..
compat
Add bootloader_prop for ro.boot. properties
2020-07-24 00:15:23 +00:00
access_vectors
Add new perfmon capability2 and use it
2020-06-05 10:15:31 -07:00
adbd.te
Rename contexts of ffs props
2020-05-11 21:23:37 +09:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
allow apexd to mount apex-info-list.xml file
2020-07-02 22:22:05 +09:00
app.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
app_neverallows.te
simplify neverallowxperm for tun_device
2020-07-07 18:41:56 -07:00
app_zygote.te
debug builds: allow perf profiling of most domains
2020-01-22 22:04:02 +00:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
atrace.te
More neverallows for default_android_service.
2020-01-21 11:13:22 -08:00
attributes
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
audioserver.te
Move audio config props to audio_config_prop
2020-05-06 22:58:29 +09:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Update automotive display service rules
2020-02-25 02:02:54 +00:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 18:40:11 +02:00
blkid.te
blkid_untrusted.te
bluetooth.te
Make cross-user apps mlstrustedsubject.
2020-07-22 14:41:31 +01:00
bluetoothdomain.te
bootanim.te
Reduce graphics logspam
2020-04-02 13:43:26 +02:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-09 15:57:06 -07:00
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
grant bpfloader ability to fetch the fd of pinned bpf programs
2020-06-16 21:55:57 -07:00
bufferhubd.te
bug_map
gmscore_app is attempting to access /dev/ashmem
2020-07-13 14:57:52 +02:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
Allow charger to read minui properties
2020-07-14 18:06:54 +09:00
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 13:58:11 +08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
credstore.te
Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
2020-02-19 13:46:45 -05:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Clean up old policy used for patchoat
2020-06-22 12:38:38 -07:00
dexoptanalyzer.te
Fix sepolicy for secondary dex files
2020-07-15 16:43:40 +00:00
dhcp.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
dnsmasq.te
domain.te
Remove exported3_default_prop
2020-07-21 04:16:04 +00:00
drmserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
dumpstate.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
ephemeral_app.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
fastbootd.te
Support TCP based fastbootd in recovery mode.
2020-05-15 22:23:42 +00:00
file.te
Add sepolicy for profcollectd
2020-07-01 23:44:37 +08:00
file_contexts
Correct labels on files / props in odm_dlkm.
2020-07-15 17:16:40 -07:00
file_contexts_asan
Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan
2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
fs_use
private/fs_use: Enable selinux for virtiofs
2020-03-06 17:19:04 +09:00
fsck.te
fsck_untrusted.te
fsverity_init.te
Remove unused sepolicy by fsverity_init
2020-05-28 17:58:16 -07:00
fwk_bufferhub.te
gatekeeperd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
genfs_contexts
Allow thermal tracing in user build
2020-07-14 23:43:09 +00:00
gmscore_app.te
Add wifi_hal_prop and remove exported_wifi_prop
2020-07-17 17:38:13 +09:00
gpuservice.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
gsid.te
Allow gsid to callback system server for oneway method
2020-02-27 16:32:25 +08:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
heapprofd.te
Allow Java domains to be Perfetto producers.
2019-10-10 10:40:26 +01:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-03-24 18:34:58 -07:00
hwservice_contexts
sepolicy: Remove offload HAL sepolicy rules
2020-05-08 11:17:12 +09:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
incidentd.te
incident_service: only disallow untrusted access
2020-05-13 15:06:17 +00:00
init.te
Add bootloader_prop for ro.boot. properties
2020-07-24 00:15:23 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
sepolicy: allow rules for apk verify system property
2019-12-03 10:09:35 -08:00
iorap_inode2filename.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
Prevent isolated_app from searching system_data_file.
2020-06-04 14:51:15 +01:00
iw.te
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
sepolicy: Move wifi keystore HAL service to wificond
2019-10-28 14:06:17 -07:00
linkerconfig.te
Update linkerconfig to generate APEX binary config
2020-01-20 13:40:08 +09:00
llkd.te
llkd: requires sys_admin permissions
2020-01-15 08:08:59 -08:00
lmkd.te
Add lmkd. property policies
2020-05-07 15:42:36 +00:00
logd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
logpersist.te
Allow incidentd to parse persisted log
2020-01-18 16:18:18 -08:00
lpdumpd.te
binder_use: Allow servicemanager callbacks
2019-12-19 23:07:14 +00:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
mediametrics.te
mediaprovider.te
Rename contexts of ffs props
2020-05-11 21:23:37 +09:00
mediaprovider_app.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
mediaserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
mediaswcodec.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
mediatranscoding.te
Merge "move mediatranscoding type from public to private"
2020-06-19 17:42:59 +00:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
mlstrustedsubject.te
Make cross-user apps mlstrustedsubject.
