- 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 11 years ago
- 20feb75 Allow all domains to read from socket_device directory. by Robert Craig · 11 years ago
- 3dad7b6 Address system_server denials. by Stephen Smalley · 11 years ago
- 1601132 Clean up socket rules. by Stephen Smalley · 11 years ago
- f926817 Allow reading of /data/security/current symlink. by Stephen Smalley · 11 years ago
- 96eeb1e initial policy for uncrypt. by Nick Kralevich · 11 years ago
- 3f40d4f Remove block device access from unconfined domains. by Stephen Smalley · 11 years ago
- 5487ca0 Remove several superuser capabilities from unconfined domains. by Stephen Smalley · 11 years ago
- b081cc1 Remove mount-related permissions from unconfined domains. by Stephen Smalley · 11 years ago
- 48b1883 Introduce asec_public_file type. by Robert Craig · 11 years ago
- 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
- a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 11 years ago
- d0919ec assert: do not allow raw access to generic block_device by William Roberts · 11 years ago
- 04ee5df Remove MAC capabilities from unconfined domains. by Stephen Smalley · 11 years ago
- 7d0f955 Support running adbd in the su domain. by Nick Kralevich · 11 years ago
- d9b8ef4 Drop legacy device types. by Stephen Smalley · 11 years ago
- 39fd781 Remove domain init:unix_stream_socket connectto permission. by Stephen Smalley · 11 years ago
- 91c290b Allow access to unlabeled socket and fifo files. by Stephen Smalley · 11 years ago
- 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 11 years ago
- 8b51674 Restrict ability to set checkreqprot. by Stephen Smalley · 11 years ago
- 529fcbe Create proc_net type for /proc/sys/net entries. by Robert Craig · 11 years ago
- a730e50 Don't allow zygote init:binder call by Nick Kralevich · 11 years ago
- c4021ce Address adb backup/restore denials. by Stephen Smalley · 11 years ago
- ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
- 712ca0a Confine shell domain in -user builds only. by Stephen Smalley · 11 years ago
- 7466f9b Label /data/misc/zoneinfo by Nick Kralevich · 11 years ago
- 95e0842 Restrict ptrace access by debuggerd and unconfineddomain. by Stephen Smalley · 11 years ago
- fea6e66 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
- 9e8b8d9 Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." by Nick Kralevich · 11 years ago
- bf12e22 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
- 7adb999 Restrict the ability to set usermodehelpers and proc security settings. by Stephen Smalley · 11 years ago
- b254764 Drop tegra specific label from policy. by Robert Craig · 11 years ago
- d99e6d5 Restrict the ability to set SELinux enforcing mode to init. by Stephen Smalley · 11 years ago
- ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
- 2e0b4a1 Move goldfish-specific rules to their own directory. by Stephen Smalley · 11 years ago
- 967f39a Move sysfs_devices_system_cpu to the central policy. by Nick Kralevich · 11 years ago
- 85c5fc2 Start confining ueventd by William Roberts · 11 years ago
- 8d68831 Restrict access to /dev/hw_random to system_server and init. by Alex Klyubin · 11 years ago
- 0130154 Make sure exec_type is assigned to all entrypoint types. by Stephen Smalley · 11 years ago
- 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
- c084503 Remove sys_nice capability from domains. by Stephen Smalley · 11 years ago
- 29326ed Drop domain write access to sysfs for the emulator. by Stephen Smalley · 11 years ago
- a247705 Permit writing to /dev/random and /dev/urandom. by Alex Klyubin · 11 years ago
- 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
- 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
- 0b5b4fa Merge "untrusted_app.te / isolated_app.te / app.te first pass" by Nick Kralevich · 11 years ago
- ceff21b Merge "domain.te: Temporarily work around debuggerd connection bug" by Nick Kralevich · 11 years ago
- 5919d1c domain.te: Temporarily work around debuggerd connection bug by Nick Kralevich · 11 years ago
- 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
- 9a19885 remove "self:process ptrace" from domain, netd neverallow rules by Nick Kralevich · 11 years ago
- 8758cc5 domain.te: allow access to /sys/kernel/debug/tracing/trace_marker by Nick Kralevich · 11 years ago
- 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
- dbd28d9 Enable SELinux protections for netd. by Nick Kralevich · 11 years ago
- 77d4731 Make all domains unconfined. by repo sync · 11 years ago
- 74ba8c8 run-as policy fixes. by Stephen Smalley · 12 years ago
- 0e856a0 Allow all domains to read /dev symlinks. by Stephen Smalley · 12 years ago
- 81fe5f7 Allow all domains to read the log devices. by Stephen Smalley · 12 years ago
- c529c66 Add policy for __properties__ device. by Geremy Condra · 12 years ago
- 4d3f108 Allow domain search/getattr access to security file by William Roberts · 12 years ago
- 1f5939a Allow search of tmpfs mount for /storage/emulated. by Stephen Smalley · 12 years ago
- 6136284 Permit fstat of property mapping. by Stephen Smalley · 12 years ago
- aeb512d Disable debugfs access by default. by Stephen Smalley · 12 years ago
- 40356b9 Allow domain to random_device by William Roberts · 12 years ago
- 7672eac Add SELinux policy for asec containers. by rpcraig · 12 years ago
- ccc8271 Allow domain access to /dev/ion by William Roberts · 12 years ago
- fed2465 Allow debugfs access and setsched for mediaserver. by Stephen Smalley · 12 years ago
- c70dc4e domain writes to cgroup pseudo filesystem by Haiqing Jiang · 12 years ago
- c83d008 Policy changes to support running the latest CTS. by Stephen Smalley · 13 years ago
- 2dd4e51 SE Android policy. by Stephen Smalley · 13 years ago