tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Mohammad Samiul Islam 606a3dca3e Allow update_engine to communicate with apexd 
When we serve compressed APEX via OTA, we need to ensure device has
enough space to decompress them during boot. In order to do that,
update_engine will need to pass metadata about the OTA to apexd so that
it can make calculation about space requirments. Update engine in return
will display warning to user if the space requirement can't be
fulfilled.

Bug: 172911822
Test: manual
Change-Id: Idff25ac8e5165da70c539edcf6b292e04299a5c6
2021-02-19 13:21:51 +00:00
..
compat Add necessary sepolicy for update_engine to reserve space on data 2021-02-19 11:30:50 +00:00
access_vectors Keystore 2.0: Add permissions and policy for user manager AIDL. 2021-02-17 08:55:31 -08:00
adbd.te Let adbd set service.adb.tcp.port. 2020-11-06 13:08:04 -08:00
aidl_lazy_test_server.te Add aidl_lazy_test_server 2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
apexd.te Merge "Add sepolicy for scheduling module data directories" 2021-02-18 20:51:51 +00:00
app.te Let apps read tombstones given to them. 2021-02-08 17:19:43 -08:00
app_neverallows.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
app_zygote.te Introduce app_data_file_type attribute. 2020-11-11 14:43:36 +00:00
asan_extract.te Move system property rules to private 2020-03-18 16:46:04 +00:00
atrace.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
attributes Add expandattribute to system_and_vendor_property_type 2020-12-01 19:58:02 +09:00
audioserver.te Move audio config props to audio_config_prop 2020-05-06 22:58:29 +09:00
auditctl.te
automotive_display_service.te Update automotive display service rules 2020-02-29 11:01:26 -08:00
binderservicedomain.te Move list permission from keystore2_key to keystore class. 2020-10-01 05:33:31 +00:00
blank_screen.te Allow blank_screen to make binder calls to the servicemanager 2020-04-02 19:38:36 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te Allow Bluetooth to access SystemSuspend control service 2020-10-14 00:31:01 +00:00
bluetoothdomain.te
bootanim.te Reduce graphics logspam 2020-04-02 14:43:17 +02:00
bootstat.te Enable incidentd access to ro.boot.bootreason 2020-04-09 15:57:06 -07:00
boringssl_self_test.te SEPolicy changes to allow vendor BoringSSL self test. 2019-10-01 14:14:36 +01:00
bpfloader.te apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering 2021-02-11 17:45:06 -08:00
bufferhubd.te
bug_map Merge "Revert "Add bug_map entry for unrelated SELinux denial to unblock IC."" 2021-01-20 07:54:34 +00:00
cameraserver.te
canhalconfigurator.te Revert "Revert "hal_can_*: use hal_attribute_service"" 2021-01-11 18:25:51 +00:00
charger.te Allow charger to read minui properties 2020-07-14 18:06:54 +09:00
clatd.te
coredomain.te traced_perf: allow RO tracefs access + fix neverallow 2021-01-31 16:44:00 +00:00
cppreopts.te Ignore the denial when system_other is erased 2020-03-31 20:10:26 +08:00
crash_dump.te Permissions for odrefresh and /data/misc/apexdata/com.android.art 2021-01-13 10:38:22 +00:00
credstore.te Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL. 2020-02-19 13:46:45 -05:00
derive_sdk.te Rename sdkext sepolicy to sdkextensions 2020-01-08 11:41:18 +00:00
dex2oat.te SELinux policy for on-device signing binary. 2021-02-03 16:15:48 +01:00
dexoptanalyzer.te Allow dexoptanalyzer to use fd's from odsign. 2021-02-19 09:53:44 +01:00
dhcp.te Move system property rules to private 2020-03-18 16:46:04 +00:00
dnsmasq.te
domain.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
