..
compat
Remove 26.0 and 27.0 compat support
2021-12-02 10:22:10 +09:00
access_vectors
Merge changes I74797b13,I5d0b06e3
2021-11-17 23:56:14 +00:00
adbd.te
Allow adbd to access /proc/net/{tcp,tcp6,udp,udp6}
2021-09-09 14:31:15 +08:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
Merge "Revert "Revert "Adds a new prop context for choosing between mul...""
2021-11-17 21:24:28 +00:00
apexd_derive_classpath.te
Allow apexd to call derive_classpath binary
2021-10-28 16:27:09 +01:00
app.te
Add context for checkin directory
2021-10-14 16:21:10 -07:00
app_neverallows.te
make ril.cdma.inecmmode system property internal
2021-10-01 21:36:49 +00:00
app_zygote.te
Merge "Allow app_zygote to read zygote_tmpfs."
2021-07-05 09:10:23 +00:00
artd.te
Enable ART properties modularization
2021-06-01 16:14:55 -07:00
asan_extract.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
atrace.te
Remove healthd.
2021-10-20 18:47:41 -07:00
attributes
Add expandattribute to system_and_vendor_property_type
2020-12-01 19:58:02 +09:00
audioserver.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Allow automotive_display_service to use EGL files
2021-09-13 17:35:46 +00:00
binderservicedomain.te
Move list permission from keystore2_key to keystore class.
2020-10-01 05:33:31 +00:00
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 19:38:36 +00:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te
Allow Bluetooth to access system config
2021-08-25 12:33:00 +00:00
bluetoothdomain.te
bootanim.te
Allow boot animation to update boot status.
2021-04-28 15:17:09 +01:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-09 15:57:06 -07:00
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
Allow bpfloader to read fuse's bpf_prog number
2021-11-19 01:43:58 +00:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Track system_server->apex_art_data_file denial.
2021-07-24 09:42:03 +08:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
canhalconfigurator.te
Revert "Revert "hal_can_*: use hal_attribute_service""
2021-01-11 18:25:51 +00:00
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_type.
2021-11-05 18:44:04 -07:00
clatd.te
remove spurious clat selinux privs
2021-11-09 19:26:13 +00:00
compos.te
Initial sepolicy for composd
2021-09-13 10:33:53 +01:00
compos_fd_server.te
Allow compos_fd_server to signal readiness
2021-10-04 14:12:02 +01:00
compos_verify_key.te
compos_verify_key no longer creates a vsock
2021-09-15 11:22:47 +01:00
composd.te
Allow composd to create odrefresh staging directory
2021-12-06 08:41:31 -08:00
coredomain.te
Remove healthd.
2021-10-20 18:47:41 -07:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
crash_dump.te
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
credstore.te
Keystore 2.0: Remove keystore2.enable property.
2021-03-19 10:07:49 -07:00
crosvm.te
app_data_file is the only app_data_file_type that is allowed for crosvm
2021-11-26 01:20:20 +09:00
derive_classpath.te
Add support for invoking derive_classpath from otadexopt
2021-04-27 14:31:54 -07:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
2021-06-29 14:15:48 +01:00
dexoptanalyzer.te
Fix braino in dexoptanalyzer policy and add dex2oat postinstall rule.
2021-06-29 14:15:48 +01:00
dhcp.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
diced.te
Dice HAL: Add policy for dice HAL.
2021-11-17 13:36:18 -08:00
dnsmasq.te
domain.te
Allow composd to create odrefresh staging directory
2021-12-06 08:41:31 -08:00
drmserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
dumpstate.te
Introduce ro.boot.hypervisor properties
2021-10-04 11:14:03 -06:00
ephemeral_app.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
extra_free_kbytes.te
Allow init to execute extra_free_kbytes.sh script
2021-08-17 17:02:38 +00:00
fastbootd.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
file.te
Add type and mapping for /metadata/sepolicy
2021-11-17 10:45:24 +00:00
file_contexts
Change the label of /product/overlay to u:object_r:system_file:s0
2021-11-29 08:24:37 +00:00
file_contexts_asan
Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan
2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
flags_health_check.te
Allow control of AVF experiments
2021-11-10 10:42:47 +00:00
fs_use
private/fs_use: Enable selinux for virtiofs
2020-03-06 17:19:04 +09:00
fsck.te
Remove microdroid specific rules and files
2021-06-07 19:22:18 +09:00
fsck_untrusted.te
fsverity_init.te
Don't audit fsverity_init's view to domain:key
2021-07-21 14:51:00 +00:00
fwk_bufferhub.te
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
gatekeeperd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
genfs_contexts
Allow bpfloader to read fuse's bpf_prog number
2021-11-19 01:43:58 +00:00
gki_apex_prepostinstall.te
Allow GKI APEX to use apexd:fd
2020-08-28 17:29:58 -07:00
gmscore_app.te
Add context for checkin directory
2021-10-14 16:21:10 -07:00
gpuservice.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
gsid.te
gsid: Allow reading the size of super block device
2021-11-03 20:42:48 +08:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
Allow heapprofd to read shell_test_data_file.
