..
adbd.te
Add shell_test_data_file for /data/local/tests
2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te
apexd.te
Allow update_engine to communicate with apexd
2021-02-19 13:21:51 +00:00
app.te
Add selinux permissions for DeviceAsWebcam Service
2023-02-02 12:26:33 -08:00
app_zygote.te
artd.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
asan_extract.te
asan_extract: add system_file_type to asan_extract_exec
2020-05-06 13:25:28 -07:00
atrace.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
attributes
[dice] Remove all the sepolicy relating the hal service dice
2023-02-24 08:34:26 +00:00
audioserver.te
Allow audioserver to access sensorservice
2021-09-08 11:44:11 -07:00
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
bootstat.te
bpfloader.te
Allow BPF programs from vendor.
2022-02-08 22:46:54 +00:00
bufferhubd.te
camera_service_server.te
cameraserver.te
cameraservice: Add selinux policy for vndk cameraservice.
2022-12-14 20:46:43 +00:00
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_vendor.te
Add sepolicies to allow hal_health_default to load BPFs.
2022-03-21 12:54:49 -07:00
crash_dump.te
Allow crash_dump to read from /data/local/tests.
2021-09-09 14:49:36 -07:00
credstore.te
Add get_auth_token permission to allow credstore to call keystore2.
2021-03-12 20:32:06 +00:00
device.te
Set sepolicy for ublk control device and block device
2023-02-13 16:30:40 -08:00
dhcp.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
display_service_server.te
dnsmasq.te
domain.te
Explicitly list "pm.dexopt." sysprops.
2023-01-19 12:07:25 +08:00
drmserver.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
dumpstate.te
Allow dumpstate to dump /proc/bootconfig
2023-03-21 16:27:13 +00:00
e2fs.te
Allow to format zoned device w/o dm-default-key
2023-02-13 10:37:11 -08:00
ephemeral_app.te
evsmanagerd.te
Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 17:21:14 +00:00
extra_free_kbytes.te
Allow init to execute extra_free_kbytes.sh script
2021-08-17 17:02:38 +00:00
fastbootd.te
Fastboot AIDL Sepolicy changes
2022-11-09 22:21:27 +00:00
file.te
Merge "Allow dumpstate to read /data/system/shutdown-checkpoints/"
2023-02-22 10:21:25 +00:00
fingerprintd.te
Make Keystore equivalent policy for Keystore2
2020-08-05 16:11:48 +00:00
flags_health_check.te
fsck.te
Allow mkfs/fsck for zoned block device
2023-01-17 17:59:28 -08:00
fsck_untrusted.te
Adds support for fuseblk binaries.
2023-02-02 15:32:39 +01:00
gatekeeperd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
global_macros
gmscore_app.te
gpuservice.te
hal_allocator.te
hal_atrace.te
hal_audio.te
Allow STHAL to read model params from system
2023-02-22 03:27:29 +00:00
hal_audiocontrol.te
hal_audiocontrol: use hal_attribute_service
2020-12-23 01:26:58 +00:00
hal_authsecret.te
Add sepolicy for authsecret AIDL HAL
2021-01-12 06:01:22 +00:00
hal_bluetooth.te
sepolicy: Add Bluetooth AIDL
2022-12-02 13:08:26 -08:00
hal_bootctl.te
Add proper permission for AIDL bootcontrol server
2022-06-22 13:38:01 -07:00
hal_broadcastradio.te
Applying new IBroadcastRadio AIDL
2022-09-21 23:17:20 +00:00
hal_camera.te
System wide sepolicy changes for aidl camera hals.
2022-02-08 09:37:17 +00:00
hal_can.te
binder_call should be binder_use
2022-12-13 17:38:33 +00:00
hal_cas.te
Allow CAS AIDL sample HAL
2022-10-12 19:42:20 +05:30
hal_codec2.te
media: add codec2_config_prop
2021-03-24 01:17:05 +00:00
hal_configstore.te
Merge "Adds support for fuseblk binaries."
