..
compat
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
access_vectors
Add SELinux Policy For io_uring
2023-01-27 11:44:59 -05:00
adbd.te
Blocks untrusted apps to access /dev/socket/mdnsd from U
2023-01-20 15:25:46 +09:00
aidl_lazy_test_server.te
apex_test_prepostinstall.te
apexd.te
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
apexd_derive_classpath.te
Allow apexd to call derive_classpath binary
2021-10-28 16:27:09 +01:00
app.te
Allow apps and SDK sandbox to access each others' open FDs
2023-05-17 14:28:40 +00:00
app_neverallows.te
Merge changes from topic "iso_compute"
2023-02-01 17:33:59 +00:00
app_zygote.te
sepolicy: rework perfetto producer/profiler rules for "user" builds
2023-02-03 15:05:14 +00:00
art_boot.te
Allow the ART boot oneshot service to configure ART config properties.
2023-05-11 13:38:57 +01:00
artd.te
Allow artd to create dirs and files for artifacts before restorecon.
2023-01-18 01:07:49 +08:00
asan_extract.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
atrace.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
attributes
Revert^2 "Introduce sdk_sandbox_audit SELinux domain"
2023-11-17 09:54:33 +00:00
audioserver.te
Add SELinux policy for accessing the AudioService
2022-07-27 12:11:50 +00:00
auditctl.te
automotive_display_service.te
Revert^2 "Updates sepolicy for EVS HAL"
2022-02-10 17:21:54 +00:00
binderservicedomain.te
Allow service managers access to apex data.
2022-09-23 21:33:58 +00:00
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 19:38:36 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te
Allow Bluetooth stack to read security log sysprop
2022-05-25 21:05:02 +00:00
bluetoothdomain.te
bootanim.te
Label /data/bootanim with bootanim_data_file.
2021-12-23 15:00:31 -08:00
bootstat.te
Making sys.boot.reason.last restricted
2023-12-05 14:56:03 +11:00
boringssl_self_test.te
bpfdomain.te
refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)
2023-01-06 10:09:33 +00:00
bpfloader.te
Revert "Revert "SELinux policy changes for uprobe.""
2023-11-29 06:12:36 +00:00
bufferhubd.te
bug_map
Remove netd entries in bug_map
2023-03-22 10:02:37 +11:00
cameraserver.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
canhalconfigurator.te
SEPolicy for AIDL CAN HAL
2022-12-09 11:00:10 -08:00
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_vendor type
2021-12-07 16:24:23 -08:00
clatd.te
clatd.te - no longer need netlink
2023-03-16 10:53:18 +00:00
compos_fd_server.te
Delete more unused policies by CompOS
2022-01-25 08:40:46 -08:00
compos_verify.te
Allow compos_verify to write VM logs
2022-06-17 13:41:51 +01:00
composd.te
Allow system server to set dynamic ART properties.
2023-03-31 11:46:05 +01:00
coredomain.te
Revert^2 "Add permission for VFIO device binding"
2023-11-21 02:18:30 +00:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
crash_dump.te
[dice] Remove all the sepolicy relating the hal service dice
2023-02-24 08:34:26 +00:00
credstore.te
Remove RemoteProvisioner and remoteprovisioning services
2023-03-14 15:45:35 -07:00
crosvm.te
Introduce vendor_microdroid_file for microdroid vendor image
2024-02-23 11:36:29 +09:00
derive_classpath.te
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
derive_sdk.te
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
device_as_webcam.te
Add selinux permissions for DeviceAsWebcam Service
2023-02-02 12:26:33 -08:00
dex2oat.te
Additional sepolicy rules for dex2oat
2023-01-17 15:43:58 +00:00
dexoptanalyzer.te
dontaudit dexoptanalyzer's DM file check on secondary dex files.
2023-01-30 07:56:10 +00:00
dhcp.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
dmesgd.te
dmesgd: sepolicies
2022-02-10 17:42:52 +00:00
dnsmasq.te
domain.te
Introduce vendor_microdroid_file for microdroid vendor image
2024-02-23 11:36:29 +09:00
drmserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
dumpstate.te
[RESTRICT AUTOMERGE] Allow dumpstate to make binder IPC to automotive display service
2024-02-13 05:16:32 +00:00
ephemeral_app.te
sepolicy: rework perfetto producer/profiler rules for "user" builds
2023-02-03 15:05:14 +00:00
evsmanagerd.te
Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 17:21:14 +00:00
extra_free_kbytes.te
Add policies for ro.kernel.watermark_scale_factor property
2022-09-08 19:35:34 +00:00
fastbootd.te
Add SELinux Policy For io_uring
2023-01-27 11:44:59 -05:00
file.te
Revert "Revert "SELinux policy changes for uprobe.""
