Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 71db4110434d18adfaf87fd788f8dfd1d5709899 / app.te
  1. 71db411 Remove duplicate neverallow rule. by dcashman · 10 years ago
  2. 681a687 Drop appdomain unlabeled file execute. by Stephen Smalley · 10 years ago
  3. 7004789 Add policies for Atomic Display Framework by Greg Hackmann · 10 years ago
  4. 91a4f8d Label app data directories for system UID apps with a different type. by Stephen Smalley · 10 years ago
  5. 1545b60 allow untrusted_app to write to MMS files by Nick Kralevich · 10 years ago
  6. 6736bac Define types for an OEM-provided filesystem. by Jeff Sharkey · 10 years ago
  7. 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
  8. 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago
  9. 9ba844f Coalesce shared_app, media_app, release_app into untrusted_app. by Stephen Smalley · 10 years ago
  10. 3fbc536 Allow reading of radio data files passed over binder. by Stephen Smalley · 10 years ago
  11. f9c3257 Get rid of separate download_file type. by Stephen Smalley · 10 years ago
  12. dc88dca Get rid of separate platform_app_data_file type. by Stephen Smalley · 10 years ago
  13. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 10 years ago
  14. b0db712 Clean up, unify, and deduplicate app domain rules. by Stephen Smalley · 10 years ago
  15. 3dad7b6 Address system_server denials. by Stephen Smalley · 10 years ago
  16. 2737cef Allow stat/read of /data/media files by app domains. by Stephen Smalley · 10 years ago
  17. 28afdd9 Deduplicate binder_call rules. by Stephen Smalley · 10 years ago
  18. 2c347e0 Drop obsolete keystore_socket type and rules. by Stephen Smalley · 10 years ago
  19. 85708ec Resolve overlapping rules between app.te and net.te. by Stephen Smalley · 10 years ago
  20. 0b218ec Finish fixing Zygote descriptor leakage problem by Dave Platt · 10 years ago
  21. 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
  22. a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 10 years ago
  23. fc4c6b7 Allow all appdomains to grab file attributes of wallpaper_file. by Robert Craig · 10 years ago
  24. 2e7a301 Address bug report denials. by Nick Kralevich · 10 years ago
  25. 09f6a99 Allow mediaserver to connect to bluetooth. by Stephen Smalley · 10 years ago
  26. df8af76 Add an exception for bluetooth to the sysfs neverallow rule. by Stephen Smalley · 10 years ago
  27. 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 10 years ago
  28. 396015c Remove ping domain. by Stephen Smalley · 10 years ago
  29. e7ec2f5 Only allow PROT_EXEC for ashmem where required. by Stephen Smalley · 11 years ago
  30. ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
  31. 527316a Allow use of art as the Android runtime. by Stephen Smalley · 11 years ago
  32. 5946937 Add rules to permit CTS security-related tests to run. by Stephen Smalley · 11 years ago
  33. 61dc350 app.te: allow getopt/getattr on zygote socket by Nick Kralevich · 11 years ago
  34. 09e6abd initial dumpstate domain by Nick Kralevich · 11 years ago
  35. 3ba9012 Move gpu_device type and rules to core policy. by Stephen Smalley · 11 years ago
  36. cf6b350 Allow apps to execute ping by Nick Kralevich · 11 years ago
  37. 6531712 Allow untrusted apps to execute binaries from their sandbox directories. by Stephen Smalley · 11 years ago
  38. 48759ca Support run-as and ndk-gdb functionality. by Stephen Smalley · 11 years ago
  39. 82fc3b5 Allow app-app communication via pipes by Nick Kralevich · 11 years ago
  40. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  41. 73c5ea7 fix typo by Nick Kralevich · 11 years ago
  42. d7fd22e Confine bluetooth app. by Stephen Smalley · 11 years ago
  43. 0b8c20e Allow apps to use the USB Accessory functionality by Nick Kralevich · 11 years ago
  44. 5708544 Except the shell domain from the transition neverallow rule. by Stephen Smalley · 11 years ago
  45. 2a273ad Expand the set of neverallow rules applied to app domains. by Stephen Smalley · 11 years ago
  46. 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
  47. a62d5c6 Drop obsolete comments about SEAndroidManager. by Stephen Smalley · 11 years ago
  48. 17454cf Do not permit appdomain to create/write to download_file. by Stephen Smalley · 11 years ago
  49. 5b00f22 Remove duplicated rules between appdomain and isolated_app. by Stephen Smalley · 11 years ago
  50. a24a991 Allow apps to execute app_data_files by Nick Kralevich · 11 years ago
