| /aosp12/system/sepolicy/prebuilts/api/32.0/private/ |
| H A D | shell.te | 45 # Allow to send SIGINT to perfetto when daemonized.
68 # Allow shell to run adb shell cmd gpu commands.
71 # Allow shell to use atrace HAL
89 # Allow shell to start and comminicate with lpdumpd.
97 # Allow shell to set this property used for rollback tests
113 # Allow shell to read profcollectd data files.
157 # Allow shell to enable Dynamic System Update
159 # Allow shell to mock an OTA using persist.pm.mock-upgrade
196 # Allow shell to read the dm-verity props on user builds.
199 # Allow shell to read Virtual A/B related properties
[all …]
|
| H A D | automotive_display_service.te | 7 # Allow to add a display service to the manager
10 # Allow init to launch automotive display service
13 # Allow to use Binder IPC for SurfaceFlinger.
16 # Allow to use HwBinder IPC for HAL implementations.
21 # Allow to read the target property.
24 # Allow to find SurfaceFlinger.
27 # Allow client domain to do binder IPC to serverdomain.
30 # Allow to use a graphics mapper
33 # Allow to use hidl token service
36 # Allow to access EGL files
|
| H A D | profcollectd.te | 15 # Allow profcollectd to scan through /proc/pid for all processes.
18 # Allow profcollectd to read executable binaries.
22 # Allow profcollectd to search for and read kernel modules.
26 # Allow profcollectd to read system bootstrap libs.
30 # Allow profcollectd to access tracefs.
36 # Allow profcollectd to write to perf_event_paranoid under /proc.
39 # Allow profcollectd to access cs_etm sysfs.
42 # Allow profcollectd to ptrace.
45 # Allow profcollectd to read its system properties.
49 # Allow profcollectd to publish a binder service and make binder calls.
[all …]
|
| H A D | otapreopt_chroot.te | 31 # Allow otapreopt_chroot to read SELinux policy files.
39 # Allow otapreopt to use file descriptors from update-engine. It will
50 # Allow otapreopt_chroot to control linkerconfig
54 # Allow otapreopt_chroot to create loop devices with /dev/loop-control.
56 # Allow otapreopt_chroot to access loop devices.
69 # Allow otapreopt_chroot to configure read-ahead of loop devices.
79 # Allow otapreopt_chroot to manipulate directory /postinstall/apex.
82 # Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
85 # Allow otapreopt_chroot to access /dev/block (needed to detach loop
89 # Allow to access the linker through the symlink.
[all …]
|
| H A D | update_engine.te | 5 # Allow to talk to gsid.
9 # Allow to start gsid service.
12 # Allow to start snapuserd for dm-user communication.
15 # Allow to set the OTA related properties, e.g. ota.warm_reset.
18 # Allow to get the DSU status
21 # Allow update_engine to call the callback function provided by GKI update hook.
24 # Allow to communicate with the snapuserd service, for dm-user snapshots.
28 # Allow to communicate with apexd for calculating and reserving space for
|
| H A D | traced_probes.te | 5 # Allow init to exec the daemon.
13 # Allow traced_probes to access tracefs.
19 # Allow traced_probes to access mm_events trace instance
35 # Allow procfs access
43 # Allow to read packages.list file.
46 # Allow to log to kernel dmesg when starting / stopping ftrace.
49 # Allow traced_probes to list the system partition.
52 # Allow traced_probes to list some of the data partition.
73 # Allow traced_probes to kill atrace on timeout.
76 # Allow traced_probes to access /proc files for system stats.
[all …]
|
| H A D | dex2oat.te | 34 # Allow dex2oat to compile app's secondary dex files which were reported back to
41 # Allow dex2oat to use file descriptors passed from odrefresh.
44 # Allow dex2oat to use devpts and file descriptors passed from odsign
48 # Allow dex2oat to write to file descriptors from odrefresh for files
53 # Allow dex2oat to read artifacts from odrefresh.
57 # Allow dex2oat to read runtime native flag properties.
61 # Allow dex2oat to read /apex/apex-info-list.xml
68 # Allow dex2oat to use file descriptors from otapreopt.
80 # Allow dex2oat access to /postinstall/apex.
84 # Allow dex2oat access to files in /data/ota.
[all …]
|
| /aosp12/system/sepolicy/private/ |
| H A D | shell.te | 45 # Allow to send SIGINT to perfetto when daemonized.
68 # Allow shell to run adb shell cmd gpu commands.
71 # Allow shell to use atrace HAL
89 # Allow shell to start and comminicate with lpdumpd.
97 # Allow shell to set this property used for rollback tests
113 # Allow shell to read profcollectd data files.
157 # Allow shell to enable Dynamic System Update
159 # Allow shell to mock an OTA using persist.pm.mock-upgrade
196 # Allow shell to read the dm-verity props on user builds.
199 # Allow shell to read Virtual A/B related properties
[all …]
|
| H A D | automotive_display_service.te | 7 # Allow to add a display service to the manager
10 # Allow init to launch automotive display service
13 # Allow to use Binder IPC for SurfaceFlinger.
