platform_system_sepolicy/private
Slawomir Rosek 608e4923d3 Allow system server to read media config
This patch allows system server to read media config properties.
On 32bit architectures the StorageManager service in system server
needs to access media config while checking if transcoding is supported.

Bug: 276498430
Bug: 276662056
Change-Id: Ifc008d98b893b099c31c1fc8b96de9ed18dd4fbe
Signed-off-by: Slawomir Rosek <srosek@google.com>
2023-04-05 07:51:24 +00:00
..
compat Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
access_vectors Add SELinux Policy For io_uring 2023-01-27 11:44:59 -05:00
adbd.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
aidl_lazy_test_server.te
apex_test_prepostinstall.te
apexd.te Modifed sepolicy for new apex ready prop 2022-09-01 22:20:10 +00:00
apexd_derive_classpath.te Allow apexd to call derive_classpath binary 2021-10-28 16:27:09 +01:00
app.te Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
app_neverallows.te Merge changes from topic "iso_compute" 2023-02-01 17:33:59 +00:00
app_zygote.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
artd.te Allow artd to create dirs and files for artifacts before restorecon. 2023-01-18 01:07:49 +08:00
asan_extract.te
atrace.te Iorapd and friends have been removed 2022-05-18 12:07:39 +02:00
attributes
audioserver.te Add SELinux policy for accessing the AudioService 2022-07-27 12:11:50 +00:00
auditctl.te
automotive_display_service.te Revert^2 "Updates sepolicy for EVS HAL" 2022-02-10 17:21:54 +00:00
binderservicedomain.te Allow service managers access to apex data. 2022-09-23 21:33:58 +00:00
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te Allow Bluetooth stack to read security log sysprop 2022-05-25 21:05:02 +00:00
bluetoothdomain.te
bootanim.te Label /data/bootanim with bootanim_data_file. 2021-12-23 15:00:31 -08:00
bootstat.te
boringssl_self_test.te
bpfdomain.te refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 2023-01-06 10:09:33 +00:00
bpfloader.te netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 2023-03-28 03:11:42 +00:00
bufferhubd.te
bug_map Remove netd entries in bug_map 2023-03-22 10:02:37 +11:00
cameraserver.te Adds GPU sepolicy to support devices with DRM gralloc/rendering 2022-04-18 17:30:56 -07:00
canhalconfigurator.te SEPolicy for AIDL CAN HAL 2022-12-09 11:00:10 -08:00
charger.te Add charger_type. 2021-11-05 18:44:04 -07:00
charger_type.te Add charger_vendor type 2021-12-07 16:24:23 -08:00
clatd.te clatd.te - no longer need netlink 2023-03-16 10:53:18 +00:00
compos_fd_server.te Delete more unused policies by CompOS 2022-01-25 08:40:46 -08:00
compos_verify.te Allow compos_verify to write VM logs 2022-06-17 13:41:51 +01:00
composd.te Allow system server to set dynamic ART properties. 2023-03-31 11:46:05 +01:00
coredomain.te Allow system server to set dynamic ART properties. 2023-03-31 11:46:05 +01:00
cppreopts.te
crash_dump.te [dice] Remove all the sepolicy relating the hal service dice 2023-02-24 08:34:26 +00:00
credstore.te Remove RemoteProvisioner and remoteprovisioning services 2023-03-14 15:45:35 -07:00
crosvm.te Introduce vm_manager_device_type for crosvm 2023-03-29 10:19:06 -07:00
derive_classpath.te Add support for invoking derive_classpath from otadexopt 2021-04-27 14:31:54 -07:00
derive_sdk.te Allow dumpstate to exec derive_sdk 2022-09-28 14:26:46 +02:00
device_as_webcam.te Add selinux permissions for DeviceAsWebcam Service 2023-02-02 12:26:33 -08:00
dex2oat.te Additional sepolicy rules for dex2oat 2023-01-17 15:43:58 +00:00
dexoptanalyzer.te dontaudit dexoptanalyzer's DM file check on secondary dex files. 2023-01-30 07:56:10 +00:00
dhcp.te
dmesgd.te dmesgd: sepolicies 2022-02-10 17:42:52 +00:00
dnsmasq.te
