tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Suren Baghdasaryan 561ce801b0 sepolicy changes to configure cgroup.rc and task_profiles.json access 
cgroups.json file contains cgroup information required to mount
cgroup controllers and is readable only by init process.
cgroup.rc contains cgroup map information consisting of the list of
cgroups available in the system and their mounting locations. It is
created by init process and should be readable by any processes that
uses cgroups and should be writable only by init process.
task_profiles.json file contains task profiles used to operate on
cgroups. This information should be readable by any process that uses
cgroups and should be writable only by init process.

Bug: 111307099
Test: builds, boots

Change-Id: Ib2c87c0fc3663c7fc69628f05c846519b65948b5
Merged-In: Ib2c87c0fc3663c7fc69628f05c846519b65948b5
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
2019-02-02 16:56:08 +00:00
..
compat sepolicy changes to configure cgroup.rc and task_profiles.json access 2019-02-02 16:56:08 +00:00
access_vectors Update access_vectors 2018-11-01 19:53:50 -07:00
adbd.te Add the testharness service to sepolicy rules 2019-01-17 13:10:37 -08:00
apex_test_prepostinstall.te Sepolicy: Initial Apexd pre-/postinstall rules 2019-01-24 15:06:17 -08:00
apexd.te apexd: permission to traverse /sys directory tree. 2019-02-01 10:17:52 -08:00
app.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
app_neverallows.te Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
app_zygote.te Add more neverallows to app_zygote policy. 2019-01-24 20:27:54 +00:00
asan_extract.te
atrace.te sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout 2018-11-16 14:47:19 +00:00
audioserver.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
blkid.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te Fix permissions for bluetooth tethering. 2019-01-19 11:52:32 +09:00
bluetoothdomain.te
bootanim.te Dontaudit denials caused by race with labeling. 2018-02-14 17:07:13 -08:00
bootstat.te
bpfloader.te Add permissions for bpf.progs_loaded property 2019-01-14 10:59:10 -05:00
bufferhubd.te Remove unused bufferhub sepolicy 2018-12-10 13:36:11 -08:00
bug_map Track SELinux denial caused by webview zygote. 2019-01-24 11:38:05 -05:00
cameraserver.te Allow cameraserver to access tmpfs 2019-01-30 05:31:42 +00:00
charger.te
clatd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
coredomain.te init can call setns 2019-01-31 13:44:21 +09:00
cppreopts.te
crash_dump.te Add policy for apexd. 2018-10-04 07:06:45 +00:00
dex2oat.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
dexoptanalyzer.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
dhcp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
dnsmasq.te
domain.te sepolicy changes to configure cgroup.rc and task_profiles.json access 2019-02-02 16:56:08 +00:00
drmserver.te
dumpstate.te Add incidentcompanion service. 2019-01-26 13:15:45 -08:00
ephemeral_app.te disallow priv-apps from following untrusted app symlinks. 2019-01-24 13:08:10 -08:00
fastbootd.te Add sepolicy for fastbootd 2018-08-15 08:45:22 -07:00
file.te Add initial sepolicy for app data snapshots. 2019-01-16 15:22:51 +00:00
file_contexts sepolicy changes to configure cgroup.rc and task_profiles.json access 2019-02-02 16:56:08 +00:00
file_contexts_asan Label /data/asan/* libs as system_lib_file. 2018-10-10 11:23:00 -07:00
file_contexts_overlayfs fs_mgr: add /mnt/scratch to possible overlayfs support directories 2018-10-08 14:23:01 +00:00
fingerprintd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
flags_health_check.te sepolicy for server configurable flags 2018-11-01 03:28:56 +00:00
fs_use fs_mgr: add overlayfs handling for squashfs system filesystems 2018-08-08 07:33:10 -07:00
fsck.te Allow access to the metadata partition for metadata encryption. 2018-01-19 14:45:08 -08:00
fsck_untrusted.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
fwk_bufferhub.te Allow bufferhub service to allocate buffer 2018-11-07 13:57:55 -08:00
gatekeeperd.te
genfs_contexts add selinux rules for mini-keyctl 2019-01-31 15:12:11 -08:00
gpuservice.te gpuservice: allow cmd gpu vkjson in interactive shell 2019-01-23 14:28:56 -08:00
gsid.te sepolicy for gsid 2019-01-15 20:43:33 -08:00
hal_allocator_default.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
hal_system_suspend_default.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
halclientdomain.te
halserverdomain.te
healthd.te healthd provides health@2.0 service. 2017-10-17 13:48:42 -07:00
heapprofd.te Allow heap profiling of certain app domains on user builds 2019-01-21 14:30:57 +00:00
hwservice_contexts Add Bluetooth Audio HAL interface V2 as hal_audio_hwservice 2019-01-14 22:26:22 +08:00
hwservicemanager.te Finer grained permissions for ctl. properties 2018-05-22 13:47:16 -07:00
idmap.te Add idmap2 and idmap2d 2018-11-15 14:42:10 +00:00
incident.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
incident_helper.te Allow dumpstate to dump incidentd 2018-12-04 15:42:56 -08:00
incidentd.te Allow dumpstate to dump incidentd 2018-12-04 15:42:56 -08:00
init.te Allow executing bpfloader from init and modify rules 2019-01-14 10:59:10 -05:00
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te Add runtime_native property permission to installd 2019-02-01 16:54:49 +00:00
iorapd.te iorapd: add tmpfs type 2019-01-26 12:55:13 -08:00
isolated_app.te Allow heap profiling of certain app domains on user builds 2019-01-21 14:30:57 +00:00
iw.te Allow iw to be run at init phase. 2018-11-14 19:10:12 +00:00
kernel.te
keys.conf
keystore.te Allow Keystore to check security logging property. 2018-01-24 19:49:18 +00:00
