.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
cameraserver.te
Policy for Camera HAL HwBinder service
2017-04-13 10:31:04 -07:00
charger.te
healthd: create SEPolicy for 'charger' and reduce healthd's scope
2016-12-15 18:17:13 -08:00
clatd.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
cppreopts.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
crash_dump.te
sepolicy: relabel /vendor
2017-04-05 13:58:32 -07:00
device.te
Define policy for "loop-control" device.
2017-03-25 21:39:03 -06:00
dex2oat.te
sepolicy: restrict access for /vendor/framework.
2017-04-06 13:28:16 -07:00
dhcp.te
Ban core components from accessing vendor data types
2017-04-01 07:16:40 -07:00
dnsmasq.te
remove more domain_deprecated
2016-12-09 19:57:43 -08:00
domain_deprecated.te
Fix lock logspam and remove domain_deprecated rule
2017-04-04 18:37:28 -07:00
domain.te
Unbreak user builds
2017-04-13 14:17:32 -07:00
drmserver.te
No access to tee domain over Unix domain sockets
2017-04-03 11:26:01 -07:00
dumpstate.te
VR: Add sepolicy for VR HWC service
2017-03-31 10:25:53 -04:00
ephemeral_app.te
Move ephemeral_app policy to private
2017-01-09 15:34:27 -08:00
file.te
Add hwservice_contexts and support for querying it.
2017-04-12 18:07:12 -07:00
fingerprintd.te
te_macros: introduce add_service() macro
2017-01-26 04:43:16 +00:00
fsck_untrusted.te
fsck: allow stat access on /dev/block files
2017-02-17 12:47:25 -08:00
fsck.te
fsck: allow stat access on /dev/block files
2017-02-17 12:47:25 -08:00
gatekeeperd.te
Fix sepolicy for Gatekeeper HAL
2017-03-20 07:39:33 -07:00
global_macros
Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes.
2017-02-06 14:24:41 -05:00
hal_allocator.te
Mark all clients of Allocator HAL
2017-03-24 13:54:43 -07:00
hal_audio.te
Mark all clients of Allocator HAL
2017-03-24 13:54:43 -07:00
hal_bluetooth.te
Disallow HAL access to Bluetooth data files
2017-03-30 16:00:23 +00:00
hal_bootctl.te
Switch Boot Control HAL policy to _client/_server
2017-03-17 17:22:06 -07:00
hal_camera.te
Policy for Camera HAL HwBinder service
2017-04-13 10:31:04 -07:00
hal_contexthub.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_drm.te
No access to tee domain over Unix domain sockets
2017-04-03 11:26:01 -07:00
hal_dumpstate.te
dumpstate: allow HALs to read /proc/interrupts
2017-03-22 13:26:03 -07:00
hal_fingerprint.te
Switch Fingerprint HAL policy to _client/_server
2017-02-21 16:11:25 -08:00
hal_gatekeeper.te
Fix sepolicy for Gatekeeper HAL
2017-03-20 07:39:33 -07:00
hal_gnss.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_graphics_allocator.te
Move Graphics Allocator HAL IPC rules to proper location
2017-03-20 15:02:20 -07:00
hal_graphics_composer.te
Allow hwcomposer to change scheduling policy
2017-02-13 09:02:04 -08:00
hal_health.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_ir.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_keymaster.te
No access to tee domain over Unix domain sockets
2017-04-03 11:26:01 -07:00
hal_light.te
hal_light: add permission to sys/class/leds.
2017-01-20 00:17:11 +00:00
hal_neverallows.te
Enforce one HAL per domain.
