PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
960f73b75b
android_system_sepolicy/public
History
Kenny Root 960f73b75b rebootescrow: allow use of block file 
pmem uses a block file while access_ramoops uses a char file. Allow both for
now until we can unify on pmem.

Additionally allow the reading of vendor properties so it can read the
path to the character or block device to open.

Test: atest VtsHalRebootEscrowTargetTest
Bug: 146400078
Change-Id: Ief61534e0946480a01c635ce1672579959ec8db5
2020-01-27 12:28:44 -08:00
..
adbd.te Allow adb start/stop mdnsd via ctl.start/stop 2019-04-16 08:39:33 -07:00
aidl_lazy_test_server.te Add aidl_lazy_test_server 2020-01-07 15:11:03 -08:00
apexd.te binder_use: Allow servicemanager callbacks 2019-12-19 23:07:14 +00:00
app_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
app.te Grant appdomain access to app_api_service 2020-01-07 09:59:34 +08:00
asan_extract.te
attributes Sepolicy update for Automotive Display Service 2020-01-21 18:43:27 +00:00
audioserver.te audioserver: allow audioserver to generate audio HAL tombstones 2019-11-04 18:05:28 -08:00
blkid_untrusted.te
blkid.te
bluetooth.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
bootanim.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
bootstat.te Allow zygote to write to statsd and refactor 2018-10-08 13:48:28 -07:00
bufferhubd.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
camera_service_server.te Abstract use of cameraserver behind an attribute 2019-03-01 14:02:59 -08:00
cameraserver.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
charger.te Allow charger to open health passthrough HAL 2019-10-17 16:35:43 -07:00
crash_dump.te crash_dump: suppress denials on properties 2019-02-07 08:45:15 -08:00
device.te Move usb_serial_device to device.te 2019-12-13 17:01:27 -08:00
dhcp.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
display_service_server.te
dnsmasq.te add dontaudit dnsmasq kernel:system module_request 2020-01-18 18:22:12 -08:00
domain.te Merge "Support for more binder caches" 2020-01-23 15:44:39 +00:00
drmserver.te Allow drmserver to communicate with mediametrics 2019-08-22 11:31:03 -07:00
dumpstate.te More neverallows for default_android_service. 2020-01-21 11:13:22 -08:00
e2fs.te Allow e2fs more ioctls to device-mapper devices. 2019-02-05 18:05:50 -08:00
ephemeral_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
fastbootd.te Give fastbootd permission to mount and write to /metadata/gsi. 2019-12-18 15:08:24 -08:00
file.te initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
fingerprintd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
flags_health_check.te Whitelisting window_manager_native_boot system property 2020-01-21 22:54:49 +00:00
fsck_untrusted.te
fsck.te fs_mgr: overlayfs support legacy devices (marlin) Part Deux 2019-02-15 15:56:16 +00:00
fwk_bufferhub.te Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
gatekeeperd.te Allow gatekeeperd to read ro.gsid.image_running. 2019-02-19 21:08:22 +00:00
global_macros global_macros: trim back various watch* permissions 2019-08-28 12:36:58 -07:00
gmscore_app.te Create a separate SELinux domain for gmscore 2019-11-22 10:39:19 -08:00
gpuservice.te Game Driver: sepolicy update for plumbing GpuStats into GpuService 2019-02-08 18:15:17 -08:00
hal_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_atrace.te Add atrace HAL 1.0 sepolicy 2018-09-27 23:18:29 +00:00
hal_audio.te sepolicy: allow hal_omx to access audio devices 2019-05-22 10:35:16 -07:00
hal_audiocontrol.te
hal_authsecret.te
hal_bluetooth.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
hal_bootctl.te add hal_bootctl to white-list of sys_rawio 2019-02-13 12:38:22 +00:00
hal_broadcastradio.te Allow radio server to client binder callback 2019-03-29 15:22:16 -07:00
hal_camera.te
hal_can.te Move usb_serial_device to device.te 2019-12-13 17:01:27 -08:00
hal_cas.te
hal_codec2.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_configstore.te debug builds: allow perf profiling of most domains 2020-01-22 22:04:02 +00:00
hal_confirmationui.te
hal_contexthub.te
hal_drm.te Give hal_drm_server appdomain fd access. 2019-06-05 10:12:28 -07:00
hal_dumpstate.te
hal_evs.te Update sepolicy for EVS v1.x 2019-07-30 13:22:03 -07:00
hal_face.te Revert "Allow hal_face to write to /data/vendor/camera_calibration/*." 2019-06-19 20:15:50 +00:00
