..
compat
Merge "Fix permissions for vold.post_fs_data_done"
2021-04-26 20:36:34 +00:00
access_vectors
Merge "Keystore 2.0: Add early_boot_ended permission"
2021-03-24 19:47:47 +00:00
adbd.te
Allow adbd to pull apexes from /data/apex/active
2021-04-12 23:34:31 +00:00
aidl_lazy_test_server.te
Add aidl_lazy_test_server
2020-01-07 15:11:03 -08:00
apex_test_prepostinstall.te
Sepolicy: Initial Apexd pre-/postinstall rules
2019-01-24 15:06:17 -08:00
apexd.te
Allow apexd to access a new dev_type: virtual disk
2021-04-13 15:46:16 +09:00
app.te
Allow appdomain sepolicy search access to /mnt/media_rw
2021-04-13 14:56:44 +00:00
app_neverallows.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
app_zygote.te
Introduce app_data_file_type attribute.
2020-11-11 14:43:36 +00:00
asan_extract.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
atrace.te
Make AIDL HAL client attribute an exclusive client.
2020-09-11 00:02:00 +00:00
attributes
Add expandattribute to system_and_vendor_property_type
2020-12-01 19:58:02 +09:00
audioserver.te
Move audio config props to audio_config_prop
2020-05-06 22:58:29 +09:00
auditctl.te
Add policy for /system/bin/auditctl
2019-04-09 20:55:30 -07:00
automotive_display_service.te
Update automotive display service rules
2020-02-29 11:01:26 -08:00
binderservicedomain.te
Move list permission from keystore2_key to keystore class.
2020-10-01 05:33:31 +00:00
blank_screen.te
Allow blank_screen to make binder calls to the servicemanager
2020-04-02 19:38:36 +00:00
blkid.te
blkid_untrusted.te
bluetooth.te
Allow Bluetooth to access SystemSuspend control service
2020-10-14 00:31:01 +00:00
bluetoothdomain.te
bootanim.te
Add bootanim property context, ro.bootanim.quiescent.enabled property
2021-04-15 14:56:17 +00:00
bootstat.te
Enable incidentd access to ro.boot.bootreason
2020-04-09 15:57:06 -07:00
boringssl_self_test.te
SEPolicy changes to allow vendor BoringSSL self test.
2019-10-01 14:14:36 +01:00
bpfloader.te
grant bpfloader NET_ADMIN capability
2021-03-01 23:40:08 -08:00
bufferhubd.te
Remove unused bufferhub sepolicy
2018-12-10 13:36:11 -08:00
bug_map
Merge "Revert "Add bug_map entry for unrelated SELinux denial to unblock IC.""
2021-01-20 07:54:34 +00:00
cameraserver.te
Abstract use of cameraserver behind an attribute
2019-03-01 14:02:59 -08:00
canhalconfigurator.te
Revert "Revert "hal_can_*: use hal_attribute_service""
2021-01-11 18:25:51 +00:00
charger.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
clatd.te
sepolicy - move public clatd to private
2019-05-11 17:47:25 -07:00
coredomain.te
Revert "Add neverallows for debugfs access"
2021-04-23 16:38:20 +00:00
cppreopts.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
crash_dump.te
Allowing userdebug/eng builds crash dump access to ks
2021-04-30 18:50:54 +00:00
credstore.te
Keystore 2.0: Remove keystore2.enable property.
2021-03-19 10:07:49 -07:00
crosvm.te
Add crosvm domain and give virtmanager and crosvm necessary permissions.
2021-04-13 09:30:20 +00:00
derive_classpath.te
Allow derive_classpath to read /apex.
2021-04-06 15:14:19 +01:00
derive_sdk.te
Rename sdkext sepolicy to sdkextensions
2020-01-08 11:41:18 +00:00
dex2oat.te
Merge "Add SELinux policy for using userfaultfd"
2021-03-17 15:04:51 +00:00
dexoptanalyzer.te
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
dhcp.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
dnsmasq.te
domain.te
Revert "Add a neverallow for debugfs mounting"
2021-04-23 16:38:20 +00:00
drmserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
dumpstate.te
Revert "Add neverallows for debugfs access"
2021-04-23 16:38:20 +00:00
ephemeral_app.te
sepolicy: clean up redundant rules around gpuservice
2020-04-15 09:24:16 -07:00
fastbootd.te
Allow snapuserd interaction in recovery and fastbootd.
