..
compat
Use a property instead of file to communicate cold boot done
2019-06-20 08:37:46 -07:00
access_vectors
Update access_vectors
2018-11-01 19:53:50 -07:00
adbd.te
adbd: do not audit vsock_socket create
2019-02-25 14:55:27 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
Allow apexd to stop itself
2019-06-13 09:45:05 +09:00
app.te
revert ipmemorystore selinux policy.
2019-04-01 16:37:25 +09:00
app_neverallows.te
Use explicit whitelist for HIDL app neverallows.
2019-04-29 13:11:38 -07:00
app_zygote.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
ashmemd.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
atrace.te
atrace: allow tracing of vibrator hal
2019-06-17 12:25:05 +09:00
audioserver.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 12:47:10 -07:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te
Add rules for accessing the related bluetooth_audio_hal_prop
2019-03-20 03:12:25 +00:00
bluetoothdomain.te
bootanim.te
bootstat.te
bpfloader.te
selinux - netd - tighten down bpf policy
2019-05-03 19:39:46 +00:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Remove obsolete denials tracking.
2019-04-18 17:14:50 -07:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
cppreopts.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
dex2oat.te
Allow otapreopt_chroot to use a flattened Runtime APEX package.
2019-03-19 14:44:22 +00:00
dexoptanalyzer.te
dexoptanalyzer: Allow writing into installd's pipe
2019-03-20 15:37:12 +00:00
dhcp.te
dnsmasq.te
domain.te
Revert "Revert "Allow rule to let settings access apex files""
2019-06-28 15:28:28 +00:00
drmserver.te
dumpstate.te
Let dumpstate get netd stack traces.
2019-04-05 17:33:56 +09:00
ephemeral_app.te
ephemeral_app: restore /dev/ashmem open permissions
2019-04-09 14:18:18 -07:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file.te
Add initial sepolicy for app data snapshots.
2019-01-16 15:22:51 +00:00
file_contexts
Rename product_services to system_ext
2019-07-09 08:57:35 +00:00
file_contexts_asan
Label /data/asan/* libs as system_lib_file.
2018-10-10 11:23:00 -07:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
flags_health_check.te
sepolicy for server configurable flags
2018-11-01 03:28:56 +00:00
fs_use
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fsck.te
fsck_untrusted.te
fsverity_init.te
Move fs-verity key loading into fsverity_init domain
2019-03-27 16:31:01 +00:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
genfs_contexts
Allow perfetto to access gpu_frequency tracepoint in user
2019-06-26 18:06:48 +01:00
gpuservice.te
Allow dumpstate to dumpsys gpu
2019-05-09 23:15:49 -07:00
gsid.te
Allow gsid to read dm nodes from sysfs.
2019-06-07 14:59:00 -07:00
hal_allocator_default.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
halclientdomain.te
halserverdomain.te
healthd.te
heapprofd.te
Relabel /proc/kpageflags and grant access to heapprofd.
2019-05-20 20:18:10 +01:00
hwservice_contexts
Sepolicy for IAshmem HIDL interface
2019-05-29 14:44:47 -07:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
Add rules to dump hal traces
2019-06-20 00:31:03 +00:00
init.te
Move /sbin/charger to /system/bin/charger.
2019-03-14 09:44:03 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
Allow installd to access device_config_runtime_native_boot_prop.
2019-02-26 08:56:57 +00:00
iorapd.te
iorapd: add tmpfs type
2019-01-26 12:55:13 -08:00
isolated_app.te
Allow global read access to /sys/kernel/mm/transparent_hugepage/
2019-03-13 23:47:25 +00:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
sepolicy change for NetworkStack signature
2019-02-14 07:58:13 +09:00
keystore.te
llkd.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
lmkd.te
logd.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
logpersist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
lpdumpd.te
super_block_device -> super_block_device_type
2019-03-28 18:08:19 +00:00
mac_permissions.xml
sepolicy change for NetworkStack signature
2019-02-14 07:58:13 +09:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mediametrics.te
mediaprovider.te
ashmem: expand app access
2019-02-28 10:47:35 -08:00
mediaserver.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
mediaswcodec.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te
netd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-03 03:09:37 +00:00
network_stack.te
Allow the netowrk stack to access its own data files.
