..
compat
Selinux: Allow lmkd write access to sys.lmk. properties
2018-08-10 20:05:46 +00:00
access_vectors
sepolicy: New sepolicy classes and rules about bpf object
2018-01-02 11:52:33 -08:00
adbd.te
adbd is allowed to execute shell in recovery mode
2018-06-09 02:23:10 +09:00
app.te
Allow getsockopt and setsockopt for Encap Sockets
2018-04-03 21:52:14 +00:00
app_neverallows.te
Delete untrusted_v2_app
2018-08-06 12:52:37 -07:00
asan_extract.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
atrace.te
Reland: perfetto: allow traced_probes to execute atrace
2018-03-22 11:00:49 +00:00
audioserver.te
audioserver: add access to wake locks.
2018-05-17 17:27:56 -07:00
binder_in_vendor_violators.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
binderservicedomain.te
Move binderservicedomain policy to private
2017-02-08 09:09:39 -08:00
blank_screen.te
Add policy for 'blank_screen'.
2018-01-22 20:27:01 +00:00
blkid.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
blkid_untrusted.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bluetooth.te
Whitelist vendor-init-settable bluetooth_prop and wifi_prop
2018-04-13 11:08:48 +09:00
bluetoothdomain.te
Move bluetoothdomain policy to private
2017-02-06 15:32:08 -08:00
bootanim.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
bootstat.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bpfloader.te
Hide bpfloader sys_admin denials.
2018-05-23 08:36:40 -07:00
bufferhubd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bug_map
Suppress denials for apps accessing storage too early
2018-06-01 19:15:55 +00:00
cameraserver.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
charger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
clatd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
coredomain.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
cppreopts.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
crash_dump.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
dex2oat.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dexoptanalyzer.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
domain.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
drmserver.te
Tighten restrictions on core <-> vendor socket comms
2017-03-31 09:17:54 -07:00
dumpstate.te
Ensure taking a bugreport generates no denials.
2018-03-08 02:25:18 +00:00
ephemeral_app.te
auditallow app_data_file execute
2018-08-06 14:49:45 -07:00
file.te
Setting up sepolicies for statsd planB of listening to its own socket
2018-04-25 02:20:36 -07:00
file_contexts
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
file_contexts_asan
/odm is another vendor partition that can be customied by ODMs
2017-12-15 19:07:58 +09:00
file_contexts_overlayfs
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fs_use
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
gatekeeperd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
genfs_contexts
Allow to read events/header_page with debugfs_tracing
2018-07-03 09:36:42 +00:00
hal_allocator_default.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
halclientdomain.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
halserverdomain.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
healthd.te
healthd provides health@2.0 service.
2017-10-17 13:48:42 -07:00
hwservice_contexts
Add sepolicy for health filesystem HAL
2018-08-10 11:02:21 -07:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
incident.te
Add this rule allows incidentd CTS tests be able to use incident
2018-01-31 12:33:57 -08:00
incident_helper.te
Allow incidentd to read LAST_KMSG only for userdebug builds
2018-03-30 10:15:24 -07:00
incidentd.te
Allow incidentd to read kernel version
2018-06-26 21:19:15 +00:00
init.te
Allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
2018-08-03 19:41:03 +00:00
initial_sid_contexts
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
initial_sids
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
inputflinger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
install_recovery.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
installd.te
Ensure taking a bugreport generates no denials.
2018-03-08 02:25:18 +00:00
isolated_app.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
kernel.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
keys.conf
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
keystore.te
Allow Keystore to check security logging property.
