..
compat
revert ipmemorystore selinux policy.
2019-04-01 16:37:25 +09:00
access_vectors
Update access_vectors
2018-11-01 19:53:50 -07:00
adbd.te
adbd: do not audit vsock_socket create
2019-02-25 14:55:27 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
Rename data/pkg_staging to data/app-staging
2019-03-14 14:00:53 +00:00
app_neverallows.te
Neverallow app open access to /dev/ashmem
2019-02-27 21:17:25 +00:00
app_zygote.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
app.te
revert ipmemorystore selinux policy.
2019-04-01 16:37:25 +09:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
ashmemd.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
atrace.te
Add rules for lpdump and lpdumpd
2019-03-25 10:14:20 -07:00
audioserver.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bluetooth.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
bluetoothdomain.te
bootanim.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
bootstat.te
bpfloader.te
Add permissions for bpf.progs_loaded property
2019-01-14 10:59:10 -05:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Remove priv_app SELinux denial tracking.
2019-02-28 14:15:47 -08:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
clatd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
coredomain.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
cppreopts.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
dex2oat.te
Allow otapreopt_chroot to use a flattened Runtime APEX package.
2019-03-19 14:44:22 +00:00
dexoptanalyzer.te
dexoptanalyzer: Allow writing into installd's pipe
2019-03-20 15:37:12 +00:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
domain.te
Add sepolicy for installing GSIs to external storage.
2019-03-27 17:12:51 -07:00
drmserver.te
dumpstate.te
Add incidentcompanion service.
2019-01-26 13:15:45 -08:00
ephemeral_app.te
ashmem: expand app access
2019-02-28 10:47:35 -08:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file_contexts
Relabel /data/system/packages.list to new type.
2019-03-28 10:27:43 +00:00
file_contexts_asan
Label /data/asan/* libs as system_lib_file.
2018-10-10 11:23:00 -07:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
file.te
Add initial sepolicy for app data snapshots.
2019-01-16 15:22:51 +00:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
flags_health_check.te
sepolicy for server configurable flags
2018-11-01 03:28:56 +00:00
fs_use
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsverity_init.te
Move fs-verity key loading into fsverity_init domain
2019-03-27 16:31:01 +00:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
genfs_contexts
Fix typos in genfs_contexts
2019-03-27 17:06:39 +00:00
gpuservice.te
Game Driver: sepolicy update for plumbing GpuStats into GpuService
2019-02-08 18:15:17 -08:00
gsid.te
Add sepolicy for installing GSIs to external storage.
2019-03-27 17:12:51 -07:00
hal_allocator_default.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
halclientdomain.te
halserverdomain.te
healthd.te
healthd provides health@2.0 service.
2017-10-17 13:48:42 -07:00
heapprofd.te
Allow heapprofd to read test files.
2019-03-27 11:07:05 +00:00
hwservice_contexts
Add selinux rules for HIDL ICameraServer.
2019-03-01 14:01:07 -08:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incident.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incidentd.te
Allow incidentd to communicate with clients over pipes.
2019-03-22 17:04:49 -07:00
init.te
Move /sbin/charger to /system/bin/charger.
2019-03-14 09:44:03 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
Allow installd to access device_config_runtime_native_boot_prop.
2019-02-26 08:56:57 +00:00
iorapd.te
iorapd: add tmpfs type
2019-01-26 12:55:13 -08:00
isolated_app.te
Allow global read access to /sys/kernel/mm/transparent_hugepage/
2019-03-13 23:47:25 +00:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
sepolicy change for NetworkStack signature
2019-02-14 07:58:13 +09:00
keystore.te
Allow Keystore to check security logging property.
2018-01-24 19:49:18 +00:00
llkd.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
lmkd.te
logd.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
logpersist.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
lpdumpd.te
super_block_device -> super_block_device_type
2019-03-28 18:08:19 +00:00
mac_permissions.xml
sepolicy change for NetworkStack signature
2019-02-14 07:58:13 +09:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mediametrics.te
mediaprovider.te
ashmem: expand app access
2019-02-28 10:47:35 -08:00
mediaserver.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
mediaswcodec.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
netd.te
Add NetworkStack policies for netd and netlink
2019-01-28 14:40:52 +09:00
netutils_wrapper.te
netutils_wrapper: suppress sysfs denials
2019-03-29 14:29:42 -07:00
network_stack.te
Allow the netowrk stack to access its own data files.
