..
compat
Add sepolicy for the securityfs mount type.
2020-03-11 12:24:24 -07:00
access_vectors
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
adbd.te
Add adbd_prop, system_adbd_prop property types.
2020-02-20 07:52:34 -08:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-21 10:40:32 -08:00
app.te
Prevent apps from causing presubmit failures
2019-12-16 11:19:05 +01:00
app_neverallows.te
Allow mediaprovider_app access to /proc/filesystems.
2020-02-19 17:24:24 +01:00
app_zygote.te
debug builds: allow perf profiling of most domains
2020-01-22 22:04:02 +00:00
art_apex_boot_integrity.te
Sepolicy: Allow everyone to search keyrings
2019-03-14 13:21:07 -07:00
art_apex_postinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
art_apex_preinstall.te
Sepolicy: Fix comment on apexd:fd use
2019-03-15 11:26:05 -07:00
asan_extract.te
atrace.te
More neverallows for default_android_service.
2020-01-21 11:13:22 -08:00
audioserver.te
Allow audio_server to access soundtrigger_middleware service
2019-12-12 10:56:35 -08:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Update automotive display service rules
2020-02-25 02:02:54 +00:00
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
Add rules for Lights AIDL HAL
2020-01-22 20:33:42 +01:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
bluetooth.te
Support for more binder caches
2020-01-22 08:21:08 -08:00
bluetoothdomain.te
bootanim.te
bootstat.te
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
cut down bpf related privileges
2020-02-22 02:14:58 +00:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Temporarily whitelist system_server->storage denials
2020-01-06 14:28:31 +01:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
charger.te
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
cppreopts.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
crash_dump.te
crash_dump: suppress devpts denials
2019-03-19 04:05:51 +00:00
credstore.te
Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
2020-02-19 13:46:45 -05:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Allow otapreopt_chroot to use a flattened Runtime APEX package.
2019-03-19 14:44:22 +00:00
dexoptanalyzer.te
Allow dexoptanalyzer to mmap files with Linux 4.14+ that it can already access.
2019-08-16 20:02:32 +01:00
dhcp.te
dnsmasq.te
domain.te
traced_perf sepolicy tweaks
2020-02-24 12:23:13 +00:00
drmserver.te
dumpstate.te
dumpstate: reads ota_metadata_file
2019-10-29 14:29:54 -07:00
ephemeral_app.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file.te
Move linker config under /linkerconfig
2019-12-05 12:42:29 +09:00
file_contexts
Merge "Add resize2fs to fsck_exec file context"
2020-02-27 03:02:02 +00:00
file_contexts_asan
fix data/asan/product/lib(64) can't access by platform_app issue
2019-07-19 03:23:47 +00:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
flags_health_check.te
sepolicy for server configurable flags
2018-11-01 03:28:56 +00:00
fs_use
Use setxattr for incremental-fs
2020-02-11 14:33:08 -08:00
fsck.te
fsck_untrusted.te
fsverity_init.te
Merge "Revert "sepolicy: dontaudit cap_sys_admin on userdebug/eng""
2019-11-21 22:27:37 +00:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
genfs_contexts
Add sepolicy for the securityfs mount type.
2020-03-11 12:24:24 -07:00
gmscore_app.te
Allow gmscore to read tcp sockets passed by priv-apps
2020-02-18 08:38:44 -08:00
gpuservice.te
GpuService binder call StatsManagerService
2020-02-06 11:54:33 -08:00
gsid.te
Allow gsid to callback system server for oneway method
2020-02-27 16:32:25 +08:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
halclientdomain.te
halserverdomain.te
healthd.te
heapprofd.te
Allow Java domains to be Perfetto producers.
2019-10-10 10:40:26 +01:00
hwservice_contexts
Update automotive display service rules
2020-02-25 02:02:54 +00:00
hwservicemanager.te
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
Fix selinux denials for incidentd
2020-02-18 21:51:40 -08:00
init.te
Add userspace_reboot_log_prop
2020-02-07 01:57:55 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
sepolicy: allow rules for apk verify system property
2019-12-03 10:09:35 -08:00
iorap_inode2filename.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Sepolicy: Move otapreopt_chroot to private
2019-03-18 10:54:42 -07:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
sepolicy: Move wifi keystore HAL service to wificond
2019-10-28 14:06:17 -07:00
linkerconfig.te
Update linkerconfig to generate APEX binary config
2020-01-20 13:40:08 +09:00
llkd.te
llkd: requires sys_admin permissions
2020-01-15 08:08:59 -08:00
lmkd.te
logd.te
Revert "sepolicy: Permission changes for new wifi mainline module"
2019-11-22 09:49:32 -08:00
logpersist.te
Allow incidentd to parse persisted log
2020-01-18 16:18:18 -08:00
lpdumpd.te
binder_use: Allow servicemanager callbacks
2019-12-19 23:07:14 +00:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
mediaextractor.te
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mediametrics.te
mediaprovider.te
Merge "Revert "Allow MediaProvider to host FUSE devices.""
