Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 5aaa8e86f0d300ebfcf0ccade6c0e5b1fd80bb34 / app.te
  1. b2b8f20 am 480374e4: Fix compile time / CTS gps_data_files neverallow assertion by Nick Kralevich · 10 years ago
  2. 480374e Fix compile time / CTS gps_data_files neverallow assertion by Nick Kralevich · 10 years ago
  3. bdec09b am 51bfecf4: Pull keychain-data policy out of system-data by Robin Lee · 10 years ago
  4. 51bfecf Pull keychain-data policy out of system-data by Robin Lee · 10 years ago
  5. 7aead48 am 49fd9567: Merge "Allow NFC to read/write nfc. system properties." into lmp-dev by Martijn Coenen · 10 years ago
  6. 49fd956 Merge "Allow NFC to read/write nfc. system properties." into lmp-dev by Martijn Coenen · 10 years ago
  7. 05383eb Allow NFC to read/write nfc. system properties. by Martijn Coenen · 10 years ago
  8. 434a16c am 62083414: allow apps to read the contents of mounted OBBs by Nick Kralevich · 10 years ago
  9. 6208341 allow apps to read the contents of mounted OBBs by Nick Kralevich · 10 years ago
  10. 9de62d6 isolated_app: Do not allow access to the gpu_device. by Robert Sesek · 10 years ago
  11. a8b651b relax appdomain efs_file neverallow rules [DO NOT MERGE] by Nick Kralevich · 10 years ago
  12. 36fb1f1 relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets by Nick Kralevich · 10 years ago
  13. 309cc66 Enable selinux read_policy for adb pull. by dcashman · 10 years ago
  14. bcdff89 logd: permit app access to clear logs by Mark Salyzyn · 10 years ago
  15. 67d58ac Merge "Add permissive domains check to sepolicy-analyze." into lmp-dev by dcashman · 10 years ago
  16. c30dd63 Add permissive domains check to sepolicy-analyze. by dcashman · 11 years ago
  17. 711895d Allow appdomain read perms on apk_data_files. by dcashman · 10 years ago
  18. d990a78 Fix neverallow rules to eliminate CTS SELinuxTest warnings. by Stephen Smalley · 10 years ago
  19. 8ee37b4 reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge. by Ed Heyl · 10 years ago
  20. e9c90bd reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed) after branching. Please do not merge. by Ed Heyl · 10 years ago
  21. be66069 Remove -unconfineddomain from neverallow rules by Nick Kralevich · 10 years ago
  22. 77eb352 Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms. by Sharvil Nanavati · 10 years ago
  23. 22e0c41 Remove auditallow statements causing log spam. by Riley Spahn · 10 years ago
  24. 1196d2a Adding policies for KeyStore MAC. by Riley Spahn · 10 years ago
  25. cf61069 Only allow app domains to access SDcard via fuse mount. by Stephen Smalley · 10 years ago
  26. fad4d5f Fix SELinux policies to allow resource overlays. by Nick Kralevich · 10 years ago
  27. 8670305 Remove world-read access to /data/dalvik-cache/profiles by Nick Kralevich · 10 years ago
  28. 42fb824 Refactor the shell domains. by Stephen Smalley · 10 years ago
  29. 84ed890 Merge adf_device into graphics_device by Nick Kralevich · 10 years ago
  30. 6f6c425 Adjust rules around /data/app entities by Christopher Tate · 10 years ago
  31. 78706f9 add execmod to various app domains by Nick Kralevich · 10 years ago
  32. 3235f61 Restrict /data/security and setprop selinux.reload_policy access. by Stephen Smalley · 10 years ago
  33. 685e2f9 remove syslog_* from unconfined by Nick Kralevich · 10 years ago
  34. f821b5a allow shell dmesg by Nick Kralevich · 10 years ago
  35. 9786af2 Define SELinux policy for RELRO sharing support. by Torne (Richard Coles) · 10 years ago
  36. 4fce0ef Fix use of valgrind via app wrapping by Nick Kralevich · 10 years ago
  37. 71db411 Remove duplicate neverallow rule. by dcashman · 10 years ago
  38. 681a687 Drop appdomain unlabeled file execute. by Stephen Smalley · 10 years ago
  39. 7004789 Add policies for Atomic Display Framework by Greg Hackmann · 10 years ago
  40. 91a4f8d Label app data directories for system UID apps with a different type. by Stephen Smalley · 10 years ago
  41. 1545b60 allow untrusted_app to write to MMS files by Nick Kralevich · 10 years ago
  42. 6736bac Define types for an OEM-provided filesystem. by Jeff Sharkey · 10 years ago
  43. 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
  44. 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago
  45. 9ba844f Coalesce shared_app, media_app, release_app into untrusted_app. by Stephen Smalley · 10 years ago
  46. 3fbc536 Allow reading of radio data files passed over binder. by Stephen Smalley · 11 years ago
  47. f9c3257 Get rid of separate download_file type. by Stephen Smalley · 11 years ago
