- 71db411 Remove duplicate neverallow rule. by dcashman · 10 years ago
- 681a687 Drop appdomain unlabeled file execute. by Stephen Smalley · 10 years ago
- 7004789 Add policies for Atomic Display Framework by Greg Hackmann · 10 years ago
- 91a4f8d Label app data directories for system UID apps with a different type. by Stephen Smalley · 10 years ago
- 1545b60 allow untrusted_app to write to MMS files by Nick Kralevich · 10 years ago
- 6736bac Define types for an OEM-provided filesystem. by Jeff Sharkey · 10 years ago
- 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
- 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago
- 9ba844f Coalesce shared_app, media_app, release_app into untrusted_app. by Stephen Smalley · 10 years ago
- 3fbc536 Allow reading of radio data files passed over binder. by Stephen Smalley · 10 years ago
- f9c3257 Get rid of separate download_file type. by Stephen Smalley · 10 years ago
- dc88dca Get rid of separate platform_app_data_file type. by Stephen Smalley · 10 years ago
- 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 10 years ago
- b0db712 Clean up, unify, and deduplicate app domain rules. by Stephen Smalley · 10 years ago
- 3dad7b6 Address system_server denials. by Stephen Smalley · 10 years ago
- 2737cef Allow stat/read of /data/media files by app domains. by Stephen Smalley · 10 years ago
- 28afdd9 Deduplicate binder_call rules. by Stephen Smalley · 10 years ago
- 2c347e0 Drop obsolete keystore_socket type and rules. by Stephen Smalley · 10 years ago
- 85708ec Resolve overlapping rules between app.te and net.te. by Stephen Smalley · 10 years ago
- 0b218ec Finish fixing Zygote descriptor leakage problem by Dave Platt · 10 years ago
- 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
- a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 10 years ago
- fc4c6b7 Allow all appdomains to grab file attributes of wallpaper_file. by Robert Craig · 10 years ago
- 2e7a301 Address bug report denials. by Nick Kralevich · 10 years ago
- 09f6a99 Allow mediaserver to connect to bluetooth. by Stephen Smalley · 10 years ago
- df8af76 Add an exception for bluetooth to the sysfs neverallow rule. by Stephen Smalley · 10 years ago
- 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 10 years ago
- 396015c Remove ping domain. by Stephen Smalley · 10 years ago
- e7ec2f5 Only allow PROT_EXEC for ashmem where required. by Stephen Smalley · 11 years ago
- ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
- 527316a Allow use of art as the Android runtime. by Stephen Smalley · 11 years ago
- 5946937 Add rules to permit CTS security-related tests to run. by Stephen Smalley · 11 years ago
- 61dc350 app.te: allow getopt/getattr on zygote socket by Nick Kralevich · 11 years ago
- 09e6abd initial dumpstate domain by Nick Kralevich · 11 years ago
- 3ba9012 Move gpu_device type and rules to core policy. by Stephen Smalley · 11 years ago
- cf6b350 Allow apps to execute ping by Nick Kralevich · 11 years ago
- 6531712 Allow untrusted apps to execute binaries from their sandbox directories. by Stephen Smalley · 11 years ago
- 48759ca Support run-as and ndk-gdb functionality. by Stephen Smalley · 11 years ago
- 82fc3b5 Allow app-app communication via pipes by Nick Kralevich · 11 years ago
- ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
- 73c5ea7 fix typo by Nick Kralevich · 11 years ago
- d7fd22e Confine bluetooth app. by Stephen Smalley · 11 years ago
- 0b8c20e Allow apps to use the USB Accessory functionality by Nick Kralevich · 11 years ago
- 5708544 Except the shell domain from the transition neverallow rule. by Stephen Smalley · 11 years ago
- 2a273ad Expand the set of neverallow rules applied to app domains. by Stephen Smalley · 11 years ago
- 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
- a62d5c6 Drop obsolete comments about SEAndroidManager. by Stephen Smalley · 11 years ago
- 17454cf Do not permit appdomain to create/write to download_file. by Stephen Smalley · 11 years ago
- 5b00f22 Remove duplicated rules between appdomain and isolated_app. by Stephen Smalley · 11 years ago
- a24a991 Allow apps to execute app_data_files by Nick Kralevich · 11 years ago
- 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
