tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private
History
Jooyung Han c6d75293b9 Add input_device.config_file.apex property 
This new property is to set an apex name when input configuration files
are bundled in an apex.

libinput checks the new sysprop when loading input configuration.

This removes hard-coded apex name (com.android.input.config).

Bug: 315080500
Test: adb shell dumpsys input
  # set "touch.orientationAware = 0" in Touchscreen_0.idc
  # build/install the input config apex
  # Observe the Input configuration
  # "Touch Input Mapper" shows "OrientationAware: false"
Change-Id: Ie0bf30bff2ed7f983caa5b893994a5bd2759e192
2024-02-23 14:31:58 +09:00
..
compat Add input_device.config_file.apex property 2024-02-23 14:31:58 +09:00
access_vectors Add new keystore2 permission get_last_auth_time. 2023-10-31 20:28:43 +00:00
adbd.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
aidl_lazy_test_server.te
apex_test_prepostinstall.te
apexd.te Remove remaining APEX sepolicy types 2023-09-25 11:19:44 +09:00
apexd_derive_classpath.te Allow apexd to call derive_classpath binary 2021-10-28 16:27:09 +01:00
app.te Allow appdomain to read dir and files under vendor_microdroid_file 2024-02-13 05:44:15 +00:00
app_neverallows.te stats_service: only disallow untrusted access 2024-02-14 15:07:21 -08:00
app_zygote.te Reland "[res] Allow accessing idmap files in all zygotes" 2024-02-20 20:49:37 +00:00
art_boot.te Give art_boot explicit access to experiment flags. 2023-05-16 16:20:50 +01:00
artd.te Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot. 2024-02-08 10:13:27 +08:00
asan_extract.te
atrace.te atrace: don't audit debugfs access 2023-06-07 20:29:47 +00:00
attributes Revert^2 "Introduce sdk_sandbox_audit SELinux domain" 2023-11-17 09:54:33 +00:00
audioserver.te Add ro.audio.ihaladaptervendorextension_enabled property 2024-02-14 18:53:37 +00:00
auditctl.te
automotive_display_service.te Revert^2 "Updates sepolicy for EVS HAL" 2022-02-10 17:21:54 +00:00
binderservicedomain.te Stop granting permission to get_state of keystore2 2023-10-16 22:22:57 +00:00
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te Allow Bluetooth stack to read security log sysprop 2022-05-25 21:05:02 +00:00
bluetoothdomain.te
bootanim.te Allow bootanimation to access vendor apex 2023-11-06 18:26:27 +09:00
bootstat.te Making sys.boot.reason.last restricted 2023-09-11 18:29:24 +01:00
boringssl_self_test.te
bpfdomain.te refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 2023-01-06 10:09:33 +00:00
bpfloader.te sepolicy: allow netutils_wrapper access to fs_bpf_vendor 2024-01-20 23:56:37 +00:00
bufferhubd.te
bug_map Merge "Revert "bug_map selinux test failure"" into main 2023-12-19 14:47:37 +00:00
cameraserver.te Policy for virtual_camera native service 2023-10-13 16:42:11 +02:00
canhalconfigurator.te SEPolicy for AIDL CAN HAL 2022-12-09 11:00:10 -08:00
charger.te Add charger_type. 2021-11-05 18:44:04 -07:00
charger_type.te Add charger_vendor type 2021-12-07 16:24:23 -08:00
clatd.te clatd.te - no longer need netlink 2023-03-16 10:53:18 +00:00
compos_fd_server.te Delete more unused policies by CompOS 2022-01-25 08:40:46 -08:00
compos_verify.te Allow compos_verify to write VM logs 2022-06-17 13:41:51 +01:00
composd.te Allow system server to set dynamic ART properties. 2023-03-31 11:46:05 +01:00
coredomain.te Merge "Flag-guard vfio_handler policies" into main 2023-11-22 07:45:53 +00:00
cppreopts.te
crash_dump.te crash_dump: read bootstrap libs 2023-12-06 01:43:46 +00:00
