..
compat
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
access_vectors
Remove key migration related changes
2022-07-20 15:19:37 +10:00
adbd.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
aidl_lazy_test_server.te
apex_test_prepostinstall.te
apexd.te
Modifed sepolicy for new apex ready prop
2022-09-01 22:20:10 +00:00
apexd_derive_classpath.te
Allow apexd to call derive_classpath binary
2021-10-28 16:27:09 +01:00
app.te
Merge "Allow all Apps to Recv UDP Sockets from SystemServer" am: c37a39c26d
2022-07-04 08:30:12 +00:00
app_neverallows.te
Merge "Drop back-compatibility for hiding ro.debuggable and ro.secure"
2022-09-08 09:51:22 +00:00
app_zygote.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
artd.te
Grant artd write permissions on profile directories.
2022-09-26 10:47:34 +00:00
asan_extract.te
atrace.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
attributes
audioserver.te
Add SELinux policy for accessing the AudioService
2022-07-27 12:11:50 +00:00
auditctl.te
automotive_display_service.te
Revert^2 "Updates sepolicy for EVS HAL"
2022-02-10 17:21:54 +00:00
binderservicedomain.te
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te
Allow Bluetooth stack to read security log sysprop
2022-05-25 21:05:02 +00:00
bluetoothdomain.te
bootanim.te
Label /data/bootanim with bootanim_data_file.
2021-12-23 15:00:31 -08:00
bootstat.te
boringssl_self_test.te
bpfdomain.te
allow bpfloader to create symbolic links in /sys/fs/bpf
2022-07-18 05:14:44 -07:00
bpfloader.te
allow bpfloader to create symbolic links in /sys/fs/bpf
2022-07-18 05:14:44 -07:00
bufferhubd.te
bug_map
Track sys_module permission for system_server
2022-04-13 10:48:13 +10:00
cameraserver.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
canhalconfigurator.te
charger.te
Add charger_type.
2021-11-05 18:44:04 -07:00
charger_type.te
Add charger_vendor type
2021-12-07 16:24:23 -08:00
clatd.te
Grants clatd privs since forked by system server
2022-01-21 18:17:45 +00:00
compos_fd_server.te
Delete more unused policies by CompOS
2022-01-25 08:40:46 -08:00
compos_verify.te
Allow compos_verify to write VM logs
2022-06-17 13:41:51 +01:00
composd.te
Allow composd to pass some system properties to CompOS
2022-05-11 09:05:12 -07:00
coredomain.te
Merge changes from topics "apex-ready-prop", "apex-update-prop"
2022-09-02 06:46:54 +00:00
cppreopts.te
crash_dump.te
Remove inapplicable comment.
2022-08-02 11:01:25 -07:00
credstore.te
Add remotely provisioned key pool se policy
2022-02-02 15:07:26 -08:00
crosvm.te
crosvm: dontaudit netlink perms for acpi
2022-09-02 20:41:56 +00:00
derive_classpath.te
derive_sdk.te
dex2oat.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
dexoptanalyzer.te
dhcp.te
diced.te
Dice HAL: Add policy for dice HAL.
2021-11-17 13:36:18 -08:00
dmesgd.te
dmesgd: sepolicies
2022-02-10 17:42:52 +00:00
dnsmasq.te
domain.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
drmserver.te
dumpstate.te
Merge "system_dlkm: allow dumpstate/bugreport to getattr"
2022-03-13 22:22:54 +00:00
ephemeral_app.te
evsmanagerd.te
Revert^2 "Adds a sepolicy for EVS manager service"
2022-02-10 17:21:14 +00:00
extra_free_kbytes.te
Add policies for ro.kernel.watermark_scale_factor property
2022-09-08 19:35:34 +00:00
fastbootd.te
Fix selinux denials for fastbootd
2022-09-05 17:41:07 +00:00
file.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
file_contexts
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
file_contexts_asan
file_contexts_overlayfs
fingerprintd.te
flags_health_check.te
sepolicy: allow vendor system native boot experiments property
2022-08-11 08:03:42 +00:00
fs_use
fsck.te
fsck_untrusted.te
fsverity_init.te
Don't audit fsverity_init's view to domain:key
2021-07-21 14:51:00 +00:00
fwk_bufferhub.te
Remove bufferhub HAL policy.
2021-10-27 10:54:45 -07:00
gatekeeperd.te
genfs_contexts
much more finegrained bpf selinux privs for networking mainline
2022-06-22 16:07:42 -07:00
gki_apex_prepostinstall.te
gmscore_app.te
Merge "Revert system app/process profileability on user builds" am: 829acbee3a
2022-07-04 15:56:18 +00:00
gpuservice.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
gsid.te
Add proc_cmdline read permission to read_fstab
2022-03-20 16:35:19 +08:00
hal_allocator_default.te
hal_lazy_test.te
halclientdomain.te
halserverdomain.te
healthd.te
Remove healthd.