16 # Allow to use HwBinder IPC for HAL implementations.
21 # Allow to read the target property.
24 # Allow to find SurfaceFlinger.
27 # Allow client domain to do binder IPC to serverdomain.
30 # Allow to use a graphics mapper
33 # Allow to use hidl token service
36 # Allow to access EGL files
|
| H A D | profcollectd.te | 15 # Allow profcollectd to scan through /proc/pid for all processes.
18 # Allow profcollectd to read executable binaries.
22 # Allow profcollectd to search for and read kernel modules.
26 # Allow profcollectd to read system bootstrap libs.
30 # Allow profcollectd to access tracefs.
36 # Allow profcollectd to write to perf_event_paranoid under /proc.
39 # Allow profcollectd to access cs_etm sysfs.
42 # Allow profcollectd to ptrace.
45 # Allow profcollectd to read its system properties.
49 # Allow profcollectd to publish a binder service and make binder calls.
[all …]
|
| H A D | otapreopt_chroot.te | 31 # Allow otapreopt_chroot to read SELinux policy files.
39 # Allow otapreopt to use file descriptors from update-engine. It will
50 # Allow otapreopt_chroot to control linkerconfig
54 # Allow otapreopt_chroot to create loop devices with /dev/loop-control.
56 # Allow otapreopt_chroot to access loop devices.
69 # Allow otapreopt_chroot to configure read-ahead of loop devices.
79 # Allow otapreopt_chroot to manipulate directory /postinstall/apex.
82 # Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
85 # Allow otapreopt_chroot to access /dev/block (needed to detach loop
89 # Allow to access the linker through the symlink.
[all …]
|
| H A D | update_engine.te | 5 # Allow to talk to gsid.
9 # Allow to start gsid service.
12 # Allow to start snapuserd for dm-user communication.
15 # Allow to set the OTA related properties, e.g. ota.warm_reset.
18 # Allow to get the DSU status
21 # Allow update_engine to call the callback function provided by GKI update hook.
24 # Allow to communicate with the snapuserd service, for dm-user snapshots.
28 # Allow to communicate with apexd for calculating and reserving space for
|
| H A D | traced_probes.te | 5 # Allow init to exec the daemon.
13 # Allow traced_probes to access tracefs.
19 # Allow traced_probes to access mm_events trace instance
35 # Allow procfs access
43 # Allow to read packages.list file.
46 # Allow to log to kernel dmesg when starting / stopping ftrace.
49 # Allow traced_probes to list the system partition.
52 # Allow traced_probes to list some of the data partition.
73 # Allow traced_probes to kill atrace on timeout.
76 # Allow traced_probes to access /proc files for system stats.
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/31.0/private/ |
| H A D | shell.te | 45 # Allow to send SIGINT to perfetto when daemonized.
68 # Allow shell to run adb shell cmd gpu commands.
71 # Allow shell to use atrace HAL
89 # Allow shell to start and comminicate with lpdumpd.
97 # Allow shell to set this property used for rollback tests
149 # Allow shell to enable Dynamic System Update
151 # Allow shell to mock an OTA using persist.pm.mock-upgrade
190 # Allow shell to write MTE properties even on user builds.
193 # Allow shell to read the dm-verity props on user builds.
196 # Allow shell to read Virtual A/B related properties
[all …]
|
| H A D | profcollectd.te | 15 # Allow profcollectd to scan through /proc/pid for all processes.
18 # Allow profcollectd to read executable binaries.
22 # Allow profcollectd to search for and read kernel modules.
26 # Allow profcollectd to read system bootstrap libs.
30 # Allow profcollectd to access tracefs.
36 # Allow profcollectd to write to perf_event_paranoid under /proc.
39 # Allow profcollectd to access cs_etm sysfs.
42 # Allow profcollectd to ptrace.
45 # Allow profcollectd to read its system properties.
49 # Allow profcollectd to publish a binder service and make binder calls.
[all …]
|
| H A D | automotive_display_service.te | 7 # Allow to add a display service to the manager
10 # Allow init to launch automotive display service
13 # Allow to use Binder IPC for SurfaceFlinger.
16 # Allow to use HwBinder IPC for HAL implementations.
21 # Allow to read the target property.
24 # Allow to find SurfaceFlinger.
27 # Allow client domain to do binder IPC to serverdomain.
30 # Allow to use a graphics mapper
33 # Allow to use hidl token service
|
| H A D | otapreopt_chroot.te | 31 # Allow otapreopt_chroot to read SELinux policy files.
39 # Allow otapreopt to use file descriptors from update-engine. It will
50 # Allow otapreopt_chroot to control linkerconfig
54 # Allow otapreopt_chroot to create loop devices with /dev/loop-control.
56 # Allow otapreopt_chroot to access loop devices.
69 # Allow otapreopt_chroot to configure read-ahead of loop devices.
79 # Allow otapreopt_chroot to manipulate directory /postinstall/apex.
82 # Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
85 # Allow otapreopt_chroot to access /dev/block (needed to detach loop
89 # Allow to access the linker through the symlink.
[all …]
|
| H A D | update_engine.te | 5 # Allow to talk to gsid.
