..
adbd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
apexd.te
Allow PackageManager to communicate to apexd.
2018-11-19 22:05:21 +00:00
app.te
app: remove redundant neverallow rule
2019-01-15 20:31:01 -08:00
app_zygote.te
Initial sepolicy for app_zygote.
2019-01-21 08:24:41 +00:00
asan_extract.te
attributes
Permissions for InputClassifier HAL
2019-01-11 02:08:19 +00:00
audioserver.te
blkid.te
blkid_untrusted.te
bluetooth.te
bootanim.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bootstat.te
Allow zygote to write to statsd and refactor
2018-10-08 13:48:28 -07:00
bufferhubd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
cameraserver.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
charger.te
charger: allow to read /sys/class/power_supply
2018-01-18 16:46:17 -08:00
clatd.te
Clatd: allow clatd use ioctl
2018-11-06 14:22:56 +09:00
cppreopts.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
crash_dump.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
device.te
Remove sepolicy for /dev/alarm.
2018-12-06 04:23:22 +00:00
dex2oat.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
dhcp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
display_service_server.te
dnsmasq.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
domain.te
Initial sepolicy for app_zygote.
2019-01-21 08:24:41 +00:00
drmserver.te
Remove coredomain /dev access no longer needed after Treble
2018-11-29 04:56:18 +00:00
dumpstate.te
Allow dumpstate to read some directories.
2019-01-07 12:45:56 -08:00
e2fs.te
start enforcing ioctl restrictions on blk_file
2018-10-18 15:24:32 -07:00
ephemeral_app.te
fastbootd.te
Add a few permissions required by fastbootd
2018-12-11 11:18:32 -08:00
file.te
system/etc/event-log-tags available to all
2019-01-11 18:42:02 +00:00
fingerprintd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
flags_heatlh_check.te
SEPolicy updates for adding native flag namespace(netd).
2019-01-15 02:47:57 +00:00
fsck.te
start enforcing ioctl restrictions on blk_file
2018-10-18 15:24:32 -07:00
fsck_untrusted.te
fwk_bufferhub.te
Allow app to conntect to BufferHub service
2019-01-14 10:49:35 -08:00
gatekeeperd.te
Remove coredomain /dev access no longer needed after Treble
2018-11-29 04:56:18 +00:00
global_macros
rs: add tests to ensure rs cannot abuse app data
2019-01-17 15:24:34 -08:00
hal_allocator.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
hal_atrace.te
Add atrace HAL 1.0 sepolicy
2018-09-27 23:18:29 +00:00
hal_audio.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_audiocontrol.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_authsecret.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_bluetooth.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_bootctl.te
sepolicy: Fix references to self:capability
2018-08-21 15:55:23 +00:00
hal_broadcastradio.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_camera.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_cas.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_configstore.te
Allow heap profiling everything except TCB on userdebug.
2018-11-28 22:01:58 +00:00
hal_confirmationui.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_contexthub.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_drm.te
More granular vendor access to /system files.
2018-09-20 03:07:50 +00:00
hal_dumpstate.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_evs.te
Move automotive HALs sepolicy to system/
2018-05-04 21:36:48 +00:00
hal_face.te
Added placeholder SELinux policy for the biometric face HAL.
2018-12-28 12:23:56 -08:00
hal_fingerprint.te
Revert "Add placeholder iris and face policy for vold data directory"
2018-11-19 15:00:19 -08:00
hal_gatekeeper.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_gnss.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_graphics_allocator.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
hal_graphics_composer.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_health.te
More granular vendor access to /system files.
2018-09-20 03:07:50 +00:00
hal_health_storage.te
health.filesystem HAL renamed to health.storage
2018-09-20 04:12:45 +00:00
hal_input_classifier.te
Permissions for InputClassifier HAL
2019-01-11 02:08:19 +00:00
hal_ir.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_keymaster.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_light.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_lowpan.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_memtrack.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_neuralnetworks.te
Allow NN HAL to mmap client-provided fd by default
2018-12-07 17:26:28 -08:00
hal_neverallows.te
Allow to use sockets from hal server for auto
2018-05-15 14:38:00 -07:00
hal_nfc.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_oemlock.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_omx.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
hal_power.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_power_stats.te
Add power.stats HAL 1.0 sepolicy
2018-12-11 00:11:08 +00:00
hal_secure_element.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_sensors.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_system_suspend.te
Sepolicy for system suspend HAL.
2018-08-13 17:26:34 -07:00
hal_telephony.te
Remove sepolicy for /dev/alarm.
2018-12-06 04:23:22 +00:00
hal_tetheroffload.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_thermal.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_tv_cec.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_tv_input.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_usb.te
Allow hal_usb to call getsockopt on uevent socket
2018-12-03 18:37:25 +00:00
hal_usb_gadget.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vehicle.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vibrator.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_vr.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_weaver.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi.te
Wifi HAL SIOCETHTOOL sepolicy
2018-12-04 17:21:19 -08:00
hal_wifi_hostapd.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi_offload.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
hal_wifi_supplicant.te
hal_attribute_hwservice_client drop '_client'
2018-06-06 09:30:18 -07:00
healthd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
heapprofd.te
Add userdebug selinux config for heapprofd.
2018-11-14 09:22:07 +00:00
hwservice.te
Permissions for InputClassifier HAL
2019-01-11 02:08:19 +00:00
hwservicemanager.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
incident_helper.te
Selinux permissions for incidentd project
2018-01-23 19:08:49 +00:00
incidentd.te
init.te
zram: allow zram writeback
2019-01-17 04:28:00 +00:00
inputflinger.te
SEPolicy for InputFlinger Service.