2021-10-20 18:47:41 -07:00
heapprofd.te
perfetto profiling: fix access to ART apex files
2022-08-19 00:30:40 +01:00
hidl_lazy_test_server.te
hwservice.te
hwservice_contexts
sepolicy: Change UWB HAL from HIDL to versioned AIDL
2021-08-27 00:28:56 +00:00
hwservicemanager.te
Allow (hw)servicemanager use bootstrap bionic
2022-07-14 11:31:03 +09:00
idmap.te
incident.te
incident_helper.te
incidentd.te
Allow incidentd to read apex-info-list.xml.
2021-10-09 15:46:44 +01:00
init.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
initial_sid_contexts
initial_sids
inputflinger.te
installd.te
Allow installd delete staging folders.
2022-09-02 13:16:24 -07:00
isolated_app.te
Add ThermalService and file access to SdkSandbox
2022-03-25 12:20:07 +00:00
iw.te
kernel.te
Policy for using Apex sepolicy
2021-12-14 13:54:03 +01:00
keys.conf
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
keystore.te
Add ro.keystore.boot_level_key.strategy
2022-08-24 21:38:36 -07:00
keystore2_key_contexts
keystore_keys.te
linkerconfig.te
llkd.te
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
lmkd.te
Add search in bpf directory for bpfdomains
2022-03-21 17:31:17 -07:00
logd.te
Add sepolicy for logd and logcat services
2022-01-13 11:38:43 -08:00
logpersist.te
Add logd.ready
2021-11-30 15:10:53 +09:00
lpdumpd.te
mac_permissions.xml
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te
2021-07-13 09:33:15 +08:00
mediaprovider_app.te
Restrict creating per-user encrypted directories
2022-05-05 04:12:46 +00:00
mediaserver.te
mediaswcodec.te
mediatranscoding.te
Adds GPU sepolicy to support devices with DRM gralloc/rendering
2022-04-18 17:30:56 -07:00
mediatuner.te
Add properties to configure whether the lazy tuner is enabled.
2022-08-23 07:01:05 +00:00
migrate_legacy_obb_data.te
mls
mls_decl
mls_macros
mlstrustedsubject.te
Iorapd and friends have been removed
2022-05-18 12:07:39 +02:00
mm_events.te
modprobe.te
mtectrl.te
Move mtectrl to private
2022-01-26 08:59:55 +09:00
mtp.te
net.te
Merge "Enforce MAC address restrictions for priv apps." am: 6b2fefbf46 am: a9723095c7
2022-05-18 13:56:49 +00:00
netd.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 16:07:42 -07:00
netutils_wrapper.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 16:07:42 -07:00
network_stack.te
much more finegrained bpf selinux privs for networking mainline
2022-06-22 16:07:42 -07:00
nfc.te
odrefresh.te
Remove odrefresh privileges no longer needed for CompOS
2022-01-18 12:56:27 -08:00
odsign.te
Selinux setup for /data/misc/odsign/metrics/
2022-04-07 14:18:37 +00:00
otapreopt_chroot.te
otapreopt_slot.te
perfetto.te
Remove TZUvA feature.
2022-06-13 11:45:50 +00:00
performanced.te
permissioncontroller_app.te
platform_app.te
Revert system app/process profileability on user builds
2022-07-01 12:41:01 +00:00
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
postinstall_dexopt: allow reading odsign.verification.status
2021-07-19 19:47:33 +00:00
ppp.te
preloads_copy.te
preopt2cachename.te
priv_app.te
Allow priv-app to report off body events to keystore.
2022-02-07 22:42:51 +00:00
prng_seeder.te
Add SEPolicy for PRNG seeder daemon.
2022-09-22 15:13:20 +00:00
profcollectd.te
profcollectd: allow to request wakelock from system_suspend.
2022-02-17 10:20:08 -08:00
profman.te
Update SELinux policy for app compilation CUJ.
2022-07-29 14:07:52 +00:00
property.te
Don't let ro.log.file_logger.path to be set
2022-09-18 23:39:41 +09:00
property_contexts
Don't let ro.log.file_logger.path to be set
2022-09-18 23:39:41 +09:00
racoon.te
radio.te
make ril.cdma.inecmmode system property internal
2021-10-01 21:36:49 +00:00
recovery.te
Allow update_engine, recovery, and fastbootd to read snapuserd properties.
2021-07-28 22:30:22 -07:00
recovery_persist.te
recovery_refresh.te
remote_prov_app.te
Allow remote_prov_app to find mediametrics.
