Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
fp2-dev
/
platform
/
external
/
sepolicy
/
af9238c9b801325a289b5766fc9dc7a86d4dd0f5
af9238c
Confine mediaserver, but leave it permissive for now.
by Stephen Smalley
· 11 years ago
5637099
Confine all app domains, but make them permissive for now.
by Stephen Smalley
· 11 years ago
d7fd22e
Confine bluetooth app.
by Stephen Smalley
· 11 years ago
28a711c
Merge "Move unconfined domains out of permissive mode."
by Nick Kralevich
· 11 years ago
84d8831
Clarify the expectations for the unconfined template.
by Nick Kralevich
· 11 years ago
353c72e
Move unconfined domains out of permissive mode.
by Nick Kralevich
· 11 years ago
610a4b1
tools: update lengths from int to size_t
by William Roberts
· 11 years ago
6184629
tools: require that seinfo and packagename be used
by William Roberts
· 11 years ago
d1f1070
tools: drop unused field in struct
by William Roberts
· 11 years ago
1413833
tools: Strengthen BEGIN/END CERTIFICATE checks
by William Roberts
· 11 years ago
070c01f
tools: Don't error out of insertkeys script on whitespace
by Mike Palmiotto
· 11 years ago
0b8c20e
Allow apps to use the USB Accessory functionality
by Nick Kralevich
· 11 years ago
ce90fc4
Merge "tools: Correct insert keys behavior on pem files"
by Nick Kralevich
· 11 years ago
1ecb4e8
tools: Correct insert keys behavior on pem files
by William Roberts
· 11 years ago
85c5fc2
Start confining ueventd
by William Roberts
· 11 years ago
ec7d39b
Introduce controls on wake lock interface
by William Roberts
· 11 years ago
8d68831
Restrict access to /dev/hw_random to system_server and init.
by Alex Klyubin
· 11 years ago
109f9e6
Merge "Restore netdomain allow rules."
by Nick Kralevich
· 11 years ago
ede81a8
Merge "Except the shell domain from the transition neverallow rule."
by Nick Kralevich
· 11 years ago
5554075
Label adb keys file and allow access to it.
by Stephen Smalley
· 11 years ago
ca0759b
Restore netdomain allow rules.
by Stephen Smalley
· 11 years ago
5708544
Except the shell domain from the transition neverallow rule.
by Stephen Smalley
· 11 years ago
513fb85
Merge "Label and allow access to /data/system/ndebugsocket."
by Nick Kralevich
· 11 years ago
10f3c37
Merge "Make sure exec_type is assigned to all entrypoint types."
by Nick Kralevich
· 11 years ago
5c94723
Merge "Expand the set of neverallow rules applied to app domains."
by Geremy Condra
· 11 years ago
2a273ad
Expand the set of neverallow rules applied to app domains.
by Stephen Smalley
· 11 years ago
45ba665
Label and allow access to /data/system/ndebugsocket.
by Stephen Smalley
· 11 years ago
42c7357
Merge "Isolate untrusted app ptys from other domains."
by Geremy Condra
· 11 years ago
0130154
Make sure exec_type is assigned to all entrypoint types.
by Stephen Smalley
· 11 years ago
b0712c1
Remove /data/local/tmp/selinux entry.
by Stephen Smalley
· 11 years ago
2dc4acf
Isolate untrusted app ptys from other domains.
by Stephen Smalley
· 11 years ago
189558f
Remove legacy entries from crespo (Nexus S).
by Stephen Smalley
· 11 years ago
e9c4181
zygote.te: fix comment.
by Nick Kralevich
· 11 years ago
199fc73
Revert "Give Zygote the ability to write app data files."
by Nick Kralevich
· 11 years ago
7aba0bc
Allow file types to be associated with the rootfs.
by Stephen Smalley
· 11 years ago
567ee41
Label /dev/socket/gps with its own type.
by Stephen Smalley
· 11 years ago
4caf8c9
Label /dev/socket/mdns with its own type.
by Stephen Smalley
· 11 years ago
755cb39
Merge changes Ia473e29d,Ic500af7b
by Nick Kralevich
· 11 years ago
54d92dc
Merge "Extend to check indirect allow rules and conditional rules."
by Nick Kralevich
· 11 years ago
4103b3f
2/2: Rename domain "system" to "system_server".
by Alex Klyubin
· 11 years ago
1fdee11
1/2: Rename domain "system" to "system_server".
by Alex Klyubin
· 11 years ago
a770f55
Remove dbusd policy; dbusd is no more.
by Stephen Smalley
· 11 years ago
1d435de
Remove bluetoothd policy; bluetoothd is no more.
by Stephen Smalley
· 11 years ago
8840fa7
Split system_app from system.
by Stephen Smalley
· 11 years ago
a62d5c6
Drop obsolete comments about SEAndroidManager.
by Stephen Smalley
· 11 years ago
c084503
Remove sys_nice capability from domains.
by Stephen Smalley
· 11 years ago
d1f448d
Merge changes Icd71c967,I3fd90ad9
by Nick Kralevich
· 11 years ago
29326ed
Drop domain write access to sysfs for the emulator.
by Stephen Smalley
· 11 years ago
0f7641d
Label all files under /sys/qemu_trace with sysfs_writable.
by Stephen Smalley
· 11 years ago
17454cf
Do not permit appdomain to create/write to download_file.
by Stephen Smalley
· 11 years ago
5b00f22
Remove duplicated rules between appdomain and isolated_app.
