..
adbd.te
Add shell_test_data_file for /data/local/tests
2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apexd.te
Allow update_engine to communicate with apexd
2021-02-19 13:21:51 +00:00
app.te
Move get_prop rules from public/app.te to private/app.te
2022-11-04 09:34:22 +00:00
app_zygote.te
artd.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
asan_extract.te
asan_extract: add system_file_type to asan_extract_exec
2020-05-06 13:25:28 -07:00
atrace.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
attributes
EARC: Add Policy for EArc Service
2022-12-27 18:11:36 +05:30
audioserver.te
Allow audioserver to access sensorservice
2021-09-08 11:44:11 -07:00
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-22 17:55:18 +00:00
bpfloader.te
Allow BPF programs from vendor.
2022-02-08 22:46:54 +00:00
bufferhubd.te
Properly define hal_codec2 and related policies
2019-05-23 03:53:47 -07:00
camera_service_server.te
cameraserver.te
cameraservice: Add selinux policy for vndk cameraservice.
2022-12-14 20:46:43 +00:00
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_vendor.te
Add sepolicies to allow hal_health_default to load BPFs.
2022-03-21 12:54:49 -07:00
crash_dump.te
Allow crash_dump to read from /data/local/tests.
2021-09-09 14:49:36 -07:00
credstore.te
Add get_auth_token permission to allow credstore to call keystore2.
2021-03-12 20:32:06 +00:00
device.te
Remove some FDE rules and update comments
2022-04-15 21:06:51 +00:00
dhcp.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
diced.te
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
display_service_server.te
dnsmasq.te
add dontaudit dnsmasq kernel:system module_request
2020-01-18 18:22:12 -08:00
domain.te
Allow artd to read symlinks for secondary dex files.
2022-12-13 14:49:20 +00:00
drmserver.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
dumpstate.te
sepolicy: Add Bluetooth AIDL
2022-12-02 13:08:26 -08:00
e2fs.te
Allow zoned device support in f2fs
2022-05-25 00:33:57 +00:00
ephemeral_app.te
evsmanagerd.te
Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 17:21:14 +00:00
extra_free_kbytes.te
Allow init to execute extra_free_kbytes.sh script
2021-08-17 17:02:38 +00:00
fastbootd.te
Fastboot AIDL Sepolicy changes
2022-11-09 22:21:27 +00:00
file.te
Add NTFS support in sepolicy.
2022-11-03 16:02:51 +01:00
fingerprintd.te
Make Keystore equivalent policy for Keystore2
2020-08-05 16:11:48 +00:00
flags_health_check.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
fsck.te
Allow zoned device support in f2fs
2022-05-25 00:33:57 +00:00
fsck_untrusted.te
gatekeeperd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
global_macros
global_macros: trim back various watch* permissions
2019-08-28 12:36:58 -07:00
gmscore_app.te
Create a separate SELinux domain for gmscore
2019-11-22 10:39:19 -08:00
gpuservice.te
hal_allocator.te
hal_atrace.te
hal_audio.te
audio HAL: SELinux changes for Spatial Audio optimization
2022-12-28 16:55:07 -08:00
hal_audiocontrol.te
hal_audiocontrol: use hal_attribute_service
2020-12-23 01:26:58 +00:00
hal_authsecret.te
Add sepolicy for authsecret AIDL HAL
2021-01-12 06:01:22 +00:00
hal_bluetooth.te
sepolicy: Add Bluetooth AIDL
2022-12-02 13:08:26 -08:00
hal_bootctl.te
Add proper permission for AIDL bootcontrol server
2022-06-22 13:38:01 -07:00
hal_broadcastradio.te
Applying new IBroadcastRadio AIDL
2022-09-21 23:17:20 +00:00
hal_camera.te
System wide sepolicy changes for aidl camera hals.
2022-02-08 09:37:17 +00:00
hal_can.te
binder_call should be binder_use
2022-12-13 17:38:33 +00:00
hal_cas.te
Allow CAS AIDL sample HAL
2022-10-12 19:42:20 +05:30
hal_codec2.te
media: add codec2_config_prop
2021-03-24 01:17:05 +00:00
hal_configstore.te
Add NTFS support in sepolicy.