credstore.te Remove RemoteProvisioner and remoteprovisioning services 2023-03-14 15:45:35 -07:00
crosvm.te Allow CAP_SYS_NICE for crosvm 2024-02-05 11:14:53 -08:00
derive_classpath.te Introduce vendor_apex_metadata_file 2023-06-05 17:17:51 +09:00
derive_sdk.te Introduce vendor_apex_metadata_file 2023-06-05 17:17:51 +09:00
device_as_webcam.te Add selinux permissions for DeviceAsWebcam Service 2023-02-02 12:26:33 -08:00
dex2oat.te Allow dex2oat access to symlinks in APEXes to find DCLA libs. 2023-07-25 00:07:27 +01:00
dexopt_chroot_setup.te Update sepolicy for service dexopt_chroot_setup and artd_pre_reboot. 2024-02-08 10:13:27 +08:00
dexoptanalyzer.te dontaudit dexoptanalyzer's DM file check on secondary dex files. 2023-01-30 07:56:10 +00:00
dhcp.te
dmesgd.te dmesgd: sepolicies 2022-02-10 17:42:52 +00:00
dnsmasq.te
domain.te Merge changes from topic "misctrl" into main 2024-02-22 18:57:01 +00:00
drmserver.te
dumpstate.te misctrl: add a property 2024-02-21 18:16:49 +00:00
ephemeral_app.te strengthen app_data_file neverallows 2023-05-23 00:01:27 +00:00
evsmanagerd.te Revert^2 "Adds a sepolicy for EVS manager service" 2022-02-10 17:21:14 +00:00
extra_free_kbytes.te Add policies for ro.kernel.watermark_scale_factor property 2022-09-08 19:35:34 +00:00
fastbootd.te Allow fastbootd set boottime property 2023-04-28 07:31:11 +00:00
file.te Add context that system server can access and perfetto can save traces to 2024-02-21 16:43:57 +00:00
file_contexts Merge changes from topic "misctrl" into main 2024-02-22 18:57:01 +00:00
file_contexts_asan Allow app_process to link /data/asan/system_ext/lib/* 2023-06-09 04:43:52 +00:00
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te add next_boot_prop SELinux context to store staged sys prop 2023-10-12 16:12:30 +00:00
fs_use
fsck.te Remove microdroid specific rules and files 2021-06-07 19:22:18 +09:00
fsck_untrusted.te
fsverity_init.te Remove all module_request rules 2023-08-22 16:56:04 +00:00
fuseblkd.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
fuseblkd_untrusted.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
fwk_bufferhub.te Remove bufferhub HAL policy. 2021-10-27 10:54:45 -07:00
gatekeeperd.te
genfs_contexts Merge "system_server: remove access to proc/memhealth/*" into main 2024-02-02 04:26:54 +00:00
gki_apex_prepostinstall.te Allow GKI APEX to use apexd:fd 2020-08-28 17:29:58 -07:00
gmscore_app.te Stop granting permissions on keystore_key class 2023-10-16 22:22:54 +00:00
gpuservice.te Add fifo_file read access to enable gpuservice within device cts 2024-02-15 22:21:30 +00:00
gsid.te Allow gsid to create alternative installation directory 2023-04-28 07:06:02 +00:00
hal_allocator_default.te Allow hidl_allocator_default service to set its own prop 2023-12-19 17:05:59 +00:00
hal_lazy_test.te
halclientdomain.te
halserverdomain.te
healthd.te Remove healthd. 2021-10-20 18:47:41 -07:00
heapprofd.te strengthen vendor_file neverallows 2023-05-18 00:07:32 +00:00
hidl_lazy_test_server.te
hwservice.te
hwservice_contexts Revert "Add sepolicies for CPU HAL." 2022-11-09 16:47:07 +00:00
hwservicemanager.te Allow service managers access to apex data. 2022-09-23 21:33:58 +00:00
idmap.te
incident.te
incident_helper.te
incidentd.te Let incidentd read the wakeup_sources debugfs node for userdebug/eng builds 2023-09-20 14:06:21 -07:00
init.te Revert "Suppress a denial on VM boot" 2023-10-20 19:14:26 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te Allow installd to enable fs-verity on app's file 2023-08-07 11:08:34 -07:00
