..
adbd.te
Add shell_test_data_file for /data/local/tests
2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apexd.te
Allow update_engine to communicate with apexd
2021-02-19 13:21:51 +00:00
app.te
sepolicy: Allow to receive FDs from app_zygote
2021-06-24 13:06:43 +00:00
app_zygote.te
asan_extract.te
asan_extract: add system_file_type to asan_extract_exec
2020-05-06 13:25:28 -07:00
atrace.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
attributes
Allow the init and apexd processes to read all block device properties
2021-08-10 09:30:27 -07:00
audioserver.te
Allow audioserver to access sensorservice
2021-09-09 18:48:08 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-22 17:55:18 +00:00
bufferhubd.te
camera_service_server.te
cameraserver.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
charger.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
crash_dump.te
crash_dump: supress denials for files in /proc
2021-03-30 12:05:46 +02:00
credstore.te
Add get_auth_token permission to allow credstore to call keystore2.
2021-03-12 20:32:06 +00:00
device.te
Allow the init and apexd processes to read all block device properties
2021-08-10 09:30:27 -07:00
dhcp.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
display_service_server.te
dnsmasq.te
add dontaudit dnsmasq kernel:system module_request
2020-01-18 18:22:12 -08:00
domain.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 09:36:30 -07:00
drmserver.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
dumpstate.te
Revert "Revert "Add neverallows for debugfs access""
2021-05-04 22:06:46 -07:00
e2fs.te
ephemeral_app.te
fastbootd.te
Allow fastbootd to mount /metadata in recovery.
2021-05-05 16:37:56 -07:00
file.te
Allow the init and apexd processes to read all block device properties
2021-08-10 09:30:27 -07:00
fingerprintd.te
Make Keystore equivalent policy for Keystore2
2020-08-05 16:11:48 +00:00
flags_health_check.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
fsck.te
fsck_untrusted.te
fwk_bufferhub.te
gatekeeperd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
global_macros
gmscore_app.te
Create a separate SELinux domain for gmscore
2019-11-22 10:39:19 -08:00
gpuservice.te
hal_allocator.te
hal_atrace.te
hal_audio.te
Add soundtrigger3 HAL (AIDL) to sepolicy
2021-03-23 10:34:19 -07:00
hal_audiocontrol.te
hal_audiocontrol: use hal_attribute_service
2020-12-23 01:26:58 +00:00
hal_authsecret.te
Add sepolicy for authsecret AIDL HAL
2021-01-12 06:01:22 +00:00
hal_bluetooth.te
hal_bootctl.te
Add sepolicy for /proc/bootconfig
2021-02-23 07:42:06 -08:00
hal_broadcastradio.te
hal_camera.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
hal_can.te
Revert "Revert "hal_can_*: use hal_attribute_service""
2021-01-11 18:25:51 +00:00
hal_cas.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
hal_codec2.te
media: add codec2_config_prop
2021-03-24 01:17:05 +00:00
hal_configstore.te
debug builds: allow perf profiling of most domains
2020-01-22 22:04:02 +00:00
hal_confirmationui.te
hal_contexthub.te
hal_drm.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
hal_dumpstate.te
Replace hal_dumpstate with hal_dumpstate_server
2020-08-26 10:23:05 +00:00
hal_evs.te
hal_face.te
Add sepolicy for IFace
2020-09-28 15:57:59 -07:00
hal_fingerprint.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
hal_gatekeeper.te
hal_gnss.te
Add GNSS AIDL interfaces (system/sepolicy)
2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
hal_graphics_composer.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
hal_health.te
hal_health_storage.te
Allow health storage HAL to read default fstab
2021-04-15 12:44:24 +08:00
hal_identity.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_input_classifier.te
hal_ir.te
hal_keymaster.te
hal_keymint.te
Allow keymint to access tee-device
2021-05-26 06:24:12 -06:00
hal_light.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_lowpan.te
hal_memtrack.te
Reland: Memtrack HAL stable aidl sepolicy
2020-12-22 16:08:53 -05:00
hal_neuralnetworks.te
Allow NN HAL service to read files from apk data files
2021-04-19 16:39:49 -07:00
hal_neverallows.te
Add support for hal_uwb
2021-06-23 01:25:09 +00:00
hal_nfc.te
hal_oemlock.te
Add sepolicy for oemlock aidl HAL
2021-01-11 05:57:17 +00:00
hal_omx.te
Allow XML file paths to be customized with sysprop
2020-03-18 22:55:36 +00:00
hal_power.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_power_stats.te
sepolicy: allow hal_power_stats_client to access IPowerStats AIDL
2021-03-08 22:19:47 +00:00
hal_rebootescrow.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_secure_element.te
hal_sensors.te
hal_telephony.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_tv_tuner.te
hal_usb.te
hal_usb_gadget.te
hal_vehicle.te
hal_vibrator.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
hal_vr.te
hal_weaver.te
Add sepolicy for weaver aidl HAL service
2021-01-22 06:34:41 +00:00
hal_wifi.te
Fix a sepolicy violation error for hal_wifi
2020-11-25 10:24:41 +09:00
hal_wifi_hostapd.te
hal_wifi_supplicant.te
Merge "Allow wpa_supplicant to access KeyStore2"
2021-03-05 07:03:57 +00:00
healthd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
heapprofd.te
hwservice.te
Remove thermalcallback_hwservice.