2017-03-21 12:16:31 -07:00
hal_nfc.te
Remove unnecessary rules from NFC HAL clients
2017-03-22 16:22:33 -07:00
hal_sensors.te
Allow hal_sensors to use ashmem from android.hidl.allocator
2017-04-04 13:49:20 -07:00
hal_telephony.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_thermal.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_tv_cec.te
Add sepolicy for tv.cec
2017-04-07 11:21:56 +09:00
hal_tv_input.te
Add sepolicy for tv.input
2017-03-31 13:44:50 -07:00
hal_usb.te
sepolicy for usb hal
2017-01-27 00:05:19 +00:00
hal_vibrator.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_vr.te
haldomain: add hwbinder_use
2017-01-18 09:47:50 -08:00
hal_wifi_supplicant.te
sepolicy: Add new wifi keystore HAL
2017-03-29 14:07:36 -07:00
hal_wifi.te
sepolicy: Allow hal_wifi to set wlan driver status prop
2017-03-03 09:32:03 -08:00
healthd.te
Annotate most remaining HALs with _client/_server
2017-03-16 19:55:16 -07:00
hwservice.te
Policy for Camera HAL HwBinder service
2017-04-13 10:31:04 -07:00
hwservicemanager.te
Add hwservice_contexts and support for querying it.
2017-04-12 18:07:12 -07:00
idmap.te
sepolicy: restrict /vendor/overlay from most coredomains
2017-04-06 13:28:16 -07:00
incident.te
Add incident command and incidentd daemon se policy.
2017-02-07 15:52:07 -08:00
incidentd.te
Add incident command and incidentd daemon se policy.
2017-02-07 15:52:07 -08:00
init.te
sepolicy: relabel /vendor
2017-04-05 13:58:32 -07:00
inputflinger.te
te_macros: introduce add_service() macro
2017-01-26 04:43:16 +00:00
install_recovery.te
install_recovery.te: remove domain_deprecated
2017-01-09 16:47:36 +00:00
installd.te
sepolicy: restrict /vendor/app from most coredomains
2017-04-06 13:28:12 -07:00
ioctl_defines
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
ioctl_macros
Add TCSETS to unpriv_tty_ioctls
2016-12-07 15:59:34 -08:00
isolated_app.te
Move isolated_app policy to private
2017-01-05 16:06:54 -08:00
kernel.te
file_context: explicitly label all file context files
2017-03-29 10:17:21 -07:00
keystore.te
Wifi Keystore HAL is not a HAL
2017-04-04 15:04:05 -07:00
lmkd.te
more ephemeral_app cleanup
2017-01-20 14:35:17 +00:00
logd.te
logd: add getEventTag command and service
2017-01-31 15:50:42 +00:00
logpersist.te
logpersist: do not permit dynamic transition to domain
2016-12-29 09:29:36 -08:00
mdnsd.te
Move mdnsd policy to private
2017-02-06 15:02:32 -08:00
mediacodec.te
sepolicy: make exec_types in /vendor a subset of vendor_file_type
2017-04-11 17:20:36 +00:00
mediadrmserver.te
MediaCAS: adding media.cas to service
2017-02-28 12:31:45 -08:00
mediaextractor.te
Allow MediaExtractor to create FileSource
2017-03-29 17:54:49 +00:00
mediametrics.te
allow media.metrics to write to file descriptor in /data
2017-04-04 10:30:50 -07:00
mediaserver.te
rild does not communicate with BT/system_server/mediaserver over sockets
2017-04-04 14:04:49 -07:00
modprobe.te
allow to load kernel modules from vendor partition
2017-04-11 12:45:12 +09:00
mtp.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
net.te
Move netdomain policy to private
2017-02-06 15:02:00 -08:00
netd.te
Merge changes from topic 'ipsec-svc-pick' into oc-dev
2017-04-06 01:34:37 +00:00
neverallow_macros
Ban socket connections between core and vendor
2017-03-27 08:49:13 -07:00
nfc.te
Remove unnecessary rules from NFC HAL clients
2017-03-22 16:22:33 -07:00
otapreopt_chroot.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
otapreopt_slot.te
Sepolicy: Give otapreopt_slot read on A/B artifact links
2017-04-07 20:19:41 -07:00
performanced.te
Add SELinux policies for vr_window_manager
2017-02-15 14:56:49 -08:00
perfprofd.te
Ban vendor components access to core data types
2017-03-28 15:44:39 -07:00
platform_app.te
Move platform_app policy to private
2017-01-09 14:52:59 -08:00
postinstall_dexopt.te
sepolicy: Allow postinstall_dexopt /vendor/app access
2017-04-11 20:39:47 -07:00
postinstall.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
ppp.te
ppp: Allow specific ioctls on mtp:socket.
