tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public
History
Chiachang Wang 813c25fc91 Add new selinux type for radio process 
ConnectivityService is going to become mainline and can not
access hidden APIs. Telephony and Settings were both accessing
the hidden API ConnectivityManager#getMobileProvisioningUrl.
Moving #getMobileProvisioningUrl method into telephony means
that there is one less access to a hidden API within the overall
framework since the Connectivity stack never needed this value.
Thus, move getMobileProvisioningUrl parsing to telephony surface
and provide the corresponding sepolicy permission for its access.

The exsting radio_data_file is an app data type and may allow
more permission than necessary. Thus create a new type and give
the necessary read access only.

Bug: 175177794
Test: verify that the radio process could read
      /data/misc/radio/provisioning_urls.xml successfully
Change-Id: I191261a57667dc7936c22786d75da971f94710ef
2020-12-24 15:11:15 +08:00
..
adbd.te Add shell_test_data_file for /data/local/tests 2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te Add aidl_lazy_test_server 2020-01-07 15:11:03 -08:00
apexd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
app.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
app_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
asan_extract.te asan_extract: add system_file_type to asan_extract_exec 2020-05-06 13:25:28 -07:00
atrace.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
attributes Revert^2 "Move keymint to android.hardware.security." 2020-12-11 20:36:53 +00:00
audioserver.te audioserver: allow audioserver to generate audio HAL tombstones 2019-11-04 18:05:28 -08:00
blkid.te
blkid_untrusted.te
bluetooth.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
bootanim.te Allow the boot animation to receive display events 2020-05-27 12:57:51 +02:00
bootstat.te Enable incidentd access to ro.boot.bootreason 2020-04-22 17:55:18 +00:00
bufferhubd.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
camera_service_server.te Abstract use of cameraserver behind an attribute 2019-03-01 14:02:59 -08:00
cameraserver.te Properly define hal_codec2 and related policies 2019-05-23 03:53:47 -07:00
charger.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
crash_dump.te crash_dump: suppress denials on properties 2019-02-07 08:45:15 -08:00
credstore.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
device.te Merge "Make kmsg_device mlstrustedobject." 2020-10-28 11:20:20 +00:00
dhcp.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
display_service_server.te
dnsmasq.te add dontaudit dnsmasq kernel:system module_request 2020-01-18 18:22:12 -08:00
domain.te Add policy for the android protected confirmation service. 2020-12-10 10:58:11 -08:00
drmserver.te drmserver: audit permissions for /data/app 2020-12-09 09:16:51 +01:00
dumpstate.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
e2fs.te Allow e2fs more ioctls to device-mapper devices. 2019-02-05 18:05:50 -08:00
ephemeral_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
fastbootd.te Support TCP based fastbootd in recovery mode. 2020-05-19 19:12:25 +00:00
file.te Add new selinux type for radio process 2020-12-24 15:11:15 +08:00
fingerprintd.te Make Keystore equivalent policy for Keystore2 2020-08-05 16:11:48 +00:00
flags_health_check.te Move system property rules to private 2020-03-18 16:46:04 +00:00
fsck.te fs_mgr: overlayfs support legacy devices (marlin) Part Deux 2019-02-15 15:56:16 +00:00
fsck_untrusted.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
fwk_bufferhub.te Allow app to conntect to BufferHub service 2019-01-14 10:49:35 -08:00
gatekeeperd.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
global_macros global_macros: trim back various watch* permissions 2019-08-28 12:36:58 -07:00
gmscore_app.te Create a separate SELinux domain for gmscore 2019-11-22 10:39:19 -08:00
gpuservice.te Game Driver: sepolicy update for plumbing GpuStats into GpuService 2019-02-08 18:15:17 -08:00
hal_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_atrace.te Add atrace HAL 1.0 sepolicy 2018-09-27 23:18:29 +00:00
hal_audio.te Move ro.audio.* props to audio_config_prop 2020-06-23 23:52:55 +09:00
hal_audiocontrol.te Adding support for AIDL AudioControl HAL 2020-10-29 10:56:23 -07:00
hal_authsecret.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_bluetooth.te Add rules for accessing the related bluetooth_audio_hal_prop 2019-03-20 03:12:25 +00:00
hal_bootctl.te add hal_bootctl to white-list of sys_rawio 2019-02-13 12:38:22 +00:00
hal_broadcastradio.te Allow radio server to client binder callback 2019-03-29 15:22:16 -07:00
hal_camera.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_can.te Move usb_serial_device to device.te 2019-12-13 17:01:27 -08:00
hal_cas.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
hal_codec2.te Allow XML file paths to be customized with sysprop 2020-03-18 22:55:36 +00:00
hal_configstore.te debug builds: allow perf profiling of most domains 2020-01-22 22:04:02 +00:00
hal_confirmationui.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_contexthub.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_drm.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
hal_dumpstate.te Replace hal_dumpstate with hal_dumpstate_server 2020-08-26 10:23:05 +00:00