2019-03-19 11:42:11 +09:00
nfc.te
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
performanced.te
perfprofd.te
Add core domain attribute to perfprofd for all targets
2019-06-06 20:57:28 +00:00
platform_app.te
Allowing sysui to access statsd.
2019-02-11 14:09:42 -08:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
ppp.te
preloads_copy.te
Add sepolicy for preloads_copy script
2018-10-23 17:11:36 +01:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
priv_app: suppress denials to proc_net
2019-05-09 16:14:45 -07:00
profman.te
property_contexts
Use a property instead of file to communicate cold boot done
2019-06-20 08:37:46 -07:00
racoon.te
radio.te
Add label for time (zone) system properties
2018-06-25 17:59:56 +01:00
recovery.te
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
runas_app.te
allow runas_app untrusted_app_all:unix_stream_socket connectto
2019-02-08 11:35:50 -08:00
sdcardd.te
seapp_contexts
Remove isV2App
2019-04-16 16:01:08 -07:00
secure_element.te
security_classes
Update access_vectors
2018-11-01 19:53:50 -07:00
service.te
Add selinux setting for attention
2019-03-18 21:00:35 +00:00
service_contexts
Rename service from ircs to ircsmessage
2019-07-11 14:09:51 -07:00
servicemanager.te
sgdisk.te
shared_relro.te
shell.te
Add rules for lpdump and lpdumpd
2019-03-25 10:14:20 -07:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
stats.te
Allowing sysui to access statsd.
2019-02-11 14:09:42 -08:00
statsd.te
Allows StatsCompanionService to pipe data to statsd.
2019-05-21 14:45:56 -07:00
storaged.te
Relabel /data/system/packages.list to new type.
2019-03-28 10:27:43 +00:00
su.te
surfaceflinger.te
Give surfaceflinger permission to write perfetto traces
2019-07-09 17:16:07 +00:00
system_app.te
Revert "Revert "Allow rule to let settings access apex files""
2019-06-28 15:28:28 +00:00
system_server.te
Merge "Sepolicy for added SystemSuspend HAL to ANR list."
2019-07-01 21:43:45 +00:00
system_server_startup.te
system_server_startup: allow SIGCHLD to zygote
2019-04-04 09:25:15 -07:00
system_suspend.te
Allow system_suspend access to /sys/power/wake_[un]lock.
2019-03-19 21:34:49 -07:00
technical_debt.cil
Allow app to conntect to BufferHub service
2019-01-14 10:49:35 -08:00
thermalserviced.te
Revert "Move thermal service into system_server"
2018-12-11 17:04:17 +00:00
tombstoned.te
toolbox.te
traced.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
traced_probes.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-14 08:31:51 -07:00
traceur_app.te
Allow the Traceur app to start Perfetto.
2018-12-10 18:51:29 -08:00
tzdatacheck.te
ueventd.te
uncrypt.te
untrusted_app.te
untrusted_app_25.te
Deprecate /mnt/sdcard -> /storage/self/primary symlink.
2019-04-12 03:15:52 +00:00
untrusted_app_27.te
Deprecate /mnt/sdcard -> /storage/self/primary symlink.
2019-04-12 03:15:52 +00:00
untrusted_app_all.te
ashmem: expand app access
2019-02-28 10:47:35 -08:00
update_engine.te
update_engine_common.te
update_verifier.te
usbd.te
users
vdc.te
vendor_init.te
viewcompiler.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
virtual_touchpad.te
vold.te
Abolish calls to shell in vold
2018-11-30 16:02:04 -08:00
vold_prepare_subdirs.te
Dontaudit unneeded denials.
2019-05-10 08:14:54 -07:00
vr_hwc.te
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Allow webview_zygote to read the /data/user/0 symlink.
2019-04-11 16:18:32 -04:00
wificond.te
wpantund.te
zygote.te
Allow zygote to create fds and map executable.
2019-06-17 20:18:23 +01:00
243ef72edb