platform_system_sepolicy

Alan Stokes 23161e51cc Allow piping console output to clients Any virtualization service client should be able to use a pipe for the VM log fds. We previously had some support for this in crosvm (but appdomain is the wrong label), but not for virtualizationservice. Instead I've centralised it in the virtualizationservice_use macro so it applies to exactly those things that can start a VM. I've removed read permission from crosvm; it doesn't seem to be needed, and logically it shouldn't be. Test: Patch in https://r.android.com/1997004, see no denials Change-Id: Ia9cff469c552dd297ed02932e9e91a5a8cc2c13f	2022-02-23 17:28:49 +00:00
..
adbd.te	Add shell_test_data_file for /data/local/tests	2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te	Add aidl_lazy_test_server	2020-01-07 15:11:03 -08:00
apexd.te	Allow update_engine to communicate with apexd	2021-02-19 13:21:51 +00:00
app.te	Move allow rules from public/app.te to private/app.te	2022-01-13 22:56:14 +00:00
app_zygote.te	Properly Treble-ize tmpfs access	2019-01-26 17:30:41 +00:00
asan_extract.te	asan_extract: add system_file_type to asan_extract_exec	2020-05-06 13:25:28 -07:00
atrace.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
attributes	Associate hal_service_type with all HAL services	2022-02-16 10:49:21 +11:00
audioserver.te	Allow audioserver to access sensorservice	2021-09-08 11:44:11 -07:00
blkid.te
blkid_untrusted.te
bluetooth.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
bootanim.te	Add missing permission for accessing the DMA-BUF system heap	2021-03-03 14:22:48 -08:00
bootstat.te	Enable incidentd access to ro.boot.bootreason	2020-04-22 17:55:18 +00:00
bpfloader.te	Allow BPF programs from vendor.	2022-02-08 22:46:54 +00:00
bufferhubd.te	Properly define hal_codec2 and related policies	2019-05-23 03:53:47 -07:00
camera_service_server.te	Abstract use of cameraserver behind an attribute	2019-03-01 14:02:59 -08:00
cameraserver.te	System wide sepolicy changes for aidl camera hals.	2022-02-08 09:37:17 +00:00
charger.te	Add charger_type.	2021-11-05 18:44:04 -07:00
charger_type.te	Add charger_type.	2021-11-05 18:44:04 -07:00
charger_vendor.te	Add charger_vendor type	2021-12-07 16:24:23 -08:00
crash_dump.te	Allow crash_dump to read from /data/local/tests.	2021-09-09 14:49:36 -07:00
credstore.te	Add get_auth_token permission to allow credstore to call keystore2.	2021-03-12 20:32:06 +00:00
device.te	Stop using the bdev_type and sysfs_block_type SELinux attributes	2021-10-29 15:22:09 -07:00
dhcp.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
diced.te	Diced: Add policy for diced the DICE daemon.	2021-11-17 13:36:18 -08:00
display_service_server.te	Add fwk_display_hwservice.	2017-05-17 11:00:28 -07:00
dnsmasq.te	add dontaudit dnsmasq kernel:system module_request	2020-01-18 18:22:12 -08:00
domain.te	Merge "system_dlkm: sepolicy: add system_dlkm_file_type"	2022-02-11 18:36:04 +00:00
drmserver.te	Add fusefs_type for FUSE filesystems	2021-06-28 13:18:46 +02:00
dumpstate.te	Associate hal_service_type with all HAL services	2022-02-16 10:49:21 +11:00
e2fs.te	Remove microdroid specific rules and files	2021-06-07 19:22:18 +09:00
ephemeral_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
evsmanagerd.te	Revert^2 "Adds a sepolicy for EVS manager service"	2022-02-10 17:21:14 +00:00
extra_free_kbytes.te	Allow init to execute extra_free_kbytes.sh script	2021-08-17 17:02:38 +00:00
fastbootd.te	recovery/fastbootd: allow to talk to health HAL.	2021-12-07 16:22:53 -08:00
file.te	system_dlkm: sepolicy: add system_dlkm_file_type	2022-02-11 04:19:33 +00:00
fingerprintd.te	Make Keystore equivalent policy for Keystore2	2020-08-05 16:11:48 +00:00
flags_health_check.te	Move system property rules to private	2020-03-18 16:46:04 +00:00
fsck.te	Fix e2fsck denials introduced by latest e2fsprogs merge.	2021-07-13 10:17:30 -07:00
fsck_untrusted.te	Sync internal master and AOSP sepolicy.	2017-09-27 18:55:47 -07:00
gatekeeperd.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
global_macros	global_macros: trim back various watch* permissions	2019-08-28 12:36:58 -07:00
gmscore_app.te	Create a separate SELinux domain for gmscore	2019-11-22 10:39:19 -08:00
gpuservice.te	Game Driver: sepolicy update for plumbing GpuStats into GpuService	2019-02-08 18:15:17 -08:00
hal_allocator.te	same_process_hal_file: access to individual coredomains	2018-10-26 18:03:01 +00:00
hal_atrace.te	Add atrace HAL 1.0 sepolicy	2018-09-27 23:18:29 +00:00
