Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
fp2-dev
/
platform
/
external
/
sepolicy
/
5aaa8e86f0d300ebfcf0ccade6c0e5b1fd80bb34
/
app.te
b2b8f20
am 480374e4: Fix compile time / CTS gps_data_files neverallow assertion
by Nick Kralevich
· 10 years ago
480374e
Fix compile time / CTS gps_data_files neverallow assertion
by Nick Kralevich
· 10 years ago
bdec09b
am 51bfecf4: Pull keychain-data policy out of system-data
by Robin Lee
· 10 years ago
51bfecf
Pull keychain-data policy out of system-data
by Robin Lee
· 10 years ago
7aead48
am 49fd9567: Merge "Allow NFC to read/write nfc. system properties." into lmp-dev
by Martijn Coenen
· 10 years ago
49fd956
Merge "Allow NFC to read/write nfc. system properties." into lmp-dev
by Martijn Coenen
· 10 years ago
05383eb
Allow NFC to read/write nfc. system properties.
by Martijn Coenen
· 10 years ago
434a16c
am 62083414: allow apps to read the contents of mounted OBBs
by Nick Kralevich
· 10 years ago
6208341
allow apps to read the contents of mounted OBBs
by Nick Kralevich
· 10 years ago
9de62d6
isolated_app: Do not allow access to the gpu_device.
by Robert Sesek
· 10 years ago
a8b651b
relax appdomain efs_file neverallow rules [DO NOT MERGE]
by Nick Kralevich
· 10 years ago
36fb1f1
relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets
by Nick Kralevich
· 10 years ago
309cc66
Enable selinux read_policy for adb pull.
by dcashman
· 10 years ago
bcdff89
logd: permit app access to clear logs
by Mark Salyzyn
· 10 years ago
67d58ac
Merge "Add permissive domains check to sepolicy-analyze." into lmp-dev
by dcashman
· 10 years ago
c30dd63
Add permissive domains check to sepolicy-analyze.
by dcashman
· 11 years ago
711895d
Allow appdomain read perms on apk_data_files.
by dcashman
· 10 years ago
d990a78
Fix neverallow rules to eliminate CTS SELinuxTest warnings.
by Stephen Smalley
· 10 years ago
8ee37b4
reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge.
by Ed Heyl
· 10 years ago
e9c90bd
reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed) after branching. Please do not merge.
by Ed Heyl
· 10 years ago
be66069
Remove -unconfineddomain from neverallow rules
by Nick Kralevich
· 10 years ago
77eb352
Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms.
by Sharvil Nanavati
· 10 years ago
22e0c41
Remove auditallow statements causing log spam.
by Riley Spahn
· 10 years ago
1196d2a
Adding policies for KeyStore MAC.
by Riley Spahn
· 10 years ago
cf61069
Only allow app domains to access SDcard via fuse mount.
by Stephen Smalley
· 10 years ago
fad4d5f
Fix SELinux policies to allow resource overlays.
by Nick Kralevich
· 10 years ago
8670305
Remove world-read access to /data/dalvik-cache/profiles
by Nick Kralevich
· 10 years ago
42fb824
Refactor the shell domains.
by Stephen Smalley
· 10 years ago
84ed890
Merge adf_device into graphics_device
by Nick Kralevich
· 10 years ago
6f6c425
Adjust rules around /data/app entities
by Christopher Tate
· 10 years ago
78706f9
add execmod to various app domains
by Nick Kralevich
· 10 years ago
3235f61
Restrict /data/security and setprop selinux.reload_policy access.
by Stephen Smalley
· 10 years ago
685e2f9
remove syslog_* from unconfined
by Nick Kralevich
· 10 years ago
f821b5a
allow shell dmesg
by Nick Kralevich
· 10 years ago
9786af2
Define SELinux policy for RELRO sharing support.
by Torne (Richard Coles)
· 10 years ago
4fce0ef
Fix use of valgrind via app wrapping
by Nick Kralevich
· 10 years ago
71db411
Remove duplicate neverallow rule.
by dcashman
· 10 years ago
681a687
Drop appdomain unlabeled file execute.
by Stephen Smalley
· 10 years ago
7004789
Add policies for Atomic Display Framework
by Greg Hackmann
· 10 years ago
91a4f8d
Label app data directories for system UID apps with a different type.
by Stephen Smalley
· 10 years ago
1545b60
allow untrusted_app to write to MMS files
by Nick Kralevich
· 10 years ago
6736bac
Define types for an OEM-provided filesystem.
by Jeff Sharkey
· 10 years ago
2562843
Audit accesses on unlabeled files.
by Stephen Smalley
· 10 years ago
19c5090
Define a type for /data/dalvik-cache/profiles.
by Stephen Smalley
· 10 years ago
9ba844f
Coalesce shared_app, media_app, release_app into untrusted_app.
by Stephen Smalley
· 10 years ago
3fbc536
Allow reading of radio data files passed over binder.
by Stephen Smalley
· 11 years ago
f9c3257
Get rid of separate download_file type.
by Stephen Smalley
· 11 years ago
dc88dca
Get rid of separate platform_app_data_file type.
by Stephen Smalley
· 11 years ago
853ffaa
Deduplicate neverallow rules on selinuxfs operations.
