platform_system_sepolicy/public
Enrico Granata ad4874479d Introduce ro.boot.hypervisor properties
In virtualized deployments of Android, it can be useful to have
access to a description of the hypervisor/host environment being
used to run the guest OS instance.

This is represented by means of a new system property
ro.boot.hypervisor.version, which is meant to convey a
free-form descriptor of the current host/hypervisor version

The property is meant to be provided to Android as androidboot.
by whatever host-specific means are used to supply other boot
properties to the target Android instance. Access could be later
opened to other vendor processes to set if needed for specific
setups where init is not a sufficiently-early stage for
host/guest communication. Such setups are not known at this time.

For a native Android incantation, the property defaults to
being missing

Other properties could later be added to this same namespace
and context if they turn out to be useful in specific scenarios.

Bug: 178749018
Test: build cuttlefish
Change-Id: Id721c14ef1958b525c2866a660dcae8fd176a79d
Merged-In: Id721c14ef1958b525c2866a660dcae8fd176a79d
2021-10-06 16:44:21 -06:00
..
adbd.te Add shell_test_data_file for /data/local/tests 2020-09-01 11:17:19 -07:00
aidl_lazy_test_server.te Add aidl_lazy_test_server 2020-01-07 15:11:03 -08:00
apexd.te Allow update_engine to communicate with apexd 2021-02-19 13:21:51 +00:00
app.te sepolicy: Allow to receive FDs from app_zygote 2021-06-24 13:06:43 +00:00
app_zygote.te
asan_extract.te asan_extract: add system_file_type to asan_extract_exec 2020-05-06 13:25:28 -07:00
atrace.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
attributes Allow the init and apexd processes to read all block device properties 2021-08-10 09:30:27 -07:00
audioserver.te Allow audioserver to access sensorservice 2021-09-09 18:48:08 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te Add missing permission for accessing the DMA-BUF system heap 2021-03-03 14:22:48 -08:00
bootstat.te Enable incidentd access to ro.boot.bootreason 2020-04-22 17:55:18 +00:00
bufferhubd.te
camera_service_server.te
cameraserver.te Add missing permission for accessing the DMA-BUF system heap 2021-03-03 14:22:48 -08:00
charger.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
crash_dump.te crash_dump: supress denials for files in /proc 2021-03-30 12:05:46 +02:00
credstore.te Add get_auth_token permission to allow credstore to call keystore2. 2021-03-12 20:32:06 +00:00
device.te Allow the init and apexd processes to read all block device properties 2021-08-10 09:30:27 -07:00
dhcp.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
display_service_server.te
dnsmasq.te add dontaudit dnsmasq kernel:system module_request 2020-01-18 18:22:12 -08:00
domain.te Rename vpnprofilestore to legacykeystore. 2021-06-30 09:36:30 -07:00
drmserver.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
dumpstate.te Revert "Revert "Add neverallows for debugfs access"" 2021-05-04 22:06:46 -07:00
e2fs.te
ephemeral_app.te
fastbootd.te Allow fastbootd to mount /metadata in recovery. 2021-05-05 16:37:56 -07:00
file.te Allow the init and apexd processes to read all block device properties 2021-08-10 09:30:27 -07:00
fingerprintd.te Make Keystore equivalent policy for Keystore2 2020-08-05 16:11:48 +00:00
flags_health_check.te Move system property rules to private 2020-03-18 16:46:04 +00:00
fsck.te
fsck_untrusted.te
fwk_bufferhub.te
gatekeeperd.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
global_macros
gmscore_app.te Create a separate SELinux domain for gmscore 2019-11-22 10:39:19 -08:00
gpuservice.te
hal_allocator.te
hal_atrace.te
hal_audio.te Add soundtrigger3 HAL (AIDL) to sepolicy 2021-03-23 10:34:19 -07:00
hal_audiocontrol.te hal_audiocontrol: use hal_attribute_service 2020-12-23 01:26:58 +00:00
hal_authsecret.te Add sepolicy for authsecret AIDL HAL 2021-01-12 06:01:22 +00:00
hal_bluetooth.te
hal_bootctl.te Add sepolicy for /proc/bootconfig 2021-02-23 07:42:06 -08:00
hal_broadcastradio.te
hal_camera.te Add missing permission for accessing the DMA-BUF system heap 2021-03-03 14:22:48 -08:00
hal_can.te Revert "Revert "hal_can_*: use hal_attribute_service"" 2021-01-11 18:25:51 +00:00
hal_cas.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