hal_audio.te	Add soundtrigger3 HAL (AIDL) to sepolicy	2021-03-23 10:34:19 -07:00
hal_audiocontrol.te	hal_audiocontrol: use hal_attribute_service	2020-12-23 01:26:58 +00:00
hal_authsecret.te	Add sepolicy for authsecret AIDL HAL	2021-01-12 06:01:22 +00:00
hal_bluetooth.te	Add rules for accessing the related bluetooth_audio_hal_prop	2019-03-20 03:12:25 +00:00
hal_bootctl.te	Add sepolicy for /proc/bootconfig	2021-02-23 07:42:06 -08:00
hal_broadcastradio.te	Allow radio server to client binder callback	2019-03-29 15:22:16 -07:00
hal_camera.te	System wide sepolicy changes for aidl camera hals.	2022-02-08 09:37:17 +00:00
hal_can.te	Revert "Revert "hal_can_*: use hal_attribute_service""	2021-01-11 18:25:51 +00:00
hal_cas.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
hal_codec2.te	media: add codec2_config_prop	2021-03-24 01:17:05 +00:00
hal_configstore.te	debug builds: allow perf profiling of most domains	2020-01-22 22:04:02 +00:00
hal_confirmationui.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_contexthub.te	Context Hub stable AIDL sepolicy	2021-08-10 22:06:43 +00:00
hal_dice.te	Dice HAL: Add policy for dice HAL.	2021-11-17 13:36:18 -08:00
hal_drm.te	Add sepolicy for DRM AIDL HAL	2022-01-27 01:51:05 -08:00
hal_dumpstate.te	Update sepolicy to add dumpstate device service for AIDL HAL	2021-11-25 07:52:32 +00:00
hal_evs.te	Revert^2 "Updates sepolicy for EVS HAL"	2022-02-10 17:21:54 +00:00
hal_face.te	Add sepolicy for IFace	2020-09-28 15:57:59 -07:00
hal_fingerprint.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
hal_gatekeeper.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_gnss.te	Add GNSS AIDL interfaces (system/sepolicy)	2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te	Add IAllocator stable-aidl	2022-01-18 19:40:26 -05:00
hal_graphics_composer.te	Allow hal_graphics_composer to write to a pipe	2022-02-19 01:09:41 +00:00
hal_health.te	Add health AIDL HAL.	2021-10-26 19:34:34 -07:00
hal_health_storage.te	Allow health storage HAL to read default fstab	2021-04-15 12:44:24 +08:00
hal_identity.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
hal_input_classifier.te	Permissions for InputClassifier HAL	2019-01-11 02:08:19 +00:00
hal_input_processor.te	Add sepolicy for IInputProcessor HAL	2022-01-20 23:40:05 +00:00
hal_ir.te	Add policy for new AIDL IR hal	2021-12-16 20:24:27 +00:00
hal_keymaster.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_keymint.te	Allow keymint to access tee-device	2021-06-18 07:15:30 -06:00
hal_light.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
hal_lowpan.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_memtrack.te	Reland: Memtrack HAL stable aidl sepolicy	2020-12-22 16:08:53 -05:00
hal_neuralnetworks.te	Update sepolicy for adding nnapi_native namespace.	2021-10-12 11:50:26 +01:00
hal_neverallows.te	Merge "SEPolicy for Netlink Interceptor"	2021-11-02 18:02:45 +00:00
hal_nfc.te	Add hal_nfc_service	2022-01-20 03:48:57 +00:00
hal_nlinterceptor.te	Give Netlink Interceptor route_socket perms	2021-12-01 04:08:19 +00:00
hal_oemlock.te	Add sepolicy for oemlock aidl HAL	2021-01-11 05:57:17 +00:00
hal_omx.te	Allow binder services to r/w su:tcp_socket	2021-06-08 10:39:02 -07:00
hal_power.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
hal_power_stats.te	sepolicy: allow hal_power_stats_client to access IPowerStats AIDL	2021-03-08 22:19:47 +00:00
hal_rebootescrow.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
hal_secure_element.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_sensors.te	Sensors stable AIDL HAL sepolicy	2021-10-15 17:39:56 +00:00
hal_telephony.te	Combining hal_radio_*_service into hal_radio_service	2022-01-24 19:42:42 +00:00
hal_tetheroffload.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_thermal.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_tv_cec.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_tv_input.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_tv_tuner.te	Allow Tuner AIDL sample HAL.	2021-07-26 11:35:18 -07:00
hal_usb.te	Add selinux rules for android.hardware.usb.IUsb AIDL migration	2022-01-20 23:03:26 +00:00
hal_usb_gadget.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_uwb.te	Allow uwb HAL client/server to talk to service manager	2021-08-28 00:01:59 +00:00
hal_vehicle.te	Add hal_vehicle_service for AIDL VHAL service.	2021-12-07 22:23:50 -08:00
hal_vibrator.te	Make AIDL HAL client attribute an exclusive client.	2020-09-11 00:02:00 +00:00