drmserver.te Relabel drm related props from exported*_prop 2020-06-19 10:52:10 +09:00
dumpstate.te Add /data/misc/a11ytrace folder to store accessibility trace files. 2021-02-16 09:35:09 -08:00
ephemeral_app.te sepolicy: clean up redundant rules around gpuservice 2020-04-15 09:24:16 -07:00
fastbootd.te Allow snapuserd interaction in recovery and fastbootd. 2021-02-04 22:48:55 -08:00
file.te Add /data/misc/a11ytrace folder to store accessibility trace files. 2021-02-16 09:35:09 -08:00
file_contexts Add necessary sepolicy for update_engine to reserve space on data 2021-02-19 11:30:50 +00:00
file_contexts_asan Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan 2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
fs_use private/fs_use: Enable selinux for virtiofs 2020-03-06 17:19:04 +09:00
fsck.te
fsck_untrusted.te
fsverity_init.te SELinux policy for on-device signing binary. 2021-02-03 16:15:48 +01:00
fwk_bufferhub.te
gatekeeperd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
genfs_contexts apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering 2021-02-11 17:45:06 -08:00
gki_apex_prepostinstall.te Allow GKI APEX to use apexd:fd 2020-08-28 17:29:58 -07:00
gmscore_app.te Allow priv_app system_linker_exec:file execute_no_trans 2021-02-10 10:32:44 -08:00
gpuservice.te Move more properties out of exported3_default_prop 2020-07-21 13:11:57 +09:00
gsid.te Add permissions required to install the DSU to a SD card 2021-01-27 06:36:12 +00:00
hal_allocator_default.te sepolicy: remove ashmemd 2019-09-27 17:43:53 +00:00
hal_lazy_test.te Add rules for hidl_lazy_test* 2020-04-24 14:09:41 -07:00
halclientdomain.te
halserverdomain.te
healthd.te Remove exported2_system_prop 2020-08-06 12:52:32 +09:00
heapprofd.te Allow heapprofd to read shell_test_data_file. 2021-02-09 13:28:49 +00:00
hidl_lazy_test_server.te Add rules for hidl_lazy_test* 2020-04-24 14:09:41 -07:00
hwservice.te Add rules for hidl_lazy_test* 2020-04-24 14:09:41 -07:00
hwservice_contexts Remove thermalcallback_hwservice. 2020-09-16 21:57:05 +00:00
hwservicemanager.te Move system property rules to private 2020-03-18 16:46:04 +00:00
idmap.te
incident.te Allow dumpstate to call incident CLI 2019-08-21 16:10:39 -07:00
incident_helper.te
incidentd.te Permissions for odrefresh and /data/misc/apexdata/com.android.art 2021-01-13 10:38:22 +00:00
init.te init: Allow interacting with snapuserd and libsnapshot. 2020-10-30 00:17:37 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te Revert "Suppress avc denials due to missing kernel config on mixed version boot test" 2021-01-22 11:05:43 +00:00
iorap_inode2filename.te Permissions for odrefresh and /data/misc/apexdata/com.android.art 2021-01-13 10:38:22 +00:00
iorap_prefecherd.te sepolicy: Add iorap_prefetcherd rules 2019-10-22 12:45:46 -07:00
iorapd.te sepolicy: policies for iorap.inode2filename 2020-02-20 16:38:17 -08:00
isolated_app.te Merge "Revert "Prevent isolated_app from searching system_data_file."" 2020-10-20 10:06:54 +00:00
iw.te
kernel.te Add permissions required to install the DSU to a SD card 2021-01-27 06:36:12 +00:00
keys.conf Don't require seinfo for priv-apps 2019-11-06 08:37:03 -08:00
keystore.te Allow keystore to talk to keymint 2020-12-15 08:25:42 -08:00
keystore2_key_contexts Keystore 2.0: Add wifi namespace to sepolicy. 2021-02-09 08:28:45 -08:00
keystore_keys.te Allow on-device signing daemon to talk to keystore. 2021-02-04 11:56:24 +01:00
linkerconfig.te Allow linkerconfig to read apex-info-file.xml 2020-07-30 01:11:15 +09:00
llkd.te llkd: requires sys_admin permissions 2020-01-15 08:08:59 -08:00