hal_evs.te Update sepolicy for EVS v1.x 2019-07-30 13:22:03 -07:00
hal_face.te Add sepolicy for IFace 2020-09-28 15:57:59 -07:00
hal_fingerprint.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
hal_gatekeeper.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_gnss.te Add GNSS AIDL interfaces (system/sepolicy) 2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te same_process_hal_file: access to individual coredomains 2018-10-26 18:03:01 +00:00
hal_graphics_composer.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
hal_health.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
hal_health_storage.te health.filesystem HAL renamed to health.storage 2018-09-20 04:12:45 +00:00
hal_identity.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_input_classifier.te Permissions for InputClassifier HAL 2019-01-11 02:08:19 +00:00
hal_ir.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_keymaster.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_keymint.te Clean up keymint service policy. 2020-12-16 08:59:09 -08:00
hal_light.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_lowpan.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_memtrack.te Revert "Memtrack HAL stable aidl sepolicy" 2020-12-16 00:19:38 +00:00
hal_neuralnetworks.te Allow neuralnetworks hal service to read files from /sdcard 2020-05-06 14:20:21 +01:00
hal_neverallows.te SEPolicy rules for CAN bus HAL 2019-08-01 10:24:00 -07:00
hal_nfc.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_oemlock.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_omx.te Allow XML file paths to be customized with sysprop 2020-03-18 22:55:36 +00:00
hal_power.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_power_stats.te Create Power Stats AIDL interface 2020-09-10 22:34:49 -07:00
hal_rebootescrow.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_secure_element.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_sensors.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_telephony.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
hal_tetheroffload.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_thermal.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_cec.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_input.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_tv_tuner.te Tuner Hal 1.0 Enable ITuner service 2019-08-14 11:22:09 -07:00
hal_usb.te Allow hal_usb to call getsockopt on uevent socket 2018-12-03 18:37:25 +00:00
hal_usb_gadget.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_vehicle.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_vibrator.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_vr.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_weaver.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi.te Fix a sepolicy violation error for hal_wifi 2020-11-25 10:24:41 +09:00
hal_wifi_hostapd.te hal_attribute_hwservice_client drop '_client' 2018-06-06 09:30:18 -07:00
hal_wifi_supplicant.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
healthd.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
heapprofd.te Add userdebug selinux config for heapprofd. 2018-11-14 09:22:07 +00:00
hwservice.te Remove thermalcallback_hwservice. 2020-09-16 21:57:05 +00:00
hwservicemanager.te Move system property rules to private 2020-03-18 16:46:04 +00:00
idmap.te idmap: add binderservice permissions 2019-09-18 13:47:09 +02:00
incident.te
incident_helper.te Selinux permissions for incidentd project 2018-01-23 19:08:49 +00:00
incidentd.te
init.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
inputflinger.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
installd.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
ioctl_defines Add F2FS_IOC_SEC_TRIM_FILE ioctl code 2020-10-07 17:39:46 +00:00
ioctl_macros Add TCSETSF to unpriv_tty_ioctls. 2020-11-09 00:19:01 +00:00
iorap_inode2filename.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
iorap_prefetcherd.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
iorapd.te selinux: Allow system_server to access files in iorapd dir. 2020-06-09 00:19:41 +00:00
isolated_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
kernel.te Allow kernel to write to update_engine_data_file 2020-02-18 23:43:00 -08:00
keystore.te Add policy for the security compatibility hal service. 2020-12-15 08:23:52 -08:00
llkd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
lmkd.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
logd.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
logpersist.te logpersist is now a shell script, so give it the appropriate permissions 2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
mediaextractor.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
mediametrics.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
mediaprovider.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
mediaserver.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
mediaswcodec.te Add permissions required for new DMA-BUF heap allocator 2020-09-16 13:21:50 -07:00
modprobe.te allow modprobe to read /proc/cmdline 2020-05-07 11:28:50 -07:00
mtp.te mtp: support using pppox_socket family 2019-05-08 06:01:58 -07:00
net.te untrusted_app: disallow bind RTM_ROUTE socket 2020-01-28 10:49:50 +01:00
netd.te Introduce app_data_file_type attribute. 2020-11-11 14:43:36 +00:00