hal_vr.te	hal_attribute_hwservice_client drop '_client'	2018-06-06 09:30:18 -07:00
hal_weaver.te	Add sepolicy for weaver aidl HAL service	2021-01-22 06:34:41 +00:00
hal_wifi.te	Fix a sepolicy violation error for hal_wifi	2020-11-25 10:24:41 +09:00
hal_wifi_hostapd.te	Add rule to allow servicemanager to call	2022-02-08 18:00:15 +00:00
hal_wifi_supplicant.te	Add supplicant service to the dumpstate	2022-01-14 17:17:31 +00:00
healthd.te	Remove healthd.	2021-10-20 18:47:41 -07:00
heapprofd.te	Add userdebug selinux config for heapprofd.	2018-11-14 09:22:07 +00:00
hwservice.te	sepolicy: Change UWB HAL from HIDL to versioned AIDL	2021-08-27 00:28:56 +00:00
hwservicemanager.te	Move system property rules to private	2020-03-18 16:46:04 +00:00
idmap.te	idmap: add binderservice permissions	2019-09-18 13:47:09 +02:00
incident.te
incident_helper.te	Selinux permissions for incidentd project	2018-01-23 19:08:49 +00:00
incidentd.te
init.te	system_dlkm: sepolicy: add system_dlkm_file_type	2022-02-11 04:19:33 +00:00
inputflinger.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
installd.te	allow installd to kill dex2oat and dexoptanalyzer	2021-08-17 09:48:47 -07:00
ioctl_defines	Correctly alphabetize a newly-added ioctl definition.	2021-07-22 09:38:53 -07:00
ioctl_macros	sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes	2021-04-20 14:07:56 +08:00
iorap_inode2filename.te	Split user_profile_data_file label.	2020-12-11 17:35:06 +00:00
iorap_prefetcherd.te	Split user_profile_data_file label.	2020-12-11 17:35:06 +00:00
iorapd.te	Remove healthd.	2021-10-20 18:47:41 -07:00
isolated_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
kernel.te	Allow the kernel to read shell_data_file	2021-07-01 00:04:41 +09:00
keystore.te	Add remotely provisioned key pool se policy	2022-02-02 15:07:26 -08:00
keystore_keys.te	Keystore 2.0: Add wifi namespace to sepolicy.	2021-02-09 08:28:45 -08:00
llkd.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
lmkd.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
logd.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
logpersist.te	logpersist is now a shell script, so give it the appropriate permissions	2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
mediaextractor.te	Add fusefs_type for FUSE filesystems	2021-06-28 13:18:46 +02:00
mediametrics.te	Allow binder services to r/w su:tcp_socket	2021-06-08 10:39:02 -07:00
mediaprovider.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
mediaserver.te	Add fusefs_type for FUSE filesystems	2021-06-28 13:18:46 +02:00
mediaswcodec.te	Allow codec2 to allocate from system-secure heap	2021-01-12 12:45:01 -08:00
mediatranscoding.te	Move mediatranscoding type to public	2021-10-21 09:10:45 +02:00
modprobe.te	allow modprobe to read /proc/cmdline	2020-05-07 11:28:50 -07:00
mtp.te	mtp: support using pppox_socket family	2019-05-08 06:01:58 -07:00
net.te	untrusted_app_30: add new targetSdk domain	2021-07-05 11:42:31 +02:00
netd.te	Add sepolicy for mdns service	2022-01-25 00:50:21 +08:00
netutils_wrapper.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
network_stack.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
neverallow_macros	neverallow_macros: add watch* perms	2019-09-05 09:54:43 -07:00
nfc.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
otapreopt_chroot.te	Use postinstall file_contexts	2021-03-25 00:01:25 +00:00
perfetto.te	Allow to signal perfetto from shell.	2018-12-13 10:46:42 +00:00
performanced.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
platform_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
postinstall.te	Allow postinstall scripts to trigger F2FS GC	2019-02-20 22:40:53 +00:00
ppp.te	ppp: support using pppox_socket family	2019-05-06 14:11:02 -07:00
priv_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
profman.te	Enable ART properties modularization	2021-06-02 21:18:13 +00:00
property.te	Allow BPF programs from vendor.	2022-02-08 22:46:54 +00:00
racoon.te	sepolicy: rules for uid/pid cgroups v2 hierarchy	2021-02-11 23:40:38 +00:00
radio.te	Add new selinux type for radio process	2020-12-24 15:11:15 +08:00
recovery.te	recovery/fastbootd: allow to talk to health HAL.	2021-12-07 16:22:53 -08:00
recovery_persist.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
recovery_refresh.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
roles
rs.te	sepolicy: Add "rs" and "rs_exec" to public policy	2018-12-21 17:47:54 +00:00
rss_hwm_reset.te	SELinux policy for rss_hwm_reset	2018-12-15 10:13:03 +00:00