by Stephen Smalley
· 11 years ago
b0db712
Clean up, unify, and deduplicate app domain rules.
by Stephen Smalley
· 11 years ago
3dad7b6
Address system_server denials.
by Stephen Smalley
· 11 years ago
2737cef
Allow stat/read of /data/media files by app domains.
by Stephen Smalley
· 11 years ago
28afdd9
Deduplicate binder_call rules.
by Stephen Smalley
· 11 years ago
2c347e0
Drop obsolete keystore_socket type and rules.
by Stephen Smalley
· 11 years ago
85708ec
Resolve overlapping rules between app.te and net.te.
by Stephen Smalley
· 11 years ago
0b218ec
Finish fixing Zygote descriptor leakage problem
by Dave Platt
· 11 years ago
8ed750e
sepolicy: Add write_logd, read_logd & control_logd
by Mark Salyzyn
· 11 years ago
a637b2f
assert: Do not allow access to generic device:chr_file
by William Roberts
· 11 years ago
fc4c6b7
Allow all appdomains to grab file attributes of wallpaper_file.
by Robert Craig
· 11 years ago
2e7a301
Address bug report denials.
by Nick Kralevich
· 11 years ago
09f6a99
Allow mediaserver to connect to bluetooth.
by Stephen Smalley
· 11 years ago
df8af76
Add an exception for bluetooth to the sysfs neverallow rule.
by Stephen Smalley
· 11 years ago
959fdaa
Remove unlabeled execute access from domain, add to appdomain.
by Stephen Smalley
· 11 years ago
396015c
Remove ping domain.
by Stephen Smalley
· 11 years ago
e7ec2f5
Only allow PROT_EXEC for ashmem where required.
by Stephen Smalley
· 11 years ago
ad7df7b
Remove execmem permission from domain, add to appdomain.
by Stephen Smalley
· 11 years ago
527316a
Allow use of art as the Android runtime.
by Stephen Smalley
· 11 years ago
5946937
Add rules to permit CTS security-related tests to run.
by Stephen Smalley
· 11 years ago
61dc350
app.te: allow getopt/getattr on zygote socket
by Nick Kralevich
· 11 years ago
09e6abd
initial dumpstate domain
by Nick Kralevich
· 11 years ago
3ba9012
Move gpu_device type and rules to core policy.
by Stephen Smalley
· 11 years ago
cf6b350
Allow apps to execute ping
by Nick Kralevich
· 11 years ago
6531712
Allow untrusted apps to execute binaries from their sandbox directories.
by Stephen Smalley
· 11 years ago
48759ca
Support run-as and ndk-gdb functionality.
by Stephen Smalley
· 11 years ago
82fc3b5
Allow app-app communication via pipes
by Nick Kralevich
· 11 years ago
ddf98fa
Neverallow access to the kmem device from userspace.
by Geremy Condra
· 11 years ago
73c5ea7
fix typo
by Nick Kralevich
· 11 years ago
d7fd22e
Confine bluetooth app.
by Stephen Smalley
· 11 years ago
0b8c20e
Allow apps to use the USB Accessory functionality
by Nick Kralevich
· 11 years ago
5708544
Except the shell domain from the transition neverallow rule.
by Stephen Smalley
· 11 years ago
2a273ad
Expand the set of neverallow rules applied to app domains.
by Stephen Smalley
· 11 years ago
1fdee11
1/2: Rename domain "system" to "system_server".
by Alex Klyubin
· 11 years ago
a62d5c6
Drop obsolete comments about SEAndroidManager.
by Stephen Smalley
· 11 years ago
17454cf
Do not permit appdomain to create/write to download_file.
by Stephen Smalley
· 11 years ago
5b00f22
Remove duplicated rules between appdomain and isolated_app.
by Stephen Smalley
· 11 years ago
a24a991
Allow apps to execute app_data_files
by Nick Kralevich
· 11 years ago
8156073
Fix denials encountered while getting bugreports.
by Geremy Condra
· 11 years ago
2637198
Only init should be able to load a security policy
by Nick Kralevich
· 11 years ago
6634a10
untrusted_app.te / isolated_app.te / app.te first pass
by Nick Kralevich
· 11 years ago
748fdef
Move *_app into their own file
by Nick Kralevich
· 11 years ago
0c9708b
domain.te: Add backwards compatibility for unlabeled files
by Nick Kralevich
· 11 years ago
77d4731
Make all domains unconfined.
by repo sync
· 11 years ago
50e37b9
Move domains into per-domain permissive mode.
by repo sync
· 11 years ago
11153ef
Add rules for asec containers.
by repo sync
· 11 years ago
bfb26e7
Add downloaded file policy.
by Geremy Condra
· 11 years ago
ffd8c44
Add new domains for private apps.
by Robert Craig
· 11 years ago
62508bf
Allow apps to execute the shell or system commands unconditionally.
by Stephen Smalley
· 11 years ago
0677cb2
Allow fstat of platform app /data/data files.
by Stephen Smalley
· 11 years ago
b5f6977
Coalesce rules for allowing execution of shared objects by app domains.
by Stephen Smalley
· 11 years ago
9de4c69
Strip unnecessary trailing semicolon on macro calls.
by Stephen Smalley
· 11 years ago
Next »