..
compat
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
access_vectors
sepolicy: New sepolicy classes and rules about bpf object
2018-01-02 11:52:33 -08:00
adbd.te
adbd: dontaudit sys_resource denials
2018-05-01 23:38:13 +00:00
app.te
Allow getsockopt and setsockopt for Encap Sockets
2018-04-03 21:52:14 +00:00
app_neverallows.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
asan_extract.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
atrace.te
Reland: perfetto: allow traced_probes to execute atrace
2018-03-22 01:51:39 +00:00
audioserver.te
audioserver: add access to wake locks.
2018-05-17 17:27:56 -07:00
binder_in_vendor_violators.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
binderservicedomain.te
blank_screen.te
Add policy for 'blank_screen'.
2018-01-22 20:27:01 +00:00
blkid.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
blkid_untrusted.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bluetooth.te
Whitelist vendor-init-settable bluetooth_prop and wifi_prop
2018-04-13 09:25:06 +09:00
bluetoothdomain.te
bootanim.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
bootstat.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bpfloader.te
Allow netutils_wrapper to use pinned bpf program
2018-03-29 10:26:29 -07:00
bufferhubd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bug_map
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
cameraserver.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
charger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
clatd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
coredomain.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
cppreopts.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
crash_dump.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
dex2oat.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dexoptanalyzer.te
Don't allow dexoptanalyzer to open app_data_files
2017-11-02 10:45:09 -07:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
domain.te
Improve tests protecting private app data
2018-05-29 13:47:49 -07:00
drmserver.te
Tighten restrictions on core <-> vendor socket comms
2017-03-31 09:17:54 -07:00
dumpstate.te
Ensure taking a bugreport generates no denials.
2018-03-05 12:23:25 -08:00
ephemeral_app.te
Allow getsockopt and setsockopt for Encap Sockets
2018-04-03 21:52:14 +00:00
file.te
Setting up sepolicies for statsd planB of listening to its own socket
2018-04-25 02:20:36 -07:00
file_contexts
Setup policy for downloaded apns directory
2018-05-21 18:45:50 +02:00
file_contexts_asan
/odm is another vendor partition that can be customied by ODMs
2017-12-15 19:07:58 +09:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fs_use
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
gatekeeperd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
genfs_contexts
Add sync and fence tracepoints to user-visible list of tracepoints.
2018-05-21 14:18:46 -07:00
hal_allocator_default.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
halclientdomain.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
halserverdomain.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
healthd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
hwservice_contexts
Move automotive HALs sepolicy to system/
2018-05-04 21:36:48 +00:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
incident.te
Add this rule allows incidentd CTS tests be able to use incident
2018-01-31 12:33:57 -08:00
incident_helper.te
Allow incidentd to read LAST_KMSG only for userdebug builds
2018-03-30 10:15:24 -07:00
incidentd.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
init.te
Installd doesn't need to create cgroup files.
2018-04-09 13:49:13 +01:00
initial_sid_contexts
initial_sids
inputflinger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
install_recovery.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
installd.te
Ensure taking a bugreport generates no denials.
2018-03-05 12:23:25 -08:00
isolated_app.te
Remove rules for starting the webview_zygote as a child of init.
2018-02-23 10:55:22 -05:00
kernel.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
keys.conf
keystore.te
Allow Keystore to check security logging property.
2018-01-24 19:49:18 +00:00
llkd.te
llkd: add live-lock daemon
2018-05-10 17:19:16 +00:00
lmkd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logpersist.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
mac_permissions.xml
mdnsd.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
mediadrmserver.te
update sepolicy for gralloc HAL
2017-03-30 14:43:35 -07:00
mediaextractor.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediametrics.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediaprovider.te
Allow mediaprovider to search /mnt/media_rw
2018-05-14 12:37:11 -07:00
mediaserver.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
mls
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
mls_decl
mls_macros
modprobe.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
net.te
netd.te
Allow netd to setup xt_bpf iptable rules
2018-03-21 11:06:03 -07:00
netutils_wrapper.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
nfc.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
otapreopt_chroot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
otapreopt_slot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfetto.te
label /data/vendor{_ce,_de}
2018-02-08 17:21:25 +00:00
performanced.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfprofd.te
Sepolicy: Fix system server calling perfprofd
2018-05-03 10:57:30 -07:00
platform_app.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
policy_capabilities
port_contexts
postinstall.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
postinstall_dexopt.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preopt2cachename.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
priv_app.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
profman.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
property_contexts
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
racoon.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
radio.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
recovery_persist.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
recovery_refresh.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
roles_decl
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Revert "Revert "Ensure only com.android.shell can run in the shell domain.""
2018-02-16 10:46:09 -08:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
sepolicy: New sepolicy classes and rules about bpf object
2018-01-02 11:52:33 -08:00
service.te
Setting up SELinux policy for statsd and stats service
2017-12-19 01:41:48 +00:00
service_contexts
storaged: add storaged_pri service
2018-05-17 10:02:08 -07:00
servicemanager.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
sgdisk.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Statsd allow shell in selinux policy
2018-02-13 09:34:55 -08:00
slideshow.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
stats.te
Setting up SELinux policy for statsd and stats service
2017-12-19 01:41:48 +00:00
statsd.te
Sepolicy: Fix perfprofd permissions
2018-05-10 15:07:09 -07:00
storaged.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
system_app.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
system_server.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
technical_debt.cil
Allow applications to use NN API HAL services
2018-01-16 13:50:37 -08:00
thermalserviced.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
tombstoned.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
toolbox.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
traced.te
perfetto: allow traced to write into FDs received by the client
2018-03-26 01:01:31 +00:00
traced_probes.te
Grant traced_probes search on directories.
2018-04-06 12:51:41 +00:00
traceur_app.te
Allow Traceur app to remove trace files.
2018-02-20 17:03:08 -08:00
tzdatacheck.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
untrusted_app_25.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
untrusted_app_27.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
untrusted_app_all.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
untrusted_v2_app.te
Perfetto SELinux policies
2018-01-10 00:18:46 +00:00
update_engine.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
update_engine_common.te
update_verifier.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
vdc.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vendor_init.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
virtual_touchpad.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vold.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
vold_prepare_subdirs.te
Fingerprint data is now stored in one of two ways depending on the
2018-05-16 14:22:14 -07:00
vr_hwc.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
wait_for_keymaster.te
Add wait_for_keymaster
2018-05-09 13:41:37 -07:00
watchdogd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
webview_zygote.te
Fix diff in cherry-pick
2018-05-16 14:38:51 -07:00
wificond.te
SE Policy for Wifi Offload HAL
2017-05-18 09:49:55 -07:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
7baf725ea6