runas.te	Relabel /data/system/packages.list to new type.	2019-03-28 10:27:43 +00:00
runas_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
scheduler_service_server.te	Treble-ize sepolicy for fwk HIDL services.	2019-04-22 17:07:06 -07:00
sdcardd.te	Add fusefs_type for FUSE filesystems	2021-06-28 13:18:46 +02:00
secure_element.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
sensor_service_server.te	Treble-ize sepolicy for fwk HIDL services.	2019-04-22 17:07:06 -07:00
service.te	Associate hal_service_type with all HAL services	2022-02-16 10:49:21 +11:00
servicemanager.te	servicemanager: allow to read VINTF files in recovery.	2021-12-07 16:22:53 -08:00
sgdisk.te	Allow sgdisk to use BLKPBSZGET ioctl	2020-05-17 12:32:44 -07:00
shared_relro.te	Make shared_relro policy private.	2021-01-05 09:48:10 +00:00
shell.te	Add sepolicy for mdns service	2022-01-25 00:50:21 +08:00
simpleperf.te	perf_event: rules for system and simpleperf domain	2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te	simpleperf_app_runner: move rules to private.	2021-06-30 17:24:05 -07:00
slideshow.te	sepolicy: Add rules for non-init namespaces	2017-11-21 08:34:32 -07:00
stats_service_server.te	Stats: new sepolicy for the AIDL service	2021-02-10 23:48:35 +00:00
statsd.te	Remove healthd.	2021-10-20 18:47:41 -07:00
su.te	Suppress some su capability2 related denials	2021-04-13 08:24:14 -07:00
surfaceflinger.te	Initial selinux policy support for memfd	2019-01-30 19:11:49 +00:00
system_app.te	Remove unused *_tmpfs types	2019-01-30 21:54:40 +00:00
system_server.te	Allow the shell to disable charging.	2022-01-10 10:36:01 -08:00
system_suspend_internal_server.te	sepolicy: Create new attribute to serve ISuspendControlServiceInternal	2021-02-25 18:04:04 +08:00
system_suspend_server.te	Decouple system_suspend from hal attributes.	2019-02-26 18:10:28 -08:00
te_macros	Allow piping console output to clients	2022-02-23 17:28:49 +00:00
tee.te	Revert "Add placeholder iris and face policy for vold data directory"	2018-11-19 15:00:19 -08:00
tombstoned.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
toolbox.te	Allow setattr for chattr	2020-02-03 17:57:03 -08:00
traced.te	traced: move traced_tmpfs to public policy	2021-04-14 22:18:41 +02:00
traced_perf.te	initial policy for traced_perf daemon (perf profiler)	2020-01-22 22:04:01 +00:00
traced_probes.te	Make traced_probes mlstrustedsubject.	2018-04-17 18:12:28 +00:00
traceur_app.te	Add sepolicy for mdns service	2022-01-25 00:50:21 +08:00
tzdatacheck.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
ueventd.te	Add use_bionic_libs macro	2022-01-25 09:47:56 +09:00
uncrypt.te	uncrypt: allow reading /proc/bootconfig	2021-06-03 21:29:57 +02:00
untrusted_app.te	untrusted_app_30: add new targetSdk domain	2021-07-05 11:42:31 +02:00
update_engine.te	Add rules for calling ReadDefaultFstab()	2021-03-29 15:23:29 +08:00
update_engine_common.te	Allow update_engine to scan /sys/fs and /sys/fs/f2fs.	2021-04-08 13:50:50 -07:00
update_verifier.te	Move system property rules to private	2020-03-18 16:46:04 +00:00
usbd.te	Move system property rules to private	2020-03-18 16:46:04 +00:00
userdata_sysdev.te	sepolicy: Add label to userdata file node	2021-02-19 07:45:02 +08:00
vdc.te	Allow to getattr kmsg_device	2019-03-25 10:14:20 -07:00
vendor_init.te	system_dlkm: sepolicy: add system_dlkm_file_type	2022-02-11 04:19:33 +00:00
vendor_misc_writer.te	Add rules for calling ReadDefaultFstab()	2021-03-29 15:23:29 +08:00
vendor_modprobe.te	Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""	2021-05-04 22:07:08 -07:00
vendor_shell.te	sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties	2020-11-12 18:22:47 -08:00
vendor_toolbox.te	Update language to comply with Android's inclusive language guidance	2020-07-31 12:28:11 -06:00
virtual_touchpad.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
vndservice.te	Allow vndservicemanager to self-register.	2020-03-06 16:35:52 -08:00
vndservicemanager.te	Initial sepolicy for vndservicemanager.	2017-03-23 00:20:43 +00:00
vold.te	Remove healthd.	2021-10-20 18:47:41 -07:00
vold_prepare_subdirs.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
watchdogd.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
webview_zygote.te	Properly Treble-ize tmpfs access	2019-01-26 17:30:41 +00:00
wificond.te	SEPolicy for Netlink Interceptor	2021-10-26 10:03:14 -07:00
wpantund.te	Introduce system_file_type	2018-09-27 12:52:09 -07:00
zygote.te	Properly Treble-ize tmpfs access	2019-01-26 17:30:41 +00:00

