tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public
History
Svet Ganov 9139ea1b2a No camera for idle uids - selinux 
If a UID is idle (being in the background for more than
cartain amount of time) it should not be able to use the
camera. If the UID becomes idle we generate an eror and
close the cameras for this UID. If an app in an idle UID
tries to use the camera we immediately generate an error.
Since apps already should handle these errors it is safe
to apply this policy to all apps to protect user privacy.

Test: Pass - cts-tradefed run cts -m CtsCameraTestCases
      Added - CameraTest#testCameraAccessForIdleUid

Change-Id: I9ab3d6ec99764a93638746f18912ed60d299015f
2018-01-15 16:12:06 -08:00
..
adbd.te Moving adbd from rootdir to system/bin 2017-08-28 17:38:13 +08:00
app.te relabel files in /proc/net/xt_qtaguid/ 2018-01-11 16:46:36 +00:00
asan_extract.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
attributes Start tracking platform/vendor data access violations 2017-10-17 13:07:54 -07:00
audioserver.te
blkid.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
blkid_untrusted.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
bluetooth.te
bootanim.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
bootstat.te Remove bootstat access to proc label. 2017-09-18 10:29:24 -07:00
bufferhubd.te SELinux policies for PDX services 2017-05-15 10:07:05 -07:00
cameraserver.te No camera for idle uids - selinux 2018-01-15 16:12:06 -08:00
charger.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
clatd.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
cppreopts.te Grant cppreopts.sh permissions to cleanup if it fails 2017-08-23 16:00:23 +00:00
crash_dump.te crash_dump: allow reading from pipes. 2017-12-06 11:05:54 -08:00
device.te Add /dev/__properties__/property_info 2017-12-13 01:28:15 +00:00
dex2oat.te Move domain_deprecated into private policy 2017-07-24 07:39:54 -07:00
dhcp.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
display_service_server.te Add fwk_display_hwservice. 2017-05-17 11:00:28 -07:00
dnsmasq.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
domain.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
drmserver.te No access to tee domain over Unix domain sockets 2017-04-03 11:26:01 -07:00
dumpstate.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
e2fs.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
ephemeral_app.te
file.te relabel files in /proc/net/xt_qtaguid/ 2018-01-11 16:46:36 +00:00
fingerprintd.te Remove fingerprintd access to sysfs_type and cgroup label. 2017-09-19 17:12:14 -07:00
fsck.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
fsck_untrusted.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
gatekeeperd.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
global_macros sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_allocator.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_audio.te Fix CTS regressions 2017-11-22 04:54:41 +00:00
hal_bluetooth.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_bootctl.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_broadcastradio.te Move Broadcast Radio HAL to a separate binary. 2017-09-15 10:16:48 -07:00
hal_camera.te Fix CTS regressions 2017-11-22 04:54:41 +00:00
hal_cas.te Fix CTS regressions 2017-11-22 04:54:41 +00:00
hal_configstore.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
hal_contexthub.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_drm.te Fix CTS regressions 2017-11-22 04:54:41 +00:00
hal_dumpstate.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_fingerprint.te Move platform/vendor data violations to device policy 2017-11-20 17:18:56 +00:00
hal_gatekeeper.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_gnss.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_graphics_allocator.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_graphics_composer.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_health.te hal_health_default: permissions for default impl 2017-10-31 15:11:23 -07:00
hal_ir.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_keymaster.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_light.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_lowpan.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
hal_memtrack.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_neuralnetworks.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
hal_neverallows.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_nfc.te Move platform/vendor data violations to device policy 2017-11-20 17:18:56 +00:00
hal_oemlock.te Add missing sepolicies for OemLock HAL. 2017-05-31 15:22:05 +01:00
hal_power.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_sensors.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
hal_telephony.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_tetheroffload.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
hal_thermal.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_tv_cec.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_tv_input.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_usb.te Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" 2018-01-08 13:09:34 -08:00
hal_vibrator.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_vr.te Restrict access to hwservicemanager 2017-04-21 09:54:53 -07:00
hal_weaver.te Add missing sepolicies for the Weaver HAL. 2017-05-31 15:17:11 +01:00
hal_wifi.te Wifi hal - Firmware dump permissions 2017-12-18 13:11:02 -08:00
hal_wifi_offload.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
hal_wifi_supplicant.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
healthd.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
hwservice.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
