..
compat
Add placeholder sepolicy for iris and face
2018-11-07 14:11:56 -08:00
access_vectors
Update access_vectors
2018-11-01 19:53:50 -07:00
adbd.te
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
apexd.te
Allow apexd to configure /sys/block/dm-
2018-11-08 13:58:41 +01:00
app_neverallows.te
Add runas_app domain to allow running app data file via run-as.
2018-11-07 18:11:40 +00:00
app.te
sepolicy: Allow apps to get info from priv_app by ashmem
2018-10-23 12:37:03 +08:00
asan_extract.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
atrace.te
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
audioserver.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
binder_in_vendor_violators.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
binderservicedomain.te
Move binderservicedomain policy to private
2017-02-08 09:09:39 -08:00
blank_screen.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bluetooth.te
Whitelist vendor-init-settable bluetooth_prop and wifi_prop
2018-04-13 11:08:48 +09:00
bluetoothdomain.te
Move bluetoothdomain policy to private
2017-02-06 15:32:08 -08:00
bootanim.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
bootstat.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bpfloader.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bufferhubd.te
Update SELinux Policy for bufferhubd
2018-09-24 12:29:43 -07:00
bug_map
Track vrcore_app SELinux denial
2018-10-23 12:19:27 -07:00
cameraserver.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
charger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
clatd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
coredomain.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
cppreopts.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
crash_dump.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
dex2oat.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dexoptanalyzer.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
domain.te
Transient SELinux domain for system_server JIT
2018-10-31 12:32:01 +00:00
drmserver.te
Tighten restrictions on core <-> vendor socket comms
2017-03-31 09:17:54 -07:00
dumpstate.te
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
ephemeral_app.te
Revert "auditallow app_data_file execute"
2018-08-13 11:23:02 -07:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file_contexts
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
file_contexts_asan
Label /data/asan/* libs as system_lib_file.
2018-10-10 11:23:00 -07:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
file.te
Allow all app types to socket send to statsdw (statsd socket)
2018-08-23 16:13:30 -07:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
flags_health_check.te
sepolicy for server configurable flags
2018-11-01 03:28:56 +00:00
fs_use
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
genfs_contexts
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
gpuservice.te
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
hal_allocator_default.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
hal_system_suspend_default.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
halclientdomain.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
halserverdomain.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
healthd.te
healthd provides health@2.0 service.
2017-10-17 13:48:42 -07:00
heapprofd.te
Add heapprofd selinux config.
2018-10-15 18:31:26 +01:00
hwservice_contexts
Sepolicy for bufferhub hwservice
2018-10-25 10:08:05 -07:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
incident_helper.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incident.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incidentd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
init.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
initial_sid_contexts
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
initial_sids
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
inputflinger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
install_recovery.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
installd.te
Ensure taking a bugreport generates no denials.
2018-03-08 02:25:18 +00:00
iorapd.te
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
isolated_app.te
tun_device: enforce ioctl restrictions
2018-11-01 12:13:27 -07:00
kernel.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
keys.conf
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
keystore.te
Allow Keystore to check security logging property.
2018-01-24 19:49:18 +00:00
llkd.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
lmkd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logpersist.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
mac_permissions.xml
Move MediaProvider to its own domain, add new MtpServer permissions
2016-12-12 11:05:33 -08:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
update sepolicy for gralloc HAL
2017-03-30 14:43:35 -07:00
mediaextractor.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediametrics.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediaprovider.te
mediaprovider: add functionfs ioctl
2018-10-17 10:14:40 -07:00
mediaserver.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
mediaswcodec.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
mls
sepolicy: Allow apps to get info from priv_app by ashmem
2018-10-23 12:37:03 +08:00
mls_decl
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
mls_macros
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
modprobe.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
net.te
Update socket ioctl restrictions
2018-06-22 05:35:07 +00:00
netd.te
Allow netd to setup xt_bpf iptable rules
2018-03-21 14:37:37 -07:00
netutils_wrapper.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
nfc.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
otapreopt_chroot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
otapreopt_slot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfetto.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
performanced.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfprofd.te
Sepolicy for system suspend HAL.
2018-08-13 17:26:34 -07:00
platform_app.te
app: Allow all apps to read dropbox FDs
2018-09-04 20:23:43 +00:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
postinstall_dexopt.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
postinstall.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preloads_copy.te
Add sepolicy for preloads_copy script
2018-10-23 17:11:36 +01:00
preopt2cachename.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
priv_app.te
drop priv_app app_data_file:file execute;
2018-10-27 15:20:38 -07:00
profman.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
property_contexts
apexd_prop is defined for PRODUCT_COMPATIBLE_PROPERTY = false case
2018-11-08 11:29:01 +09:00
racoon.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
radio.te
Add label for time (zone) system properties
2018-06-25 17:59:56 +01:00
recovery_persist.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
recovery_refresh.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
roles_decl
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
runas_app.te
Add runas_app domain to allow running app data file via run-as.
2018-11-07 18:11:40 +00:00
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Add runas_app domain to allow running app data file via run-as.
2018-11-07 18:11:40 +00:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
Update access_vectors
2018-11-01 19:53:50 -07:00
service_contexts
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
service.te
Update SELinux Policy for bufferhubd
2018-09-24 12:29:43 -07:00
servicemanager.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
sgdisk.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
slideshow.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
stats.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
statsd.te
Allow all app types to socket send to statsdw (statsd socket)
2018-08-23 16:13:30 -07:00
storaged.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
system_app.te
remove system_app proc_net_type access
2018-10-11 10:20:19 -07:00
system_server_startup.te
Transient SELinux domain for system_server JIT
2018-10-31 12:32:01 +00:00
system_server.te
[SEPolicy] Configure policy for gpu service.
2018-11-08 12:31:11 -08:00
technical_debt.cil
Rename untrusted_app_visible_*' to include 'violators'.
2018-08-21 21:32:41 +00:00
thermalserviced.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
tombstoned.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
toolbox.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
traced_probes.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traced.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traceur_app.te
Allow Traceur app to remove trace files.
2018-02-20 17:03:08 -08:00
tzdatacheck.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app_25.te
Revert "Revert "Enforce execve() restrictions for API > 28""
2018-11-07 18:07:18 +00:00
untrusted_app_27.te
Revert "Revert "Enforce execve() restrictions for API > 28""
2018-11-07 18:07:18 +00:00
untrusted_app_all.te
Revert "Revert "Enforce execve() restrictions for API > 28""
2018-11-07 18:07:18 +00:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
update_engine_common.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
update_engine.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
update_verifier.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
vdc.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vendor_init.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
virtual_touchpad.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vold_prepare_subdirs.te
sepolicy: grant dac_read_search to domains with dac_override
2018-09-19 15:54:37 -06:00
vold.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
vr_hwc.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
wificond.te
SE Policy for Wifi Offload HAL
2017-05-18 09:49:55 -07:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Transient SELinux domain for system_server JIT
2018-10-31 12:32:01 +00:00
7924dc6054