adbd.te

Add shell_test_data_file for /data/local/tests

2020-09-01 11:17:19 -07:00

aidl_lazy_test_server.te

Add aidl_lazy_test_server

2020-01-07 15:11:03 -08:00

apexd.te

Allow update_engine to communicate with apexd

2021-02-19 13:21:51 +00:00

app.te

Move allow rules from public/app.te to private/app.te

2022-01-13 22:56:14 +00:00

app_zygote.te

Properly Treble-ize tmpfs access

2019-01-26 17:30:41 +00:00

asan_extract.te

asan_extract: add system_file_type to asan_extract_exec

2020-05-06 13:25:28 -07:00

atrace.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

attributes

Associate hal_service_type with all HAL services

2022-02-16 10:49:21 +11:00

audioserver.te

Allow audioserver to access sensorservice

2021-09-08 11:44:11 -07:00

bluetooth.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

bootanim.te

Add missing permission for accessing the DMA-BUF system heap

2021-03-03 14:22:48 -08:00

bootstat.te

Enable incidentd access to ro.boot.bootreason

2020-04-22 17:55:18 +00:00

bpfloader.te

Allow BPF programs from vendor.

2022-02-08 22:46:54 +00:00

bufferhubd.te

Properly define hal_codec2 and related policies

2019-05-23 03:53:47 -07:00

camera_service_server.te

Abstract use of cameraserver behind an attribute

2019-03-01 14:02:59 -08:00

cameraserver.te

System wide sepolicy changes for aidl camera hals.

2022-02-08 09:37:17 +00:00

charger.te

Add charger_type.

2021-11-05 18:44:04 -07:00

charger_type.te

Add charger_type.

2021-11-05 18:44:04 -07:00

charger_vendor.te

Add charger_vendor type

2021-12-07 16:24:23 -08:00

crash_dump.te

Allow crash_dump to read from /data/local/tests.

2021-09-09 14:49:36 -07:00

credstore.te

Add get_auth_token permission to allow credstore to call keystore2.

2021-03-12 20:32:06 +00:00

device.te

Stop using the bdev_type and sysfs_block_type SELinux attributes

2021-10-29 15:22:09 -07:00

dhcp.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

diced.te

Diced: Add policy for diced the DICE daemon.

2021-11-17 13:36:18 -08:00

display_service_server.te

Add fwk_display_hwservice.

2017-05-17 11:00:28 -07:00

dnsmasq.te

add dontaudit dnsmasq kernel:system module_request

2020-01-18 18:22:12 -08:00

domain.te

Merge "system_dlkm: sepolicy: add system_dlkm_file_type"

2022-02-11 18:36:04 +00:00

drmserver.te

Add fusefs_type for FUSE filesystems

2021-06-28 13:18:46 +02:00

dumpstate.te

Associate hal_service_type with all HAL services

2022-02-16 10:49:21 +11:00

e2fs.te

Remove microdroid specific rules and files

2021-06-07 19:22:18 +09:00

ephemeral_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

evsmanagerd.te

Revert^2 "Adds a sepolicy for EVS manager service"

2022-02-10 17:21:14 +00:00

extra_free_kbytes.te

Allow init to execute extra_free_kbytes.sh script

2021-08-17 17:02:38 +00:00

fastbootd.te

recovery/fastbootd: allow to talk to health HAL.

2021-12-07 16:22:53 -08:00

file.te

system_dlkm: sepolicy: add system_dlkm_file_type

2022-02-11 04:19:33 +00:00

fingerprintd.te

Make Keystore equivalent policy for Keystore2

2020-08-05 16:11:48 +00:00

flags_health_check.te

Move system property rules to private

2020-03-18 16:46:04 +00:00

fsck.te

Fix e2fsck denials introduced by latest e2fsprogs merge.

2021-07-13 10:17:30 -07:00

fsck_untrusted.te

Sync internal master and AOSP sepolicy.

2017-09-27 18:55:47 -07:00

gatekeeperd.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

global_macros

global_macros: trim back various watch* permissions

2019-08-28 12:36:58 -07:00

gmscore_app.te

Create a separate SELinux domain for gmscore

2019-11-22 10:39:19 -08:00

gpuservice.te

Game Driver: sepolicy update for plumbing GpuStats into GpuService

2019-02-08 18:15:17 -08:00

hal_allocator.te

same_process_hal_file: access to individual coredomains

2018-10-26 18:03:01 +00:00

hal_atrace.te

Add atrace HAL 1.0 sepolicy

2018-09-27 23:18:29 +00:00

hal_audio.te

Add soundtrigger3 HAL (AIDL) to sepolicy

2021-03-23 10:34:19 -07:00

hal_audiocontrol.te

hal_audiocontrol: use hal_attribute_service

2020-12-23 01:26:58 +00:00

hal_authsecret.te

Add sepolicy for authsecret AIDL HAL

2021-01-12 06:01:22 +00:00

hal_bluetooth.te

Add rules for accessing the related bluetooth_audio_hal_prop

2019-03-20 03:12:25 +00:00

hal_bootctl.te

Add sepolicy for /proc/bootconfig

2021-02-23 07:42:06 -08:00

hal_broadcastradio.te

Allow radio server to client binder callback

2019-03-29 15:22:16 -07:00

hal_camera.te

System wide sepolicy changes for aidl camera hals.