2021-02-09 13:28:49 +00:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice_contexts
sepolicy: Change UWB HAL from HIDL to versioned AIDL
2021-08-27 00:28:56 +00:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
Allow incidentd to read apex-info-list.xml.
2021-10-09 15:46:44 +01:00
init.te
recovery init domain_trans to health HAL.
2021-11-18 18:16:09 -08:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
allow installd to kill dex2oat and dexoptanalyzer
2021-08-17 09:48:47 -07:00
iorap_inode2filename.te
Permissions for odrefresh and /data/misc/apexdata/com.android.art
2021-01-13 10:38:22 +00:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Add permissions required to install the DSU to a SD card
2021-01-27 06:36:12 +00:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
Allow keystore to read and write keystore.crash_count system property.
2021-07-09 16:20:07 +00:00
keystore2_key_contexts
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
keystore_keys.te
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
linkerconfig.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
llkd.te
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
lmkd.te
sepolicy updates for adding native flag namespace for lmkd
2021-08-09 17:35:09 -07:00
logd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
logpersist.te
Add logd.ready
2021-11-30 15:10:53 +09:00
lpdumpd.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediametrics.te
Allow communication between mediametrics & statsd
2021-03-12 04:06:23 -08:00
mediaprovider.te
Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te
2021-07-13 09:33:15 +08:00
mediaprovider_app.te
Allow MediaProvider to access the media metrics service
2021-10-15 08:39:30 +00:00
mediaserver.te
Allow mediaserver start transcoding service.
2021-05-19 15:43:29 +00:00
mediaswcodec.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediatranscoding.te
Grant permission for mediatranscoding hal_allocator for GSI image
2021-10-28 17:46:57 +00:00
mediatuner.te
Allow TunerService to find and call native Package Manager Service
2021-03-01 16:48:02 -08:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
mls_decl
mls_macros
mlstrustedsubject.te
Remove app_data_file:dir access from dexoptanalyzer.
2020-09-22 15:54:02 +01:00
mm_events.te
Sepolicy for mm_events
2021-04-06 22:46:32 -04:00
modprobe.te
mtp.te
netd.te
Fix sepolicy to netd.
2021-01-27 17:34:01 +08:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Amend networkstack sepolicy for testing
2021-04-15 00:06:05 +08:00
nfc.te
Add sepolicy to allow read/write nfc snoop log data
2020-09-24 17:36:07 +08:00
odrefresh.te
Split composd's service in two
2021-11-22 09:36:45 +00:00
odsign.te
SEPolicy for compos_verify_key.
2021-09-03 16:31:02 +01:00
otapreopt_chroot.te
Revert "Allow otapreopt_chroot to call otadexopt binder service"
2021-07-06 17:06:22 +00:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Allow init to run perfetto
2021-09-30 18:19:19 +01:00
performanced.te
permissioncontroller_app.te
Add missing permissions for Cuttlefish to support GSI testing
2021-05-03 16:49:07 -07:00
platform_app.te
Fix error in systemui when toggling airplane mode
2021-10-04 15:34:19 +00:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
postinstall_dexopt.te
postinstall_dexopt: allow reading odsign.verification.status
2021-07-19 20:37:20 +01:00
ppp.te
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
Grant BetterBug access ot WM traces attributes
2021-11-29 18:22:58 +01:00
profcollectd.te
Add permissions in profcollectd to parse kernel etm data.
