..
compat
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
access_vectors
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
adbd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
apexd.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
app.te
sepolicy: Allow apps to read ashmem fds from system_server
2018-09-10 17:04:09 +00:00
app_neverallows.te
Constrain cgroups access.
2018-10-09 23:42:06 +00:00
asan_extract.te
Sepolicy: Add ASAN-Extract
2017-04-05 13:09:29 -07:00
atrace.te
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
audioserver.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
binder_in_vendor_violators.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
binderservicedomain.te
Move binderservicedomain policy to private
2017-02-08 09:09:39 -08:00
blank_screen.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
blkid_untrusted.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bluetooth.te
Whitelist vendor-init-settable bluetooth_prop and wifi_prop
2018-04-13 11:08:48 +09:00
bluetoothdomain.te
Move bluetoothdomain policy to private
2017-02-06 15:32:08 -08:00
bootanim.te
Dontaudit denials caused by race with labeling.
2018-02-14 17:07:13 -08:00
bootstat.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
bpfloader.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
bufferhubd.te
Update SELinux Policy for bufferhubd
2018-09-24 12:29:43 -07:00
bug_map
Remove fixed bugs from bug_map.
2018-09-17 08:42:55 -07:00
cameraserver.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
charger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
clatd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
coredomain.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
cppreopts.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
crash_dump.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
dex2oat.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dexoptanalyzer.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
dhcp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
dnsmasq.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
domain.te
Further lock down app data
2018-09-22 22:38:42 -07:00
drmserver.te
Tighten restrictions on core <-> vendor socket comms
2017-03-31 09:17:54 -07:00
dumpstate.te
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
ephemeral_app.te
Revert "auditallow app_data_file execute"
2018-08-13 11:23:02 -07:00
fastbootd.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
file.te
Allow all app types to socket send to statsdw (statsd socket)
2018-08-23 16:13:30 -07:00
file_contexts
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
file_contexts_asan
asan: global read access to /system/asan.options
2018-10-08 17:27:06 +00:00
file_contexts_overlayfs
fs_mgr: add /mnt/scratch to possible overlayfs support directories
2018-10-08 14:23:01 +00:00
fingerprintd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
fs_use
fs_mgr: add overlayfs handling for squashfs system filesystems
2018-08-08 07:33:10 -07:00
fsck.te
Allow access to the metadata partition for metadata encryption.
2018-01-19 14:45:08 -08:00
fsck_untrusted.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
gatekeeperd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
genfs_contexts
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
hal_allocator_default.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
hal_system_suspend_default.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
halclientdomain.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
halserverdomain.te
Allow hals to read hwservicemanager prop.
2017-03-23 01:50:50 +00:00
healthd.te
healthd provides health@2.0 service.
2017-10-17 13:48:42 -07:00
hwservice_contexts
Update sepolicies for stats hal
2018-09-28 13:34:37 -07:00
hwservicemanager.te
Finer grained permissions for ctl. properties
2018-05-22 13:47:16 -07:00
idmap.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
incident.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incident_helper.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
incidentd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
init.te
Add sepolicy for fastbootd
2018-08-15 08:45:22 -07:00
initial_sid_contexts
initial_sids
inputflinger.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
install_recovery.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
installd.te
Ensure taking a bugreport generates no denials.
2018-03-08 02:25:18 +00:00
iorapd.te
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
isolated_app.te
isolated_apps: no socket create
2018-10-02 21:43:20 -07:00
kernel.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
keys.conf
keystore.te
Allow Keystore to check security logging property.
2018-01-24 19:49:18 +00:00
llkd.te
Add policy for apexd.
2018-10-04 07:06:45 +00:00
lmkd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logd.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
logpersist.te
sepolicy: Add rules for non-init namespaces
2017-11-21 08:34:32 -07:00
mac_permissions.xml
mdnsd.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
mediadrmserver.te
update sepolicy for gralloc HAL
2017-03-30 14:43:35 -07:00
mediaextractor.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediametrics.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mediaprovider.te
Allow mediaprovider to search /mnt/media_rw
2018-05-15 11:46:52 -07:00
mediaserver.te
mediacodec->mediacodec+hal_omx{,_server,_client}
2018-05-30 18:12:32 +00:00
mls
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
mls_decl
mls_macros
modprobe.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
mtp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
net.te
Update socket ioctl restrictions
2018-06-22 05:35:07 +00:00
netd.te
Allow netd to setup xt_bpf iptable rules
2018-03-21 14:37:37 -07:00
netutils_wrapper.te
Start the process of locking down proc/net
2018-05-04 21:36:33 +00:00
nfc.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
otapreopt_chroot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
otapreopt_slot.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfetto.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
performanced.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
perfprofd.te
Sepolicy for system suspend HAL.