2022-02-08 09:37:17 +00:00

hal_can.te

Revert "Revert "hal_can_*: use hal_attribute_service""

2021-01-11 18:25:51 +00:00

hal_cas.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

hal_codec2.te

media: add codec2_config_prop

2021-03-24 01:17:05 +00:00

hal_configstore.te

debug builds: allow perf profiling of most domains

2020-01-22 22:04:02 +00:00

hal_confirmationui.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_contexthub.te

Context Hub stable AIDL sepolicy

2021-08-10 22:06:43 +00:00

hal_dice.te

Dice HAL: Add policy for dice HAL.

2021-11-17 13:36:18 -08:00

hal_drm.te

Add sepolicy for DRM AIDL HAL

2022-01-27 01:51:05 -08:00

hal_dumpstate.te

Update sepolicy to add dumpstate device service for AIDL HAL

2021-11-25 07:52:32 +00:00

hal_evs.te

Revert^2 "Updates sepolicy for EVS HAL"

2022-02-10 17:21:54 +00:00

hal_face.te

Add sepolicy for IFace

2020-09-28 15:57:59 -07:00

hal_fingerprint.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

hal_gatekeeper.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_gnss.te

Add GNSS AIDL interfaces (system/sepolicy)

2020-09-24 12:03:30 -07:00

hal_graphics_allocator.te

Add IAllocator stable-aidl

2022-01-18 19:40:26 -05:00

hal_graphics_composer.te

Allow hal_graphics_composer to write to a pipe

2022-02-19 01:09:41 +00:00

hal_health.te

Add health AIDL HAL.

2021-10-26 19:34:34 -07:00

hal_health_storage.te

Allow health storage HAL to read default fstab

2021-04-15 12:44:24 +08:00

hal_identity.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

hal_input_classifier.te

Permissions for InputClassifier HAL

2019-01-11 02:08:19 +00:00

hal_input_processor.te

Add sepolicy for IInputProcessor HAL

2022-01-20 23:40:05 +00:00

hal_ir.te

Add policy for new AIDL IR hal

2021-12-16 20:24:27 +00:00

hal_keymaster.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_keymint.te

Allow keymint to access tee-device

2021-06-18 07:15:30 -06:00

hal_light.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

hal_lowpan.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_memtrack.te

Reland: Memtrack HAL stable aidl sepolicy

2020-12-22 16:08:53 -05:00

hal_neuralnetworks.te

Update sepolicy for adding nnapi_native namespace.

2021-10-12 11:50:26 +01:00

hal_neverallows.te

Merge "SEPolicy for Netlink Interceptor"

2021-11-02 18:02:45 +00:00

hal_nfc.te

Add hal_nfc_service

2022-01-20 03:48:57 +00:00

hal_nlinterceptor.te

Give Netlink Interceptor route_socket perms

2021-12-01 04:08:19 +00:00

hal_oemlock.te

Add sepolicy for oemlock aidl HAL

2021-01-11 05:57:17 +00:00

hal_omx.te

Allow binder services to r/w su:tcp_socket

2021-06-08 10:39:02 -07:00

hal_power.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

hal_power_stats.te

sepolicy: allow hal_power_stats_client to access IPowerStats AIDL

2021-03-08 22:19:47 +00:00

hal_rebootescrow.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

hal_secure_element.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_sensors.te

Sensors stable AIDL HAL sepolicy

2021-10-15 17:39:56 +00:00

hal_telephony.te

Combining hal_radio_*_service into hal_radio_service

2022-01-24 19:42:42 +00:00

hal_tetheroffload.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_thermal.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_tv_cec.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_tv_input.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_tv_tuner.te

Allow Tuner AIDL sample HAL.

2021-07-26 11:35:18 -07:00

hal_usb.te

Add selinux rules for android.hardware.usb.IUsb AIDL migration

2022-01-20 23:03:26 +00:00

hal_usb_gadget.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_uwb.te

Allow uwb HAL client/server to talk to service manager

2021-08-28 00:01:59 +00:00

hal_vehicle.te

Add hal_vehicle_service for AIDL VHAL service.

2021-12-07 22:23:50 -08:00

hal_vibrator.te

Make AIDL HAL client attribute an exclusive client.