2023-11-29 06:12:36 +00:00
file_contexts
Introduce vendor_microdroid_file for microdroid vendor image
2024-02-23 11:36:29 +09:00
file_contexts_asan
Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan
2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te
Add sepolicy config for tethering_u_or_later_native namespace
2023-06-01 00:34:59 +09:00
fs_use
private/fs_use: Enable selinux for virtiofs
2020-03-06 17:19:04 +09:00
fsck.te
Remove microdroid specific rules and files
2021-06-07 19:22:18 +09:00
fsck_untrusted.te
fsverity_init.te
Clean up proc_fs_verity which is no longer used
2022-12-06 09:10:41 -08:00
fuseblkd.te
Adds support for fuseblk binaries.
2023-02-02 15:32:39 +01:00
fuseblkd_untrusted.te
Adds support for fuseblk binaries.
2023-02-02 15:32:39 +01:00
fwk_bufferhub.te
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
gatekeeperd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
genfs_contexts
Revert "Revert "SELinux policy changes for uprobe.""
2023-11-29 06:12:36 +00:00
gki_apex_prepostinstall.te
Allow GKI APEX to use apexd:fd
2020-08-28 17:29:58 -07:00
gmscore_app.te
Add 2 new system properties for Quick Start
2023-05-03 04:04:15 +00:00
gpuservice.te
Allow graphics_config_writable_prop to be modified.
2023-05-04 16:04:44 +00:00
gsid.te
Add proc_cmdline read permission to read_fstab
2022-03-20 16:35:19 +08:00
hal_allocator_default.te
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
[dice] Remove all the sepolicy relating the hal service dice
2023-02-24 08:34:26 +00:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice_contexts
Revert "Add sepolicies for CPU HAL."
2022-11-09 16:47:07 +00:00
hwservicemanager.te
Allow service managers access to apex data.
2022-09-23 21:33:58 +00:00
idmap.te
incident.te
incident_helper.te
incidentd.te
Add build properties for attestation feature
2023-02-02 18:52:35 +08:00
init.te
Introduce vm_manager_device_type for crosvm
2023-03-29 10:19:06 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
Allow installd to kill profman.
2023-01-30 11:09:08 +00:00
isolated_app.te
sepolicy: rework perfetto producer/profiler rules for "user" builds
2023-02-03 15:05:14 +00:00
isolated_app_all.te
Allow isolated to read staged apks
2023-12-17 23:46:04 +00:00
isolated_compute_app.te
Fix attribute plurals for isolated_compute_allowed
2023-04-20 16:39:39 +00:00
iw.te
kernel.te
Supress permissive audit messages post OTA reboot
2022-10-10 21:58:41 +00:00
keys.conf
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
keystore.te
Merge "Allow service managers access to apex data."
2022-10-14 18:04:46 +00:00
keystore2_key_contexts
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
keystore_keys.te
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
linkerconfig.te
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
llkd.te
[dice] Remove all the sepolicy relating the hal service dice
2023-02-24 08:34:26 +00:00
lmkd.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
logd.te
Add sepolicy for logd and logcat services
2022-01-13 11:38:43 -08:00
logpersist.te
Add logd.ready
2021-11-30 15:10:53 +09:00
lpdumpd.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
mac_permissions.xml
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediametrics.te
Allow communication between mediametrics & statsd
2021-03-12 04:06:23 -08:00
mediaprovider.te
Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te
2021-07-13 09:33:15 +08:00
mediaprovider_app.te
Allow apps and SDK sandbox to access each others' open FDs
2023-05-17 14:28:40 +00:00
mediaserver.te
Allow mediaprovider and mediaserver to read sdk_sandbox_data_file
2023-05-09 13:10:01 +00:00
mediaswcodec.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediatranscoding.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediatuner.te
Add properties to configure whether the lazy tuner is enabled.
2022-08-23 07:01:05 +00:00
migrate_legacy_obb_data.te
mls
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
mls_decl
mls_macros
mlstrustedsubject.te
Update SELinux policy to allow artd to perform secondary dex compilation
2022-10-24 16:07:01 +01:00
mm_events.te
Sepolicy for mm_events
2021-04-06 22:46:32 -04:00
modprobe.te
mtectrl.te
[MTE] ignore mtectrl selinux error for device tree.
2022-09-29 22:53:58 +00:00
mtp.te
net.te
Create sdk_sandbox_all.