2018-01-24 19:49:18 +00:00
llkd.te
llkd: add live-lock daemon
2018-05-10 17:19:16 +00:00
lmkd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logpersist.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
mac_permissions.xml
Move MediaProvider to its own domain, add new MtpServer permissions
2016-12-12 11:05:33 -08:00
mdnsd.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
mediadrmserver.te
update sepolicy for gralloc HAL
2017-03-30 14:43:35 -07:00
mediaextractor.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediametrics.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediaprovider.te
Allow mediaprovider to search /mnt/media_rw
2018-05-15 11:46:52 -07:00
mediaserver.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
mls
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
mls_decl
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
mls_macros
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
modprobe.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
net.te
Update socket ioctl restrictions
2018-06-22 05:35:07 +00:00
netd.te
Allow netd to setup xt_bpf iptable rules
2018-03-21 14:37:37 -07:00
netutils_wrapper.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
nfc.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
otapreopt_chroot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
otapreopt_slot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfetto.te
label /data/vendor{_ce,_de}
2018-02-08 17:21:25 +00:00
performanced.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfprofd.te
perfprofd: talk to health HAL.
2018-07-17 11:37:26 -07:00
platform_app.te
Remove unnecessary permission
2018-06-19 12:58:09 +01:00
policy_capabilities
Define extended_socket_class policy capability and socket classes
2017-02-06 13:53:11 -05:00
port_contexts
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
postinstall.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
postinstall_dexopt.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preopt2cachename.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
priv_app.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
profman.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
property_contexts
Selinux: Allow lmkd write access to sys.lmk. properties
2018-08-10 20:05:46 +00:00
racoon.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
radio.te
Add label for time (zone) system properties
2018-06-25 17:59:56 +01:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
recovery_persist.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
recovery_refresh.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
roles_decl
sepolicy: add version_policy tool and version non-platform policy.
2016-12-06 08:56:02 -08:00
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Revert "Change priv-apps /home/home labels to privapp_data_file"
2018-08-13 11:41:04 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
sepolicy: New sepolicy classes and rules about bpf object
2018-01-02 11:52:33 -08:00
service.te
Setting up SELinux policy for statsd and stats service
2017-12-19 01:41:48 +00:00
service_contexts
Added sepolicy for uri_grants service
2018-07-23 15:31:40 -07:00
servicemanager.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
sgdisk.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Statsd allow shell in selinux policy
2018-02-13 09:34:55 -08:00
slideshow.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
stats.te
Setting up SELinux policy for statsd and stats service
2017-12-19 01:41:48 +00:00
statsd.te
Sepolicy: Fix perfprofd permissions
2018-05-10 15:07:09 -07:00
storaged.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 21:27:57 -07:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
system_app.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
system_server.te
Explicitly allow system_server to (m)map data files
2018-08-10 20:56:45 +00:00
technical_debt.cil
Find hal_foo_hwservice -> you are hal_foo_client.
2018-05-30 16:46:57 -07:00
thermalserviced.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
tombstoned.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
toolbox.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
traced.te
perfetto: allow traced to write into FDs received by the client
2018-03-26 01:01:36 +00:00
traced_probes.te
Grant traced_probes search on directories.
2018-04-06 17:18:27 +01:00
traceur_app.te
Allow Traceur app to remove trace files.
2018-02-20 17:03:08 -08:00
tzdatacheck.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
untrusted_app_25.te
Remove legacy execmod access from API >= 26.
2018-08-08 01:39:09 +00:00
untrusted_app_27.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
untrusted_app_all.te
Remove legacy execmod access from API >= 26.
2018-08-08 01:39:09 +00:00
update_engine.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
update_engine_common.te
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
update_verifier.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
Split general policy into public and private components.
2016-10-06 13:09:06 -07:00
vdc.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vendor_init.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
virtual_touchpad.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vold.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
vold_prepare_subdirs.te
Fingerprint data is now stored in one of two ways depending on the
2018-05-16 14:22:14 -07:00
vr_hwc.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
wait_for_keymaster.te
Add wait_for_keymaster
2018-05-09 13:41:37 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
wificond.te
SE Policy for Wifi Offload HAL
2017-05-18 09:49:55 -07:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Deprivilege haiku
2018-06-04 11:07:08 -07:00
cdc6649acc