2021-02-04 22:48:55 -08:00
file.te
Merge "Add crosvm domain and give virtmanager and crosvm necessary permissions."
2021-04-22 18:57:15 +00:00
file_contexts
Merge "Add crosvm domain and give virtmanager and crosvm necessary permissions."
2021-04-22 18:57:15 +00:00
file_contexts_asan
Fix data/asan/system/system_ext/lib selinux rule for file_contexts_asan
2020-06-08 10:05:07 +00:00
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
fs_use
private/fs_use: Enable selinux for virtiofs
2020-03-06 17:19:04 +09:00
fsck.te
fsck_untrusted.te
fsverity_init.te
SELinux policy for on-device signing binary.
2021-02-03 16:15:48 +01:00
fwk_bufferhub.te
Allow bufferhub service to allocate buffer
2018-11-07 13:57:55 -08:00
gatekeeperd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
genfs_contexts
Grant access to cpuhp_pause trace point
2021-03-17 16:43:53 -07:00
gki_apex_prepostinstall.te
Allow GKI APEX to use apexd:fd
2020-08-28 17:29:58 -07:00
gmscore_app.te
Revert "gmscore_app: Don't audit memtrack hal denials"
2021-04-09 00:04:53 +00:00
gpuservice.te
Move more properties out of exported3_default_prop
2020-07-21 13:11:57 +09:00
gsid.te
Allow shell to read default fstab
2021-04-12 04:46:06 +00:00
hal_allocator_default.te
sepolicy: remove ashmemd
2019-09-27 17:43:53 +00:00
hal_lazy_test.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
halclientdomain.te
halserverdomain.te
healthd.te
Remove exported2_system_prop
2020-08-06 12:52:32 +09:00
heapprofd.te
Allow heapprofd to read shell_test_data_file.
2021-02-09 13:28:49 +00:00
hidl_lazy_test_server.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice.te
Add rules for hidl_lazy_test*
2020-04-24 14:09:41 -07:00
hwservice_contexts
Remove thermalcallback_hwservice.
2020-09-16 21:57:05 +00:00
hwservicemanager.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
idmap.te
Add idmap2 and idmap2d
2018-11-15 14:42:10 +00:00
incident.te
Allow dumpstate to call incident CLI
2019-08-21 16:10:39 -07:00
incident_helper.te
Allow dumpstate to dump incidentd
2018-12-04 15:42:56 -08:00
incidentd.te
Revert "Add neverallows for debugfs access"
2021-04-23 16:38:20 +00:00
init.te
Merge "Add crosvm domain and give virtmanager and crosvm necessary permissions."
2021-04-22 18:57:15 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
Revert "Suppress avc denials due to missing kernel config on mixed version boot test"
2021-01-22 11:05:43 +00:00
iorap_inode2filename.te
Permissions for odrefresh and /data/misc/apexdata/com.android.art
2021-01-13 10:38:22 +00:00
iorap_prefecherd.te
sepolicy: Add iorap_prefetcherd rules
2019-10-22 12:45:46 -07:00
iorapd.te
sepolicy: policies for iorap.inode2filename
2020-02-20 16:38:17 -08:00
isolated_app.te
[incfs] Allow everyone read the IncFS sysfs features
2021-04-21 15:15:40 -07:00
iw.te
Allow iw to be run at init phase.
2018-11-14 19:10:12 +00:00
kernel.te
Add permissions required to install the DSU to a SD card
2021-01-27 06:36:12 +00:00
keys.conf
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
keystore.te
Enable pull metrics from keystore
2021-04-13 22:45:01 +00:00
keystore2_key_contexts
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
keystore_keys.te
Add keystore2 namespace for LocksettingsService.
2021-04-14 16:03:13 -07:00
linkerconfig.te
Use postinstall file_contexts
2021-03-24 17:00:35 -07:00
llkd.te
llkd: requires sys_admin permissions
2020-01-15 08:08:59 -08:00
lmkd.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
logd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
logpersist.te
sepolicy: rules for uid/pid cgroups v2 hierarchy
2021-02-11 23:40:38 +00:00
lpdumpd.te
Add rules for calling ReadDefaultFstab()
2021-03-29 15:23:29 +08:00
mac_permissions.xml
Don't require seinfo for priv-apps
2019-11-06 08:37:03 -08:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediametrics.te
Allow communication between mediametrics & statsd
2021-03-12 04:06:23 -08:00
mediaprovider.te
Allow mediaprovider to find the camera server.