2022-11-03 16:02:51 +01:00
hal_confirmationui.te
hidl2aidl: sepolicy changes for confirmationui aidl
2022-09-23 19:00:15 +00:00
hal_contexthub.te
Context Hub stable AIDL sepolicy
2021-08-10 22:06:43 +00:00
hal_dice.te
Dice HAL: Add policy for dice HAL.
2021-11-17 13:36:18 -08:00
hal_drm.te
Enable dumpsys widevine without root
2022-08-05 02:55:28 +00:00
hal_dumpstate.te
Allow dumpstate to access fscklogs
2022-08-12 10:59:40 -07:00
hal_evs.te
Revert^2 "Updates sepolicy for EVS HAL"
2022-02-10 17:21:54 +00:00
hal_face.te
Add sepolicy for IFace
2020-09-28 15:57:59 -07:00
hal_fastboot.te
Fastboot AIDL Sepolicy changes
2022-11-09 22:21:27 +00:00
hal_fingerprint.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
hal_gatekeeper.te
hidl2aidl: conversion of gatekeeper hidl to aidl
2022-09-19 17:43:26 +00:00
hal_gnss.te
Add GNSS AIDL interfaces (system/sepolicy)
2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
hal_graphics_composer.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
hal_health.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
hal_health_storage.te
Allow health storage HAL to read default fstab
2021-04-15 12:44:24 +08:00
hal_identity.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_input_classifier.te
hal_input_processor.te
Allow dumping of InputProcessor HAL
2022-07-11 18:33:54 +00:00
hal_ir.te
Add policy for new AIDL IR hal
2021-12-16 20:24:27 +00:00
hal_keymaster.te
hal_keymint.te
Limit special file permissions to the keymint server domain
2022-11-03 05:30:01 +00:00
hal_light.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_lowpan.te
hal_memtrack.te
Reland: Memtrack HAL stable aidl sepolicy
2020-12-22 16:08:53 -05:00
hal_neuralnetworks.te
Add gpu_device access to hal_neuralnetworks
2022-05-12 21:01:45 +00:00
hal_neverallows.te
Merge "SEPolicy for Netlink Interceptor"
2021-11-02 18:02:45 +00:00
hal_nfc.te
Add hal_nfc_service
2022-01-20 03:48:57 +00:00
hal_nlinterceptor.te
Give Netlink Interceptor route_socket perms
2021-12-01 04:08:19 +00:00
hal_oemlock.te
Add sepolicy for oemlock aidl HAL
2021-01-11 05:57:17 +00:00
hal_omx.te
Allow binder services to r/w su:tcp_socket
2021-06-08 10:39:02 -07:00
hal_power.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_power_stats.te
sepolicy: allow hal_power_stats_client to access IPowerStats AIDL
2021-03-08 22:19:47 +00:00
hal_rebootescrow.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_remoteaccess.te
Create selinux policy for remoteaccess HAL.
2022-09-20 18:09:49 -07:00
hal_secure_element.te
sepolicy for SE HAL
2022-11-15 22:41:09 +00:00
hal_sensors.te
Sensors stable AIDL HAL sepolicy
2021-10-15 17:39:56 +00:00
hal_telephony.te
Combining hal_radio_*_service into hal_radio_service
2022-01-24 19:42:42 +00:00
hal_tetheroffload.te
hal_thermal.te
Update SEPolicy for Thermal AIDL
2022-10-05 00:55:20 +00:00
hal_tv_cec.te
hal_tv_earc.te
EARC: Add Policy for EArc Service
2022-12-27 18:11:36 +05:30
hal_tv_hdmi.te
Add policies for new services HDMI and HDMICEC
2022-10-10 15:40:42 +05:30
hal_tv_hdmi_cec.te
Add policies for new services HDMI and HDMICEC
2022-10-10 15:40:42 +05:30
hal_tv_input.te
TV Input HAL 2.0 sepolicy
2022-08-25 14:31:49 -07:00
hal_tv_tuner.te
Allow Tuner AIDL sample HAL.