2020-09-11 00:02:00 +00:00

hal_vr.te

hal_attribute_hwservice_client drop '_client'

2018-06-06 09:30:18 -07:00

hal_weaver.te

Add sepolicy for weaver aidl HAL service

2021-01-22 06:34:41 +00:00

hal_wifi.te

Fix a sepolicy violation error for hal_wifi

2020-11-25 10:24:41 +09:00

hal_wifi_hostapd.te

Add rule to allow servicemanager to call

2022-02-08 18:00:15 +00:00

hal_wifi_supplicant.te

Add supplicant service to the dumpstate

2022-01-14 17:17:31 +00:00

healthd.te

Remove healthd.

2021-10-20 18:47:41 -07:00

heapprofd.te

Add userdebug selinux config for heapprofd.

2018-11-14 09:22:07 +00:00

hwservice.te

sepolicy: Change UWB HAL from HIDL to versioned AIDL

2021-08-27 00:28:56 +00:00

hwservicemanager.te

Move system property rules to private

2020-03-18 16:46:04 +00:00

idmap.te

idmap: add binderservice permissions

2019-09-18 13:47:09 +02:00

incident_helper.te

Selinux permissions for incidentd project

2018-01-23 19:08:49 +00:00

init.te

system_dlkm: sepolicy: add system_dlkm_file_type

2022-02-11 04:19:33 +00:00

inputflinger.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

installd.te

allow installd to kill dex2oat and dexoptanalyzer

2021-08-17 09:48:47 -07:00

ioctl_defines

Correctly alphabetize a newly-added ioctl definition.

2021-07-22 09:38:53 -07:00

ioctl_macros

sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes

2021-04-20 14:07:56 +08:00

iorap_inode2filename.te

Split user_profile_data_file label.

2020-12-11 17:35:06 +00:00

iorap_prefetcherd.te

Split user_profile_data_file label.

2020-12-11 17:35:06 +00:00

iorapd.te

Remove healthd.

2021-10-20 18:47:41 -07:00

isolated_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

kernel.te

Allow the kernel to read shell_data_file

2021-07-01 00:04:41 +09:00

keystore.te

Add remotely provisioned key pool se policy

2022-02-02 15:07:26 -08:00

keystore_keys.te

Keystore 2.0: Add wifi namespace to sepolicy.

2021-02-09 08:28:45 -08:00

llkd.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

lmkd.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

logd.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

logpersist.te

logpersist is now a shell script, so give it the appropriate permissions

2019-10-30 13:54:35 -07:00

mediadrmserver.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

mediaextractor.te

Add fusefs_type for FUSE filesystems

2021-06-28 13:18:46 +02:00

mediametrics.te

Allow binder services to r/w su:tcp_socket

2021-06-08 10:39:02 -07:00

mediaprovider.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

mediaserver.te

Add fusefs_type for FUSE filesystems

2021-06-28 13:18:46 +02:00

mediaswcodec.te

Allow codec2 to allocate from system-secure heap

2021-01-12 12:45:01 -08:00

mediatranscoding.te

Move mediatranscoding type to public

2021-10-21 09:10:45 +02:00

modprobe.te

allow modprobe to read /proc/cmdline

2020-05-07 11:28:50 -07:00

mtp.te

mtp: support using pppox_socket family

2019-05-08 06:01:58 -07:00

net.te

untrusted_app_30: add new targetSdk domain

2021-07-05 11:42:31 +02:00

netd.te

Add sepolicy for mdns service

2022-01-25 00:50:21 +08:00

netutils_wrapper.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

network_stack.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

neverallow_macros

neverallow_macros: add watch* perms

2019-09-05 09:54:43 -07:00

nfc.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

otapreopt_chroot.te

Use postinstall file_contexts

2021-03-25 00:01:25 +00:00

perfetto.te

Allow to signal perfetto from shell.

2018-12-13 10:46:42 +00:00

performanced.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

platform_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

postinstall.te

Allow postinstall scripts to trigger F2FS GC

2019-02-20 22:40:53 +00:00

ppp.te

ppp: support using pppox_socket family

2019-05-06 14:11:02 -07:00

priv_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

profman.te

Enable ART properties modularization

2021-06-02 21:18:13 +00:00

property.te

Allow BPF programs from vendor.

2022-02-08 22:46:54 +00:00

racoon.te

sepolicy: rules for uid/pid cgroups v2 hierarchy

2021-02-11 23:40:38 +00:00

radio.te

Add new selinux type for radio process

2020-12-24 15:11:15 +08:00

recovery.te

recovery/fastbootd: allow to talk to health HAL.

2021-12-07 16:22:53 -08:00

recovery_persist.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

recovery_refresh.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

rs.te

sepolicy: Add "rs" and "rs_exec" to public policy

2018-12-21 17:47:54 +00:00

rss_hwm_reset.te

SELinux policy for rss_hwm_reset

2018-12-15 10:13:03 +00:00

runas.te

Relabel /data/system/packages.list to new type.

2019-03-28 10:27:43 +00:00

runas_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

scheduler_service_server.te

Treble-ize sepolicy for fwk HIDL services.