2022-06-15 13:42:32 -07:00
remount.te
Add remount.te to allow adb remount-related operations
2021-11-02 22:10:05 +08:00
roles_decl
rs.te
rss_hwm_reset.te
runas.te
runas_app.te
sdcardd.te
sdk_sandbox.te
Revert^2 "Move allow rules of sdk_sandbox to apex policy"
2022-09-07 08:22:59 +00:00
seapp_contexts
Changing selinux policy for privapps for new certs.
2022-04-05 17:31:49 -07:00
secure_element.te
Added sepolicy rule for vendor uuid mapping config
2021-11-20 01:08:11 +00:00
security_classes
Diced: Add policy for diced the DICE daemon.
2021-11-17 13:36:18 -08:00
service.te
Merge "SELinux policy changes for AmbientContext system API." am: 7bb9120ba7 am: 49527e07b6 am: f46b2a87dd am: ad1efe3c75
2022-01-21 22:54:30 +00:00
service_contexts
Merge "Create selinux policy for remoteaccess HAL."
2022-09-22 01:17:00 +00:00
servicemanager.te
servicemanager started property
2022-07-28 17:09:14 +00:00
sgdisk.te
shared_relro.te
shell.te
Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it."
2022-04-21 18:12:43 +00:00
simpleperf.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_app_runner.te
Revert "Revert "allow simpleperf to profile more app types.""
2021-10-27 11:05:01 -07:00
simpleperf_boot.te
Add sepolicy for simpleperf_boot.
2022-01-15 16:12:51 -08:00
slideshow.te
snapshotctl.te
snapuserd.te
Fix io_uring permission denial for snapuserd
2022-09-06 17:11:54 +00:00
stats.te
statsd.te
Allow statsd to write to priv app FDs
2021-10-28 13:07:19 -07:00
storaged.te
su.te
Add property for MTE permissive mode.
2022-06-14 10:21:25 -07:00
surfaceflinger.te
Revert system app/process profileability on user builds
2022-07-01 12:41:01 +00:00
system_app.te
Revert system app/process profileability on user builds
2022-07-01 12:41:01 +00:00
system_server.te
Allow system_server to obtain verity root hash for install files.
2022-09-02 09:30:21 -07:00
system_server_startup.te
system_suspend.te
sepolicy: Serve suspend AIDL hal from system_suspend
2021-07-20 18:54:55 +00:00
technical_debt.cil
Restrict sandbox access to drmservice
2022-03-24 14:09:46 +01:00
tombstoned.te
toolbox.te
Dontaudit chmod of virtualizationsevice_data_file
2022-06-15 17:25:20 +01:00
traced.te
Remove TZUvA feature.
2022-06-13 11:45:50 +00:00
traced_perf.te
perfetto profiling: fix access to ART apex files
2022-08-19 00:30:40 +01:00
traced_probes.te
traced_probes: allow perfetto to read buddyinfo proc entry
2022-08-04 20:21:37 +00:00
traceur_app.te
ueventd.te
uncrypt.te
untrusted_app.te
Add services and allow app to write to sdk_sandbox
2022-05-11 15:52:51 +00:00
untrusted_app_25.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-08-18 13:43:17 +00:00
untrusted_app_27.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-08-18 13:43:17 +00:00
untrusted_app_29.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-08-18 13:43:17 +00:00
untrusted_app_30.te
Drop back-compatibility for hiding ro.debuggable and ro.secure
2022-08-18 13:43:17 +00:00
untrusted_app_all.te
Allow untrusted app to use virtualizationservice - even on user builds
2022-05-03 14:38:28 +09:00
update_engine.te
Add sepolicy for IBootControl AIDL
2022-06-07 16:26:19 -07:00
update_engine_common.te
update_verifier.te
Allow update_verifier to connect to snapuserd daemon
2022-06-08 20:26:18 +00:00
usbd.te
users
vdc.te
Add vehicle_binding_util SELinux context
2021-07-15 19:44:27 +00:00
vehicle_binding_util.te
Revert "Revert "Allow vehicle_binding_util to access AIDL VHAL. am: d5af7b7cea am: 565699bc61 am: e4ddf119a1 am: 54e7d19e1d am: 3686a43f8f""
2022-05-11 18:14:06 +00:00
vendor_init.te
Set apex. property as "system_restricted"
2022-09-02 18:11:33 +09:00
viewcompiler.te
virtual_touchpad.te
virtualizationservice.te
Make sure only VS can access its data files
2022-08-31 17:39:59 +01:00
vold.te
Remove init's write access to /data/user and /data/media
2022-05-12 00:19:29 +00:00
vold_prepare_subdirs.te
Create a separate label for sandbox root directory
2022-05-19 16:01:15 +01:00
vzwomatrigger_app.te
wait_for_keymaster.te
watchdogd.te
webview_zygote.te
wificond.te
zygote.te
Allow zygote to read persist.wm.debug.* prop
2022-08-04 14:48:06 -07:00
ff67b849bf