2023-02-17 15:15:31 +00:00
hal_confirmationui.te
hidl2aidl: sepolicy changes for confirmationui aidl
2022-09-23 19:00:15 +00:00
hal_contexthub.te
Context Hub stable AIDL sepolicy
2021-08-10 22:06:43 +00:00
hal_drm.te
Enable dumpsys widevine without root
2022-08-05 02:55:28 +00:00
hal_dumpstate.te
Allow dumpstate to access fscklogs
2022-08-12 10:59:40 -07:00
hal_evs.te
Revert^2 "Updates sepolicy for EVS HAL"
2022-02-10 17:21:54 +00:00
hal_face.te
Add sepolicy for IFace
2020-09-28 15:57:59 -07:00
hal_fastboot.te
Fastboot AIDL Sepolicy changes
2022-11-09 22:21:27 +00:00
hal_fingerprint.te
Allow servicemanager to make binder call to hal_fingerprint
2023-02-09 22:02:29 +00:00
hal_gatekeeper.te
hidl2aidl: conversion of gatekeeper hidl to aidl
2022-09-19 17:43:26 +00:00
hal_gnss.te
Add GNSS AIDL interfaces (system/sepolicy)
2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te
Grant surfaceflinger and graphics allocator access to the secure heap
2023-01-19 09:02:56 +00:00
hal_graphics_composer.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
hal_health.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
hal_health_storage.te
Allow health storage HAL to read default fstab
2021-04-15 12:44:24 +08:00
hal_identity.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_input_classifier.te
hal_input_processor.te
Allow dumping of InputProcessor HAL
2022-07-11 18:33:54 +00:00
hal_ir.te
Add policy for new AIDL IR hal
2021-12-16 20:24:27 +00:00
hal_keymaster.te
hal_keymint.te
Limit special file permissions to the keymint server domain
2022-11-03 05:30:01 +00:00
hal_light.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_lowpan.te
hal_memtrack.te
Reland: Memtrack HAL stable aidl sepolicy
2020-12-22 16:08:53 -05:00
hal_neuralnetworks.te
Add gpu_device access to hal_neuralnetworks
2022-05-12 21:01:45 +00:00
hal_neverallows.te
Merge "SEPolicy for Netlink Interceptor"
2021-11-02 18:02:45 +00:00
hal_nfc.te
Add hal_nfc_service
2022-01-20 03:48:57 +00:00
hal_nlinterceptor.te
Give Netlink Interceptor route_socket perms
2021-12-01 04:08:19 +00:00
hal_oemlock.te
Add sepolicy for oemlock aidl HAL
2021-01-11 05:57:17 +00:00
hal_omx.te
Allow binder services to r/w su:tcp_socket
2021-06-08 10:39:02 -07:00
hal_power.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_power_stats.te
sepolicy: allow hal_power_stats_client to access IPowerStats AIDL
2021-03-08 22:19:47 +00:00
hal_rebootescrow.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_remoteaccess.te
Create selinux policy for remoteaccess HAL.
2022-09-20 18:09:49 -07:00
hal_secure_element.te
sepolicy for SE HAL
2022-11-15 22:41:09 +00:00
hal_sensors.te
Sensors stable AIDL HAL sepolicy
2021-10-15 17:39:56 +00:00
hal_telephony.te
Combining hal_radio_*_service into hal_radio_service
2022-01-24 19:42:42 +00:00
hal_tetheroffload.te
Update SEPolicy for Tetheroffload AIDL
2023-01-04 11:28:47 +08:00
hal_thermal.te
Update SEPolicy for Thermal AIDL
2022-10-05 00:55:20 +00:00
hal_tv_cec.te
hal_tv_hdmi_cec.te
HDMI: Refactor HDMI packages
2022-12-27 18:15:26 +05:30
hal_tv_hdmi_connection.te
HDMI: Refactor HDMI packages
2022-12-27 18:15:26 +05:30
hal_tv_hdmi_earc.te
HDMI: Refactor HDMI packages
2022-12-27 18:15:26 +05:30
hal_tv_input.te
TV Input HAL 2.0 sepolicy
2022-08-25 14:31:49 -07:00
hal_tv_tuner.te
Allow Tuner AIDL sample HAL.