lmkd.te Add lmkd. property policies 2020-05-08 15:35:16 +00:00
logd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
logpersist.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
lpdumpd.te binder_use: Allow servicemanager callbacks 2019-12-19 23:07:14 +00:00
mac_permissions.xml Don't require seinfo for priv-apps 2019-11-06 08:37:03 -08:00
mdnsd.te
mediadrmserver.te
mediaextractor.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
mediametrics.te
mediaprovider.te Rename contexts of ffs props 2020-05-11 21:23:37 +09:00
mediaprovider_app.te Relabel drm related props from exported*_prop 2020-06-19 10:52:10 +09:00
mediaserver.te Relabel drm related props from exported*_prop 2020-06-19 10:52:10 +09:00
mediaswcodec.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
mediatranscoding.te transcoding: allow transcoding to connect to thermal manager 2021-01-19 16:19:24 -08:00
mediatuner.te Allow TunerService to find and call TunerResourceManager Service 2021-01-26 19:14:33 +00:00
migrate_legacy_obb_data.te sepolicy: Adjust policy for migrate_legacy_obb_data.sh 2019-07-16 02:55:25 +00:00
mls Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
mls_decl
mls_macros
mlstrustedsubject.te Remove app_data_file:dir access from dexoptanalyzer. 2020-09-22 15:54:02 +01:00
modprobe.te
mtp.te
netd.te Fix sepolicy to netd. 2021-01-27 17:34:01 +08:00
netutils_wrapper.te
network_stack.te apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering 2021-02-11 17:45:06 -08:00
nfc.te Add sepolicy to allow read/write nfc snoop log data 2020-09-24 17:36:07 +08:00
notify_traceur.te
odrefresh.te SELinux policy for on-device signing binary. 2021-02-03 16:15:48 +01:00
odsign.te Allow on-device signing daemon to talk to keystore. 2021-02-04 11:56:24 +01:00
otapreopt_chroot.te Temporarily allow otapreopt_chroot to query ro.cold_boot_done prop 2020-11-10 20:38:45 +00:00
otapreopt_slot.te
perfetto.te Create directory for shell<>perfetto interaction 2020-10-13 21:27:27 +00:00
performanced.te
permissioncontroller_app.te Allow PermissonController to find app_api_service and system_api_service. 2020-12-09 11:10:06 +00:00
platform_app.te Revert^2 "Add qemu.hw.mainkeys to system property_contexts" 2021-02-17 18:29:59 +00:00
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
ppp.te
preloads_copy.te Ignore the denial when system_other is erased 2020-03-31 20:10:26 +08:00
preopt2cachename.te
priv_app.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
profcollectd.te Allow profcollect to create/rmdir in its own data dir 2021-02-18 17:20:21 +08:00
profman.te
property.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
property_contexts Merge "Add a sysprop to control layer caching" 2021-02-19 01:59:48 +00:00
racoon.te
radio.te Remove exported3_radio_prop 2020-08-03 09:23:39 +00:00
recovery.te Allow snapuserd interaction in recovery and fastbootd. 2021-02-04 22:48:55 -08:00
recovery_persist.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
recovery_refresh.te In native coverage builds, allow all domains to access /data/misc/trace 2019-06-19 16:27:17 -07:00
remote_prov_app.te SEPolicy for RemoteProvisioning App 2021-02-08 01:33:12 -08:00
roles_decl
rs.te
rss_hwm_reset.te
runas.te
runas_app.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
sdcardd.te
seapp_contexts SEPolicy for RemoteProvisioning App 2021-02-08 01:33:12 -08:00
secure_element.te
security_classes Add security class keystore2_key. 2020-08-05 18:51:22 +00:00
service.te Configure sepolicy for TracingServiceProxy 2021-02-05 11:04:11 -08:00
