..
compat
Disallow untrusted apps to read ro.debuggable and ro.secure
2022-11-17 15:52:13 +00:00
access_vectors
Remove key migration related changes
2022-04-11 19:38:11 +00:00
adbd.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
aidl_lazy_test_server.te
apex_test_prepostinstall.te
apexd.te
Allow apexd to enable fsverity on /metadata
2022-03-01 16:33:55 +00:00
apexd_derive_classpath.te
Allow apexd to call derive_classpath binary
2021-10-28 16:27:09 +01:00
app.te
Allow all Apps to Recv UDP Sockets from SystemServer
2022-07-01 12:43:16 +01:00
app_neverallows.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-11-17 19:24:09 +00:00
app_zygote.te
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
artd.te
Enable ART properties modularization
2021-06-01 16:14:55 -07:00
asan_extract.te
atrace.te
Silence error when traced_probes invokes atrace with pipes
2022-02-24 13:14:04 +00:00
attributes
audioserver.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
auditctl.te
automotive_display_service.te
Revert^2 "Updates sepolicy for EVS HAL"
2022-02-10 17:21:54 +00:00
binderservicedomain.te
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te
Allow Bluetooth stack to read security log sysprop
2022-05-25 21:05:02 +00:00
bluetoothdomain.te
bootanim.te
Label /data/bootanim with bootanim_data_file.
2021-12-23 15:00:31 -08:00
bootstat.te
boringssl_self_test.te
bpfdomain.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
bpfloader.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 15:16:07 -07:00
bufferhubd.te
bug_map
Track sys_module permission for system_server
2022-04-13 10:48:13 +10:00
cameraserver.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
canhalconfigurator.te
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_vendor type
2021-12-07 16:24:23 -08:00
clatd.te
Grants clatd privs since forked by system server
2022-01-21 18:17:45 +00:00
compos_fd_server.te
Delete more unused policies by CompOS
2022-01-25 08:40:46 -08:00
compos_verify.te
Modify sepolicy for compos key changes
2022-02-17 12:14:40 +00:00
composd.te
Allow composd to pass some system properties to CompOS
2022-05-11 09:05:12 -07:00
coredomain.te
Add sepolicy for simpleperf_boot.
2022-01-15 16:12:51 -08:00
cppreopts.te
crash_dump.te
crash_dump: Remove permission to dump crosvm
2022-07-07 09:07:32 +00:00
credstore.te
Add remotely provisioned key pool se policy
2022-02-02 15:07:26 -08:00
crosvm.te
Allow crosvm to write shell_data_file
2022-05-03 14:35:15 +09:00
derive_classpath.te
Add support for invoking derive_classpath from otadexopt
2021-04-27 14:31:54 -07:00
derive_sdk.te
dex2oat.te
Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
2021-06-29 14:15:48 +01:00
dexoptanalyzer.te
Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
2021-06-29 14:15:48 +01:00
dhcp.te
diced.te
Dice HAL: Add policy for dice HAL.
2021-11-17 13:36:18 -08:00
dmesgd.te
dmesgd: sepolicies
2022-02-10 17:42:52 +00:00
dnsmasq.te
domain.te
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
drmserver.te
dumpstate.te
Merge "system_dlkm: allow dumpstate/bugreport to getattr"
2022-03-13 22:22:54 +00:00
ephemeral_app.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
evsmanagerd.te
Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 17:21:14 +00:00
extra_free_kbytes.te
Allow init to execute extra_free_kbytes.sh script
2021-08-17 17:02:38 +00:00
fastbootd.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
file.te
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
file_contexts
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
file_contexts_asan
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te
sepolicy: allow vendor system native boot experiments property
2022-08-12 03:21:26 +00:00
fs_use
fsck.te
Remove microdroid specific rules and files
2021-06-07 19:22:18 +09:00
fsck_untrusted.te
fsverity_init.te
Don't audit fsverity_init's view to domain:key
2021-07-21 14:51:00 +00:00
fwk_bufferhub.te
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
gatekeeperd.te
genfs_contexts
much more finegrained bpf selinux privs for networking mainline
2022-06-22 15:16:07 -07:00
gki_apex_prepostinstall.te
gmscore_app.te
Revert system app/process profileability on user builds
2022-07-06 13:24:53 +00:00
gpuservice.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
gsid.te
Add proc_cmdline read permission to read_fstab
2022-03-20 16:35:19 +08:00
hal_allocator_default.te
hal_lazy_test.te
halclientdomain.te
halserverdomain.te
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
perfetto profiling: fix access to ART apex files
2022-08-19 11:34:48 +01:00
hidl_lazy_test_server.te
hwservice.te
hwservice_contexts
sepolicy: Change UWB HAL from HIDL to versioned AIDL
2021-08-27 00:28:56 +00:00
hwservicemanager.te
idmap.te
incident.te
incident_helper.te
incidentd.te
Allow incidentd to read apex-info-list.xml.