2023-05-10 17:54:07 +00:00
netd.te
netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps
2023-03-28 03:11:42 +00:00
netutils_wrapper.te
netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps
2023-03-28 03:11:42 +00:00
network_stack.te
Add sepolicy config for tethering_u_or_later_native namespace
2023-06-01 00:34:59 +09:00
nfc.te
Add sepolicy to allow read/write nfc snoop log data
2020-09-24 17:36:07 +08:00
odrefresh.te
Remove odrefresh privileges no longer needed for CompOS
2022-01-18 12:56:27 -08:00
odsign.te
Selinux setup for /data/misc/odsign/metrics/
2022-04-07 14:18:37 +00:00
otapreopt_chroot.te
Revert "Allow otapreopt_chroot to call otadexopt binder service"
2021-07-06 17:06:22 +00:00
otapreopt_slot.te
perfetto.te
Allow perfetto to write into perfetto_traces_bugreport_data_file
2023-03-28 11:34:58 +00:00
performanced.te
permissioncontroller_app.te
Add missing permissions for Cuttlefish to support GSI testing
2021-05-03 16:49:07 -07:00
platform_app.te
Making sys.boot.reason.last restricted
2023-12-05 14:56:03 +11:00
policy_capabilities
port_contexts
postinstall.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
postinstall_dexopt.te
postinstall_dexopt: allow reading odsign.verification.status
2021-07-19 19:47:33 +00:00
ppp.te
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
preopt2cachename.te
priv_app.te
sepolicy: rework perfetto producer/profiler rules for "user" builds
2023-02-03 15:05:14 +00:00
prng_seeder.te
Add SEPolicy for PRNG seeder daemon.
2022-11-15 01:50:22 +00:00
profcollectd.te
profcollectd: allow to request wakelock from system_suspend.
2022-02-17 10:20:08 -08:00
profman.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
property.te
Merge "Add sepolicy config for tethering_u_or_later_native namespace" into udc-dev
2023-06-02 10:22:00 +00:00
property_contexts
Allow persist.arm64.memtag.* sysprops to be changed on user devices.
2024-01-03 10:43:58 +00:00
racoon.te
radio.te
make ril.cdma.inecmmode system property internal
2021-10-01 21:36:49 +00:00
recovery.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
recovery_persist.te
recovery_refresh.te
remount.te
Add remount.te to allow adb remount-related operations
2021-11-02 22:10:05 +08:00
rkpd.te
Add SELinux policies for remote_key_provisioning_native namespace.
2022-09-29 21:32:58 +00:00
rkpd_app.te
Add set property permissions to RKPD application.
2023-03-16 18:05:10 +00:00
roles_decl
rs.te
Allow priv_app to run the renderscript compiler. am: 737b098a71
2021-06-15 19:15:27 +00:00
rss_hwm_reset.te
runas.te
runas_app.te
runas_app: allow sigkill of untrusted_app
2023-01-20 09:02:19 +01:00
sdcardd.te
sdk_sandbox_34.te
Revert^2 "Introduce sdk_sandbox_audit SELinux domain"
2023-11-17 09:54:33 +00:00
sdk_sandbox_all.te
Allow apps and SDK sandbox to access each others' open FDs
2023-05-17 14:28:40 +00:00
sdk_sandbox_audit.te
Revert^2 "Introduce sdk_sandbox_audit SELinux domain"
2023-11-17 09:54:33 +00:00
sdk_sandbox_current.te
Revert^2 "Introduce sdk_sandbox_audit SELinux domain"
2023-11-17 09:54:33 +00:00
sdk_sandbox_next.te
Add canary restrictions for sdk_sandbox
2023-05-12 20:06:31 +00:00
seapp_contexts
Revert^2 "Introduce sdk_sandbox_audit SELinux domain"
2023-11-17 09:54:33 +00:00
secure_element.te
Added sepolicy rule for vendor uuid mapping config
2021-11-20 01:08:11 +00:00
security_classes
Add SELinux Policy For io_uring
2023-01-27 11:44:59 -05:00
service.te
Revert^2 "Add permission for VFIO device binding"
2023-11-21 02:18:30 +00:00
service_contexts
Remove hal_face_service virtual entry
2024-01-30 10:08:04 +09:00
servicemanager.te
Allow service managers access to apex data.
2022-09-23 21:33:58 +00:00
sgdisk.te
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
Introduce vendor_microdroid_file for microdroid vendor image
2024-02-23 11:36:29 +09:00
simpleperf.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_boot.te
Add sepolicy for simpleperf_boot.