2020-01-10 21:17:15 +00:00
mediaprovider_app.te
Allow mediaprovider_app access to /proc/filesystems.
2020-02-19 17:24:24 +01:00
mediaserver.te
allow mediaserver to use appdomain_tmpfs
2019-12-05 12:14:13 -08:00
mediaswcodec.te
add mediaswcodec service
2018-10-11 15:10:17 -07:00
mediatranscoding.te
MediaTranscodingService: Add sepolicy for MediaTranscodingService.
2019-12-02 13:57:28 -08:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Initial selinux policy support for memfd
2019-01-30 19:11:49 +00:00
mls_decl
mls_macros
modprobe.te
mtp.te
netd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Allow tethering find netork stack service
2019-12-12 12:54:57 +08:00
nfc.te
Remove mediacodec_service.
2019-08-21 01:19:20 +00:00
notify_traceur.te
Allow the init process to execute the notify_traceur.sh script
2019-02-07 00:28:40 +00:00
otapreopt_chroot.te
Sepolicy: Allow otapreopt to mount logical partitions
2019-03-22 12:13:05 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Allow Perfetto to log to statsd
2019-11-04 12:23:27 +00:00
performanced.te
permissioncontroller_app.te
Don't run permissioncontroller_app in permissive mode
2020-01-06 09:41:22 -08:00
platform_app.te
Make platform_compat discoverable everywhere
2020-02-06 12:11:37 +00:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
postinstall_dexopt.te
Sepolicy: Allow otapreopt access to vendor overlay files
2019-03-22 12:13:53 -07:00
ppp.te
preloads_copy.te
Add sepolicy for preloads_copy script
2018-10-23 17:11:36 +01:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
allow priv_apps to read from incremental_control_file
2020-02-24 18:26:47 +00:00
profman.te
property_contexts
Merge public/property_contexts into private
2020-03-12 21:07:18 +09:00
racoon.te
radio.te
Use prefixes for binder cache SELinux properties.
2020-02-21 15:25:46 -08:00
recovery.te
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
seapp_contexts
Create new mediaprovider_app domain.
2020-02-04 16:53:18 +01:00
secure_element.te
security_classes
access_vectors: add lockdown class
2020-02-13 13:05:54 -08:00
service.te
system_server: create StatsManagerService
2019-12-16 11:50:16 -08:00
service_contexts
Adding sepolicy of tuner resource manager service
2020-02-21 23:33:46 +00:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
shell.te
Remove sys.linker property
2020-02-19 10:16:06 +09:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
stats.te
GpuStats: sepolicy change for using new statsd puller api
2020-02-04 15:55:59 -08:00
statsd.te
Allow system server to add StatsHal
2020-02-05 17:24:48 -08:00
storaged.te
Allow GMS core to call dumpsys storaged
2019-12-11 12:49:04 -08:00
su.te
surfaceflinger.te
Update sepolicy to allow pushing atoms from surfaceflinger to statsd
2020-02-10 09:50:53 -08:00
system_app.te
Merge "Allow system_app to interact with Dumpstate HAL"
2020-02-20 04:07:09 +00:00
system_server.te
Add rules to dump fingerprint hal traces
2020-03-03 16:58:58 +08:00
system_server_startup.te
system_server_startup: allow SIGCHLD to zygote
2019-06-14 16:56:05 -07:00
system_suspend.te
system_suspend: sysfs path resolution
2019-11-12 13:47:26 -08:00
technical_debt.cil
Allow apps to access hal_drm
2019-09-30 04:51:24 +00:00
tombstoned.te
toolbox.te
traced.te
perfetto: allow producers to supply shared memory
2020-02-04 13:47:42 +00:00
traced_perf.te
traced_perf sepolicy tweaks
2020-02-24 12:23:13 +00:00
traced_probes.te
perfetto: allow producers to supply shared memory
2020-02-04 13:47:42 +00:00
traceur_app.te
Allow the Traceur app to start Perfetto.
2018-12-10 18:51:29 -08:00
tzdatacheck.te
ueventd.te
uncrypt.te
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_25.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_27.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_29.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_all.te
initial policy for traced_perf daemon (perf profiler)
2020-01-22 22:04:01 +00:00
update_engine.te
update_engine: rules to apply virtual A/B OTA
2019-10-02 12:46:47 -07:00
update_engine_common.te
update_verifier.te
usbd.te
users
vdc.te
vendor_init.te
Root of /data belongs to init (re-landing)
2019-09-09 14:42:01 -07:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtual_touchpad.te
vold.te
Abolish calls to shell in vold
2018-11-30 16:02:04 -08:00
vold_prepare_subdirs.te
sepolicy(wifi): Allow wifi service access to wifi apex directories
2020-02-21 10:40:32 -08:00
vr_hwc.te
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Add getattr access on tmpfs_zygote files for webview_zygote.
2020-01-30 21:29:19 +00:00
wificond.te
wpantund.te
zygote.te
Allow zygote to go into media directory to bind mount obb dir
2020-02-19 14:24:27 +00:00
3efe91b8e0