2021-04-14 18:41:28 -07:00
mediaprovider_app.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
mediaserver.te
Relabel drm related props from exported*_prop
2020-06-19 10:52:10 +09:00
mediaswcodec.te
Add sepolicy swcodec native flag namespace.
2021-02-16 09:22:16 -08:00
mediatranscoding.te
Transcoding: Allow media transcoding to log metrics to statsd
2021-03-01 15:09:14 -08:00
mediatuner.te
Allow TunerService to find and call native Package Manager Service
2021-03-01 16:48:02 -08:00
migrate_legacy_obb_data.te
sepolicy: Adjust policy for migrate_legacy_obb_data.sh
2019-07-16 02:55:25 +00:00
mls
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
mls_decl
mls_macros
mlstrustedsubject.te
Remove app_data_file:dir access from dexoptanalyzer.
2020-09-22 15:54:02 +01:00
mm_events.te
Sepolicy for mm_events
2021-04-06 22:46:32 -04:00
modprobe.te
mtp.te
netd.te
Fix sepolicy to netd.
2021-01-27 17:34:01 +08:00
netutils_wrapper.te
Sepolicy for netutils_wrapper to use binder call
2019-04-26 02:46:39 +00:00
network_stack.te
Amend networkstack sepolicy for testing
2021-04-15 00:06:05 +08:00
nfc.te
Add sepolicy to allow read/write nfc snoop log data
2020-09-24 17:36:07 +08:00
odrefresh.te
Allow odrefresh to update the boot animation status.
2021-04-16 09:26:38 +01:00
odsign.te
Add odsign status properties.
2021-03-16 09:14:29 +01:00
otapreopt_chroot.te
Use postinstall file_contexts
2021-03-24 17:00:35 -07:00
otapreopt_slot.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
perfetto.te
Sepolicy for mm_events
2021-04-06 22:46:32 -04:00
performanced.te
permissioncontroller_app.te
Allow PermissonController to find app_api_service and system_api_service.
2020-12-09 11:10:06 +00:00
platform_app.te
Revert^2 "Add qemu.hw.mainkeys to system property_contexts"
2021-02-17 18:29:59 +00:00
policy_capabilities
port_contexts
postinstall.te
Use postinstall file_contexts
2021-03-24 17:00:35 -07:00
postinstall_dexopt.te
Use postinstall file_contexts
2021-03-24 17:00:35 -07:00
ppp.te
preloads_copy.te
Ignore the denial when system_other is erased
2020-03-31 20:10:26 +08:00
preopt2cachename.te
Sepolicy: Clean up moved files
2019-02-22 08:36:41 -08:00
priv_app.te
[incfs] Allow everyone read the IncFS sysfs features
2021-04-21 15:15:40 -07:00
profcollectd.te
Add permissions in profcollectd to parse kernel etm data.
2021-04-08 16:03:59 -07:00
profman.te
property.te
Make suspend_prop system_vendor_config_prop
2021-04-20 09:13:02 -07:00
property_contexts
Merge "Fix permissions for vold.post_fs_data_done"
2021-04-26 20:36:34 +00:00
racoon.te
radio.te
Remove exported3_radio_prop
2020-08-03 09:23:39 +00:00
recovery.te
Allow snapuserd interaction in recovery and fastbootd.
2021-02-04 22:48:55 -08:00
recovery_persist.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
recovery_refresh.te
In native coverage builds, allow all domains to access /data/misc/trace
2019-06-19 16:27:17 -07:00
remote_prov_app.te
Allow remote_prov_app to find app_api_service
2021-03-23 14:00:28 -07:00
roles_decl
rs.te
rs.te: Allow ephemeral_app FD use
2019-04-02 13:59:39 -07:00
rss_hwm_reset.te
SELinux policy for rss_hwm_reset
2018-12-15 10:13:03 +00:00
runas.te
runas_app.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
sdcardd.te
seapp_contexts
SEPolicy for RemoteProvisioning App
2021-02-08 01:33:12 -08:00
secure_element.te
security_classes
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
service.te
Configure sepolicy for TracingServiceProxy
2021-02-05 11:04:11 -08:00
service_contexts
Add permission checker service
2021-04-17 23:41:50 +00:00
servicemanager.te
Allow servicemanager to start processes
2019-08-02 00:23:16 +00:00
sgdisk.te
shared_relro.te
Make shared_relro policy private.
