..
adbd.te
Moving adbd from rootdir to system/bin
2017-08-28 17:38:13 +08:00
app.te
Block SDK 28 app from using proc/net/xt_qtaguid
2018-04-03 14:41:41 -07:00
asan_extract.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
attributes
proc_type attribute for files under /proc.
2018-03-19 14:58:25 -07:00
audioserver.te
Move audioserver policy to private
2017-02-07 10:47:18 -08:00
blkid_untrusted.te
Move blkid policy to private
2017-02-07 23:57:53 +00:00
blkid.te
Move blkid policy to private
2017-02-07 23:57:53 +00:00
bluetooth.te
Move bluetooth policy to private
2017-02-06 15:29:10 -08:00
bootanim.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
bootstat.te
Remove bootstat access to proc label.
2017-09-18 10:29:24 -07:00
bufferhubd.te
SELinux policies for PDX services
2017-05-15 10:07:05 -07:00
cameraserver.te
Add shell:fifo_file permission for cameraserver
2018-02-28 16:12:40 -08:00
charger.te
charger: allow to read /sys/class/power_supply
2018-01-18 16:46:17 -08:00
clatd.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
cppreopts.te
Grant cppreopts.sh permissions to cleanup if it fails
2017-08-23 16:00:23 +00:00
crash_dump.te
crashdump: cleanup logs
2018-03-26 15:45:04 -07:00
device.te
Add secure_element_device
2018-03-07 16:37:24 +00:00
dex2oat.te
Reland "Allow dexopt to follow /odm/lib(64) symlinks.""
2018-04-02 10:43:22 +09:00
dhcp.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
display_service_server.te
Add fwk_display_hwservice.
2017-05-17 11:00:28 -07:00
dnsmasq.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
domain.te
SELinux changes for I/O tracing.
2018-03-30 00:32:34 +00:00
drmserver.te
No access to tee domain over Unix domain sockets
2017-04-03 11:26:01 -07:00
dumpstate.te
Enable Traceur on user builds.
2018-02-02 12:46:36 -08:00
e2fs.te
Allow vendor_init and e2fs to enable metadata encryption
2018-02-01 13:25:34 -08:00
ephemeral_app.te
file.te
silence innocuous denials to /proc and /sys
2018-03-21 10:48:22 -07:00
fingerprintd.te
Remove fingerprintd access to sysfs_type and cgroup label.
2017-09-19 17:12:14 -07:00
fsck_untrusted.te
Sync internal master and AOSP sepolicy.
2017-09-27 18:55:47 -07:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
gatekeeperd.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
global_macros
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_allocator.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_audio.te
Bluetooth A2DP offload: Binder call to audio HAL
2018-03-12 13:28:43 -07:00
hal_authsecret.te
authsecret HAL policies.
2018-02-05 11:19:46 +00:00
hal_bluetooth.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_bootctl.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_broadcastradio.te
Move Broadcast Radio HAL to a separate binary.
2017-09-15 10:16:48 -07:00
hal_camera.te
hal_camera: Allow writing dump info into pipes
2018-02-26 14:53:39 -08:00
hal_cas.te
Fix CTS regressions
2017-11-22 04:54:41 +00:00
hal_configstore.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
hal_confirmationui.te
Added default policy for Confirmation UI HAL
2018-01-24 10:22:40 -08:00
hal_contexthub.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_drm.te
Fix CTS regressions
2017-11-22 04:54:41 +00:00
hal_dumpstate.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_fingerprint.te
Move platform/vendor data violations to device policy
2017-11-20 17:18:56 +00:00
hal_gatekeeper.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_gnss.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_graphics_allocator.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_graphics_composer.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_health.te
hal_health_default: permissions for default impl
2017-10-31 15:11:23 -07:00
hal_ir.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_keymaster.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_light.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_lowpan.te
Sync internal master and AOSP sepolicy.
2017-09-27 18:55:47 -07:00
hal_memtrack.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_neuralnetworks.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
hal_neverallows.te
Revert "Revert "Move rild from public to vendor.""
2018-03-12 13:13:39 -07:00
hal_nfc.te
Move platform/vendor data violations to device policy
2017-11-20 17:18:56 +00:00
hal_oemlock.te
Add missing sepolicies for OemLock HAL.