2022-01-15 16:12:51 -08:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
snapuserd.te
Add SELinux Policy For io_uring
2023-01-27 11:44:59 -05:00
stats.te
Allow traced_probes to subscribe to statsd atoms
2023-03-22 19:53:34 +00:00
statsd.te
Allow statsd to write to priv app FDs
2021-10-28 13:07:19 -07:00
storaged.te
Revert "Revert "Add neverallows for debugfs access""
2021-05-04 22:06:46 -07:00
su.te
Start using virtmgr for running VMs
2023-01-05 17:39:39 +00:00
surfaceflinger.te
Grant surfaceflinger and graphics allocator access to the secure heap
2023-01-19 09:02:56 +00:00
system_app.te
tm-qpr backport: allow perfetto profiling of system_server and sys/platform apps
2023-03-13 17:13:54 +00:00
system_server.te
Merge "Add sepolicy config for tethering_u_or_later_native namespace" into udc-dev
2023-06-02 10:22:00 +00:00
system_server_startup.te
Allow system_server_startup to load system server odex files
2021-06-28 17:00:55 +00:00
system_suspend.te
suspend: Allow access to /sys/power/wake_[un]lock
2023-01-25 16:39:05 -08:00
technical_debt.cil
Create sdk_sandbox_all.
2023-05-10 17:54:07 +00:00
tombstoned.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
toolbox.te
Dontaudit chmod of virtualizationsevice_data_file
2022-06-15 17:25:20 +01:00
traced.te
Allow perfetto to write into perfetto_traces_bugreport_data_file
2023-03-28 11:34:58 +00:00
traced_perf.te
[dice] Remove all the sepolicy relating the hal service dice
2023-02-24 08:34:26 +00:00
traced_probes.te
Merge "traced_probes: allow traced_probes to access diskstats info"
2023-04-04 01:25:18 +00:00
traceur_app.te
Cleanup mechanism for enabling perfetto daemon.
2020-06-01 11:56:03 -07:00
ueventd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
uncrypt.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
untrusted_app.te
Blocks untrusted apps to access /dev/socket/mdnsd from U
2023-01-20 15:25:46 +09:00
untrusted_app_25.te
Disallow watch and watch_reads on apk_data_file for apps
2023-04-25 15:20:45 +02:00
untrusted_app_27.te
Disallow watch and watch_reads on apk_data_file for apps
2023-04-25 15:20:45 +02:00
untrusted_app_29.te
Disallow watch and watch_reads on apk_data_file for apps
2023-04-25 15:20:45 +02:00
untrusted_app_30.te
Disallow watch and watch_reads on apk_data_file for apps
2023-04-25 15:20:45 +02:00
untrusted_app_32.te
Disallow watch and watch_reads on apk_data_file for apps
2023-04-25 15:20:45 +02:00
untrusted_app_all.te
Grant lockdown integrity to all processes
2024-02-28 18:10:29 -08:00
update_engine.te
Add sepolicy for IBootControl AIDL
2022-06-07 16:26:19 -07:00
update_engine_common.te
Use postinstall file_contexts
2021-03-25 00:01:25 +00:00
update_verifier.te
Allow update_verifier to connect to snapuserd daemon
2023-01-09 13:19:20 -08:00
uprobestats.te
Revert "Revert "SELinux policy changes for uprobe.""
2023-11-29 06:12:36 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
users
vdc.te
Add vehicle_binding_util SELinux context
2021-07-15 19:44:27 +00:00
vehicle_binding_util.te
Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f""
2022-05-11 18:14:06 +00:00
vendor_init.te
Introduce vm_manager_device_type for crosvm
2023-03-29 10:19:06 -07:00
vfio_handler.te
Revert^2 "Add permission for VFIO device binding"
2023-11-21 02:18:30 +00:00
viewcompiler.te
virtual_touchpad.te
virtualizationmanager.te
Introduce vendor_microdroid_file for microdroid vendor image
2024-02-23 11:36:29 +09:00
virtualizationservice.te
Revert^2 "Add permission for VFIO device binding"
2023-11-21 02:18:30 +00:00
vold.te
Adds support for fuseblk binaries.
2023-02-02 15:32:39 +01:00
vold_prepare_subdirs.te
Create a separate label for sandbox root directory
2022-05-19 16:01:15 +01:00
vzwomatrigger_app.te
wait_for_keymaster.te
Remove wait_for_keymaster and references
2021-06-17 11:12:16 -07:00
watchdogd.te
webview_zygote.te
Allow zygotes and installd to read odsign properties
2021-07-02 11:57:24 +01:00
wificond.te
Rename vpnprofilestore to legacykeystore.
2021-06-30 12:40:39 -07:00
zygote.te
Introduce vendor_apex_metadata_file
2023-12-05 15:42:14 +11:00
c1b65e5d53