2019-04-22 17:07:06 -07:00

sdcardd.te

Add fusefs_type for FUSE filesystems

2021-06-28 13:18:46 +02:00

secure_element.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

sensor_service_server.te

Treble-ize sepolicy for fwk HIDL services.

2019-04-22 17:07:06 -07:00

service.te

Associate hal_service_type with all HAL services

2022-02-16 10:49:21 +11:00

servicemanager.te

servicemanager: allow to read VINTF files in recovery.

2021-12-07 16:22:53 -08:00

sgdisk.te

Allow sgdisk to use BLKPBSZGET ioctl

2020-05-17 12:32:44 -07:00

shared_relro.te

Make shared_relro policy private.

2021-01-05 09:48:10 +00:00

shell.te

Add sepolicy for mdns service

2022-01-25 00:50:21 +08:00

simpleperf.te

perf_event: rules for system and simpleperf domain

2020-01-15 16:56:41 +00:00

simpleperf_app_runner.te

simpleperf_app_runner: move rules to private.

2021-06-30 17:24:05 -07:00

slideshow.te

sepolicy: Add rules for non-init namespaces

2017-11-21 08:34:32 -07:00

stats_service_server.te

Stats: new sepolicy for the AIDL service

2021-02-10 23:48:35 +00:00

statsd.te

Remove healthd.

2021-10-20 18:47:41 -07:00

su.te

Suppress some su capability2 related denials

2021-04-13 08:24:14 -07:00

surfaceflinger.te

Initial selinux policy support for memfd

2019-01-30 19:11:49 +00:00

system_app.te

Remove unused *_tmpfs types

2019-01-30 21:54:40 +00:00

system_server.te

Allow the shell to disable charging.

2022-01-10 10:36:01 -08:00

system_suspend_internal_server.te

sepolicy: Create new attribute to serve ISuspendControlServiceInternal

2021-02-25 18:04:04 +08:00

system_suspend_server.te

Decouple system_suspend from hal attributes.

2019-02-26 18:10:28 -08:00

te_macros

Allow piping console output to clients

2022-02-23 17:28:49 +00:00

tee.te

Revert "Add placeholder iris and face policy for vold data directory"

2018-11-19 15:00:19 -08:00

tombstoned.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

toolbox.te

Allow setattr for chattr

2020-02-03 17:57:03 -08:00

traced.te

traced: move traced_tmpfs to public policy

2021-04-14 22:18:41 +02:00

traced_perf.te

initial policy for traced_perf daemon (perf profiler)

2020-01-22 22:04:01 +00:00

traced_probes.te

Make traced_probes mlstrustedsubject.

2018-04-17 18:12:28 +00:00

traceur_app.te

Add sepolicy for mdns service

2022-01-25 00:50:21 +08:00

tzdatacheck.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

ueventd.te

Add use_bionic_libs macro

2022-01-25 09:47:56 +09:00

uncrypt.te

uncrypt: allow reading /proc/bootconfig

2021-06-03 21:29:57 +02:00

untrusted_app.te

untrusted_app_30: add new targetSdk domain

2021-07-05 11:42:31 +02:00

update_engine.te

Add rules for calling ReadDefaultFstab()

2021-03-29 15:23:29 +08:00

update_engine_common.te

Allow update_engine to scan /sys/fs and /sys/fs/f2fs.

2021-04-08 13:50:50 -07:00

update_verifier.te

Move system property rules to private

2020-03-18 16:46:04 +00:00

usbd.te

Move system property rules to private

2020-03-18 16:46:04 +00:00

userdata_sysdev.te

sepolicy: Add label to userdata file node

2021-02-19 07:45:02 +08:00

vdc.te

Allow to getattr kmsg_device

2019-03-25 10:14:20 -07:00

vendor_init.te

system_dlkm: sepolicy: add system_dlkm_file_type

2022-02-11 04:19:33 +00:00

vendor_misc_writer.te

Add rules for calling ReadDefaultFstab()

2021-03-29 15:23:29 +08:00

vendor_modprobe.te

Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""

2021-05-04 22:07:08 -07:00

vendor_shell.te

sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties

2020-11-12 18:22:47 -08:00

vendor_toolbox.te

Update language to comply with Android's inclusive language guidance

2020-07-31 12:28:11 -06:00

virtual_touchpad.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

vndservice.te

Allow vndservicemanager to self-register.

2020-03-06 16:35:52 -08:00

vndservicemanager.te

Initial sepolicy for vndservicemanager.

2017-03-23 00:20:43 +00:00

vold.te

Remove healthd.

2021-10-20 18:47:41 -07:00

vold_prepare_subdirs.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

watchdogd.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

webview_zygote.te

Properly Treble-ize tmpfs access

2019-01-26 17:30:41 +00:00

wificond.te

SEPolicy for Netlink Interceptor

2021-10-26 10:03:14 -07:00

wpantund.te

Introduce system_file_type

2018-09-27 12:52:09 -07:00

zygote.te

Properly Treble-ize tmpfs access

2019-01-26 17:30:41 +00:00