2019-03-19 11:42:11 +09:00
nfc.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
performanced.te
perfprofd.te
Decouple system_suspend from hal attributes.
2019-02-26 18:10:28 -08:00
platform_app.te
Allowing sysui to access statsd.
2019-02-11 14:09:42 -08:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
postinstall.te
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preloads_copy.te
Add sepolicy for preloads_copy script
2018-10-23 17:11:36 +01:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
Allow incidentd to communicate with clients over pipes.
2019-03-22 17:04:49 -07:00
profman.te
property_contexts
Add rules for lpdump and lpdumpd
2019-03-25 10:14:20 -07:00
racoon.te
radio.te
Add label for time (zone) system properties
2018-06-25 17:59:56 +01:00
recovery_persist.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
recovery_refresh.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
roles_decl
rs.te
rs: add tests to ensure rs cannot abuse app data
2019-01-17 15:24:34 -08:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas_app.te
allow runas_app untrusted_app_all:unix_stream_socket connectto
2019-02-08 11:35:50 -08:00
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Allow the netowrk stack to access its own data files.
2019-03-19 11:42:11 +09:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
Update access_vectors
2018-11-01 19:53:50 -07:00
service_contexts
revert ipmemorystore selinux policy.
2019-04-01 16:37:25 +09:00
service.te
Add selinux setting for attention
2019-03-18 21:00:35 +00:00
servicemanager.te
sgdisk.te
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Add rules for lpdump and lpdumpd
2019-03-25 10:14:20 -07:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
stats.te
Allowing sysui to access statsd.
2019-02-11 14:09:42 -08:00
statsd.te
Incidentd gets statsd incident section
2018-11-13 09:18:34 -08:00
storaged.te
Relabel /data/system/packages.list to new type.
2019-03-28 10:27:43 +00:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
system_app.te
revert ipmemorystore selinux policy.
2019-04-01 16:37:25 +09:00
system_server_startup.te
Sepolicy: Allow system_server_startup to load dalvikcache artifacts
2019-03-19 10:36:03 -07:00
system_server.te
sepolicy: Grant system_server and init access to /proc/pressure/memory
2019-03-28 22:11:25 +00:00
system_suspend.te
Allow system_suspend access to /sys/power/wake_[un]lock.
2019-03-19 21:34:49 -07:00
technical_debt.cil
Allow app to conntect to BufferHub service
2019-01-14 10:49:35 -08:00
thermalserviced.te
Revert "Move thermal service into system_server"
2018-12-11 17:04:17 +00:00
tombstoned.te
toolbox.te
traced_probes.te
Allow traced_probes to access power rail data.
2019-03-13 17:11:31 +00:00
traced.te
Allow traced to lazily start heapprofd.
2019-03-14 20:42:29 +00:00
traceur_app.te
Allow the Traceur app to start Perfetto.
2018-12-10 18:51:29 -08:00
tzdatacheck.te
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app_25.te
Neverallow app open access to /dev/ashmem
2019-02-27 21:17:25 +00:00
untrusted_app_27.te
Neverallow app open access to /dev/ashmem
2019-02-27 21:17:25 +00:00
untrusted_app_all.te
ashmem: expand app access
2019-02-28 10:47:35 -08:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
update_engine_common.te
update_engine.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
update_verifier.te
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
vdc.te
vendor_init.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
viewcompiler.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
virtual_touchpad.te
vold_prepare_subdirs.te
Revert "Temporarily hide denial to fix tests."
2019-03-27 13:56:20 +00:00
vold.te
Abolish calls to shell in vold
2018-11-30 16:02:04 -08:00
vr_hwc.te
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
wificond.te
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
private: allow zygote mnt_expand_file:dir getattr;
2019-03-20 16:26:43 +00:00
e2876a3d11