2018-11-16 21:52:01 +00:00
install_recovery.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
installd.te
Allow fs-verity setup within system_server
2019-01-11 12:21:59 -08:00
ioctl_defines
Allow fs-verity setup within system_server
2019-01-11 12:21:59 -08:00
ioctl_macros
more ioctl work
2018-10-17 11:12:18 -07:00
iorapd.te
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
isolated_app.te
kernel.te
Allow the kernel to read staging_data_file.
2019-01-16 21:05:26 +01:00
keystore.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
llkd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
lmkd.te
Allow lmkd to renice process before killing
2019-01-14 22:52:32 -08:00
logd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
logpersist.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
mdnsd.te
mediadrmserver.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediaextractor.te
Use hidl memory from allocator in CAS
2018-12-17 22:49:18 +00:00
mediametrics.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediaprovider.te
mediaserver.te
Allow mediaserver domain have getatrr perm on vendor_app_file
2018-10-18 03:10:52 +00:00
mediaswcodec.te
add media.codec.update service
2018-10-15 21:06:53 +00:00
modprobe.te
modprobe: shouldn't load kernel modules from /system
2018-03-23 14:16:25 -07:00
mtp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
net.te
netdomain: allow node_bind for ping sockets
2019-01-14 16:59:03 +00:00
netd.te
SEPolicy updates for adding native flag namespace(netd).
2019-01-15 02:47:57 +00:00
netutils_wrapper.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
network_stack.te
sepolicy changes for network stack app
2018-12-20 12:05:31 +09:00
neverallow_macros
nfc.te
otapreopt_chroot.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
otapreopt_slot.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
perfetto.te
Allow to signal perfetto from shell.
2018-12-13 10:46:42 +00:00
performanced.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
perfprofd.te
same_process_hal_file: access to individual coredomains
2018-10-26 18:03:01 +00:00
platform_app.te
postinstall.te
Allow to execute postinstall in adb sideload
2018-11-21 16:23:45 -08:00
postinstall_dexopt.te
Remove redundant cgroup type/labelings.
2018-11-17 01:24:49 +00:00
ppp.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
preopt2cachename.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
priv_app.te
profman.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
property.te
Add the testharness service to sepolicy rules
2019-01-17 13:10:37 -08:00
property_contexts
Add the testharness service to sepolicy rules
2019-01-17 13:10:37 -08:00
racoon.te
racoon: allow ioctl TUNSETIFF
2018-11-15 10:32:45 -08:00
radio.te
Remove sepolicy for /dev/alarm.
2018-12-06 04:23:22 +00:00
recovery.te
recovery: Address the ioctl denials during wiping.
2019-01-15 16:08:09 -08:00
recovery_persist.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
recovery_refresh.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
roles
rs.te
sepolicy: Add "rs" and "rs_exec" to public policy
2018-12-21 17:47:54 +00:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
runas_app.te
Add permissions in runas_app domain to debug/profile debuggable apps.
2019-01-09 17:24:31 +00:00
sdcardd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
service.te
Add the testharness service to sepolicy rules
2019-01-17 13:10:37 -08:00
servicemanager.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
sgdisk.te
sgdisk: allow BLKRRPART
2018-11-02 14:26:23 -07:00
shared_relro.te
Allow shared_relro to access PackageManager.
2018-09-11 16:26:56 -04:00
shell.te
Add persist.heapprofd.enable property.
2018-12-12 10:26:33 +00:00
slideshow.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
statsd.te
Allow statsd to write stats log events to perfd(running as shell) via pipes.
2018-12-18 15:58:50 -08:00
su.te
Permissions for InputClassifier HAL
2019-01-11 02:08:19 +00:00
surfaceflinger.te
swcodec_service_server.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
system_app.te
system_server.te
te_macros
Allow heap profiling of certain app domains on user builds
2019-01-21 14:30:57 +00:00
tee.te
Revert "Add placeholder iris and face policy for vold data directory"
2018-11-19 15:00:19 -08:00
thermalserviced.te
Revert "Move thermal service into system_server"
2018-12-11 17:04:17 +00:00
tombstoned.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
toolbox.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traced_probes.te
Make traced_probes mlstrustedsubject.
2018-04-17 18:12:28 +00:00
traceur_app.te
Add sepolicy for IpMemoryStoreService
2019-01-10 18:06:56 +09:00
tzdatacheck.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
ueventd.te
Remove kmem_device selinux type.
2018-11-15 21:31:56 +00:00
uncrypt.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
update_engine.te
SELinux policy for new managed system update APIs
2018-11-22 17:46:31 +00:00
update_engine_common.te
Allow BLKIOMIN and BLKALIGNOFF to super device in update_engine.
2018-11-14 16:16:11 -08:00
update_verifier.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
usbd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vdc.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vendor_init.te
SEPolicy updates for adding native flag namespace(netd).
2019-01-15 02:47:57 +00:00
vendor_shell.te
Allow shell to start vendor shell
2018-01-16 18:28:51 +00:00
vendor_toolbox.te
virtual_touchpad.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vndservice.te
vndservicemanager.te
vold.te
Allow vold to create files at /mnt/user/.*
2018-12-20 12:01:54 -08:00
vold_prepare_subdirs.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
vr_hwc.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
webview_zygote.te
wificond.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
wpantund.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
zygote.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
ca0690e8eb