domain.te Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf 2023-03-01 14:45:57 -08:00
drmserver.te
dumpstate.te Don't emit audit logs for dumpstate->keystore 2023-03-21 09:16:47 +00:00
ephemeral_app.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
evsmanagerd.te Revert^2 "Adds a sepolicy for EVS manager service" 2022-02-10 17:21:14 +00:00
extra_free_kbytes.te Add policies for ro.kernel.watermark_scale_factor property 2022-09-08 19:35:34 +00:00
fastbootd.te Add SELinux Policy For io_uring 2023-01-27 11:44:59 -05:00
file.te Introduce vm_manager_device_type for crosvm 2023-03-29 10:19:06 -07:00
file_contexts Move cardisplayproxyd to system_ext 2023-03-14 14:28:28 +00:00
file_contexts_asan
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te Add SELinux policy for edgetpu_native device_config prop 2023-02-13 21:55:57 +00:00
fs_use
fsck.te Remove microdroid specific rules and files 2021-06-07 19:22:18 +09:00
fsck_untrusted.te
fsverity_init.te Clean up proc_fs_verity which is no longer used 2022-12-06 09:10:41 -08:00
fuseblkd.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
fuseblkd_untrusted.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
fwk_bufferhub.te Remove bufferhub HAL policy. 2021-10-27 10:54:45 -07:00
gatekeeperd.te
genfs_contexts Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf 2023-03-01 14:45:57 -08:00
gki_apex_prepostinstall.te
gmscore_app.te Allow GMSCore to read RKP properties. 2023-02-08 17:14:47 -08:00
gpuservice.te refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 2023-01-06 10:09:33 +00:00
gsid.te Add proc_cmdline read permission to read_fstab 2022-03-20 16:35:19 +08:00
hal_allocator_default.te
hal_lazy_test.te
halclientdomain.te
halserverdomain.te
healthd.te Remove healthd. 2021-10-20 18:47:41 -07:00
heapprofd.te [dice] Remove all the sepolicy relating the hal service dice 2023-02-24 08:34:26 +00:00
hidl_lazy_test_server.te
hwservice.te
hwservice_contexts Revert "Add sepolicies for CPU HAL." 2022-11-09 16:47:07 +00:00
hwservicemanager.te Allow service managers access to apex data. 2022-09-23 21:33:58 +00:00
idmap.te
incident.te
incident_helper.te
incidentd.te Add build properties for attestation feature 2023-02-02 18:52:35 +08:00
init.te Introduce vm_manager_device_type for crosvm 2023-03-29 10:19:06 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te Allow installd to kill profman. 2023-01-30 11:09:08 +00:00
isolated_app.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
isolated_app_all.te Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf 2023-03-01 14:45:57 -08:00
isolated_compute_app.te Grant execute on toolbox_exec for isolated_compute_app 2023-03-27 12:44:03 +11:00
iw.te
kernel.te Supress permissive audit messages post OTA reboot 2022-10-10 21:58:41 +00:00
keys.conf Changing selinux policy for privapps for new certs. 2022-04-05 17:31:49 -07:00
keystore.te Merge "Allow service managers access to apex data." 2022-10-14 18:04:46 +00:00
keystore2_key_contexts Add keystore2 namespace for LocksettingsService. 2021-04-14 16:03:13 -07:00
keystore_keys.te Add keystore2 namespace for LocksettingsService. 2021-04-14 16:03:13 -07:00
linkerconfig.te
llkd.te [dice] Remove all the sepolicy relating the hal service dice 2023-02-24 08:34:26 +00:00
lmkd.te Add search in bpf directory for bpfdomains 2022-03-21 17:31:17 -07:00
logd.te Add sepolicy for logd and logcat services 2022-01-13 11:38:43 -08:00
logpersist.te Add logd.ready 2021-11-30 15:10:53 +09:00
lpdumpd.te Add rules for calling ReadDefaultFstab() 2021-03-29 15:23:29 +08:00
mac_permissions.xml Changing selinux policy for privapps for new certs. 2022-04-05 17:31:49 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te 2021-07-13 09:33:15 +08:00
