..
compat
Update sepolicy for GPU profiling properties.
2020-06-04 22:24:22 -07:00
access_vectors
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
adbd.te
Add adbd_prop, system_adbd_prop property types.
2020-02-20 07:52:34 -08:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-22 09:33:07 -08:00
app.te
Update sepolicy for GPU profiling properties.
2020-06-04 22:24:22 -07:00
app_neverallows.te
incident_service: only disallow untrusted access
2020-05-13 18:53:30 +00:00
app_zygote.te
debug builds: allow perf profiling of most domains
2020-01-22 22:04:02 +00:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
atrace.te
More neverallows for default_android_service.
2020-01-21 11:13:22 -08:00
attributes
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
audioserver.te
Allow audio_server to access soundtrigger_middleware service
2019-12-12 10:56:35 -08:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Update automotive display service rules
2020-02-29 11:01:26 -08:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 19:38:36 +00:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te
Support for more binder caches
2020-01-22 08:21:08 -08:00
bluetoothdomain.te
bootanim.te
Reduce graphics logspam
2020-04-02 14:43:17 +02:00
bootstat.te
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
cut down bpf related privileges
2020-02-22 11:28:36 +00:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Gboard: Whitelist test failure
2020-05-06 08:08:50 +00:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
mediaserver, mediaextractor, drmserver: allow vendor_overlay_file
2020-05-06 14:07:57 +09:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
credstore.te
Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
2020-02-19 13:46:45 -05:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Allow otapreopt_chroot to use a flattened Runtime APEX package.
2019-03-19 14:44:22 +00:00
dexoptanalyzer.te
Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.
2019-09-13 13:45:40 +01:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
domain.te
Allow priv_app to search apex_data_file and read staging_data_file
2020-04-22 00:05:07 +01:00
drmserver.te
dumpstate.te
dumpstate: reads ota_metadata_file
2019-10-29 14:29:54 -07:00
ephemeral_app.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file.te
Move linker config under /linkerconfig
2019-12-05 12:42:29 +09:00
file_contexts
Create sepolicy for allowing system_server rw in /metadata/staged-install
2020-06-01 12:35:27 +01:00
file_contexts_asan
fix data/asan/product/lib(64) can't access by platform_app issue
2019-07-19 03:23:47 +00:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
flags_health_check.te
sepolicy for server configurable flags
2018-11-01 03:28:56 +00:00
fs_use
Use setxattr for incremental-fs
2020-02-11 14:33:08 -08:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fsverity_init.te
Remove unused sepolicy by fsverity_init
2020-05-29 10:04:47 -07:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
genfs_contexts
Add sepolicy for FUSE control filesystem.
2020-05-29 15:11:24 +02:00
gmscore_app.te
gmscore_app: suppress denials on /mnt
2020-03-11 16:20:07 +08:00
gpuservice.te
GpuService binder call StatsManagerService
2020-02-06 11:54:33 -08:00
gsid.te
Allow gsid to callback system server for oneway method
2020-03-04 18:23:08 +08:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
healthd provides health@2.0 service.
2017-10-17 13:48:42 -07:00
heapprofd.te
Allow Java domains to be Perfetto producers.
2019-10-10 10:40:26 +01:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice_contexts
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
incident_service: only disallow untrusted access
2020-05-13 18:53:30 +00:00
init.te
Add userspace_reboot_log_prop
2020-02-07 01:57:55 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
sepolicy: allow rules for apk verify system property
2019-12-03 10:09:35 -08:00
iorap_inode2filename.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
sepolicy: Move wifi keystore HAL service to wificond
2019-10-28 14:06:17 -07:00
linkerconfig.te
Update linkerconfig to generate APEX binary config
2020-01-20 13:40:08 +09:00
llkd.te
llkd: requires sys_admin permissions
2020-01-15 08:08:59 -08:00
lmkd.te
Add lmkd. property policies
2020-05-08 15:35:16 +00:00
logd.te
Revert "sepolicy: Permission changes for new wifi mainline module"
2019-11-22 09:49:32 -08:00
logpersist.te
Allow incidentd to parse persisted log
2020-01-18 16:18:18 -08:00
lpdumpd.te
binder_use: Allow servicemanager callbacks
2019-12-19 23:07:14 +00:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mediametrics.te
mediaprovider.te
Merge "Revert "Allow MediaProvider to host FUSE devices.""