2017-05-31 15:22:05 +01:00
hal_power.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
hal_sensors.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_telephony.te
Allow vendor-init-settable to persist.radio.multisim.config
2018-03-27 13:41:47 +09:00
hal_tetheroffload.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
hal_thermal.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_tv_cec.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_tv_input.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_usb_gadget.te
Grant create_file_perms to hal_usb_gadget_server
2018-01-25 00:25:50 +00:00
hal_usb.te
Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"
2018-01-08 13:09:34 -08:00
hal_vibrator.te
Allow hal_vibrator access to sysfs_vibrator files.
2018-03-01 14:30:52 +00:00
hal_vr.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
hal_weaver.te
Add missing sepolicies for the Weaver HAL.
2017-05-31 15:17:11 +01:00
hal_wifi_offload.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
hal_wifi_supplicant.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
hal_wifi.te
Wifi hal - Firmware dump permissions
2017-12-18 13:11:02 -08:00
healthd.te
Fix aosp healthd.
2018-03-27 15:18:30 -07:00
hwservice.te
authsecret HAL policies.
2018-02-05 11:19:46 +00:00
hwservicemanager.te
Add hwservice_contexts and support for querying it.
2017-04-12 18:07:12 -07:00
idmap.te
Suppress denials from idmap reading installd's files.
2018-01-25 10:07:19 -08:00
incident_helper.te
Selinux permissions for incidentd project
2018-01-23 19:08:49 +00:00
incident.te
Add incident command and incidentd daemon se policy.
2017-02-07 15:52:07 -08:00
incidentd.te
Add incident command and incidentd daemon se policy.
2017-02-07 15:52:07 -08:00
init.te
Init: Enable init to relabel symlinks for recovery_block_device.
2018-03-15 14:03:04 -07:00
inputflinger.te
te_macros: introduce add_service() macro
2017-01-26 04:43:16 +00:00
install_recovery.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
installd.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
ioctl_defines
Fix TIOCSCTTY ioctl definition for mips
2017-08-31 18:16:46 +02:00
ioctl_macros
isolated_app.te
kernel.te
Add label for kernel test files and executables
2018-02-22 12:55:30 -08:00
keystore.te
Move domain_deprecated into private policy
2017-07-24 07:39:54 -07:00
lmkd.te
lmkd: add live-lock killer daemon
2018-02-05 12:12:51 -08:00
logd.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
logpersist.te
mdnsd.te
Move mdnsd policy to private
2017-02-06 15:02:32 -08:00
mediacodec.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
mediadrmserver.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
mediaextractor.te
Allow mediaextractor to load libraries from apk_data_file
2018-01-23 11:21:11 -08:00
mediametrics.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
mediaprovider.te
Split mediaprovider from priv_app.
2017-07-10 11:17:18 -07:00
mediaserver.te
Remove deprecated tagSocket() permissions
2018-04-03 13:56:58 +00:00
modprobe.te
modprobe: shouldn't load kernel modules from /system
2018-03-20 14:17:28 -07:00
mtp.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
net.te
Move netdomain policy to private
2017-02-06 15:02:00 -08:00
netd.te
netd: silence innocuous denials to /proc and /sys
2018-03-16 16:08:34 -07:00
netutils_wrapper.te
add netutils_wrappers
2017-04-14 22:57:27 -07:00
neverallow_macros
Ban socket connections between core and vendor
2017-03-27 08:49:13 -07:00
nfc.te
Remove unnecessary rules from NFC HAL clients
2017-03-22 16:22:33 -07:00
otapreopt_chroot.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
otapreopt_slot.te
Sepolicy: Give otapreopt_slot read on A/B artifact links
2017-04-07 20:19:41 -07:00
performanced.te
Suppress noisy performanced denials in permissive mode.
2018-02-27 10:42:12 +00:00
perfprofd.te
Selinux: Fix perfprofd policy
2018-04-02 08:10:09 -07:00
platform_app.te
postinstall_dexopt.te
Reland "Allow dexopt to follow /odm/lib(64) symlinks.""