mediaprovider_app.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
mediaserver.te Allow communication between mediaserver & statsd 2023-02-01 22:33:28 +00:00
mediaswcodec.te
mediatranscoding.te Adds GPU sepolicy to support devices with DRM gralloc/rendering 2022-04-18 17:30:56 -07:00
mediatuner.te Add properties to configure whether the lazy tuner is enabled. 2022-08-23 07:01:05 +00:00
migrate_legacy_obb_data.te
mls
mls_decl
mls_macros
mlstrustedsubject.te Update SELinux policy to allow artd to perform secondary dex compilation 2022-10-24 16:07:01 +01:00
mm_events.te Sepolicy for mm_events 2021-04-06 22:46:32 -04:00
modprobe.te
mtectrl.te [MTE] ignore mtectrl selinux error for device tree. 2022-09-29 22:53:58 +00:00
mtp.te
net.te Merge "Enforce MAC address restrictions for priv apps." am: 6b2fefbf46 am: a9723095c7 2022-05-18 13:56:49 +00:00
netd.te netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 2023-03-28 03:11:42 +00:00
netutils_wrapper.te netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 2023-03-28 03:11:42 +00:00
network_stack.te netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps 2023-03-28 03:11:42 +00:00
nfc.te
odrefresh.te Remove odrefresh privileges no longer needed for CompOS 2022-01-18 12:56:27 -08:00
odsign.te Selinux setup for /data/misc/odsign/metrics/ 2022-04-07 14:18:37 +00:00
otapreopt_chroot.te Revert "Allow otapreopt_chroot to call otadexopt binder service" 2021-07-06 17:06:22 +00:00
otapreopt_slot.te
perfetto.te Allow perfetto to write into perfetto_traces_bugreport_data_file 2023-03-28 11:34:58 +00:00
performanced.te
permissioncontroller_app.te Add missing permissions for Cuttlefish to support GSI testing 2021-05-03 16:49:07 -07:00
platform_app.te Add persist.sysui.notification.builder_extras_ovrd 2023-03-29 16:35:39 +00:00
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te postinstall_dexopt: allow reading odsign.verification.status 2021-07-19 19:47:33 +00:00
ppp.te
preloads_copy.te
preopt2cachename.te
priv_app.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
prng_seeder.te Add SEPolicy for PRNG seeder daemon. 2022-11-15 01:50:22 +00:00
profcollectd.te profcollectd: allow to request wakelock from system_suspend. 2022-02-17 10:20:08 -08:00
profman.te Update SELinux policy for app compilation CUJ. 2022-07-29 14:07:52 +00:00
property.te Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
property_contexts Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-03 13:47:09 +00:00
racoon.te
radio.te make ril.cdma.inecmmode system property internal 2021-10-01 21:36:49 +00:00
recovery.te Allow update_engine, recovery, and fastbootd to read snapuserd properties. 2021-07-28 22:30:22 -07:00
recovery_persist.te
recovery_refresh.te
remount.te Add remount.te to allow adb remount-related operations 2021-11-02 22:10:05 +08:00
rkpd.te Add SELinux policies for remote_key_provisioning_native namespace. 2022-09-29 21:32:58 +00:00
rkpd_app.te Add set property permissions to RKPD application. 2023-03-16 18:05:10 +00:00
roles_decl
rs.te Allow priv_app to run the renderscript compiler. am: 737b098a71 2021-06-15 19:15:27 +00:00
rss_hwm_reset.te
runas.te
runas_app.te runas_app: allow sigkill of untrusted_app 2023-01-20 09:02:19 +01:00
sdcardd.te
sdk_sandbox.te Allow system server to set dynamic ART properties. 2023-03-31 11:46:05 +01:00
seapp_contexts Remove RemoteProvisioner and remoteprovisioning services 2023-03-14 15:45:35 -07:00
secure_element.te Added sepolicy rule for vendor uuid mapping config 2021-11-20 01:08:11 +00:00
security_classes Add SELinux Policy For io_uring 2023-01-27 11:44:59 -05:00
service.te Add sepolicy for background_install_control service 2022-10-24 11:26:35 -07:00
service_contexts Add cpu_monitor service context. 2023-03-31 20:55:42 +00:00