by Stephen Smalley
· 11 years ago
640991b
Extend to check indirect allow rules and conditional rules.
by Stephen Smalley
· 11 years ago
a24a991
Allow apps to execute app_data_files
by Nick Kralevich
· 11 years ago
a247705
Permit writing to /dev/random and /dev/urandom.
by Alex Klyubin
· 11 years ago
34a8e12
Permit installd to unlink all types of data_file_type.
by Alex Klyubin
· 11 years ago
a473e29
write_klog also requires write permission to the directory.
by Stephen Smalley
· 11 years ago
79e084f
Allow access to /data/security/current symbolic link.
by Stephen Smalley
· 11 years ago
9af6f1b
Drop -d option on insertkeys.py in Android.mk
by William Roberts
· 11 years ago
21d13e9
Merge "Fix more long-tail denials."
by Geremy Condra
· 11 years ago
217f8af
Fix more long-tail denials.
by Geremy Condra
· 11 years ago
66826d5
Merge "Fix miscellaneous long-tail denials."
by Geremy Condra
· 11 years ago
2f40a17
Revert "Add the ability to write shell files to the untrusted_app domain."
by Nick Kralevich
· 11 years ago
d615ef3
Fix miscellaneous long-tail denials.
by Geremy Condra
· 11 years ago
fc2bd01
Give Zygote the ability to write app data files.
by Geremy Condra
· 11 years ago
8156073
Fix denials encountered while getting bugreports.
by Geremy Condra
· 11 years ago
765e95f
Merge "quash SELinux denial for healthd"
by dcashman
· 11 years ago
3fada57
am cec3c1e4: am e0362602: Add capabilities to Zygote to fix valgrind.
by Geremy Condra
· 11 years ago
cec3c1e
am e0362602: Add capabilities to Zygote to fix valgrind.
by Geremy Condra
· 11 years ago
758d033
quash SELinux denial for healthd
by dcashman
· 11 years ago
e036260
Add capabilities to Zygote to fix valgrind.
by Geremy Condra
· 11 years ago
2b8512c
Merge "Add sepolicy-check, a utility for auditing selinux policy."
by Geremy Condra
· 11 years ago
01aaeb6
Add sepolicy-check, a utility for auditing selinux policy.
by Geremy Condra
· 11 years ago
7d7ab56
am 81cdd6c6: am 1b46b2fe: Fix insertkeys.py to resolve keys.conf path entries in a portable way
by Richard Haines
· 11 years ago
81cdd6c
am 1b46b2fe: Fix insertkeys.py to resolve keys.conf path entries in a portable way
by Richard Haines
· 11 years ago
bcefbf5
am 553bafef: am 29d0d406: Add the ability to write shell files to the untrusted_app domain.
by Geremy Condra
· 11 years ago
553bafe
am 29d0d406: Add the ability to write shell files to the untrusted_app domain.
by Geremy Condra
· 11 years ago
29d0d40
Add the ability to write shell files to the untrusted_app domain.
by Geremy Condra
· 11 years ago
1e9081a
am b74efd33: (-s ours) Reconcile with klp-release - do not merge
by The Android Open Source Project
· 11 years ago
b74efd3
Reconcile with klp-release - do not merge
by The Android Open Source Project
· 11 years ago
1b46b2f
Fix insertkeys.py to resolve keys.conf path entries in a portable way
by Richard Haines
· 11 years ago
6db3c2d
merge in klp-release history after reset to master
by The Android Automerger
· 11 years ago
ab7dfab
Fix clatd, broken by selinux policing /dev/tun
by Lorenzo Colitti
· 11 years ago
3411f78
merge in klp-release history after reset to master
by The Android Automerger
· 11 years ago
32c0dbd
Merge "healthd: add sepolicy"
by Todd Poynor
· 11 years ago
ebdbc2f
merge in klp-release history after reset to master
by The Android Automerger
· 11 years ago
7cda86e
Permit apps to bind TCP/UDP sockets to a hostname
by Alex Klyubin
· 11 years ago
08711d3
Move isolated_app.te / untrusted_app.te into permissive
by Nick Kralevich
· 11 years ago
24617fc
Move isolated_app.te / untrusted_app.te into permissive
by Nick Kralevich
· 11 years ago
59faed0
Allow apps to create listening ports
by Nick Kralevich
· 11 years ago
73e859c
merge in klp-release history after reset to master
by The Android Automerger
· 11 years ago
2637198
Only init should be able to load a security policy
by Nick Kralevich
· 11 years ago
8a2ebe3
Temporarily allow untrusted apps to read shell data files.
by Nick Kralevich
· 11 years ago
0b5b4fa
Merge "untrusted_app.te / isolated_app.te / app.te first pass"
by Nick Kralevich
· 11 years ago
3632bb2
Remove /sys from file_contexts
by Nick Kralevich
· 11 years ago
ceff21b
Merge "domain.te: Temporarily work around debuggerd connection bug"
by Nick Kralevich
· 11 years ago
5919d1c
domain.te: Temporarily work around debuggerd connection bug
by Nick Kralevich
· 11 years ago
caf7531
merge in klp-release history after reset to master
by The Android Automerger
· 11 years ago
6634a10
untrusted_app.te / isolated_app.te / app.te first pass
by Nick Kralevich
· 11 years ago
9a19885
remove "self:process ptrace" from domain, netd neverallow rules
by Nick Kralevich
· 11 years ago
748fdef
Move *_app into their own file
by Nick Kralevich
· 11 years ago
Next »