  48. dc88dca Get rid of separate platform_app_data_file type. by Stephen Smalley · 11 years ago
  49. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 11 years ago
  50. b0db712 Clean up, unify, and deduplicate app domain rules. by Stephen Smalley · 11 years ago
  51. 3dad7b6 Address system_server denials. by Stephen Smalley · 11 years ago
  52. 2737cef Allow stat/read of /data/media files by app domains. by Stephen Smalley · 11 years ago
  53. 28afdd9 Deduplicate binder_call rules. by Stephen Smalley · 11 years ago
  54. 2c347e0 Drop obsolete keystore_socket type and rules. by Stephen Smalley · 11 years ago
  55. 85708ec Resolve overlapping rules between app.te and net.te. by Stephen Smalley · 11 years ago
  56. 0b218ec Finish fixing Zygote descriptor leakage problem by Dave Platt · 11 years ago
  57. 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
  58. a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 11 years ago
  59. fc4c6b7 Allow all appdomains to grab file attributes of wallpaper_file. by Robert Craig · 11 years ago
  60. 2e7a301 Address bug report denials. by Nick Kralevich · 11 years ago
  61. 09f6a99 Allow mediaserver to connect to bluetooth. by Stephen Smalley · 11 years ago
  62. df8af76 Add an exception for bluetooth to the sysfs neverallow rule. by Stephen Smalley · 11 years ago
  63. 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 11 years ago
  64. 396015c Remove ping domain. by Stephen Smalley · 11 years ago
  65. e7ec2f5 Only allow PROT_EXEC for ashmem where required. by Stephen Smalley · 11 years ago
  66. ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
  67. 527316a Allow use of art as the Android runtime. by Stephen Smalley · 11 years ago
  68. 5946937 Add rules to permit CTS security-related tests to run. by Stephen Smalley · 11 years ago
  69. 61dc350 app.te: allow getopt/getattr on zygote socket by Nick Kralevich · 11 years ago
  70. 09e6abd initial dumpstate domain by Nick Kralevich · 11 years ago
  71. 3ba9012 Move gpu_device type and rules to core policy. by Stephen Smalley · 11 years ago
  72. cf6b350 Allow apps to execute ping by Nick Kralevich · 11 years ago
  73. 6531712 Allow untrusted apps to execute binaries from their sandbox directories. by Stephen Smalley · 11 years ago
  74. 48759ca Support run-as and ndk-gdb functionality. by Stephen Smalley · 11 years ago
  75. 82fc3b5 Allow app-app communication via pipes by Nick Kralevich · 11 years ago
  76. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  77. 73c5ea7 fix typo by Nick Kralevich · 11 years ago
  78. d7fd22e Confine bluetooth app. by Stephen Smalley · 11 years ago
  79. 0b8c20e Allow apps to use the USB Accessory functionality by Nick Kralevich · 11 years ago
  80. 5708544 Except the shell domain from the transition neverallow rule. by Stephen Smalley · 11 years ago
  81. 2a273ad Expand the set of neverallow rules applied to app domains. by Stephen Smalley · 11 years ago
  82. 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
  83. a62d5c6 Drop obsolete comments about SEAndroidManager. by Stephen Smalley · 11 years ago
  84. 17454cf Do not permit appdomain to create/write to download_file. by Stephen Smalley · 11 years ago
  85. 5b00f22 Remove duplicated rules between appdomain and isolated_app. by Stephen Smalley · 11 years ago
  86. a24a991 Allow apps to execute app_data_files by Nick Kralevich · 11 years ago
  87. 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
  88. 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
  89. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  90. 748fdef Move *_app into their own file by Nick Kralevich · 11 years ago
  91. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
  92. 77d4731 Make all domains unconfined. by repo sync · 11 years ago
  93. 50e37b9 Move domains into per-domain permissive mode. by repo sync · 11 years ago
  94. 11153ef Add rules for asec containers. by repo sync · 11 years ago
  95. bfb26e7 Add downloaded file policy. by Geremy Condra · 11 years ago
  96. ffd8c44 Add new domains for private apps. by Robert Craig · 11 years ago
  97. 62508bf Allow apps to execute the shell or system commands unconditionally. by Stephen Smalley · 11 years ago
  98. 0677cb2 Allow fstat of platform app /data/data files. by Stephen Smalley · 11 years ago
  99. b5f6977 Coalesce rules for allowing execution of shared objects by app domains. by Stephen Smalley · 11 years ago
  100. 9de4c69 Strip unnecessary trailing semicolon on macro calls. by Stephen Smalley · 11 years ago