2021-07-26 11:35:18 -07:00
hal_usb.te
Add selinux rules for android.hardware.usb.IUsb AIDL migration
2022-01-20 23:03:26 +00:00
hal_usb_gadget.te
Add selinux rules for android.hardware.usb.gadget.IUsbGadget AIDL migration
2022-10-27 15:42:56 +08:00
hal_uwb.te
Allow uwb HAL client/server to talk to service manager
2021-08-28 00:01:59 +00:00
hal_vehicle.te
Add hal_vehicle_service for AIDL VHAL service.
2021-12-07 22:23:50 -08:00
hal_vibrator.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_vr.te
hal_weaver.te
Add sepolicy for weaver aidl HAL service
2021-01-22 06:34:41 +00:00
hal_wifi.te
Add SeLinux policy for WiFi Vendor HAL AIDL service.
2022-10-19 16:34:56 +00:00
hal_wifi_hostapd.te
Add rule to allow servicemanager to call
2022-02-08 18:00:15 +00:00
hal_wifi_supplicant.te
Add supplicant service to the dumpstate
2022-01-14 17:17:31 +00:00
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
hwservice.te
Revert "Add sepolicies for CPU HAL."
2022-11-09 16:47:07 +00:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
Remove the last traces of idmap (replaced by idmap2)
2022-06-10 12:58:21 +02:00
incident.te
incident_helper.te
incidentd.te
init.te
overlayfs: Rules for mounting overlays from second stage init
2022-12-13 15:53:10 +08:00
inputflinger.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
installd.te
Restrict creating per-user encrypted directories
2022-05-05 04:12:46 +00:00
ioctl_defines
sepolicy: allow TUNSETLINK and TUNSETCARRIER
2022-06-01 17:26:10 +09:00
ioctl_macros
sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl
2022-05-10 04:20:09 +00:00
iorap.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
isolated_app.te
kernel.te
Allow kernel to write to shell_data_file loop devices in userdebug builds.
2022-07-20 11:43:20 -07:00
keystore.te
Add permissions for remote_provisioning service
2022-12-06 08:46:20 -08:00
keystore_keys.te
Keystore 2.0: Add wifi namespace to sepolicy.
2021-02-09 08:28:45 -08:00
llkd.te
lmkd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logpersist.te
logpersist is now a shell script, so give it the appropriate permissions
2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
Remove TZUvA feature.
2022-06-13 11:45:50 +00:00
mediametrics.te
Allow binder services to r/w su:tcp_socket
2021-06-08 10:39:02 -07:00
mediaprovider.te
mediaserver.te
mediaserver needs package_native access
2022-11-19 09:59:57 -06:00
mediaswcodec.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediatranscoding.te
Move mediatranscoding type to public
2021-10-21 09:10:45 +02:00
modprobe.te
allow modprobe to read /proc/cmdline
2020-05-07 11:28:50 -07:00
mtp.te
mtp: support using pppox_socket family
2019-05-08 06:01:58 -07:00
net.te
Move sdk_sandbox sepolicy to AOSP.
2022-03-17 10:22:33 +01:00
netd.te
much more finegrained bpf selinux privs for networking mainline am: 15715aea32
2022-06-23 11:15:50 +00:00
netutils_wrapper.te
network_stack.te
neverallow_macros
neverallow_macros: add watch* perms
2019-09-05 09:54:43 -07:00
nfc.te
otapreopt_chroot.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
perfetto.te
performanced.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
platform_app.te
postinstall.te
ppp.te
ppp: support using pppox_socket family
2019-05-06 14:11:02 -07:00
priv_app.te
prng_seeder.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
profman.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
property.te
SEPolicy updates for camera HAL
2022-12-13 09:52:04 -08:00
racoon.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
radio.te
Add new selinux type for radio process
2020-12-24 15:11:15 +08:00
recovery.te
recovery/fastbootd: allow to talk to health HAL.