2018-08-13 17:26:34 -07:00
platform_app.te
app: Allow all apps to read dropbox FDs
2018-09-04 20:23:43 +00:00
policy_capabilities
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
port_contexts
postinstall.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
postinstall_dexopt.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ppp.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
preopt2cachename.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
priv_app.te
Constrain cgroups access.
2018-10-09 23:42:06 +00:00
profman.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
property_contexts
llkd: Add stack symbol checking
2018-09-04 17:02:30 +00:00
racoon.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
radio.te
Add label for time (zone) system properties
2018-06-25 17:59:56 +01:00
recovery.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
recovery_persist.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
recovery_refresh.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
roles_decl
runas.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
sdcardd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
seapp_contexts
Change priv-apps /data/data labels to privapp_data_file
2018-09-12 12:30:32 -07:00
secure_element.te
SE Policy for Secure Element app and Secure Element HAL
2018-01-29 21:31:42 +00:00
security_classes
Add nnp_nosuid_transition policycap and related class/perm definitions.
2018-09-07 10:52:31 -07:00
service.te
Update SELinux Policy for bufferhubd
2018-09-24 12:29:43 -07:00
service_contexts
iorapd: Add new binder service iorapd.
2018-10-08 15:00:34 -07:00
servicemanager.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
sgdisk.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
shared_relro.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
shell.te
Remove access to /proc/net/{tcp,udp}
2018-09-30 21:33:47 -07:00
slideshow.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
stats.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
statsd.te
Allow all app types to socket send to statsdw (statsd socket)
2018-08-23 16:13:30 -07:00
storaged.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
su.te
SELinux policies for Perfetto cmdline client (/system/bin/perfetto)
2018-01-29 11:06:00 +00:00
surfaceflinger.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
system_app.te
Constrain cgroups access.
2018-10-09 23:42:06 +00:00
system_server.te
Allow zygote to write to statsd and refactor
2018-10-08 13:48:28 -07:00
technical_debt.cil
Rename untrusted_app_visible_*' to include 'violators'.
2018-08-21 21:32:41 +00:00
thermalserviced.te
Sync internal master and AOSP sepolicy.
2017-09-26 14:38:47 -07:00
tombstoned.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
toolbox.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
traced.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traced_probes.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
traceur_app.te
Allow Traceur app to remove trace files.
2018-02-20 17:03:08 -08:00
tzdatacheck.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
ueventd.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
uncrypt.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
untrusted_app.te
Add untrusted_app_27
2018-04-03 12:25:51 -07:00
untrusted_app_25.te
Block access to xt_qtaguid proc files
2018-09-28 01:33:02 +00:00
untrusted_app_27.te
Block access to xt_qtaguid proc files
2018-09-28 01:33:02 +00:00
untrusted_app_all.te
Remove untrusted app access to /proc/net
2018-09-28 10:46:19 -07:00
update_engine.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
update_engine_common.te
update_verifier.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
usbd.te
usbd sepolicy
2018-01-20 03:41:21 +00:00
users
vdc.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vendor_init.te
Remove vendor_init from coredomain
2018-01-29 18:07:41 +00:00
virtual_touchpad.te
Vendor domains must not use Binder
2017-03-24 07:54:00 -07:00
vold.te
domain_deprecated is dead
2017-07-28 22:01:46 +00:00
vold_prepare_subdirs.te
sepolicy: grant dac_read_search to domains with dac_override
2018-09-19 15:54:37 -06:00
vr_hwc.te
Restrict access to hwservicemanager
2017-04-21 09:54:53 -07:00
wait_for_keymaster.te
Introduce system_file_type
2018-09-27 12:52:09 -07:00
watchdogd.te
Move watchdogd out of init and into its own domain
2018-08-03 19:28:05 +00:00
webview_zygote.te
Start partitioning off privapp_data_file from app_data_file
2018-08-02 16:29:02 -07:00
wificond.te
SE Policy for Wifi Offload HAL
2017-05-18 09:49:55 -07:00
wpantund.te
lowpan: Add wpantund to SEPolicy
2017-10-16 14:10:40 -07:00
zygote.te
Allow zygote to search sdcardfs dirs.
2018-10-08 16:21:03 -07:00
9899568f6c