  51. 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
  52. 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
  53. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  54. 748fdef Move *_app into their own file by Nick Kralevich · 11 years ago
  55. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
  56. 77d4731 Make all domains unconfined. by repo sync · 11 years ago
  57. 50e37b9 Move domains into per-domain permissive mode. by repo sync · 11 years ago
  58. 11153ef Add rules for asec containers. by repo sync · 11 years ago
  59. bfb26e7 Add downloaded file policy. by Geremy Condra · 11 years ago
  60. ffd8c44 Add new domains for private apps. by Robert Craig · 11 years ago
  61. 62508bf Allow apps to execute the shell or system commands unconditionally. by Stephen Smalley · 11 years ago
  62. 0677cb2 Allow fstat of platform app /data/data files. by Stephen Smalley · 11 years ago
  63. b5f6977 Coalesce rules for allowing execution of shared objects by app domains. by Stephen Smalley · 11 years ago
  64. 9de4c69 Strip unnecessary trailing semicolon on macro calls. by Stephen Smalley · 11 years ago
  65. 81fe5f7 Allow all domains to read the log devices. by Stephen Smalley · 11 years ago
  66. 4387956 Add the ability to stat files under /cache for media_app. by Geremy Condra · 11 years ago
  67. 2ae799e Drop separate domain for browser. by Stephen Smalley · 11 years ago
  68. 0ecb0f8 Eliminate most of the app policy booleans. by Stephen Smalley · 11 years ago
  69. e69552b Revert "Revert "Various minor policy fixes based on CTS."" by Geremy Condra · 11 years ago
  70. 18b5f87 racoon policy. by Robert Craig · 11 years ago
  71. ba84bf1 Revert "Various minor policy fixes based on CTS." by Geremy Condra · 11 years ago
  72. 8a814a7 Various minor policy fixes based on CTS. by Stephen Smalley · 11 years ago
  73. c195ec3 Split internal and external sdcards by William Roberts · 11 years ago
  74. 9ce99e3 Update binder-related policy. by Stephen Smalley · 12 years ago
  75. c8106f1 Only allow read/write not open on platform_app_data_file. by Stephen Smalley · 11 years ago
  76. 1c8464e App data backup security policy. by rpcraig · 12 years ago
  77. 4c266ba Change security policy so all apps can read /dev/xt_qtaguid. by rpcraig · 12 years ago
  78. 7672eac Add SELinux policy for asec containers. by rpcraig · 12 years ago
  79. f26d813 allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access by Joshua Brindle · 12 years ago
  80. 061f254 Define security labeling for isolated processes. by Stephen Smalley · 12 years ago
  81. abd977a Additions for grouper/JB by rpcraig · 12 years ago
  82. 901cc36 Untrusted_app gets route information by Haiqing Jiang · 12 years ago
  83. d28714c Introduce app_read_logs boolean. by Stephen Smalley · 12 years ago
  84. 3261fee untrusted_app reads logs when android_cts enabled by Haiqing Jiang · 12 years ago
  85. 1f0f77f Allow CTS Test apps to access to system_data_file by Haiqing Jiang · 12 years ago
  86. 59e9680 socket permissions to untrusted_app by Haiqing Jiang · 12 years ago
  87. 2b47c3f allocate perms to platformappdomain over system_data_file by Haiqing Jiang · 12 years ago
  88. 7585fc6 Platform app domain sdcard accesses by Haiqing Jiang · 12 years ago
  89. b9760aa Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps. by Stephen Smalley · 12 years ago
  90. 4c06d27 Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. by hqjiang · 12 years ago
  91. 1c73516 Address various denials introduced by JB/4.1. by Stephen Smalley · 12 years ago
  92. 96bf505 Fix the app_ndk policy boolean allow rule. by Michal Mašek · 12 years ago
  93. 03d2803 media app should have rw access to sdcard dir and files. by William Roberts · 12 years ago
  94. f3b587c Rewrite app domains and seapp_contexts to leverage new seinfo tags. by Stephen Smalley · 12 years ago
  95. e4682a6 Allow apps to write to /proc/net/xt_qtaguid/ctrl. by Stephen Smalley · 12 years ago
  96. a883c38 Allow apps to write to anr_data_file for /data/anr/traces.txt. by Stephen Smalley · 12 years ago
  97. f6cbbe2 Introduce a separate wallpaper_file type for the wallpaper file. by Stephen Smalley · 12 years ago
  98. 59d2803 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. by Stephen Smalley · 12 years ago
  99. c83d008 Policy changes to support running the latest CTS. by Stephen Smalley · 12 years ago
  100. c94e239 Further policy for Motorola Xoom. by Stephen Smalley · 12 years ago