2021-12-07 16:22:53 -08:00
recovery_persist.te
recovery_refresh.te
remote_provisioning_service_server.te
Add permissions for remote_provisioning service
2022-12-06 08:46:20 -08:00
rkpd_app.te
Add new appdomain for RKPD mainline app
2022-11-16 12:55:31 -08:00
roles
rootdisk_sysdev.te
SELinux policy for /dev/sys/block/by-name/rootdisk
2022-03-16 11:04:39 -07:00
rs.te
rss_hwm_reset.te
runas.te
Relabel /data/system/packages.list to new type.
2019-03-28 10:27:43 +00:00
runas_app.te
scheduler_service_server.te
Treble-ize sepolicy for fwk HIDL services.
2019-04-22 17:07:06 -07:00
sdcardd.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
secure_element.te
sensor_service_server.te
Treble-ize sepolicy for fwk HIDL services.
2019-04-22 17:07:06 -07:00
service.te
Merge "EARC: Add Policy for EArc Service"
2023-01-04 03:30:47 +00:00
servicemanager.te
servicemanager: kernel log perms
2022-10-17 21:30:50 +00:00
sgdisk.te
Allow sgdisk to use BLKPBSZGET ioctl
2020-05-17 12:32:44 -07:00
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
Allow shell to call IRemotelyProvisionedComponent
2022-11-09 12:42:28 -08:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
simpleperf_app_runner: move rules to private.
2021-06-30 17:24:05 -07:00
slideshow.te
stats_service_server.te
Stats: new sepolicy for the AIDL service
2021-02-10 23:48:35 +00:00
statsd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
su.te
EARC: Add Policy for EArc Service
2022-12-27 18:11:36 +05:30
surfaceflinger.te
system_app.te
system_server.te
Allow the shell to disable charging.
2022-01-10 10:36:01 -08:00
system_suspend_internal_server.te
sepolicy: Create new attribute to serve ISuspendControlServiceInternal
2021-02-25 18:04:04 +08:00
system_suspend_server.te
te_macros
Start using virtmgr for running VMs
2023-01-05 17:39:39 +00:00
tee.te
tombstoned.te
toolbox.te
Restrict creating per-user encrypted directories
2022-05-05 04:12:46 +00:00
traced.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
traced_perf.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
traced_probes.te
traceur_app.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
ueventd.te
Add use_bionic_libs macro
2022-01-25 09:47:56 +09:00
uncrypt.te
uncrypt: allow reading /proc/bootconfig
2021-06-03 21:29:57 +02:00
untrusted_app.te
untrusted_app_30: add new targetSdk domain
2021-07-05 11:42:31 +02:00
update_engine.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
update_engine_common.te
Allow update_engine to inotify_add_watch dm-user device nodes.
2022-07-21 12:47:46 -07:00
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Add usbd servicemanager permission
2022-12-19 16:16:17 +08:00
userdata_sysdev.te
sepolicy: Add label to userdata file node
2021-02-19 07:45:02 +08:00
vdc.te
Remove some FDE rules and update comments
2022-04-15 21:06:51 +00:00
vendor_init.te
remove init/vendor_init access to bpffs_type
2022-12-02 12:26:03 +00:00
vendor_misc_writer.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
vendor_modprobe.te
Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
2021-05-04 22:07:08 -07:00
vendor_shell.te
sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties
2020-11-12 18:22:47 -08:00
vendor_toolbox.te
Update language to comply with Android's inclusive language guidance
2020-07-31 12:28:11 -06:00
virtual_touchpad.te
vndservice.te
Allow vndservicemanager to self-register.
2020-03-06 16:35:52 -08:00
vndservicemanager.te
vold.te
Allow zoned device support in f2fs
2022-05-25 00:33:57 +00:00
vold_prepare_subdirs.te
watchdogd.te
webview_zygote.te
wificond.te
SEPolicy for Netlink Interceptor
2021-10-26 10:03:14 -07:00
zygote.te
55d808c28c