2021-07-26 11:35:18 -07:00
hal_usb.te
Add selinux rules for android.hardware.usb.IUsb AIDL migration
2022-01-20 23:03:26 +00:00
hal_usb_gadget.te
Add selinux permissions for ro.usb.uvc.enabled
2023-01-31 11:17:50 -08:00
hal_uwb.te
Allow uwb HAL client/server to talk to service manager
2021-08-28 00:01:59 +00:00
hal_vehicle.te
Add hal_vehicle_service for AIDL VHAL service.
2021-12-07 22:23:50 -08:00
hal_vibrator.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_vr.te
hal_weaver.te
Add sepolicy for weaver aidl HAL service
2021-01-22 06:34:41 +00:00
hal_wifi.te
Fix SE policy violation of Wi-Fi vendor AIDL service
2023-03-03 02:10:50 +00:00
hal_wifi_hostapd.te
Add rule to allow servicemanager to call
2022-02-08 18:00:15 +00:00
hal_wifi_supplicant.te
Add supplicant service to the dumpstate
2022-01-14 17:17:31 +00:00
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
hwservice.te
Revert "Add sepolicies for CPU HAL."
2022-11-09 16:47:07 +00:00
hwservicemanager.te
idmap.te
Remove the last traces of idmap (replaced by idmap2)
2022-06-10 12:58:21 +02:00
incident.te
incident_helper.te
incidentd.te
init.te
overlayfs: Rules for mounting overlays from second stage init
2022-12-13 15:53:10 +08:00
inputflinger.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
installd.te
Restrict creating per-user encrypted directories
2022-05-05 04:12:46 +00:00
ioctl_defines
Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS
2023-02-23 00:49:42 +00:00
ioctl_macros
sepolicy: allow new BINDER_GET_EXTENDED_ERROR ioctl
2022-05-10 04:20:09 +00:00
iorap.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
isolated_app.te
kernel.te
Allow kernel to write to shell_data_file loop devices in userdebug builds.
2022-07-20 11:43:20 -07:00
keystore.te
Remove RemoteProvisioner and remoteprovisioning services
2023-03-14 15:45:35 -07:00
keystore_keys.te
Keystore 2.0: Add wifi namespace to sepolicy.
2021-02-09 08:28:45 -08:00
llkd.te
lmkd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logpersist.te
mdnsd.te
mediadrmserver.te
mediaextractor.te
Remove TZUvA feature.
2022-06-13 11:45:50 +00:00
mediametrics.te
Allow binder services to r/w su:tcp_socket
2021-06-08 10:39:02 -07:00
mediaprovider.te
mediaserver.te
Allow communication between mediaserver & statsd
2023-02-01 22:33:28 +00:00
mediaswcodec.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediatranscoding.te
Move mediatranscoding type to public
2021-10-21 09:10:45 +02:00
modprobe.te
allow modprobe to read /proc/cmdline
2020-05-07 11:28:50 -07:00
mtp.te
net.te
Blocks untrusted apps to access /dev/socket/mdnsd from U
2023-01-20 15:25:46 +09:00
netd.te
Blocks untrusted apps to access /dev/socket/mdnsd from U
2023-01-20 15:25:46 +09:00
netutils_wrapper.te
network_stack.te
neverallow_macros
nfc.te
otapreopt_chroot.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
perfetto.te
performanced.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
platform_app.te
postinstall.te
ppp.te
priv_app.te
prng_seeder.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
profman.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
property.te
Allow CompOS to read VM config properties
2023-03-23 15:40:14 +00:00
racoon.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
radio.te
Add new selinux type for radio process
2020-12-24 15:11:15 +08:00
recovery.te
recovery/fastbootd: allow to talk to health HAL.