2018-04-02 10:43:22 +09:00
postinstall.te
ppp.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
preopt2cachename.te
priv_app.te
profman.te
Allow profman to analyze profiles for the secondary dex files
2017-03-15 18:47:13 -07:00
property_contexts
Allow vendor_init_settable for persist.sys.sf.native_mode
2018-04-02 16:20:51 +09:00
property.te
Allow vendor-init-settable to persist.radio.multisim.config
2018-03-27 13:41:47 +09:00
racoon.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
radio.te
Allow vendor-init-settable to persist.radio.multisim.config
2018-03-27 13:41:47 +09:00
recovery_persist.te
recovery_refresh.te
recovery.te
Whitelist exported platform properties
2018-01-10 16:15:25 +00:00
roles
runas.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
sdcardd.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
service.te
Added SELinux policy for BinderCallsStatsService
2018-03-20 21:51:17 +00:00
servicemanager.te
Prevent vendor_init from using binder or sockets
2018-02-09 19:32:59 +00:00
sgdisk.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
shared_relro.te
Allow shared_relro to connect to activity_service.
2017-07-24 17:38:40 -04:00
shell.te
shell: remove from system_executes_vendor_violators.
2018-02-07 17:48:28 +00:00
slideshow.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
su.te
authsecret HAL policies.
2018-02-05 11:19:46 +00:00
surfaceflinger.te
Move surfaceflinger policy to private
2017-02-07 10:06:12 -08:00
system_app.te
system_server.te
Move system_server policy to private
2017-02-07 20:24:05 +00:00
te_macros
Keystore needs to be able to call apps
2018-03-27 14:24:57 -07:00
tee.te
Move domain_deprecated into private policy
2017-07-24 07:39:54 -07:00
thermalserviced.te
PowerUI access to thermalservice
2017-10-14 01:05:58 +00:00
tombstoned.te
DO NOT MERGE ANYWHERE Revert "SEPolicy: Changes for new stack dumping scheme."
2017-06-23 17:36:26 +01:00
toolbox.te
traced_probes.te
SELinux changes for I/O tracing.
2018-03-30 00:32:34 +00:00
traceur_app.te
Enable Traceur on user builds.
2018-02-02 12:46:36 -08:00
tzdatacheck.te
Allow the shell user to run tzdatacheck
2017-04-20 09:31:36 +00:00
ueventd.te
Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"
2018-01-08 13:09:34 -08:00
uncrypt.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
untrusted_v2_app.te
Add new untrusted_v2_app domain
2017-02-21 12:39:55 -08:00
update_engine_common.te
Make /proc/sys/kernel/random available to everyone
2017-11-20 21:02:21 +00:00
update_engine.te
Remove deprecated tagSocket() permissions
2018-04-03 13:56:58 +00:00
update_verifier.te
Create sysfs_dm label.
2017-10-10 14:42:24 -07:00
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
vdc.te
Sync internal master and AOSP sepolicy.
2017-09-27 18:55:47 -07:00
vendor_init.te
Allow vendor-init-settable to persist.radio.multisim.config
2018-03-27 13:41:47 +09:00
vendor_shell.te
Allow shell to start vendor shell
2018-01-16 18:28:51 +00:00
vendor_toolbox.te
Allow init to run vendor toybox for modprobe
2017-05-24 15:01:20 -07:00
virtual_touchpad.te
Allow vr_hwc and virtual_touchpad to query for permissions
2017-04-21 17:15:03 -04:00
vndservice.te
Add default label and mapping for vendor services
2017-04-28 14:56:57 -07:00
vndservicemanager.te
Initial sepolicy for vndservicemanager.
2017-03-23 00:20:43 +00:00
vold_prepare_subdirs.te
Move most of public/vold_prepare_subdirs.te to private
2017-10-25 13:06:25 -07:00
vold.te
label /data/vendor{_ce,_de}
2018-02-08 17:21:25 +00:00
vr_hwc.te
SELinux policies for PDX services
2017-05-10 16:39:19 -07:00
watchdogd.te
webview_zygote.te
Move webview_zygote policy to private
2017-01-27 17:01:43 +00:00
wificond.te
MAC Anonymization: wificond SIOCSIFHWADDR sepolicy
2018-01-22 20:42:12 -08:00
wpantund.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
zygote.te
Move zygote policy to private
2017-01-26 13:31:16 -08:00
c411ff70d3