service_contexts Merge "Keystore 2.0: Add permissions and policy for user manager AIDL." 2021-02-18 23:00:29 +00:00
servicemanager.te Allow servicemanager to start processes 2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te Make shared_relro policy private. 2021-01-05 09:48:10 +00:00
shell.te Add /data/misc/a11ytrace folder to store accessibility trace files. 2021-02-16 09:35:09 -08:00
simpleperf.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
slideshow.te
snapshotctl.te snapshotctl: allow to write stats 2020-02-14 20:51:53 +00:00
snapuserd.te Add a kernel transition to snapuserd. 2020-12-14 23:48:08 -08:00
stats.te GpuStats: sepolicy change for using new statsd puller api 2020-02-04 15:55:59 -08:00
statsd.te Selinux changes for statsd flags 2020-11-17 19:28:41 -08:00
storaged.te Allow GMS core to call dumpsys storaged 2019-12-11 12:49:04 -08:00
su.te Permissions for odrefresh and /data/misc/apexdata/com.android.art 2021-01-13 10:38:22 +00:00
surfaceflinger.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
system_app.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
system_server.te Merge "Keystore 2.0: Add permissions and policy for user manager AIDL." 2021-02-18 23:00:29 +00:00
system_server_startup.te Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts" 2020-03-16 16:44:55 +00:00
system_suspend.te Sepolicy for dumsys suspend_control in bugreport 2020-11-23 19:04:04 -05:00
technical_debt.cil Use attributes for exclusive property owners 2020-11-30 18:34:30 +09:00
tombstoned.te Add tombstone_config_prop and move related prop 2020-07-07 14:17:40 +09:00
toolbox.te
traced.te Configure sepolicy for TracingServiceProxy 2021-02-05 11:04:11 -08:00
traced_perf.te traced_perf: allow RO tracefs access + fix neverallow 2021-01-31 16:44:00 +00:00
traced_probes.te Merge "Sepolicy for mm events trace instance" 2021-01-26 14:33:39 +00:00
traceur_app.te Cleanup mechanism for enabling perfetto daemon. 2020-06-01 11:56:03 -07:00
tzdatacheck.te
ueventd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
uncrypt.te Move system property rules to private 2020-03-18 16:46:04 +00:00
untrusted_app.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
untrusted_app_25.te Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK 2020-12-11 14:10:19 +01:00
untrusted_app_27.te Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK 2020-12-11 14:10:19 +01:00
untrusted_app_29.te Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK 2020-12-11 14:10:19 +01:00
untrusted_app_all.te never allow untrusted apps accessing debugfs_tracing 2020-12-07 16:33:59 +08:00
update_engine.te Allow update_engine to communicate with apexd 2021-02-19 13:21:51 +00:00
update_engine_common.te
update_verifier.te Move system property rules to private 2020-03-18 16:46:04 +00:00
usbd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
users
vdc.te
vendor_init.te Let adbd set service.adb.tcp.port. 2020-11-06 13:08:04 -08:00
viewcompiler.te Give map permission to viewcompiler 2019-08-27 10:43:55 -07:00
virtual_touchpad.te
vold.te Allow gsid to find and binder-call vold 2020-10-23 20:30:00 +08:00
vold_prepare_subdirs.te Add sepolicy for scheduling module data directories 2021-02-15 22:31:27 +00:00
vr_hwc.te
vzwomatrigger_app.te Don't run vzwomatrigger_app in permissive mode 2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
watchdogd.te
webview_zygote.te Permissions for odrefresh and /data/misc/apexdata/com.android.art 2021-01-13 10:38:22 +00:00
wificond.te Add wifi_hal_prop and remove exported_wifi_prop 2020-07-17 17:38:13 +09:00
wpantund.te
zygote.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00