..
adbd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
apexd.te
Allow PackageManager to communicate to apexd.
2018-11-19 22:05:21 +00:00
app.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
app_zygote.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
asan_extract.te
ashmemd.te
sepolicy for ashmemd
2019-02-05 21:38:14 +00:00
attributes
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
audioserver.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
bootanim.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bootstat.te
Allow zygote to write to statsd and refactor
2018-10-08 13:48:28 -07:00
bufferhubd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
camera_service_server.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
charger: allow to read /sys/class/power_supply
2018-01-18 16:46:17 -08:00
clatd.te
Clatd: allow clatd use ioctl
2018-11-06 14:22:56 +09:00
crash_dump.te
crash_dump: suppress denials on properties
2019-02-07 08:45:15 -08:00
device.te
Remove sepolicy for /dev/alarm.
2018-12-06 04:23:22 +00:00
dhcp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
display_service_server.te
dnsmasq.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
domain.te
sepolicy for vendor cgroups.json and task_profiles.json files
2019-03-01 00:32:15 +00:00
drmserver.te
Remove coredomain /dev access no longer needed after Treble
2018-11-29 04:56:18 +00:00
dumpstate.te
Hide denials seen during bugreports.
2019-02-04 09:04:05 -08:00
e2fs.te
Allow e2fs more ioctls to device-mapper devices.
2019-02-05 18:05:50 -08:00
ephemeral_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
fastbootd.te
Fastbootd must be able to erase logical partitions
2019-02-21 12:36:28 -08:00
file.te
sepolicy for vendor cgroups.json and task_profiles.json files
2019-03-01 00:32:15 +00:00
fingerprintd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
flags_health_check.te
Fix typo in file name.
2019-02-14 16:09:44 +00:00
fsck.te
fs_mgr: overlayfs support legacy devices (marlin) Part Deux
2019-02-15 15:56:16 +00:00
fsck_untrusted.te
fwk_bufferhub.te
Allow app to conntect to BufferHub service
2019-01-14 10:49:35 -08:00
gatekeeperd.te
Remove coredomain /dev access no longer needed after Treble
2018-11-29 04:56:18 +00:00
global_macros
rs: add tests to ensure rs cannot abuse app data
2019-01-17 15:24:34 -08:00
gpuservice.te
Game Driver: sepolicy update for plumbing GpuStats into GpuService
2019-02-08 18:15:17 -08:00
hal_allocator.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
hal_atrace.te
Add atrace HAL 1.0 sepolicy
2018-09-27 23:18:29 +00:00
hal_audio.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_audiocontrol.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_authsecret.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_bluetooth.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_bootctl.te
add hal_bootctl to white-list of sys_rawio
2019-02-13 12:38:22 +00:00
hal_broadcastradio.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_camera.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_cas.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_configstore.te
Allow heap profiling everything except TCB on userdebug.
2018-11-28 22:01:58 +00:00
hal_confirmationui.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_contexthub.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_drm.te
More granular vendor access to /system files.
2018-09-20 03:07:50 +00:00
hal_dumpstate.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_evs.te
Move automotive HALs sepolicy to system/
2018-05-04 21:36:48 +00:00
hal_face.te
Added placeholder SELinux policy for the biometric face HAL.
2018-12-28 12:23:56 -08:00
hal_fingerprint.te
Revert "Add placeholder iris and face policy for vold data directory"
2018-11-19 15:00:19 -08:00
hal_gatekeeper.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_gnss.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_graphics_allocator.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
hal_graphics_composer.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
hal_health.te
More granular vendor access to /system files.
2018-09-20 03:07:50 +00:00
hal_health_storage.te
health.filesystem HAL renamed to health.storage
2018-09-20 04:12:45 +00:00
hal_input_classifier.te
Permissions for InputClassifier HAL
2019-01-11 02:08:19 +00:00
hal_ir.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_keymaster.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_light.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_lowpan.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_memtrack.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_neuralnetworks.te
Allow NN HAL to mmap client-provided fd by default
2018-12-07 17:26:28 -08:00
hal_neverallows.te
Allow to use sockets from hal server for auto
2018-05-15 14:38:00 -07:00
hal_nfc.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_oemlock.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_omx.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
hal_power.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_power_stats.te
Add power.stats HAL 1.0 sepolicy
2018-12-11 00:11:08 +00:00
hal_secure_element.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_sensors.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_telephony.te
Remove sepolicy for /dev/alarm.
2018-12-06 04:23:22 +00:00
hal_tetheroffload.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_thermal.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_tv_cec.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_tv_input.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_usb.te
Allow hal_usb to call getsockopt on uevent socket
2018-12-03 18:37:25 +00:00
hal_usb_gadget.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vehicle.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vibrator.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vr.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_weaver.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi.te
Wifi HAL SIOCETHTOOL sepolicy
2018-12-04 17:21:19 -08:00
hal_wifi_hostapd.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi_offload.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi_supplicant.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
healthd.te
Hide denial seen during boot.
2019-02-06 12:49:26 -08:00
heapprofd.te
Add userdebug selinux config for heapprofd.
2018-11-14 09:22:07 +00:00
hwservice.te
Add selinux rules for HIDL ICameraServer.
2019-03-01 14:01:07 -08:00
hwservicemanager.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
incident_helper.te
Selinux permissions for incidentd project
2018-01-23 19:08:49 +00:00
incidentd.te
init.te
sepolicy for vendor cgroups.json and task_profiles.json files
2019-03-01 00:32:15 +00:00
inputflinger.te
SEPolicy for InputFlinger Service.