isolated_app.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
isolated_app_all.te Allow isolated to read staged apks 2023-12-05 15:17:19 +00:00
isolated_compute_app.te C2 AIDL sepolicy update 2023-09-06 14:30:26 -07:00
iw.te
kernel.te Remove remaining APEX sepolicy types 2023-09-25 11:19:44 +09:00
keys.conf sepolicy(nfc): Changing selinux policy for signed NFC APK 2024-01-19 10:22:56 -08:00
keystore.te Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL" 2023-11-22 08:21:27 +00:00
keystore2_key_contexts Stop granting permissions on keystore_key class 2023-10-16 22:22:54 +00:00
keystore_keys.te Add keystore2 namespace for LocksettingsService. 2021-04-14 16:03:13 -07:00
linkerconfig.te Introduce vendor_apex_metadata_file 2023-06-05 17:17:51 +09:00
llkd.te [dice] Remove all the sepolicy relating the hal service dice 2023-02-24 08:34:26 +00:00
lmkd.te Add search in bpf directory for bpfdomains 2022-03-21 17:31:17 -07:00
logd.te Add sepolicy for logd and logcat services 2022-01-13 11:38:43 -08:00
logpersist.te Add logd.ready 2021-11-30 15:10:53 +09:00
lpdumpd.te Allow lpdumpd to read Virtual A/B diagnostics. 2023-07-14 09:08:56 -07:00
mac_permissions.xml sepolicy(nfc): Changing selinux policy for signed NFC APK 2024-01-19 10:22:56 -08:00
mdnsd.te
mediadrmserver.te
mediaextractor.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
mediametrics.te Allow communication between mediametrics & statsd 2021-03-12 04:06:23 -08:00
mediaprovider.te Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te 2021-07-13 09:33:15 +08:00
mediaprovider_app.te label boot animations on oem with bootanim_oem_file 2024-02-16 11:08:30 +01:00
mediaserver.te Allow binder calls between virtual_camera / mediaserver & 2023-12-27 17:26:52 +01:00
mediaswcodec.te Add sepolicy swcodec native flag namespace. 2021-02-16 09:22:16 -08:00
mediatranscoding.te Adds GPU sepolicy to support devices with DRM gralloc/rendering 2022-04-18 17:30:56 -07:00
mediatuner.te Allow mediatuner to get tuner.server.enable 2023-06-20 17:24:51 +00:00
migrate_legacy_obb_data.te
misctrl.te misctrl: add a property 2024-02-21 18:16:49 +00:00
mls Add SELinux policy for using userfaultfd 2021-03-17 04:57:22 -07:00
mls_decl
mls_macros
mlstrustedsubject.te Update SELinux policy to allow artd to perform secondary dex compilation 2022-10-24 16:07:01 +01:00
mm_events.te Sepolicy for mm_events 2021-04-06 22:46:32 -04:00
modprobe.te
mtectrl.te [MTE] ignore mtectrl selinux error for device tree. 2022-09-29 22:53:58 +00:00
net.te Create sdk_sandbox_all. 2023-05-10 17:54:07 +00:00
netd.te sepolicy: allow netutils_wrapper access to fs_bpf_vendor 2024-01-20 23:56:37 +00:00
netutils_wrapper.te sepolicy: allow netutils_wrapper access to fs_bpf_vendor 2024-01-20 23:56:37 +00:00
network_stack.te sepolicy: grant network_stack CAP_WAKE_ALARM 2023-12-13 18:52:51 +00:00
nfc.te Add sepolicy to allow read/write nfc snoop log data 2020-09-24 17:36:07 +08:00
odrefresh.te Remove odrefresh privileges no longer needed for CompOS 2022-01-18 12:56:27 -08:00
odsign.te Revert "Remove fsverity_init SELinux rules" 2023-07-26 06:21:37 +00:00
ot_daemon.te [Thread] move ot-daemon socket to /dev/socket/ot-daemon 2024-01-23 00:00:01 +08:00
otapreopt_chroot.te Allow otapreopt_chroot to use stdin and stdout pipes. 2023-08-07 21:21:20 +01:00
otapreopt_slot.te
perfetto.te Add context that system server can access and perfetto can save traces to 2024-02-21 16:43:57 +00:00
