Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 016e636539093b00787183cbf56b684b91f94220 / domain.te
  1. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 11 years ago
  2. 20feb75 Allow all domains to read from socket_device directory. by Robert Craig · 11 years ago
  3. 3dad7b6 Address system_server denials. by Stephen Smalley · 11 years ago
  4. 1601132 Clean up socket rules. by Stephen Smalley · 11 years ago
  5. f926817 Allow reading of /data/security/current symlink. by Stephen Smalley · 11 years ago
  6. 96eeb1e initial policy for uncrypt. by Nick Kralevich · 11 years ago
  7. 3f40d4f Remove block device access from unconfined domains. by Stephen Smalley · 11 years ago
  8. 5487ca0 Remove several superuser capabilities from unconfined domains. by Stephen Smalley · 11 years ago
  9. b081cc1 Remove mount-related permissions from unconfined domains. by Stephen Smalley · 11 years ago
  10. 48b1883 Introduce asec_public_file type. by Robert Craig · 11 years ago
  11. 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
  12. a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 11 years ago
  13. d0919ec assert: do not allow raw access to generic block_device by William Roberts · 11 years ago
  14. 04ee5df Remove MAC capabilities from unconfined domains. by Stephen Smalley · 11 years ago
  15. 7d0f955 Support running adbd in the su domain. by Nick Kralevich · 11 years ago
  16. d9b8ef4 Drop legacy device types. by Stephen Smalley · 11 years ago
  17. 39fd781 Remove domain init:unix_stream_socket connectto permission. by Stephen Smalley · 11 years ago
  18. 91c290b Allow access to unlabeled socket and fifo files. by Stephen Smalley · 11 years ago
  19. 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 11 years ago
  20. 8b51674 Restrict ability to set checkreqprot. by Stephen Smalley · 11 years ago
  21. 529fcbe Create proc_net type for /proc/sys/net entries. by Robert Craig · 11 years ago
  22. a730e50 Don't allow zygote init:binder call by Nick Kralevich · 11 years ago
  23. c4021ce Address adb backup/restore denials. by Stephen Smalley · 11 years ago
  24. ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
  25. 712ca0a Confine shell domain in -user builds only. by Stephen Smalley · 11 years ago
  26. 7466f9b Label /data/misc/zoneinfo by Nick Kralevich · 11 years ago
  27. 95e0842 Restrict ptrace access by debuggerd and unconfineddomain. by Stephen Smalley · 11 years ago
  28. fea6e66 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
  29. 9e8b8d9 Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." by Nick Kralevich · 11 years ago
  30. bf12e22 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
  31. 7adb999 Restrict the ability to set usermodehelpers and proc security settings. by Stephen Smalley · 11 years ago
  32. b254764 Drop tegra specific label from policy. by Robert Craig · 11 years ago
  33. d99e6d5 Restrict the ability to set SELinux enforcing mode to init. by Stephen Smalley · 11 years ago
  34. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  35. 2e0b4a1 Move goldfish-specific rules to their own directory. by Stephen Smalley · 11 years ago
  36. 967f39a Move sysfs_devices_system_cpu to the central policy. by Nick Kralevich · 11 years ago
  37. 85c5fc2 Start confining ueventd by William Roberts · 11 years ago
  38. 8d68831 Restrict access to /dev/hw_random to system_server and init. by Alex Klyubin · 11 years ago
  39. 0130154 Make sure exec_type is assigned to all entrypoint types. by Stephen Smalley · 11 years ago
  40. 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
  41. c084503 Remove sys_nice capability from domains. by Stephen Smalley · 11 years ago
  42. 29326ed Drop domain write access to sysfs for the emulator. by Stephen Smalley · 11 years ago
  43. a247705 Permit writing to /dev/random and /dev/urandom. by Alex Klyubin · 11 years ago
  44. 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
  45. 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
  46. 0b5b4fa Merge "untrusted_app.te / isolated_app.te / app.te first pass" by Nick Kralevich · 11 years ago
  47. ceff21b Merge "domain.te: Temporarily work around debuggerd connection bug" by Nick Kralevich · 11 years ago
  48. 5919d1c domain.te: Temporarily work around debuggerd connection bug by Nick Kralevich · 11 years ago
  49. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  50. 9a19885 remove "self:process ptrace" from domain, netd neverallow rules by Nick Kralevich · 11 years ago
  51. 8758cc5 domain.te: allow access to /sys/kernel/debug/tracing/trace_marker by Nick Kralevich · 11 years ago
  52. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
  53. dbd28d9 Enable SELinux protections for netd. by Nick Kralevich · 11 years ago
  54. 77d4731 Make all domains unconfined. by repo sync · 11 years ago
  55. 74ba8c8 run-as policy fixes. by Stephen Smalley · 12 years ago
  56. 0e856a0 Allow all domains to read /dev symlinks. by Stephen Smalley · 12 years ago
  57. 81fe5f7 Allow all domains to read the log devices. by Stephen Smalley · 12 years ago
  58. c529c66 Add policy for __properties__ device. by Geremy Condra · 12 years ago
  59. 4d3f108 Allow domain search/getattr access to security file by William Roberts · 12 years ago
  60. 1f5939a Allow search of tmpfs mount for /storage/emulated. by Stephen Smalley · 12 years ago
  61. 6136284 Permit fstat of property mapping. by Stephen Smalley · 12 years ago
  62. aeb512d Disable debugfs access by default. by Stephen Smalley · 12 years ago
  63. 40356b9 Allow domain to random_device by William Roberts · 12 years ago
  64. 7672eac Add SELinux policy for asec containers. by rpcraig · 12 years ago
  65. ccc8271 Allow domain access to /dev/ion by William Roberts · 12 years ago
  66. fed2465 Allow debugfs access and setsched for mediaserver. by Stephen Smalley · 12 years ago
  67. c70dc4e domain writes to cgroup pseudo filesystem by Haiqing Jiang · 12 years ago
  68. c83d008 Policy changes to support running the latest CTS. by Stephen Smalley · 13 years ago
  69. 2dd4e51 SE Android policy. by Stephen Smalley · 13 years ago