..
compat
sepolicy: label vendor_service_contexts as vendor_service_contexts_file
2020-06-15 17:09:46 +08:00
access_vectors
Add new perfmon capability2 and use it
2020-06-05 10:15:31 -07:00
adbd.te
Rename contexts of ffs props
2020-05-11 21:23:37 +09:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
Introduce apex_info_file type
2020-05-27 09:35:11 +09:00
app.te
Update sepolicy for GPU profiling properties.
2020-06-05 12:03:29 -07:00
app_neverallows.te
incident_service: only disallow untrusted access
2020-05-13 15:06:17 +00:00
app_zygote.te
debug builds: allow perf profiling of most domains
2020-01-22 22:04:02 +00:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
atrace.te
More neverallows for default_android_service.
2020-01-21 11:13:22 -08:00
attributes
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
audioserver.te
Move audio config props to audio_config_prop
2020-05-06 22:58:29 +09:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Update automotive display service rules
2020-02-25 02:02:54 +00:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 18:40:11 +02:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te
Support for more binder caches
2020-01-22 08:21:08 -08:00
bluetoothdomain.te
bootanim.te
Reduce graphics logspam
2020-04-02 13:43:26 +02:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-09 15:57:06 -07:00
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
GPU Memory: add sepolicy rules around bpf for gpuservice
2020-06-03 11:23:16 -07:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Gboard: Whitelist test failure
2020-05-04 08:53:49 +00:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
Rename system_radio_prop
2020-05-15 15:06:10 +09:00
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
Merge "GPU Memory: add sepolicy rules around bpf for gpuservice"
2020-06-05 17:46:55 +00:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 13:58:11 +08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
credstore.te
Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
2020-02-19 13:46:45 -05:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Allow otapreopt_chroot to use a flattened Runtime APEX package.
2019-03-19 14:44:22 +00:00
dexoptanalyzer.te
Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.
2019-08-16 20:02:32 +01:00
dhcp.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
dnsmasq.te
domain.te
Label kprobes and restrict access
2020-06-11 07:43:30 +02:00
drmserver.te
dumpstate.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
ephemeral_app.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
fastbootd.te
Support TCP based fastbootd in recovery mode.
2020-05-15 22:23:42 +00:00
file.te
Move linker config under /linkerconfig
2019-12-05 12:42:29 +09:00
file_contexts
sepolicy: label vendor_service_contexts as vendor_service_contexts_file
2020-06-15 17:09:46 +08:00
file_contexts_asan
Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan
2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
flags_health_check.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
fs_use
private/fs_use: Enable selinux for virtiofs
2020-03-06 17:19:04 +09:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fsverity_init.te
Remove unused sepolicy by fsverity_init
2020-05-28 17:58:16 -07:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
genfs_contexts
Merge "Label kprobes and restrict access"
2020-06-11 11:36:51 +00:00
gmscore_app.te
Allow gmscore to read tcp sockets passed by priv-apps
2020-02-18 08:38:44 -08:00
gpuservice.te
GPU Memory: add sepolicy rules around bpf for gpuservice
2020-06-03 11:23:16 -07:00
gsid.te
Allow gsid to callback system server for oneway method
2020-02-27 16:32:25 +08:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
heapprofd.te
Allow Java domains to be Perfetto producers.
2019-10-10 10:40:26 +01:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
hwservice_contexts
sepolicy: Remove offload HAL sepolicy rules
2020-05-08 11:17:12 +09:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
incident_service: only disallow untrusted access
2020-05-13 15:06:17 +00:00
init.te
Add new perfmon capability2 and use it
2020-06-05 10:15:31 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
sepolicy: allow rules for apk verify system property
2019-12-03 10:09:35 -08:00
iorap_inode2filename.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
Prevent isolated_app from searching system_data_file.