performanced.te
permissioncontroller_app.te Add missing permissions for Cuttlefish to support GSI testing 2021-05-03 16:49:07 -07:00
platform_app.te Making sys.boot.reason.last restricted 2023-09-11 18:29:24 +01:00
policy_capabilities
port_contexts
postinstall.te Use postinstall file_contexts 2021-03-25 00:01:25 +00:00
postinstall_dexopt.te Allow vendor_overlay_file from vendor apex 2023-06-09 13:43:11 +09:00
preloads_copy.te
preopt2cachename.te
priv_app.te Allow pm.archiving.enabled to be read by priv apps. 2023-12-12 23:55:49 +00:00
prng_seeder.te Add SEPolicy for PRNG seeder daemon. 2022-11-15 01:50:22 +00:00
profcollectd.te profcollectd: allow to request wakelock from system_suspend. 2022-02-17 10:20:08 -08:00
profman.te Allow profman to read from memfd created by artd. 2023-10-12 13:48:00 +00:00
property.te misctrl: add a property 2024-02-21 18:16:49 +00:00
property_contexts Add input_device.config_file.apex property 2024-02-23 14:31:58 +09:00
radio.te make ril.cdma.inecmmode system property internal 2021-10-01 21:36:49 +00:00
recovery.te Allow update_engine, recovery, and fastbootd to read snapuserd properties. 2021-07-28 22:30:22 -07:00
recovery_persist.te
recovery_refresh.te
remount.te Allow remount to update the super partition. 2023-12-13 12:09:30 -08:00
rkpd.te Add SELinux policies for remote_key_provisioning_native namespace. 2022-09-29 21:32:58 +00:00
rkpd_app.te Revert^4 "[avf][rkp] Allow virtualizationservice to register RKP HAL" 2023-11-22 08:21:27 +00:00
roles_decl
rs.te Add dontaudit for rs fd usage 2023-07-26 12:12:41 +02:00
rss_hwm_reset.te
runas.te
runas_app.te Don't audit shell_test_data_file for runas_app 2023-08-03 21:28:21 +00:00
sdcardd.te
sdk_sandbox_34.te Revert^2 "Introduce sdk_sandbox_audit SELinux domain" 2023-11-17 09:54:33 +00:00
sdk_sandbox_all.te strengthen app_data_file neverallows 2023-05-23 00:01:27 +00:00
sdk_sandbox_audit.te Revert^2 "Introduce sdk_sandbox_audit SELinux domain" 2023-11-17 09:54:33 +00:00
sdk_sandbox_current.te Revert^2 "Introduce sdk_sandbox_audit SELinux domain" 2023-11-17 09:54:33 +00:00
sdk_sandbox_next.te Add canary restrictions for sdk_sandbox 2023-05-12 20:06:31 +00:00
seapp_contexts sepolicy(nfc): Changing selinux policy for signed NFC APK 2024-01-19 10:22:56 -08:00
secure_element.te Added sepolicy rule for vendor uuid mapping config 2021-11-20 01:08:11 +00:00
security_classes Add SELinux Policy For io_uring 2023-01-27 11:44:59 -05:00
service.te Add virtualization_maintenance_service 2024-02-20 17:08:28 +00:00
service_contexts Add virtualization_maintenance_service 2024-02-20 17:08:28 +00:00
servicemanager.te Allow service managers access to apex data. 2022-09-23 21:33:58 +00:00
sgdisk.te
shared_relro.te Make shared_relro policy private. 2021-01-05 09:48:10 +00:00
shell.te Revert^2 "Update uprobestats SELinux policy" 2023-12-14 17:17:18 -08:00
simpleperf.te Revert "Revert "allow simpleperf to profile more app types."" 2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te Revert "Revert "allow simpleperf to profile more app types."" 2021-10-27 11:05:01 -07:00
simpleperf_boot.te Add sepolicy for simpleperf_boot. 2022-01-15 16:12:51 -08:00
slideshow.te
snapshotctl.te
snapuserd.te snapuserd: sepolicy for setting task-profiles 2023-12-29 23:02:17 +00:00
stats.te stats_service: only disallow untrusted access 2024-02-14 15:07:21 -08:00
statsd.te Revert^2 "Update uprobestats SELinux policy" 2023-12-14 17:17:18 -08:00