hal_codec2.te media: add codec2_config_prop 2021-03-24 01:17:05 +00:00
hal_configstore.te debug builds: allow perf profiling of most domains 2020-01-22 22:04:02 +00:00
hal_confirmationui.te
hal_contexthub.te
hal_drm.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
hal_dumpstate.te Replace hal_dumpstate with hal_dumpstate_server 2020-08-26 10:23:05 +00:00
hal_evs.te
hal_face.te Add sepolicy for IFace 2020-09-28 15:57:59 -07:00
hal_fingerprint.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
hal_gatekeeper.te
hal_gnss.te Add GNSS AIDL interfaces (system/sepolicy) 2020-09-24 12:03:30 -07:00
hal_graphics_allocator.te Add missing permission for accessing the DMA-BUF system heap 2021-03-03 14:22:48 -08:00
hal_graphics_composer.te Add missing permission for accessing the DMA-BUF system heap 2021-03-03 14:22:48 -08:00
hal_health.te
hal_health_storage.te Allow health storage HAL to read default fstab 2021-04-15 12:44:24 +08:00
hal_identity.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_input_classifier.te
hal_ir.te
hal_keymaster.te
hal_keymint.te Allow keymint to access tee-device 2021-05-26 06:24:12 -06:00
hal_light.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_lowpan.te
hal_memtrack.te Reland: Memtrack HAL stable aidl sepolicy 2020-12-22 16:08:53 -05:00
hal_neuralnetworks.te Allow NN HAL service to read files from apk data files 2021-04-19 16:39:49 -07:00
hal_neverallows.te Add support for hal_uwb 2021-06-23 01:25:09 +00:00
hal_nfc.te
hal_oemlock.te Add sepolicy for oemlock aidl HAL 2021-01-11 05:57:17 +00:00
hal_omx.te Allow XML file paths to be customized with sysprop 2020-03-18 22:55:36 +00:00
hal_power.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_power_stats.te sepolicy: allow hal_power_stats_client to access IPowerStats AIDL 2021-03-08 22:19:47 +00:00
hal_rebootescrow.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_secure_element.te
hal_sensors.te
hal_telephony.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
hal_tetheroffload.te
hal_thermal.te
hal_tv_cec.te
hal_tv_input.te
hal_tv_tuner.te
hal_usb.te
hal_usb_gadget.te
hal_vehicle.te
hal_vibrator.te Make AIDL HAL client attribute an exclusive client. 2020-09-11 00:02:00 +00:00
hal_vr.te
hal_weaver.te Add sepolicy for weaver aidl HAL service 2021-01-22 06:34:41 +00:00
hal_wifi.te Fix a sepolicy violation error for hal_wifi 2020-11-25 10:24:41 +09:00
hal_wifi_hostapd.te
hal_wifi_supplicant.te Merge "Allow wpa_supplicant to access KeyStore2" 2021-03-05 07:03:57 +00:00
healthd.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
heapprofd.te
hwservice.te Remove thermalcallback_hwservice. 2020-09-16 21:57:05 +00:00
hwservicemanager.te Move system property rules to private 2020-03-18 16:46:04 +00:00
idmap.te
incident.te
incident_helper.te
incidentd.te
init.te Revert "Revert "Add neverallows for debugfs access"" 2021-05-04 22:06:46 -07:00
inputflinger.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
installd.te [sepolicy] allow installd to query apps installed on Incremental File System 2021-06-14 09:18:22 -07:00
ioctl_defines sepolicy: add f2fs ioctls 2021-05-25 14:35:59 +00:00
ioctl_macros sepolicy: allow BINDER_ENABLE_ONEWAY_SPAM_DETECTION for all processes 2021-04-20 14:07:56 +08:00
iorap_inode2filename.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
iorap_prefetcherd.te Split user_profile_data_file label. 2020-12-11 17:35:06 +00:00
iorapd.te selinux: Allow system_server to access files in iorapd dir. 2020-06-09 00:19:41 +00:00
isolated_app.te
kernel.te Add kernel permission for bootconfig proc file 2021-03-09 19:37:22 +00:00
keystore.te Rename vpnprofilestore to legacykeystore. 2021-06-30 09:36:30 -07:00
keystore_keys.te Keystore 2.0: Add wifi namespace to sepolicy. 2021-02-09 08:28:45 -08:00
llkd.te
lmkd.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
logd.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
logpersist.te logpersist is now a shell script, so give it the appropriate permissions 2019-10-30 13:54:35 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
mediametrics.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
mediaprovider.te
mediaserver.te Allow mediaserver/audioserver to access permission checker service 2021-06-01 23:42:26 +00:00
mediaswcodec.te Allow codec2 to allocate from system-secure heap 2021-01-12 12:45:01 -08:00