2021-04-08 16:03:59 -07:00
profman.te
property.te
Allow vendor_init to read AVF device configs
2021-10-08 14:51:30 +00:00
property_contexts
sepolicy: Add badge for gsm properties
2021-11-24 16:46:55 +08:00
racoon.te
radio.te
make ril.cdma.inecmmode system property internal
2021-10-01 21:36:49 +00:00
recovery.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
remote_prov_app.te
Allow remote_prov_app to find app_api_service
2021-03-23 14:00:28 -07:00
remount.te
Add remount.te to allow adb remount-related operations
2021-11-02 22:10:05 +08:00
roles_decl
rs.te
Allow priv_app to run the renderscript compiler. am: 737b098a71
2021-06-15 19:15:27 +00:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
seapp_contexts
Restrict system_server_startup domain
2021-11-26 11:41:51 +00:00
secure_element.te
Added sepolicy rule for vendor uuid mapping config
2021-11-20 01:08:11 +00:00
security_classes
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
service.te
Merge "Mark safety_center_service as app_api_service in SELinux Policy."
2021-11-22 12:54:32 +00:00
service_contexts
Update sepolicy to add dumpstate device service for AIDL HAL
2021-11-25 07:52:32 +00:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
SEPolicy for compos_verify_key.
2021-09-03 16:31:02 +01:00
simpleperf.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
snapuserd.te
New property to control virtual a/b user-space snapshots
2021-11-19 23:35:32 +00:00
stats.te
Enable pull metrics from keystore
2021-04-13 22:45:01 +00:00
statsd.te
Allow statsd to write to priv app FDs
2021-10-28 13:07:19 -07:00
storaged.te
Revert "Revert "Add neverallows for debugfs access""
2021-05-04 22:06:46 -07:00
su.te
Permissions for odrefresh and /data/misc/apexdata/com.android.art
2021-01-13 10:38:22 +00:00
surfaceflinger.te
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
system_app.te
Remove vrflinger
2021-10-20 02:02:57 +00:00
system_server.te
Support reading block apexes from system_server
2021-11-22 21:18:54 +00:00
system_server_startup.te
Allow system_server_startup to load system server odex files
2021-06-28 17:00:55 +00:00
system_suspend.te
sepolicy: Serve suspend AIDL hal from system_suspend
2021-07-20 18:54:55 +00:00
technical_debt.cil
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
tombstoned.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
toolbox.te
virtualizationservice will clear its own temporary directory.
2021-07-14 16:56:51 +00:00
traced.te
Ensure that only desired processes can access TracingServiceProxy
2021-06-24 18:42:57 +00:00
traced_perf.te
traced_perf: allow RO tracefs access + fix neverallow
2021-01-31 16:44:00 +00:00
traced_probes.te
sepolicy: allow traced_probes to access statsd socket
2021-04-30 12:16:04 +01:00
traceur_app.te
Cleanup mechanism for enabling perfetto daemon.
2020-06-01 11:56:03 -07:00
tzdatacheck.te
ueventd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
uncrypt.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
untrusted_app.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
untrusted_app_25.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
untrusted_app_27.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
untrusted_app_29.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
untrusted_app_30.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
untrusted_app_all.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
update_engine.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
update_engine_common.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
users
vdc.te
Add vehicle_binding_util SELinux context
2021-06-28 22:17:50 +00:00
vehicle_binding_util.te
Add vehicle_binding_util SELinux context
2021-06-28 22:17:50 +00:00
vendor_init.te
Allow vendor_init to read AVF device configs
2021-10-08 14:51:30 +00:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtual_touchpad.te
virtualizationservice.te
remove unnecessary right from virtualizationservice
2021-11-02 16:01:04 +09:00
vold.te
Allow vold to get the DSU status
2021-09-16 09:58:43 +08:00
vold_prepare_subdirs.te
Add context for checkin directory
2021-10-14 16:21:10 -07:00
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
Remove wait_for_keymaster and references
2021-06-17 11:12:16 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Allow zygotes and installd to read odsign properties
2021-07-02 11:57:24 +01:00
wificond.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 12:40:39 -07:00
wpantund.te
zygote.te
Allow zygote to canonicalize vendor apex paths.
2021-10-18 16:25:14 +00:00
33aa1a3c52