2020-01-10 21:17:15 +00:00
mediaprovider_app.te
Add sdcardfs variable to storage_config_props
2020-05-20 04:50:13 +00:00
mediaserver.te
allow mediaserver to use appdomain_tmpfs
2019-12-05 12:14:13 -08:00
mediaswcodec.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
mediatranscoding.te
MediaTranscodingService: Add sepolicy for MediaTranscodingService.
2019-12-02 13:57:28 -08:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
netd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Allow tethering find netork stack service
2019-12-12 12:54:57 +08:00
nfc.te
Remove mediacodec_service.
2019-08-21 01:19:20 +00:00
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Allow incidentd to attach perfetto traces on user.
2020-04-02 15:44:00 +00:00
performanced.te
permissioncontroller_app.te
Allow permission controller to use radio service
2020-05-11 22:54:38 +00:00
platform_app.te
Make platform_compat discoverable everywhere
2020-02-06 12:11:37 +00:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
Allow priv_app to search apex_data_file and read staging_data_file
2020-04-22 00:05:07 +01:00
profman.te
property_contexts
Support TCP based fastbootd in recovery mode.
2020-05-19 19:12:25 +00:00
racoon.te
radio.te
Use prefixes for binder cache SELinux properties.
2020-04-23 18:02:31 +00:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Fix typo: s/com.google.android.gfs/com.google.android.gsf
2020-04-22 10:35:56 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
service.te
system_server: create StatsManagerService
2019-12-16 11:50:16 -08:00
service_contexts
Allow ActivityManagerService to start cacheDump service.
2020-05-13 11:20:10 -07:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Update sepolicy for GPU profiling properties.
2020-06-04 22:24:22 -07:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
stats.te
GpuStats: sepolicy change for using new statsd puller api
2020-02-04 15:55:59 -08:00
statsd.te
Allow system server to add StatsHal
2020-02-05 17:24:48 -08:00
storaged.te
Allow GMS core to call dumpsys storaged
2019-12-11 12:49:04 -08:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Reduce graphics logspam
2020-04-02 14:43:17 +02:00
system_app.te
Allow developer settings to query gsid status
2020-04-20 15:35:05 +08:00
system_server.te
Create sepolicy for allowing system_server rw in /metadata/staged-install
2020-06-01 12:35:27 +01:00
system_server_startup.te
Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"
2020-03-16 16:44:55 +00:00
system_suspend.te
system_suspend: sysfs path resolution
2019-11-12 13:47:26 -08:00
technical_debt.cil
Allow apps to access hal_drm
2019-09-30 04:51:24 +00:00
tombstoned.te
toolbox.te
traced.te
Allow traced to create files within /data/misc/perfetto-traces
2020-04-20 16:16:58 +01:00
traced_perf.te
traced_perf sepolicy tweaks
2020-02-28 15:04:43 +00:00
traced_probes.te
perfetto: allow producers to supply shared memory
2020-02-04 13:47:42 +00:00
traceur_app.te
Allow the Traceur app to start Perfetto.
2018-12-10 18:51:29 -08:00
tzdatacheck.te
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_25.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_27.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_29.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_all.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
update_engine.te
update_engine: rules to apply virtual A/B OTA
2019-10-02 12:46:47 -07:00
update_engine_common.te
update_verifier.te
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
vdc.te
vendor_init.te
Root of /data belongs to init (re-landing)
2019-09-09 14:42:01 -07:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtual_touchpad.te
vold.te
Abolish calls to shell in vold
2018-11-30 16:02:04 -08:00
vold_prepare_subdirs.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-22 09:33:07 -08:00
vr_hwc.te
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Add getattr access on tmpfs_zygote files for webview_zygote.
2020-01-30 21:29:19 +00:00
wificond.te
sepolicy: Remove offload HAL sepolicy rules
2019-05-01 12:48:45 -07:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Merge "Ignore errors that zygote tries to setattr media_rw_data_file dir" into rvc-dev
2020-03-24 17:53:07 +00:00
374424fc60