llkd.te Add policy for apexd. 2018-10-04 07:06:45 +00:00
lmkd.te
logd.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
logpersist.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
mac_permissions.xml
mdnsd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
mediametrics.te
mediaprovider.te mediaprovider: add functionfs ioctl 2018-10-17 10:14:40 -07:00
mediaserver.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
mediaswcodec.te add mediaswcodec service 2018-10-11 15:10:17 -07:00
mini_keyctl.te add selinux rules for mini-keyctl 2019-01-31 15:12:11 -08:00
mls Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
netd.te Add NetworkStack policies for netd and netlink 2019-01-28 14:40:52 +09:00
netutils_wrapper.te Start the process of locking down proc/net 2018-05-04 21:36:33 +00:00
network_stack.te Add NetworkStack policies for netd and netlink 2019-01-28 14:40:52 +09:00
nfc.te SE Policy for Secure Element app and Secure Element HAL 2018-01-29 21:31:42 +00:00
otapreopt_chroot.te Introduce a postinstall_apex_mnt_dir label for /postinstall/apex. 2019-01-29 10:09:50 +00:00
otapreopt_slot.te
perfetto.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
performanced.te
perfprofd.te Sepolicy for system suspend HAL. 2018-08-13 17:26:34 -07:00
platform_app.te add create link permission for platform_app 2019-01-30 16:03:27 +08:00
policy_capabilities Add nnp_nosuid_transition policycap and related class/perm definitions. 2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
postinstall_dexopt.te Allow oatpreopt to run dex2oat from the Runtime APEX. 2019-01-23 16:18:35 +00:00
ppp.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
preloads_copy.te Add sepolicy for preloads_copy script 2018-10-23 17:11:36 +01:00
preopt2cachename.te
priv_app.te disallow priv-apps from following untrusted app symlinks. 2019-01-24 13:08:10 -08:00
profman.te
property_contexts Add device_config_runtime_native_boot_prop 2019-02-01 13:46:34 -08:00
racoon.te
radio.te Add label for time (zone) system properties 2018-06-25 17:59:56 +01:00
recovery.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
recovery_persist.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
recovery_refresh.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
roles_decl
rs.te rs: add tests to ensure rs cannot abuse app data 2019-01-17 15:24:34 -08:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
runas_app.te Allow permissions needed for gdb debugging 2019-01-30 13:19:36 -08:00
sdcardd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
seapp_contexts Initial sepolicy for app_zygote. 2019-01-21 08:24:41 +00:00
secure_element.te SE Policy for Secure Element app and Secure Element HAL 2018-01-29 21:31:42 +00:00
security_classes Update access_vectors 2018-11-01 19:53:50 -07:00
service.te Sepolicy for dynamic_android_service 2019-01-31 01:30:36 +00:00
service_contexts Sepolicy for dynamic_android_service 2019-01-31 01:30:36 +00:00
servicemanager.te
sgdisk.te
shared_relro.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
shell.te Allow to signal perfetto from shell. 2018-12-13 10:46:42 +00:00
simpleperf_app_runner.te Add sepolicy for simpleperf_app_runner. 2019-01-23 23:23:09 +00:00
slideshow.te
stats.te Incidentd gets statsd incident section 2018-11-13 09:18:34 -08:00
statsd.te Incidentd gets statsd incident section 2018-11-13 09:18:34 -08:00
storaged.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
su.te SELinux policies for Perfetto cmdline client (/system/bin/perfetto) 2018-01-29 11:06:00 +00:00
surfaceflinger.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_app.te Add sepolicy for IpMemoryStoreService 2019-01-10 18:06:56 +09:00
system_server.te Add device_config_runtime_native_boot_prop 2019-02-01 13:46:34 -08:00
system_server_startup.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
technical_debt.cil Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
thermalserviced.te Revert "Move thermal service into system_server" 2018-12-11 17:04:17 +00:00
tombstoned.te
toolbox.te
traced.te Fix perfetto CTS test 2019-01-28 10:18:16 +00:00
traced_probes.te Allow perfetto to ingest logs on userdebug/eng 2019-01-10 20:14:06 +00:00
traceur_app.te Allow the Traceur app to start Perfetto. 2018-12-10 18:51:29 -08:00
tzdatacheck.te
ueventd.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
uncrypt.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
untrusted_app.te Add untrusted_app_27 2018-04-03 12:25:51 -07:00
untrusted_app_25.te Audit native code loading on user builds. 2019-01-28 14:15:48 +00:00
untrusted_app_27.te Audit native code loading on user builds. 2019-01-28 14:15:48 +00:00
untrusted_app_all.te Allow permissions needed for gdb debugging 2019-01-30 13:19:36 -08:00
update_engine.te domain_deprecated is dead 2017-07-28 22:01:46 +00:00
update_engine_common.te
update_verifier.te
usbd.te usbd sepolicy 2018-01-20 03:41:21 +00:00
users
vdc.te
vendor_init.te Remove vendor_init from coredomain 2018-01-29 18:07:41 +00:00
viewcompiler.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
virtual_touchpad.te
vold.te Abolish calls to shell in vold 2018-11-30 16:02:04 -08:00
vold_prepare_subdirs.te Add rules for multi-user backup/restore 2019-01-17 12:53:08 +00:00
vr_hwc.te
wait_for_keymaster.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Move watchdogd out of init and into its own domain 2018-08-03 19:28:05 +00:00
webview_zygote.te Allow webview_zygote to JIT. 2018-11-20 13:31:49 +00:00
wificond.te
wpantund.te lowpan: Add wpantund to SEPolicy 2017-10-16 14:10:40 -07:00
zygote.te Add device_config_runtime_native_boot_prop 2019-02-01 13:46:34 -08:00