hwservicemanager.te Add hwservice_contexts and support for querying it. 2017-04-12 18:07:12 -07:00
idmap.te sepolicy: restrict /vendor/overlay from most coredomains 2017-04-06 13:28:16 -07:00
incident.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
incidentd.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
init.te Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" 2018-01-08 13:09:34 -08:00
inputflinger.te
install_recovery.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
installd.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
ioctl_defines Fix TIOCSCTTY ioctl definition for mips 2017-08-31 18:16:46 +02:00
ioctl_macros
isolated_app.te
kernel.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
keystore.te Move domain_deprecated into private policy 2017-07-24 07:39:54 -07:00
lmkd.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
logd.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
logpersist.te
mdnsd.te
mediacodec.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
mediadrmserver.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
mediaextractor.te mediaextractor: ensure no direct open()s 2017-10-07 15:01:24 +00:00
mediametrics.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
mediaprovider.te Split mediaprovider from priv_app. 2017-07-10 11:17:18 -07:00
mediaserver.te mediaserver: remove access to 'sysfs' type. 2017-11-16 17:34:14 -08:00
modprobe.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
mtp.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
net.te
netd.te Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" 2018-01-08 13:09:34 -08:00
netutils_wrapper.te add netutils_wrappers 2017-04-14 22:57:27 -07:00
neverallow_macros Ban socket connections between core and vendor 2017-03-27 08:49:13 -07:00
nfc.te Remove unnecessary rules from NFC HAL clients 2017-03-22 16:22:33 -07:00
otapreopt_chroot.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
otapreopt_slot.te Sepolicy: Give otapreopt_slot read on A/B artifact links 2017-04-07 20:19:41 -07:00
performanced.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
perfprofd.te Sepolicy: Introduce perfprofd binder service 2017-12-28 17:31:21 -08:00
platform_app.te
postinstall.te
postinstall_dexopt.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
ppp.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
preopt2cachename.te
priv_app.te
profman.te Allow profman to analyze profiles for the secondary dex files 2017-03-15 18:47:13 -07:00
property.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
property_contexts Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
racoon.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
radio.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
recovery.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
recovery_persist.te
recovery_refresh.te
rild.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
roles
runas.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
sdcardd.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
service.te Sepolicy: Introduce perfprofd binder service 2017-12-28 17:31:21 -08:00
servicemanager.te Sync internal master and AOSP sepolicy. 2017-09-26 14:38:47 -07:00
sgdisk.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
shared_relro.te Allow shared_relro to connect to activity_service. 2017-07-24 17:38:40 -04:00
shell.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
slideshow.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
su.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
surfaceflinger.te
system_app.te
system_server.te
te_macros Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
tee.te Move domain_deprecated into private policy 2017-07-24 07:39:54 -07:00
thermalserviced.te PowerUI access to thermalservice 2017-10-14 01:05:58 +00:00
tombstoned.te DO NOT MERGE ANYWHERE Revert "SEPolicy: Changes for new stack dumping scheme." 2017-06-23 17:36:26 +01:00
toolbox.te
traceur_app.te Adding a traceur_app domain to remove it from shell 2018-01-02 15:29:03 -08:00
tzdatacheck.te Allow the shell user to run tzdatacheck 2017-04-20 09:31:36 +00:00
ueventd.te Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" 2018-01-08 13:09:34 -08:00
uncrypt.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
untrusted_app.te
untrusted_app_25.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
untrusted_v2_app.te Add new untrusted_v2_app domain 2017-02-21 12:39:55 -08:00
update_engine.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
update_engine_common.te Make /proc/sys/kernel/random available to everyone 2017-11-20 21:02:21 +00:00
update_verifier.te Create sysfs_dm label. 2017-10-10 14:42:24 -07:00
vdc.te Sync internal master and AOSP sepolicy. 2017-09-27 18:55:47 -07:00
vendor_init.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
vendor_shell.te vendor_shell: add sepolicy for vendor shell 2017-04-14 09:38:51 -07:00
vendor_toolbox.te Allow init to run vendor toybox for modprobe 2017-05-24 15:01:20 -07:00
virtual_touchpad.te Allow vr_hwc and virtual_touchpad to query for permissions 2017-04-21 17:15:03 -04:00
vndservice.te Add default label and mapping for vendor services 2017-04-28 14:56:57 -07:00
vndservicemanager.te Initial sepolicy for vndservicemanager. 2017-03-23 00:20:43 +00:00
vold.te Whitelist exported platform properties 2018-01-10 16:15:25 +00:00
vold_prepare_subdirs.te Move most of public/vold_prepare_subdirs.te to private 2017-10-25 13:06:25 -07:00
vr_hwc.te SELinux policies for PDX services 2017-05-10 16:39:19 -07:00
watchdogd.te
webview_zygote.te
wificond.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
wpantund.te sepolicy: Add rules for non-init namespaces 2017-11-21 08:34:32 -07:00
zygote.te