storaged.te Revert "Revert "Add neverallows for debugfs access"" 2021-05-04 22:06:46 -07:00
su.te Allow su to access virtualization 2023-12-20 14:55:28 +00:00
surfaceflinger.te Revert "sepolicy: allow surfaceflinger to read device_config_aconfig_flags_prop" 2023-09-13 17:11:11 +00:00
system_app.te Merge "Allow binder calls from system app to update engine" into main 2024-01-12 19:42:36 +00:00
system_server.te Add input_device.config_file.apex property 2024-02-23 14:31:58 +09:00
system_server_startup.te Allow system_server_startup to load system server odex files 2021-06-28 17:00:55 +00:00
system_suspend.te Add sepolicy for suspend.debug.wakestats_log.enabled 2024-01-04 15:45:39 -08:00
technical_debt.cil Create sdk_sandbox_all. 2023-05-10 17:54:07 +00:00
tombstoned.te Fix broken neverallow rules 2021-03-10 10:44:22 +09:00
toolbox.te Dontaudit chmod of virtualizationsevice_data_file 2022-06-15 17:25:20 +01:00
traced.te Allow Perfetto's traced daemon to set debug sysprops 2023-05-10 10:44:20 -04:00
traced_perf.te strengthen app_data_file neverallows 2023-05-23 00:01:27 +00:00
traced_probes.te traced_probes: allow perfetto to read /proc/pressure entries 2023-12-15 19:15:57 +00:00
traceur_app.te Allow traceur_app to access winscope traces 2023-08-21 07:13:42 +00:00
ueventd.te
uncrypt.te
untrusted_app.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_25.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
untrusted_app_27.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
untrusted_app_29.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
untrusted_app_30.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
untrusted_app_32.te Disallow watch and watch_reads on apk_data_file for apps 2023-04-25 15:20:45 +02:00
untrusted_app_all.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
update_engine.te Allow binder calls from system app to update engine 2024-01-05 21:25:40 +00:00
update_engine_common.te Use postinstall file_contexts 2021-03-25 00:01:25 +00:00
update_verifier.te Allow update_verifier to connect to snapuserd daemon 2023-01-09 13:19:20 -08:00
uprobestats.te Merge "Rename uprobe_private to uprobestats for BPFs." into main 2024-01-19 18:15:45 +00:00
usbd.te
users
vdc.te Add vehicle_binding_util SELinux context 2021-07-15 19:44:27 +00:00
vehicle_binding_util.te Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f"" 2022-05-11 18:14:06 +00:00
vendor_init.te Introduce vm_manager_device_type for crosvm 2023-03-29 10:19:06 -07:00
vfio_handler.te Add virtualization_maintenance_service 2024-02-20 17:08:28 +00:00
viewcompiler.te
virtual_camera.te Allow binder calls between virtual_camera / mediaserver & 2023-12-27 17:26:52 +01:00
virtual_touchpad.te
virtualizationmanager.te Use /proc/device-tree for reading AVF DT 2024-02-01 01:53:59 +00:00
virtualizationservice.te Merge "Add virtualization_maintenance_service" into main 2024-02-22 09:45:13 +00:00
vold.te Give vold permission to wipe a block device 2023-08-02 14:27:08 -07:00
vold_prepare_subdirs.te Revert "Allow vold_prepare_subdirs to use apex_service" 2023-08-11 15:34:44 +00:00
vzwomatrigger_app.te
wait_for_keymaster.te Remove wait_for_keymaster and references 2021-06-17 11:12:16 -07:00
watchdogd.te
webview_zygote.te Reland "[res] Allow accessing idmap files in all zygotes" 2024-02-20 20:49:37 +00:00
wificond.te Rename vpnprofilestore to legacykeystore. 2021-06-30 12:40:39 -07:00
zygote.te Add appcompat override files and contexts to SELinux 2023-10-23 18:34:12 +00:00