- 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
- 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
- 748fdef Move *_app into their own file by Nick Kralevich · 11 years ago
- 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
- 77d4731 Make all domains unconfined. by repo sync · 11 years ago
- 50e37b9 Move domains into per-domain permissive mode. by repo sync · 11 years ago
- 11153ef Add rules for asec containers. by repo sync · 11 years ago
- bfb26e7 Add downloaded file policy. by Geremy Condra · 11 years ago
- ffd8c44 Add new domains for private apps. by Robert Craig · 11 years ago
- 62508bf Allow apps to execute the shell or system commands unconditionally. by Stephen Smalley · 11 years ago
- 0677cb2 Allow fstat of platform app /data/data files. by Stephen Smalley · 11 years ago
- b5f6977 Coalesce rules for allowing execution of shared objects by app domains. by Stephen Smalley · 11 years ago
- 9de4c69 Strip unnecessary trailing semicolon on macro calls. by Stephen Smalley · 11 years ago
- 81fe5f7 Allow all domains to read the log devices. by Stephen Smalley · 11 years ago
- 4387956 Add the ability to stat files under /cache for media_app. by Geremy Condra · 11 years ago
- 2ae799e Drop separate domain for browser. by Stephen Smalley · 11 years ago
- 0ecb0f8 Eliminate most of the app policy booleans. by Stephen Smalley · 11 years ago
- e69552b Revert "Revert "Various minor policy fixes based on CTS."" by Geremy Condra · 11 years ago
- 18b5f87 racoon policy. by Robert Craig · 11 years ago
- ba84bf1 Revert "Various minor policy fixes based on CTS." by Geremy Condra · 11 years ago
- 8a814a7 Various minor policy fixes based on CTS. by Stephen Smalley · 11 years ago
- c195ec3 Split internal and external sdcards by William Roberts · 11 years ago
- 9ce99e3 Update binder-related policy. by Stephen Smalley · 12 years ago
- c8106f1 Only allow read/write not open on platform_app_data_file. by Stephen Smalley · 11 years ago
- 1c8464e App data backup security policy. by rpcraig · 12 years ago
- 4c266ba Change security policy so all apps can read /dev/xt_qtaguid. by rpcraig · 12 years ago
- 7672eac Add SELinux policy for asec containers. by rpcraig · 12 years ago
- f26d813 allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access by Joshua Brindle · 12 years ago
- 061f254 Define security labeling for isolated processes. by Stephen Smalley · 12 years ago
- abd977a Additions for grouper/JB by rpcraig · 12 years ago
- 901cc36 Untrusted_app gets route information by Haiqing Jiang · 12 years ago
- d28714c Introduce app_read_logs boolean. by Stephen Smalley · 12 years ago
- 3261fee untrusted_app reads logs when android_cts enabled by Haiqing Jiang · 12 years ago
- 1f0f77f Allow CTS Test apps to access to system_data_file by Haiqing Jiang · 12 years ago
- 59e9680 socket permissions to untrusted_app by Haiqing Jiang · 12 years ago
- 2b47c3f allocate perms to platformappdomain over system_data_file by Haiqing Jiang · 12 years ago
- 7585fc6 Platform app domain sdcard accesses by Haiqing Jiang · 12 years ago
- b9760aa Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps. by Stephen Smalley · 12 years ago
- 4c06d27 Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. by hqjiang · 12 years ago
- 1c73516 Address various denials introduced by JB/4.1. by Stephen Smalley · 12 years ago
- 96bf505 Fix the app_ndk policy boolean allow rule. by Michal Mašek · 12 years ago
- 03d2803 media app should have rw access to sdcard dir and files. by William Roberts · 12 years ago
- f3b587c Rewrite app domains and seapp_contexts to leverage new seinfo tags. by Stephen Smalley · 12 years ago
- e4682a6 Allow apps to write to /proc/net/xt_qtaguid/ctrl. by Stephen Smalley · 12 years ago
- a883c38 Allow apps to write to anr_data_file for /data/anr/traces.txt. by Stephen Smalley · 12 years ago
- f6cbbe2 Introduce a separate wallpaper_file type for the wallpaper file. by Stephen Smalley · 12 years ago
- 59d2803 Introduce a separate apk_tmp_file type for the vmdl.*\.tmp files. by Stephen Smalley · 12 years ago
- c83d008 Policy changes to support running the latest CTS. by Stephen Smalley · 12 years ago
- c94e239 Further policy for Motorola Xoom. by Stephen Smalley · 12 years ago