2017-03-17 17:09:19 -04:00
preopt2cachename.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
priv_app.te
Move priv_app policy to private
2017-01-05 15:44:32 -08:00
profman.te
Allow profman to analyze profiles for the secondary dex files
2017-03-15 18:47:13 -07:00
property.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
racoon.te
remove setuid SELinux capability for racoon.
2017-02-22 03:31:23 +00:00
radio.te
Ban socket connections between core and vendor
2017-03-27 08:49:13 -07:00
recovery_persist.te
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
recovery_refresh.te
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
recovery.te
Allow recovery to read thermal info
2017-04-07 11:23:36 -07:00
rild.te
Ban vendor components access to core data types
2017-03-28 15:44:39 -07:00
roles
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
runas.te
runas: Grant access to seapp_contexts_file
2017-03-30 13:21:49 -07:00
sdcardd.te
Remove logspam
2017-02-10 12:06:38 -08:00
sensord.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
service.te
Merge changes from topic 'ipsec-svc-pick' into oc-dev
2017-04-06 01:34:37 +00:00
servicemanager.te
Add target for vndservice_contexts.
2017-04-03 15:39:42 -07:00
sgdisk.te
remove more domain_deprecated
2016-12-09 19:57:43 -08:00
shared_relro.te
Restore app_domain macro and move to private use.
2016-12-08 14:42:43 -08:00
shell.te
Add hwservice_contexts and support for querying it.
2017-04-12 18:07:12 -07:00
slideshow.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
su.te
Add hwservice_contexts and support for querying it.
2017-04-12 18:07:12 -07:00
surfaceflinger.te
Move surfaceflinger policy to private
2017-02-07 10:06:12 -08:00
system_app.te
Move system_app policy to private
2017-01-05 17:20:28 -08:00
system_server.te
Move system_server policy to private
2017-02-07 20:24:05 +00:00
te_macros
Unbreak user builds
2017-04-13 14:17:32 -07:00
tee.te
Move TEE rules to vendor image
2017-04-03 11:11:48 -07:00
tombstoned.te
tombstoned: temporarily allow write to anr_data_file.
2017-01-23 12:54:03 -08:00
toolbox.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
tzdatacheck.te
remove more domain_deprecated
2016-12-09 19:57:43 -08:00
ueventd.te
sepolicy: relabel /vendor
2017-04-05 13:58:32 -07:00
uncrypt.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
untrusted_app_25.te
untrusted_app: policy versioning based on targetSdkVersion
2017-02-14 13:30:12 -08:00
untrusted_app.te
Move untrusted_app policy to private
2017-01-05 14:39:52 -08:00
untrusted_v2_app.te
Add new untrusted_v2_app domain
2017-02-21 12:39:55 -08:00
update_engine_common.te
Allow update_engine to kill postinstall process.
2017-03-22 21:01:08 -07:00
update_engine.te
Ban vendor components access to core data types
2017-03-28 15:44:39 -07:00
update_verifier.te
Allow update_verifier to reboot the device
2017-04-04 21:07:48 +00:00
vdc.te
Grant vdc access to kmsg
2017-03-31 20:48:36 +00:00
virtual_touchpad.te
Add SELinux policies for vr_window_manager
2017-02-15 14:56:49 -08:00
vndservicemanager.te
Initial sepolicy for vndservicemanager.
2017-03-23 00:20:43 +00:00
vold.te
file_context: explicitly label all file context files
2017-03-29 10:17:21 -07:00
vr_hwc.te
VR: Add sepolicy for VR HWC service
2017-03-31 10:25:53 -04:00
vr_wm.te
VR: Add sepolicy for VR HWC service
2017-03-31 10:25:53 -04:00
watchdogd.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
webview_zygote.te
Move webview_zygote policy to private
2017-01-27 17:01:43 +00:00
wificond.te
Allow wificond to find permission
2017-04-04 16:52:25 -07:00
zygote.te
Move zygote policy to private
2017-01-26 13:31:16 -08:00
d9745f3dec