2021-10-09 15:46:44 +01:00
init.te
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
Create a separate label for sandbox root directory
2022-05-17 17:23:31 +00:00
iorap_inode2filename.te
iorap_prefecherd.te
iorapd.te
isolated_app.te
Add ThermalService and file access to SdkSandbox
2022-03-25 12:20:07 +00:00
iw.te
kernel.te
Policy for using Apex sepolicy
2021-12-14 13:54:03 +01:00
keys.conf
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
keystore.te
Add ro.remote_provisioning.*.rkp_only properties.
2022-04-04 11:23:12 -07:00
keystore2_key_contexts
keystore_keys.te
linkerconfig.te
llkd.te
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
lmkd.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
logd.te
Add sepolicy for logd and logcat services
2022-01-13 11:38:43 -08:00
logpersist.te
Add logd.ready
2021-11-30 15:10:53 +09:00
lpdumpd.te
mac_permissions.xml
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te
2021-07-13 09:33:15 +08:00
mediaprovider_app.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediaserver.te
Allow mediaserver start transcoding service.
2021-05-19 15:43:29 +00:00
mediaswcodec.te
mediatranscoding.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediatuner.te
migrate_legacy_obb_data.te
mls
mls_decl
mls_macros
mlstrustedsubject.te
mm_events.te
modprobe.te
mtectrl.te
Move mtectrl to private
2022-01-26 08:59:55 +09:00
mtp.te
net.te
Move sdk_sandbox sepolicy to AOSP.
2022-03-17 10:22:33 +01:00
netd.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 15:16:07 -07:00
netutils_wrapper.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 15:16:07 -07:00
network_stack.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 15:16:07 -07:00
nfc.te
odrefresh.te
Remove odrefresh privileges no longer needed for CompOS
2022-01-18 12:56:27 -08:00
odsign.te
Selinux setup for /data/misc/odsign/metrics/
2022-04-07 14:18:37 +00:00
otapreopt_chroot.te
Revert "Allow otapreopt_chroot to call otadexopt binder service"
2021-07-06 17:06:22 +00:00
otapreopt_slot.te
perfetto.te
sepolicy: add permissions for trace reporting
2022-01-04 14:02:20 +00:00
performanced.te
permissioncontroller_app.te
Add missing permissions for Cuttlefish to support GSI testing
2021-05-03 16:49:07 -07:00
platform_app.te
Revert system app/process profileability on user builds
2022-07-06 13:24:53 +00:00
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
postinstall_dexopt: allow reading odsign.verification.status
2021-07-19 19:47:33 +00:00
ppp.te
preloads_copy.te
preopt2cachename.te
priv_app.te
Allow priv-app to report off body events to keystore.
2022-02-07 22:42:51 +00:00
prng_seeder.te
Add SEPolicy for PRNG seeder daemon.
2022-09-30 17:26:22 +01:00
profcollectd.te
profcollectd: allow to request wakelock from system_suspend.
2022-02-17 10:20:08 -08:00
profman.te
property.te
Allow vendor services to access vendor_system_native_prop
2022-05-13 17:57:18 +00:00
property_contexts
Create a new system property for the landscape to portrait override.
2022-12-05 21:07:50 -08:00
racoon.te
radio.te
make ril.cdma.inecmmode system property internal
2021-10-01 21:36:49 +00:00
recovery.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
recovery_persist.te
recovery_refresh.te
remote_prov_app.te
Allow remote_prov_app to find mediametrics.