netutils_wrapper.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
network_stack.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
neverallow_macros neverallow_macros: add watch* perms 2019-09-05 09:54:43 -07:00
nfc.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
perfetto.te Allow to signal perfetto from shell. 2018-12-13 10:46:42 +00:00
performanced.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
platform_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
postinstall.te Allow postinstall scripts to trigger F2FS GC 2019-02-20 22:40:53 +00:00
ppp.te ppp: support using pppox_socket family 2019-05-06 14:11:02 -07:00
priv_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
profman.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
property.te Add contexts for sqlite debug properties 2020-11-18 12:14:20 +09:00
racoon.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
radio.te Add new selinux type for radio process 2020-12-24 15:11:15 +08:00
recovery.te Support TCP based fastbootd in recovery mode. 2020-05-19 19:12:25 +00:00
recovery_persist.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
recovery_refresh.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
roles
rs.te sepolicy: Add "rs" and "rs_exec" to public policy 2018-12-21 17:47:54 +00:00
rss_hwm_reset.te SELinux policy for rss_hwm_reset 2018-12-15 10:13:03 +00:00
runas.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
runas_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
scheduler_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
sdcardd.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
secure_element.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
sensor_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
service.te Merge changes Icb1f60b3,I935f2383 2020-12-16 01:24:33 +00:00
servicemanager.te sepolicy: label vendor_service_contexts as vendor_service_contexts_file 2020-06-15 17:09:46 +08:00
sgdisk.te Allow sgdisk to use BLKPBSZGET ioctl 2020-05-17 12:32:44 -07:00
shared_relro.te Add shared_relro dontaudit. 2020-12-17 14:10:07 +00:00
shell.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
simpleperf.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te Relabel /data/system/packages.list to new type. 2019-03-28 10:27:43 +00:00
slideshow.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
stats_service_server.te Treble-ize sepolicy for fwk HIDL services. 2019-04-22 17:07:06 -07:00
statsd.te Remove perfprofd references. 2019-07-19 11:15:12 -07:00
su.te Make Keystore equivalent policy for Keystore2 2020-08-05 16:11:48 +00:00
surfaceflinger.te Initial selinux policy support for memfd 2019-01-30 19:11:49 +00:00
system_app.te Remove unused *_tmpfs types 2019-01-30 21:54:40 +00:00
system_server.te Define power.battery_input.suspended property 2020-09-10 22:33:24 -07:00
system_suspend_server.te Decouple system_suspend from hal attributes. 2019-02-26 18:10:28 -08:00
te_macros Add policy for the android protected confirmation service. 2020-12-10 10:58:11 -08:00
tee.te Revert "Add placeholder iris and face policy for vold data directory" 2018-11-19 15:00:19 -08:00
tombstoned.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
toolbox.te Allow setattr for chattr 2020-02-03 17:57:03 -08:00
traced.te Allow iorapd to access perfetto 2019-01-23 22:43:47 +00:00
traced_perf.te initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
traced_probes.te Make traced_probes mlstrustedsubject. 2018-04-17 18:12:28 +00:00
traceur_app.te Move system property rules to private 2020-03-18 16:46:04 +00:00
tzdatacheck.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
ueventd.te Allow ueventd to read apex mount directories. 2020-09-18 15:21:37 +09:00
uncrypt.te Uncrypt: Allow uncrypt to write on ota_package_file. 2020-07-07 00:03:11 +00:00
untrusted_app.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
update_engine.te Add update_engine_stable_service 2020-07-31 15:49:10 -07:00
update_engine_common.te Add sepolicy for starting the snapuserd daemon through init. 2020-11-19 21:03:30 +00:00
update_verifier.te Move system property rules to private 2020-03-18 16:46:04 +00:00
usbd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
vdc.te Allow to getattr kmsg_device 2019-03-25 10:14:20 -07:00
vendor_init.te Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" 2020-12-04 03:12:59 +00:00
vendor_misc_writer.te Suppress errors that are not needed 2020-10-07 08:52:51 +00:00
vendor_shell.te sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties 2020-11-12 18:22:47 -08:00
vendor_toolbox.te Update language to comply with Android's inclusive language guidance 2020-07-31 12:28:11 -06:00
virtual_touchpad.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vndservice.te Allow vndservicemanager to self-register. 2020-03-06 16:35:52 -08:00
vndservicemanager.te
vold.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
vold_prepare_subdirs.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
vr_hwc.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
watchdogd.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
webview_zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00
wificond.te DO NOT MERGE Add fake 30.0 prebuilts 2020-05-11 13:18:52 +09:00
wpantund.te Introduce system_file_type 2018-09-27 12:52:09 -07:00
zygote.te Properly Treble-ize tmpfs access 2019-01-26 17:30:41 +00:00