hal_fingerprint.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
hal_gatekeeper.te
hal_gnss.te
hal_graphics_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_graphics_composer.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
hal_health_storage.te health.filesystem HAL renamed to health.storage 2018-09-20 04:12:45 +00:00
hal_health.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
hal_identity.te Add SELinux policy for Identity Credential HAL 2020-01-14 20:13:39 -05:00
hal_input_classifier.te Permissions for InputClassifier HAL 2019-01-11 02:08:19 +00:00
hal_ir.te
hal_keymaster.te
hal_light.te Add rules for Lights AIDL HAL 2020-01-22 20:33:42 +01:00
hal_lowpan.te
hal_memtrack.te
hal_neuralnetworks.te Allow NNAPI HAL services access model files provided by privapp. 2019-04-24 21:15:45 -07:00
hal_neverallows.te SEPolicy rules for CAN bus HAL 2019-08-01 10:24:00 -07:00
hal_nfc.te
hal_oemlock.te
hal_omx.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
hal_power_stats.te Add power.stats HAL 1.0 sepolicy 2018-12-11 00:11:08 +00:00
hal_power.te stable aidl Power HAL policy 2020-01-15 16:53:40 -08:00
hal_rebootescrow.te Support Resume on Reboot 2019-12-09 14:25:04 -08:00
hal_secure_element.te
hal_sensors.te
hal_telephony.te Remove sepolicy for /dev/alarm. 2018-12-06 04:23:22 +00:00
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_tv_tuner.te Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
hal_usb_gadget.te
hal_usb.te Allow hal_usb to call getsockopt on uevent socket 2018-12-03 18:37:25 +00:00
hal_vehicle.te
hal_vibrator.te Allow dumping vibrator HAL. 2019-12-09 11:17:55 -08:00
hal_vr.te
hal_weaver.te
hal_wifi_hostapd.te
hal_wifi_offload.te
hal_wifi_supplicant.te
hal_wifi.te Allow dumpstate to dump wlan hal log on userbuild 2019-03-21 12:27:44 +08:00
healthd.te drop "allow healthd self:process execmem;" 2019-05-23 11:17:21 -07:00
heapprofd.te Add userdebug selinux config for heapprofd. 2018-11-14 09:22:07 +00:00
hwservice.te Sepolicy update for Automotive Display Service 2020-01-21 18:43:27 +00:00
hwservicemanager.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
idmap.te idmap: add binderservice permissions 2019-09-18 13:47:09 +02:00
incident_helper.te
incident.te
incidentd.te
init.te Allow init to configure dm_verity kernel driver. 2020-01-06 09:40:50 +01:00
inputflinger.te SEPolicy for InputFlinger Service. 2018-11-16 21:52:01 +00:00
installd.te Merge "binder_use: Allow servicemanager callbacks" 2019-12-23 20:04:33 +00:00
ioctl_defines Add FS_IOC_FS(G|S)ETXATTR to ioctl_defines and allow vold to use it. 2020-01-22 10:53:33 +01:00
ioctl_macros more ioctl work 2018-10-17 11:12:18 -07:00
iorap_prefetcherd.te sepolicy: Add iorap_prefetcherd rules 2019-10-22 12:45:46 -07:00
iorapd.te Using macro "rx_file_perms" instead of "execute_no_trans". 2020-01-09 13:23:01 -08:00
isolated_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
kernel.te Update kernel permissions to pass libdm snapshot unit test 2019-11-05 23:54:29 +00:00
keystore.te sepolicy(wifi): Allow keystore-wificond communication 2020-01-17 21:14:25 +00:00
llkd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
lmkd.te allow init to communicate with lmkd and lmkd to kill native processes 2019-11-07 18:19:44 +00:00
logd.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
logpersist.te logpersist is now a shell script, so give it the appropriate permissions 2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediaextractor.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
mediametrics.te Allow mediametrics to log records to statsd 2019-02-25 20:09:54 -08:00
mediaprovider.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
mediaserver.te Remove mediacodec_service. 2019-08-21 01:19:20 +00:00
mediaswcodec.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
mediatranscoding.te MediaTranscodingService: Add sepolicy for MediaTranscodingService. 2019-12-02 13:57:28 -08:00
modprobe.te
mtp.te mtp: support using pppox_socket family 2019-05-08 06:01:58 -07:00
net.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
netd.te netd: remove freshly added neverallows 2020-01-25 02:13:01 +00:00
netutils_wrapper.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
network_stack.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
neverallow_macros neverallow_macros: add watch* perms 2019-09-05 09:54:43 -07:00
nfc.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