2020-07-22 14:41:31 +01:00
modprobe.te
mtp.te
netd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Allow tethering find netork stack service
2019-12-12 12:54:57 +08:00
nfc.te
Make cross-user apps mlstrustedsubject.
2020-07-22 14:41:31 +01:00
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
perfetto: don't audit isatty() check on shell pipes
2020-06-29 23:10:40 +01:00
performanced.te
permissioncontroller_app.te
Allow permission controller to use radio service
2020-05-08 23:49:06 +00:00
platform_app.te
Add keyguard_config_prop for keyguard property
2020-07-07 12:46:24 +09:00
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
ppp.te
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 13:58:11 +08:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
Add wifi_hal_prop and remove exported_wifi_prop
2020-07-17 17:38:13 +09:00
profcollectd.te
Add sepolicy for profcollectd
2020-07-01 23:44:37 +08:00
profman.te
property.te
Remove exported3_default_prop
2020-07-21 04:16:04 +00:00
property_contexts
Add bootloader_prop for ro.boot. properties
2020-07-24 00:15:23 +00:00
racoon.te
radio.te
Make cross-user apps mlstrustedsubject.
2020-07-22 14:41:31 +01:00
recovery.te
Relabel minui properties as recovery_config_prop
2020-06-16 19:18:24 +09:00
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
runas.te
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
seapp_contexts
Actually route PermissionController to the right domain
2020-06-15 11:19:44 -07:00
secure_element.te
security_classes
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
service.te
Add sepolicy for profcollectd
2020-07-01 23:44:37 +08:00
service_contexts
Add sepolicy for profcollectd
2020-07-01 23:44:37 +08:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
shell.te
Merge "Make cross-user apps mlstrustedsubject."
2020-07-23 08:35:43 +00:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
stats.te
GpuStats: sepolicy change for using new statsd puller api
2020-02-04 15:55:59 -08:00
statsd.te
Allow system server to add StatsHal
2020-02-05 17:24:48 -08:00
storaged.te
Allow GMS core to call dumpsys storaged
2019-12-11 12:49:04 -08:00
su.te
surfaceflinger.te
Rename surfaceflinger properties' contexts
2020-04-29 10:43:06 +09:00
system_app.te
Merge "Make cross-user apps mlstrustedsubject."
2020-07-23 08:35:43 +00:00
system_server.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
system_server_startup.te
Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"
2020-03-11 15:26:27 +00:00
system_suspend.te
system_suspend: sysfs path resolution
2019-11-12 13:47:26 -08:00
technical_debt.cil
Allow apps to access hal_drm
2019-09-30 04:51:24 +00:00
tombstoned.te
Add tombstone_config_prop and move related prop
2020-07-07 14:17:40 +09:00
toolbox.te
traced.te
Allow traced to create files within /data/misc/perfetto-traces
2020-04-08 19:44:53 +00:00
traced_perf.te
traced_perf sepolicy tweaks
2020-02-24 12:23:13 +00:00
traced_probes.te
perfetto: allow producers to supply shared memory
2020-02-04 13:47:42 +00:00
traceur_app.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
tzdatacheck.te
ueventd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
uncrypt.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_25.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_27.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_29.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_all.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
update_engine.te
Allow update_engine to get gsid property
2020-05-05 11:21:44 +08:00
update_engine_common.te
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
users
vdc.te
vendor_init.te
Root of /data belongs to init (re-landing)
2019-09-09 14:42:01 -07:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtual_touchpad.te
vold.te
Define vendor-specific property ro.incremental.enable
2020-05-01 10:27:51 -07:00
vold_prepare_subdirs.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-21 10:40:32 -08:00
vr_hwc.te
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
watchdogd.te
webview_zygote.te
Add getattr access on tmpfs_zygote files for webview_zygote.
2020-01-30 21:29:19 +00:00
wificond.te
Add wifi_hal_prop and remove exported_wifi_prop
2020-07-17 17:38:13 +09:00
wpantund.te
zygote.te
Allow zygote to read storage properties
2020-06-30 10:27:58 +01:00
8c34247c7f