2020-06-04 14:51:15 +01:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
sepolicy: Move wifi keystore HAL service to wificond
2019-10-28 14:06:17 -07:00
linkerconfig.te
Update linkerconfig to generate APEX binary config
2020-01-20 13:40:08 +09:00
llkd.te
llkd: requires sys_admin permissions
2020-01-15 08:08:59 -08:00
lmkd.te
Add lmkd. property policies
2020-05-07 15:42:36 +00:00
logd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
logpersist.te
Allow incidentd to parse persisted log
2020-01-18 16:18:18 -08:00
lpdumpd.te
binder_use: Allow servicemanager callbacks
2019-12-19 23:07:14 +00:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
mediametrics.te
mediaprovider.te
Rename contexts of ffs props
2020-05-11 21:23:37 +09:00
mediaprovider_app.te
Allow MediaProvider to binder call into statsd
2020-06-15 19:21:28 +01:00
mediaserver.te
Move media.* properties to media_config_prop
2020-05-13 09:38:08 +09:00
mediaswcodec.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
mediatranscoding.te
MediaTranscodingService: Add sepolicy for MediaTranscodingService.
2019-12-02 13:57:28 -08:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
netd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Allow tethering find netork stack service
2019-12-12 12:54:57 +08:00
nfc.te
Remove mediacodec_service.
2019-08-21 01:19:20 +00:00
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Allow incidentd to attach perfetto traces on user.
2020-04-01 10:41:14 +02:00
performanced.te
permissioncontroller_app.te
Allow permission controller to use radio service
2020-05-08 23:49:06 +00:00
platform_app.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 13:58:11 +08:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
Allow private app to access system app data file for ContentProvider
2020-06-17 18:29:11 +08:00
profman.te
property.te
Update sepolicy for GPU profiling properties.
2020-06-05 12:03:29 -07:00
property_contexts
Update sepolicy for GPU profiling properties.
2020-06-05 12:03:29 -07:00
racoon.te
radio.te
Add contexts for exported telephony props
2020-06-04 16:10:44 +09:00
recovery.te
Support TCP based fastbootd in recovery mode.
2020-05-15 22:23:42 +00:00
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Actually route PermissionController to the right domain
2020-06-15 11:19:44 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
service.te
system_server: create StatsManagerService
2019-12-16 11:50:16 -08:00
service_contexts
DO NOT MERGE Add fake 30.0 prebuilts
2020-05-11 13:18:52 +09:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Update sepolicy for GPU profiling properties.
2020-06-05 12:03:29 -07:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
stats.te
GpuStats: sepolicy change for using new statsd puller api
2020-02-04 15:55:59 -08:00
statsd.te
Allow system server to add StatsHal
2020-02-05 17:24:48 -08:00
storaged.te
Allow GMS core to call dumpsys storaged
2019-12-11 12:49:04 -08:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Rename surfaceflinger properties' contexts
2020-04-29 10:43:06 +09:00
system_app.te
Rename system_radio_prop
2020-05-15 15:06:10 +09:00
system_server.te
Create sepolicy for allowing system_server rw in /metadata/staged-install
2020-06-03 10:59:02 +01:00
system_server_startup.te
Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"
2020-03-11 15:26:27 +00:00
system_suspend.te
system_suspend: sysfs path resolution
2019-11-12 13:47:26 -08:00
technical_debt.cil
Allow apps to access hal_drm
2019-09-30 04:51:24 +00:00
tombstoned.te
toolbox.te
traced.te
Allow traced to create files within /data/misc/perfetto-traces
2020-04-08 19:44:53 +00:00
traced_perf.te
traced_perf sepolicy tweaks
2020-02-24 12:23:13 +00:00
traced_probes.te
perfetto: allow producers to supply shared memory
2020-02-04 13:47:42 +00:00
traceur_app.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
tzdatacheck.te
ueventd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
uncrypt.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_25.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_27.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_29.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_all.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
update_engine.te
Allow update_engine to get gsid property
2020-05-05 11:21:44 +08:00
update_engine_common.te
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
users
vdc.te
vendor_init.te
Root of /data belongs to init (re-landing)
2019-09-09 14:42:01 -07:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtual_touchpad.te
vold.te
Define vendor-specific property ro.incremental.enable
2020-05-01 10:27:51 -07:00
vold_prepare_subdirs.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-21 10:40:32 -08:00
vr_hwc.te
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Add getattr access on tmpfs_zygote files for webview_zygote.
2020-01-30 21:29:19 +00:00
wificond.te
sepolicy: Remove offload HAL sepolicy rules
2020-05-08 11:17:12 +09:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Introduce apex_info_file type
2020-05-27 09:35:11 +09:00
0709fbca5f