modprobe.te allow modprobe to read /proc/cmdline 2020-05-07 11:28:50 -07:00
mtp.te
net.te untrusted_app: disallow bind RTM_ROUTE socket 2020-01-28 10:49:50 +01:00
netd.te update post bpf tethering mainline module split from netd 2021-03-16 04:10:09 -07:00
netutils_wrapper.te
network_stack.te
neverallow_macros
nfc.te
otapreopt_chroot.te Use postinstall file_contexts 2021-03-25 00:01:25 +00:00
perfetto.te
performanced.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
platform_app.te
postinstall.te
ppp.te
priv_app.te
profman.te Enable ART properties modularization 2021-06-02 21:18:13 +00:00
property.te Introduce ro.boot.hypervisor properties 2021-10-06 16:44:21 -06:00
racoon.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
radio.te Add new selinux type for radio process 2020-12-24 15:11:15 +08:00
recovery.te Revert "Revert "Add a neverallow for debugfs mounting"" 2021-05-02 21:41:53 -07:00
recovery_persist.te
recovery_refresh.te
roles
rs.te
rss_hwm_reset.te
runas.te
runas_app.te
scheduler_service_server.te
sdcardd.te sepolicy: rules for uid/pid cgroups v2 hierarchy 2021-02-11 23:40:38 +00:00
secure_element.te
sensor_service_server.te
service.te Rename vpnprofilestore to legacykeystore. 2021-06-30 09:36:30 -07:00
servicemanager.te sepolicy: label vendor_service_contexts as vendor_service_contexts_file 2020-06-15 17:09:46 +08:00
sgdisk.te Allow sgdisk to use BLKPBSZGET ioctl 2020-05-17 12:32:44 -07:00
shared_relro.te Make shared_relro policy private. 2021-01-05 09:48:10 +00:00
shell.te Restore permission for shell to list /sys/class/block 2021-08-17 13:38:41 -07:00
simpleperf.te perf_event: rules for system and simpleperf domain 2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te Allow simpleperf_app_runner to write to shell pipe fds. 2021-05-14 10:16:24 -07:00
slideshow.te
stats_service_server.te Stats: new sepolicy for the AIDL service 2021-02-10 23:48:35 +00:00
statsd.te Enable pull metrics from keystore 2021-04-13 22:45:01 +00:00
su.te Suppress some su capability2 related denials 2021-04-13 08:24:14 -07:00
surfaceflinger.te
system_app.te
system_server.te Fix broken neverallow rules 2021-03-10 10:44:22 +09:00
system_suspend_internal_server.te sepolicy: Create new attribute to serve ISuspendControlServiceInternal 2021-02-25 18:04:04 +08:00
system_suspend_server.te
te_macros Rename vpnprofilestore to legacykeystore. 2021-06-30 09:36:30 -07:00
tee.te
tombstoned.te
toolbox.te Allow setattr for chattr 2020-02-03 17:57:03 -08:00
traced.te traced: move traced_tmpfs to public policy 2021-04-14 22:18:41 +02:00
traced_perf.te initial policy for traced_perf daemon (perf profiler) 2020-01-22 22:04:01 +00:00
traced_probes.te
traceur_app.te Move system property rules to private 2020-03-18 16:46:04 +00:00
tzdatacheck.te
ueventd.te Give ueventd permissions to read /proc/bootconfig 2021-03-05 09:21:19 -08:00
uncrypt.te uncrypt: allow reading /proc/bootconfig 2021-06-03 21:29:57 +02:00
untrusted_app.te reland: untrusted_app_29: add new targetSdk domain 2020-01-22 09:47:53 +00:00
update_engine.te Add rules for calling ReadDefaultFstab() 2021-03-29 15:23:29 +08:00
update_engine_common.te Allow update_engine to scan /sys/fs and /sys/fs/f2fs. 2021-04-08 13:50:50 -07:00
update_verifier.te Move system property rules to private 2020-03-18 16:46:04 +00:00
usbd.te Move system property rules to private 2020-03-18 16:46:04 +00:00
userdata_sysdev.te sepolicy: Add label to userdata file node 2021-02-19 07:45:02 +08:00
vdc.te
vendor_init.te Add camera2 extension property policies 2021-06-21 22:34:29 +00:00
vendor_misc_writer.te Add rules for calling ReadDefaultFstab() 2021-03-29 15:23:29 +08:00
vendor_modprobe.te Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions"" 2021-05-04 22:07:08 -07:00
vendor_shell.te sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties 2020-11-12 18:22:47 -08:00
vendor_toolbox.te Update language to comply with Android's inclusive language guidance 2020-07-31 12:28:11 -06:00
virtual_touchpad.te
vndservice.te Allow vndservicemanager to self-register. 2020-03-06 16:35:52 -08:00
vndservicemanager.te
vold.te [incfs] Allow everyone read the IncFS sysfs features 2021-04-21 15:15:40 -07:00
vold_prepare_subdirs.te
vr_hwc.te
watchdogd.te
webview_zygote.te
wificond.te Allow wificond access wifi keys in KeyStore2 2021-02-12 15:58:57 +00:00
wpantund.te
zygote.te