servicemanager.te Allow service managers access to apex data. 2022-09-23 21:33:58 +00:00
sgdisk.te
shared_relro.te
shell.te Add persist.sysui.notification.builder_extras_ovrd 2023-03-29 16:35:39 +00:00
simpleperf.te Revert "Revert "allow simpleperf to profile more app types."" 2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te Revert "Revert "allow simpleperf to profile more app types."" 2021-10-27 11:05:01 -07:00
simpleperf_boot.te Add sepolicy for simpleperf_boot. 2022-01-15 16:12:51 -08:00
slideshow.te
snapshotctl.te
snapuserd.te Add SELinux Policy For io_uring 2023-01-27 11:44:59 -05:00
stats.te Allow traced_probes to subscribe to statsd atoms 2023-03-22 19:53:34 +00:00
statsd.te Allow statsd to write to priv app FDs 2021-10-28 13:07:19 -07:00
storaged.te Revert "Revert "Add neverallows for debugfs access"" 2021-05-04 22:06:46 -07:00
su.te Start using virtmgr for running VMs 2023-01-05 17:39:39 +00:00
surfaceflinger.te Grant surfaceflinger and graphics allocator access to the secure heap 2023-01-19 09:02:56 +00:00
system_app.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
system_server.te Allow system server to read media config 2023-04-05 07:51:24 +00:00
system_server_startup.te Allow system_server_startup to load system server odex files 2021-06-28 17:00:55 +00:00
system_suspend.te suspend: Allow access to /sys/power/wake_[un]lock 2022-12-14 14:18:55 -08:00
technical_debt.cil Enable NNAPI for isolated compute app 2023-03-01 20:27:13 +00:00
tombstoned.te
toolbox.te Dontaudit chmod of virtualizationsevice_data_file 2022-06-15 17:25:20 +01:00
traced.te Allow perfetto to write into perfetto_traces_bugreport_data_file 2023-03-28 11:34:58 +00:00
traced_perf.te [dice] Remove all the sepolicy relating the hal service dice 2023-02-24 08:34:26 +00:00
traced_probes.te Merge "traced_probes: allow traced_probes to access diskstats info" 2023-04-04 01:25:18 +00:00
traceur_app.te
ueventd.te
uncrypt.te
untrusted_app.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_25.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_27.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_29.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_30.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_32.te Blocks untrusted apps to access /dev/socket/mdnsd from U 2023-01-20 15:25:46 +09:00
untrusted_app_all.te sepolicy: rework perfetto producer/profiler rules for "user" builds 2023-02-03 15:05:14 +00:00
update_engine.te Add sepolicy for IBootControl AIDL 2022-06-07 16:26:19 -07:00
update_engine_common.te
update_verifier.te Allow update_verifier to connect to snapuserd daemon 2022-06-08 20:26:18 +00:00
usbd.te
users
vdc.te Add vehicle_binding_util SELinux context 2021-07-15 19:44:27 +00:00
vehicle_binding_util.te Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f"" 2022-05-11 18:14:06 +00:00
vendor_init.te Introduce vm_manager_device_type for crosvm 2023-03-29 10:19:06 -07:00
viewcompiler.te
virtual_touchpad.te
virtualizationmanager.te Allow virtualizationmanager to read AVF debug policy 2023-02-07 02:04:02 +09:00
virtualizationservice.te virtualizationservice: Allow checking permissions 2023-01-12 21:10:33 +00:00
vold.te Adds support for fuseblk binaries. 2023-02-02 15:32:39 +01:00
vold_prepare_subdirs.te Create a separate label for sandbox root directory 2022-05-19 16:01:15 +01:00
vzwomatrigger_app.te
wait_for_keymaster.te Remove wait_for_keymaster and references 2021-06-17 11:12:16 -07:00
watchdogd.te
webview_zygote.te Allow zygotes and installd to read odsign properties 2021-07-02 11:57:24 +01:00
wificond.te Rename vpnprofilestore to legacykeystore. 2021-06-30 12:40:39 -07:00
zygote.te Add build properties for attestation feature 2023-02-02 18:52:35 +08:00