perfetto.te Allow to signal perfetto from shell. 2018-12-13 10:46:42 +00:00
performanced.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
platform_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
postinstall.te Allow postinstall scripts to trigger F2FS GC 2019-02-20 22:40:53 +00:00
ppp.te ppp: support using pppox_socket family 2019-05-06 14:11:02 -07:00
priv_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
profman.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
property_contexts rebootescrow: allow use of block file 2020-01-27 12:28:44 -08:00
property.te rebootescrow: allow use of block file 2020-01-27 12:28:44 -08:00
racoon.te racoon: allow ioctl TUNSETIFF 2018-11-15 10:32:45 -08:00
radio.te Add new time zone detection service 2019-11-15 13:33:23 +00:00
recovery_persist.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery_refresh.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery.te recovery: Allow BLKPBSZGET on cache_block_device 2020-01-21 16:34:42 +00:00
roles
rs.te sepolicy: Add "rs" and "rs_exec" to public policy 2018-12-21 17:47:54 +00:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
runas.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
scheduler_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
sdcardd.te Move layout_version to /data/misc/installd 2019-08-21 10:11:35 -07:00
secure_element.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
sensor_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
service.te Add rules for Lights AIDL HAL 2020-01-22 20:33:42 +01:00
servicemanager.te Service context for servicemanager. 2019-10-16 16:31:42 -07:00
sgdisk.te sgdisk: allow BLKRRPART 2018-11-02 14:26:23 -07:00
shared_relro.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
shell.te Merge "More neverallows for default_android_service." 2020-01-21 21:31:57 +00:00
simpleperf_app_runner.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
simpleperf.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
slideshow.te
stats_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
statsd.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
su.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
surfaceflinger.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
system_server.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_suspend_server.te Decouple system_suspend from hal attributes. 2019-02-26 18:10:28 -08:00
te_macros initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
tee.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
tombstoned.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
toolbox.te Allow toolbox to rm -rf /data/per_boot 2019-09-16 10:18:57 -07:00
traced_perf.te initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
traced_probes.te
traced.te Allow iorapd to access perfetto 2019-01-23 22:43:47 +00:00
traceur_app.te More neverallows for default_android_service. 2020-01-21 11:13:22 -08:00
tzdatacheck.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
ueventd.te ueventd: allow using external firmware handlers 2019-08-15 11:34:07 +09:00
uncrypt.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
untrusted_app.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
update_engine_common.te update_engine: rules to apply virtual A/B OTA 2019-10-02 12:46:47 -07:00
update_engine.te Audit binder_call rule for priv_app in update_engine.te 2019-12-03 14:02:57 -08:00
update_verifier.te Add a new context for property ota.warm_reset 2019-11-14 15:24:25 -08:00
usbd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vdc.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
vendor_init.te rebootescrow: allow use of block file 2020-01-27 12:28:44 -08:00
vendor_misc_writer.te Ignore the denial due to vendor_misc_writer reading DT fstab. 2019-10-10 22:17:53 -07:00
vendor_shell.te
vendor_toolbox.te
virtual_touchpad.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vndservice.te
vndservicemanager.te
vold_prepare_subdirs.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vold.te Add FS_IOC_FS(G|S)ETXATTR to ioctl_defines and allow vold to use it. 2020-01-22 10:53:33 +01:00
vr_hwc.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
webview_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
wificond.te sepolicy(wifi): Allow keystore-wificond communication 2020-01-17 21:14:25 +00:00
wpantund.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00