9 # Allow to start gsid service.
12 # Allow to start snapuserd for dm-user communication.
15 # Allow to set the OTA related properties, e.g. ota.warm_reset.
18 # Allow to get the DSU status
21 # Allow update_engine to call the callback function provided by GKI update hook.
24 # Allow to communicate with the snapuserd service, for dm-user snapshots.
28 # Allow to communicate with apexd for calculating and reserving space for
|
| H A D | traced_probes.te | 5 # Allow init to exec the daemon.
13 # Allow traced_probes to access tracefs.
19 # Allow traced_probes to access mm_events trace instance
35 # Allow procfs access
43 # Allow to read packages.list file.
46 # Allow to log to kernel dmesg when starting / stopping ftrace.
49 # Allow traced_probes to list the system partition.
52 # Allow traced_probes to list some of the data partition.
73 # Allow traced_probes to kill atrace on timeout.
76 # Allow traced_probes to access /proc files for system stats.
[all …]
|
| H A D | dex2oat.te | 34 # Allow dex2oat to compile app's secondary dex files which were reported back to
41 # Allow dex2oat to use file descriptors passed from odrefresh.
44 # Allow dex2oat to use devpts and file descriptors passed from odsign
48 # Allow dex2oat to write to file descriptors from odrefresh for files
53 # Allow dex2oat to read artifacts from odrefresh.
57 # Allow dex2oat to read runtime native flag properties.
61 # Allow dex2oat to read /apex/apex-info-list.xml
68 # Allow dex2oat to use file descriptors from otapreopt.
80 # Allow dex2oat access to /postinstall/apex.
84 # Allow dex2oat access to files in /data/ota.
[all …]
|
| /aosp12/packages/services/Car/car_product/sepolicy/private/ |
| H A D | carservice_app.te | 9 # Allow Car Service to use EVS service
12 # Allow to set boot.car_service_created property
18 # Allow Car Service to access certain system services.
69 # Allow binder calls with statsd
77 # Allow reading and writing /sys/power/
80 # Allow reading system property sys.boot.reason
87 # Allow setting "dumpstate.dry_run"
92 # Allow reading vehicle-specific configuration
95 # Allow CarWatchdogService to access car watchdog daemon
107 # Allow reading and writing /proc/loadavg/
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/30.0/private/ |
| H A D | automotive_display_service.te | 7 # Allow to add a display service to the manager
10 # Allow init to launch automotive display service
13 # Allow to use Binder IPC for SurfaceFlinger.
16 # Allow to use HwBinder IPC for HAL implementations.
20 # Allow to read the target property.
23 # Allow to find SurfaceFlinger.
26 # Allow client domain to do binder IPC to serverdomain.
29 # Allow to use a graphics mapper
32 # Allow to use hidl token service
|
| H A D | otapreopt_chroot.te | 23 # Allow otapreopt_chroot to read SELinux policy files.
31 # Allow otapreopt to use file descriptors from update-engine. It will
40 # Allow otapreopt_chroot to create loop devices with /dev/loop-control.
42 # Allow otapreopt_chroot to access loop devices.
54 # Allow otapreopt_chroot to configure read-ahead of loop devices.
58 # Allow otapreopt_chroot to mount a tmpfs filesystem in /postinstall/apex.
60 # Allow otapreopt_chroot to restore the security context of /postinstall/apex.
64 # Allow otapreopt_chroot to manipulate directory /postinstall/apex.
66 # Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
69 # Allow otapreopt_chroot to access /dev/block (needed to detach loop
[all …]
|
| H A D | shell.te | 35 # Allow shell binaries to write trace data to Perfetto. Used for testing and
41 # Allow shell binaries to exec the perfetto cmdline util and have that
45 # Allow to send SIGINT to perfetto when daemonized.
48 # Allow shell to run adb shell cmd stats commands. Needed for CTS.
55 # Allow shell to run adb shell cmd gpu commands.
58 # Allow shell to use atrace HAL
72 # Allow shell to start and comminicate with lpdumpd.
76 # Allow shell to set and read value of properties used for CTS tests of
80 # Allow shell to get encryption policy of /data/local/tmp/, for CTS
86 # Allow shell to execute simpleperf without a domain transition.
[all …]
|
| /aosp12/system/sepolicy/prebuilts/api/29.0/private/ |
| H A D | otapreopt_chroot.te | 23 # Allow otapreopt_chroot to read SELinux policy files.
31 # Allow otapreopt to use file descriptors from update-engine. It will
40 # Allow otapreopt_chroot to create loop devices with /dev/loop-control.
42 # Allow otapreopt_chroot to access loop devices.
54 # Allow otapreopt_chroot to configure read-ahead of loop devices.
58 # Allow otapreopt_chroot to mount a tmpfs filesystem in /postinstall/apex.
60 # Allow otapreopt_chroot to restore the security context of /postinstall/apex.
64 # Allow otapreopt_chroot to manipulate directory /postinstall/apex.
66 # Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
69 # Allow otapreopt_chroot to access /dev/block (needed to detach loop
[all …]
|