2018-11-16 21:52:01 +00:00
install_recovery.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
installd.te
Allow installd to scan JARs in /vendor/framework.
2019-02-27 20:23:24 +00:00
ioctl_defines
Allow fs-verity setup within system_server
2019-01-11 12:21:59 -08:00
ioctl_macros
more ioctl work
2018-10-17 11:12:18 -07:00
iorapd.te
iorapd: add tmpfs type
2019-01-26 12:55:13 -08:00
isolated_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
kernel.te
Allow otapreopt_chroot to mount APEX packages using apexd logic.
2019-01-17 21:42:46 +00:00
keystore.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
llkd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
lmkd.te
Allow lmkd to renice process before killing
2019-01-14 22:52:32 -08:00
logd.te
runtime_event_log_tags_file: dontaudit map permission
2019-01-14 13:01:28 -08:00
logpersist.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
mdnsd.te
mediadrmserver.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediaextractor.te
SEPolicy updates for adding native flag namespace(media).
2019-01-31 10:06:32 -08:00
mediametrics.te
Allow mediametrics to log records to statsd
2019-02-25 20:09:54 -08:00
mediaprovider.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
mediaserver.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
mediaswcodec.te
SEPolicy updates for adding native flag namespace(media).
2019-01-31 10:06:32 -08:00
modprobe.te
modprobe: shouldn't load kernel modules from /system
2018-03-23 14:16:25 -07:00
mtp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
net.te
netdomain: allow node_bind for ping sockets
2019-01-14 16:59:03 +00:00
netd.te
Add NetworkStack policies for netd and netlink
2019-01-28 14:40:52 +09:00
netutils_wrapper.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
network_stack.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
neverallow_macros
nfc.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
otapreopt_chroot.te
Clean up APEX-related otapreopt_chroot policies.
2019-01-25 14:36:37 +00:00
perfetto.te
Allow to signal perfetto from shell.
2018-12-13 10:46:42 +00:00
performanced.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
perfprofd.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
platform_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
postinstall.te
Allow postinstall scripts to trigger F2FS GC
2019-02-20 22:40:53 +00:00
ppp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
priv_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
profman.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
property.te
Allow system_server and shell to start gsid on-demand.
2019-02-28 07:54:25 -08:00
property_contexts
Add a new system-to-vendor sysprop ro.apex.updatable
2019-03-05 16:31:23 +09:00
racoon.te
racoon: allow ioctl TUNSETIFF
2018-11-15 10:32:45 -08:00
radio.te
Radio: allow to read kernel command line.
2019-02-12 23:36:51 +00:00
recovery.te
recovery: Address the ioctl denials during wiping.
2019-01-15 16:08:09 -08:00
recovery_persist.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
recovery_refresh.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
roles
rs.te
sepolicy: Add "rs" and "rs_exec" to public policy
2018-12-21 17:47:54 +00:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
runas_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
sdcardd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
secure_element.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
service.te
Merge "Revert "sepolicy entries for time zone detector service""
2019-02-06 10:15:23 -08:00
servicemanager.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
sgdisk.te
sgdisk: allow BLKRRPART
2018-11-02 14:26:23 -07:00
shared_relro.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
shell.te
Allow system_server and shell to start gsid on-demand.
2019-02-28 07:54:25 -08:00
simpleperf_app_runner.te
Fix running simpleperf_app_runner on user device.
2019-01-30 11:09:43 -08:00
slideshow.te
statsd.te
Game Driver Metrics: allow statsd to find GpuService
2019-03-01 17:51:12 -08:00
su.te
Decouple system_suspend from hal attributes.
2019-02-26 18:10:28 -08:00
surfaceflinger.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
swcodec_service_server.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
system_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
system_server.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
system_suspend_server.te
Decouple system_suspend from hal attributes.
2019-02-26 18:10:28 -08:00
te_macros
Allow profilable domains to use heapprofd fd and tmpfs.
2019-03-04 12:05:35 +00:00
tee.te
Revert "Add placeholder iris and face policy for vold data directory"
2018-11-19 15:00:19 -08:00
thermalserviced.te
Revert "Move thermal service into system_server"
2018-12-11 17:04:17 +00:00
tombstoned.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
toolbox.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traced.te
Allow iorapd to access perfetto
2019-01-23 22:43:47 +00:00
traced_probes.te
Make traced_probes mlstrustedsubject.
2018-04-17 18:12:28 +00:00
traceur_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
tzdatacheck.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
ueventd.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
uncrypt.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
untrusted_app.te
Remove unused *_tmpfs types
2019-01-30 21:54:40 +00:00
update_engine.te
SELinux policy for new managed system update APIs
2018-11-22 17:46:31 +00:00
update_engine_common.te
Allow update engine to write to statsd socket
2019-01-29 16:07:39 -08:00
update_verifier.te
Allow update_verifier to call checkpointing
2019-02-08 00:19:28 +00:00
usbd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vdc.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vendor_init.te
Add sepolicy for gsid properties, and allow system_server to read them.
2019-02-19 21:08:09 +00:00
vendor_shell.te
Allow shell to start vendor shell
2018-01-16 18:28:51 +00:00
vendor_toolbox.te
virtual_touchpad.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vndservice.te
vndservicemanager.te
vold.te
Decouple system_suspend from hal attributes.
2019-02-26 18:10:28 -08:00
vold_prepare_subdirs.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vr_hwc.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
webview_zygote.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
wificond.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
wpantund.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
zygote.te
Properly Treble-ize tmpfs access
2019-01-26 17:30:41 +00:00
48d0793ec0