2021-12-07 16:22:53 -08:00
recovery_persist.te
recovery_refresh.te
remote_provisioning_service_server.te
Add permissions for remote_provisioning service
2022-12-06 08:46:20 -08:00
rkpd_app.te
Add new appdomain for RKPD mainline app
2022-11-16 12:55:31 -08:00
roles
rootdisk_sysdev.te
SELinux policy for /dev/sys/block/by-name/rootdisk
2022-03-16 11:04:39 -07:00
rs.te
rss_hwm_reset.te
runas.te
runas_app.te
scheduler_service_server.te
sdcardd.te
Add fusefs_type for FUSE filesystems
2021-06-28 13:18:46 +02:00
secure_element.te
sensor_service_server.te
service.te
Remove RemoteProvisioner and remoteprovisioning services
2023-03-14 15:45:35 -07:00
servicemanager.te
servicemanager: kernel log perms
2022-10-17 21:30:50 +00:00
sgdisk.te
Allow sgdisk to use BLKPBSZGET ioctl
2020-05-17 12:32:44 -07:00
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
Allow shell to call IRemotelyProvisionedComponent
2022-11-09 12:42:28 -08:00
simpleperf.te
simpleperf_app_runner.te
simpleperf_app_runner: move rules to private.
2021-06-30 17:24:05 -07:00
slideshow.te
stats_service_server.te
Stats: new sepolicy for the AIDL service
2021-02-10 23:48:35 +00:00
statsd.te
Merge "Restrict system server from reading statsd data"
2023-02-13 22:37:09 +00:00
su.te
Ignore fusefs_type access for su
2023-02-09 12:45:14 +11:00
surfaceflinger.te
system_app.te
system_server.te
Allow the shell to disable charging.
2022-01-10 10:36:01 -08:00
system_suspend_internal_server.te
sepolicy: Create new attribute to serve ISuspendControlServiceInternal
2021-02-25 18:04:04 +08:00
system_suspend_server.te
te_macros
Merge changes from topic "iso_compute"
2023-02-01 17:33:59 +00:00
tee.te
tombstoned.te
toolbox.te
Restrict creating per-user encrypted directories
2022-05-05 04:12:46 +00:00
traced.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
traced_perf.te
traced_probes.te
traceur_app.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
ueventd.te
Add use_bionic_libs macro
2022-01-25 09:47:56 +09:00
uncrypt.te
uncrypt: allow reading /proc/bootconfig
2021-06-03 21:29:57 +02:00
untrusted_app.te
Blocks untrusted apps to access /dev/socket/mdnsd from U
2023-01-20 15:25:46 +09:00
update_engine.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
update_engine_common.te
Allow update_engine to inotify_add_watch dm-user device nodes.
2022-07-21 12:47:46 -07:00
update_verifier.te
usbd.te
Add usbd servicemanager permission
2022-12-19 16:16:17 +08:00
userdata_sysdev.te
sepolicy: Add label to userdata file node
2021-02-19 07:45:02 +08:00
vdc.te
Remove some FDE rules and update comments
2022-04-15 21:06:51 +00:00
vendor_init.te
remove init/vendor_init access to bpffs_type
2022-12-02 12:26:03 +00:00
vendor_misc_writer.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
vendor_modprobe.te
Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
2021-05-04 22:07:08 -07:00
vendor_shell.te
sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties
2020-11-12 18:22:47 -08:00
vendor_toolbox.te
Update language to comply with Android's inclusive language guidance
2020-07-31 12:28:11 -06:00
virtual_touchpad.te
vndservice.te
vndservicemanager.te
vold.te
Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS
2023-02-23 00:49:42 +00:00
vold_prepare_subdirs.te
watchdogd.te
webview_zygote.te
wificond.te
SEPolicy for Netlink Interceptor
2021-10-26 10:03:14 -07:00
zygote.te
a45646c024