2021-01-05 09:48:10 +00:00
shell.te
Allow shell to read default fstab
2021-04-12 04:46:06 +00:00
simpleperf.te
perf_event: rules for system and simpleperf domain
2020-01-15 16:56:41 +00:00
simpleperf_app_runner.te
Add sepolicy for simpleperf_app_runner.
2019-01-23 23:23:09 +00:00
slideshow.te
snapshotctl.te
snapshotctl: allow to write stats
2020-02-14 20:51:53 +00:00
snapuserd.te
Add a kernel transition to snapuserd.
2020-12-14 23:48:08 -08:00
stats.te
Enable pull metrics from keystore
2021-04-13 22:45:01 +00:00
statsd.te
Selinux changes for statsd flags
2020-11-17 19:28:41 -08:00
storaged.te
Revert "Add neverallows for debugfs access"
2021-04-23 16:38:20 +00:00
su.te
Permissions for odrefresh and /data/misc/apexdata/com.android.art
2021-01-13 10:38:22 +00:00
surfaceflinger.te
Add missing permission for accessing the DMA-BUF system heap
2021-03-03 14:22:48 -08:00
system_app.te
Allow appdomain sepolicy search access to /mnt/media_rw
2021-04-13 14:56:44 +00:00
system_server.te
Merge "[incfs] Allow everyone read the IncFS sysfs features"
2021-04-26 22:19:37 +00:00
system_server_startup.te
Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts"
2020-03-16 16:44:55 +00:00
system_suspend.te
sepolicy: Create new attribute to serve ISuspendControlServiceInternal
2021-02-25 18:04:04 +08:00
technical_debt.cil
Use attributes for exclusive property owners
2020-11-30 18:34:30 +09:00
tombstoned.te
Fix broken neverallow rules
2021-03-10 10:44:22 +09:00
toolbox.te
traced.te
traced: move traced_tmpfs to public policy
2021-04-14 22:18:41 +02:00
traced_perf.te
traced_perf: allow RO tracefs access + fix neverallow
2021-01-31 16:44:00 +00:00
traced_probes.te
Allow traced_probes to read devfreq
2021-04-16 20:02:06 +08:00
traceur_app.te
Cleanup mechanism for enabling perfetto daemon.
2020-06-01 11:56:03 -07:00
tzdatacheck.te
ueventd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
uncrypt.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
untrusted_app.te
reland: untrusted_app_29: add new targetSdk domain
2020-01-22 09:47:53 +00:00
untrusted_app_25.te
Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK
2020-12-11 14:10:19 +01:00
untrusted_app_27.te
Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK
2020-12-11 14:10:19 +01:00
untrusted_app_29.te
Untrusted_app: audit NETLINK_ROUTE bind and RTM_GETLINK
2020-12-11 14:10:19 +01:00
untrusted_app_all.te
Allow appdomain sepolicy search access to /mnt/media_rw
2021-04-13 14:56:44 +00:00
update_engine.te
Allow update_engine to communicate with apexd
2021-02-19 13:21:51 +00:00
update_engine_common.te
Use postinstall file_contexts
2021-03-24 17:00:35 -07:00
update_verifier.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
usbd.te
Move system property rules to private
2020-03-18 16:46:04 +00:00
users
vdc.te
vendor_init.te
Add crosvm domain and give virtmanager and crosvm necessary permissions.
2021-04-13 09:30:20 +00:00
viewcompiler.te
Give map permission to viewcompiler
2019-08-27 10:43:55 -07:00
virtmanager.te
Add crosvm domain and give virtmanager and crosvm necessary permissions.
2021-04-13 09:30:20 +00:00
virtual_touchpad.te
vold.te
Fix permissions for vold.post_fs_data_done
2021-04-26 12:43:05 -07:00
vold_prepare_subdirs.te
Add sepolicy for scheduling module data directories
2021-02-15 22:31:27 +00:00
vr_hwc.te
vzwomatrigger_app.te
Don't run vzwomatrigger_app in permissive mode
2019-12-02 09:41:54 -08:00
wait_for_keymaster.te
Keystore 2.0: sepolicy changes for vold to use keystore2
2021-04-07 02:14:33 -07:00
watchdogd.te
webview_zygote.te
Add SELinux policy for using userfaultfd
2021-03-17 04:57:22 -07:00
wificond.te
Add wifi_hal_prop and remove exported_wifi_prop
2020-07-17 17:38:13 +09:00
wpantund.te
zygote.te
Merge "Allow zygote to mount obb and data dirs on top of the mounted dirs."
2021-03-23 17:25:18 +00:00
f09391624a