2020-09-16 21:57:05 +00:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
incident.te
incident_helper.te
incidentd.te
init.te
Revert "Revert "Add neverallows for debugfs access""
2021-05-04 22:06:46 -07:00
inputflinger.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
installd.te
[sepolicy] allow installd to query apps installed on Incremental File System
2021-06-14 09:18:22 -07:00
ioctl_defines
sepolicy: add f2fs ioctls
2021-05-25 14:35:59 +00:00
ioctl_macros
sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes
2021-04-20 14:07:56 +08:00
iorap_inode2filename.te
Split user_profile_data_file label.
2020-12-11 17:35:06 +00:00
iorap_prefetcherd.te
Split user_profile_data_file label.
2020-12-11 17:35:06 +00:00
iorapd.te
selinux: Allow system_server to access files in iorapd dir.
2020-06-09 00:19:41 +00:00
isolated_app.te
kernel.te
Add kernel permission for bootconfig proc file
2021-03-09 19:37:22 +00:00
keystore.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 09:36:30 -07:00
keystore_keys.te
Keystore 2.0: Add wifi namespace to sepolicy.
2021-02-09 08:28:45 -08:00
llkd.te
lmkd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
logpersist.te
logpersist is now a shell script, so give it the appropriate permissions
2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
mediametrics.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
mediaprovider.te
mediaserver.te
Allow mediaserver/audioserver to access permission checker service
2021-06-01 23:42:26 +00:00
mediaswcodec.te
Allow codec2 to allocate from system-secure heap
2021-01-12 12:45:01 -08:00
modprobe.te
allow modprobe to read /proc/cmdline
2020-05-07 11:28:50 -07:00
mtp.te
net.te
untrusted_app: disallow bind RTM_ROUTE socket
2020-01-28 10:49:50 +01:00
netd.te
update post bpf tethering mainline module split from netd
2021-03-16 04:10:09 -07:00
netutils_wrapper.te
network_stack.te
neverallow_macros
nfc.te
otapreopt_chroot.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
perfetto.te
performanced.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
platform_app.te
postinstall.te
ppp.te
priv_app.te
profman.te
Enable ART properties modularization
2021-06-02 21:18:13 +00:00
property.te
Introduce ro.boot.hypervisor properties
2021-10-06 16:44:21 -06:00
racoon.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
radio.te
Add new selinux type for radio process
2020-12-24 15:11:15 +08:00
recovery.te
Revert "Revert "Add a neverallow for debugfs mounting""
2021-05-02 21:41:53 -07:00
recovery_persist.te
recovery_refresh.te
roles
rs.te
rss_hwm_reset.te
runas.te
runas_app.te
scheduler_service_server.te
sdcardd.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
secure_element.te
sensor_service_server.te
service.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 09:36:30 -07:00
servicemanager.te
sepolicy: label vendor_service_contexts as vendor_service_contexts_file
2020-06-15 17:09:46 +08:00
sgdisk.te
Allow sgdisk to use BLKPBSZGET ioctl
2020-05-17 12:32:44 -07:00
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
Restore permission for shell to list /sys/class/block
2021-08-17 13:38:41 -07:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Allow simpleperf_app_runner to write to shell pipe fds.
2021-05-14 10:16:24 -07:00
slideshow.te
stats_service_server.te
Stats: new sepolicy for the AIDL service
2021-02-10 23:48:35 +00:00
statsd.te
Enable pull metrics from keystore
2021-04-13 22:45:01 +00:00
su.te
Suppress some su capability2 related denials
2021-04-13 08:24:14 -07:00
surfaceflinger.te
system_app.te
system_server.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
system_suspend_internal_server.te
sepolicy: Create new attribute to serve ISuspendControlServiceInternal
2021-02-25 18:04:04 +08:00
system_suspend_server.te
te_macros
Rename vpnprofilestore to legacykeystore.
2021-06-30 09:36:30 -07:00
tee.te
tombstoned.te
toolbox.te
Allow setattr for chattr
2020-02-03 17:57:03 -08:00
traced.te
traced: move traced_tmpfs to public policy
2021-04-14 22:18:41 +02:00
traced_perf.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
traced_probes.te
traceur_app.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
tzdatacheck.te
ueventd.te
Give ueventd permissions to read /proc/bootconfig
2021-03-05 09:21:19 -08:00
uncrypt.te
uncrypt: allow reading /proc/bootconfig
2021-06-03 21:29:57 +02:00
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
update_engine.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
update_engine_common.te
Allow update_engine to scan /sys/fs and /sys/fs/f2fs.
2021-04-08 13:50:50 -07:00
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
userdata_sysdev.te
sepolicy: Add label to userdata file node
2021-02-19 07:45:02 +08:00
vdc.te
vendor_init.te
Add camera2 extension property policies
2021-06-21 22:34:29 +00:00
vendor_misc_writer.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
vendor_modprobe.te
Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
2021-05-04 22:07:08 -07:00
vendor_shell.te
sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties
2020-11-12 18:22:47 -08:00
vendor_toolbox.te
Update language to comply with Android's inclusive language guidance
2020-07-31 12:28:11 -06:00
virtual_touchpad.te
vndservice.te
Allow vndservicemanager to self-register.
2020-03-06 16:35:52 -08:00
vndservicemanager.te
vold.te
[incfs] Allow everyone read the IncFS sysfs features
2021-04-21 15:15:40 -07:00
vold_prepare_subdirs.te
vr_hwc.te
watchdogd.te
webview_zygote.te
wificond.te
Allow wificond access wifi keys in KeyStore2
2021-02-12 15:58:57 +00:00
wpantund.te
zygote.te