2022-06-15 15:42:23 +00:00
remount.te
Add remount.te to allow adb remount-related operations
2021-11-02 22:10:05 +08:00
roles_decl
rs.te
Allow priv_app to run the renderscript compiler. am: 737b098a71
2021-06-15 19:15:27 +00:00
rss_hwm_reset.te
runas.te
runas_app.te
sdcardd.te
sdk_sandbox.te
Allow zygote to relabel sdk_sandbox_system_data_file
2022-05-24 14:11:50 +00:00
seapp_contexts
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
secure_element.te
Added sepolicy rule for vendor uuid mapping config
2021-11-20 01:08:11 +00:00
security_classes
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
service.te
Merge "SELinux policy changes for AmbientContext system API." am: 7bb9120ba7 am: 49527e07b6 am: f46b2a87dd am: ad1efe3c75
2022-01-21 22:54:30 +00:00
service_contexts
Merge "Connectivity Native AIDL interface Sepolicy" am: bf8af42bf5 am: 5ef1893f50 am: 4d7cd06a40
2022-04-01 22:36:20 +00:00
servicemanager.te
sgdisk.te
shared_relro.te
shell.te
Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it."
2022-04-21 18:12:43 +00:00
simpleperf.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_boot.te
Add sepolicy for simpleperf_boot.
2022-01-15 16:12:51 -08:00
slideshow.te
snapshotctl.te
snapuserd.te
New property to control Async I/O for snapuserd
2022-01-13 06:27:46 +00:00
stats.te
statsd.te
Allow statsd to write to priv app FDs
2021-10-28 13:07:19 -07:00
storaged.te
Revert "Revert "Add neverallows for debugfs access""
2021-05-04 22:06:46 -07:00
su.te
surfaceflinger.te
Revert system app/process profileability on user builds
2022-07-06 13:24:53 +00:00
system_app.te
system/sepolicy: Add adaptive haptics system prop
2022-11-16 17:09:36 +00:00
system_server.te
sepolicy: allow vendor system native boot experiments property
2022-08-12 03:21:26 +00:00
system_server_startup.te
Allow system_server_startup to load system server odex files
2021-06-28 17:00:55 +00:00
system_suspend.te
sepolicy: Serve suspend AIDL hal from system_suspend
2021-07-20 18:54:55 +00:00
technical_debt.cil
Restrict sandbox access to drmservice
2022-03-24 14:09:46 +01:00
tombstoned.te
toolbox.te
Allow deleting old virtualization files
2022-04-28 10:58:43 +01:00
traced.te
sepolicy: add permissions for trace reporting
2022-01-04 14:02:20 +00:00
traced_perf.te
perfetto profiling: fix access to ART apex files
2022-08-19 11:34:48 +01:00
traced_probes.te
SEPolicy: Add read permission to traced_probes
2022-04-01 16:19:14 -07:00
traceur_app.te
tzdatacheck.te
ueventd.te
uncrypt.te
untrusted_app.te
Add services and allow app to write to sdk_sandbox
2022-05-11 15:52:51 +00:00
untrusted_app_25.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-11-17 19:24:09 +00:00
untrusted_app_27.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-11-17 19:24:09 +00:00
untrusted_app_29.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-11-17 19:24:09 +00:00
untrusted_app_30.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-11-17 19:24:09 +00:00
untrusted_app_all.te
Allow untrusted app to use virtualizationservice - even on user builds
2022-05-02 13:00:06 +09:00
update_engine.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
update_engine_common.te
update_verifier.te
usbd.te
users
vdc.te
Add vehicle_binding_util SELinux context
2021-07-15 19:44:27 +00:00
vehicle_binding_util.te
Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f""
2022-05-11 18:14:06 +00:00
vendor_init.te
Allow vendor_init to read AVF device configs
2021-10-08 14:51:30 +00:00
viewcompiler.te
virtual_touchpad.te
virtualizationservice.te
Selinux configs for enabling tombstones be passed to host
2022-04-05 13:09:04 +00:00
vold.te
Remove some FDE rules and update comments
2022-04-15 21:06:51 +00:00
vold_prepare_subdirs.te
Create a separate label for sandbox root directory
2022-05-17 17:23:31 +00:00
vzwomatrigger_app.te
wait_for_keymaster.te
Remove wait_for_keymaster and references
2021-06-17 11:12:16 -07:00
watchdogd.te
webview_zygote.te
Allow zygotes and installd to read odsign properties
2021-07-02 11:57:24 +01:00
wificond.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 12:40:39 -07:00
wpantund.te
zygote.te
Allow zygote to read persist.wm.debug.* prop
2022-08-04 15:12:42 -07:00
3299216872