Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/heads/fp2-sibon / app.te
  1. bf626ce appdomain: relax netlink_socket neverallow rule by Nick Kralevich · 9 years ago
  2. 7ef348b Revert "isolated_app: Do not allow access to the gpu_device." by Nick Kralevich · 9 years ago
  3. afd2760 am 6f201ddc: App: add permissions to read symlinks from dalvik cache. by Jeff Hao · 10 years ago
  4. 6f201dd App: add permissions to read symlinks from dalvik cache. by Jeff Hao · 10 years ago
  5. b2b8f20 am 480374e4: Fix compile time / CTS gps_data_files neverallow assertion by Nick Kralevich · 10 years ago
  6. 480374e Fix compile time / CTS gps_data_files neverallow assertion by Nick Kralevich · 10 years ago
  7. bdec09b am 51bfecf4: Pull keychain-data policy out of system-data by Robin Lee · 10 years ago
  8. 51bfecf Pull keychain-data policy out of system-data by Robin Lee · 10 years ago
  9. 7aead48 am 49fd9567: Merge "Allow NFC to read/write nfc. system properties." into lmp-dev by Martijn Coenen · 10 years ago
  10. 49fd956 Merge "Allow NFC to read/write nfc. system properties." into lmp-dev by Martijn Coenen · 10 years ago
  11. 05383eb Allow NFC to read/write nfc. system properties. by Martijn Coenen · 10 years ago
  12. 434a16c am 62083414: allow apps to read the contents of mounted OBBs by Nick Kralevich · 10 years ago
  13. 6208341 allow apps to read the contents of mounted OBBs by Nick Kralevich · 10 years ago
  14. 9de62d6 isolated_app: Do not allow access to the gpu_device. by Robert Sesek · 10 years ago
  15. a8b651b relax appdomain efs_file neverallow rules [DO NOT MERGE] by Nick Kralevich · 10 years ago
  16. 36fb1f1 relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets by Nick Kralevich · 10 years ago
  17. 309cc66 Enable selinux read_policy for adb pull. by dcashman · 10 years ago
  18. bcdff89 logd: permit app access to clear logs by Mark Salyzyn · 10 years ago
  19. 67d58ac Merge "Add permissive domains check to sepolicy-analyze." into lmp-dev by dcashman · 10 years ago
  20. c30dd63 Add permissive domains check to sepolicy-analyze. by dcashman · 10 years ago
  21. 711895d Allow appdomain read perms on apk_data_files. by dcashman · 10 years ago
  22. d990a78 Fix neverallow rules to eliminate CTS SELinuxTest warnings. by Stephen Smalley · 10 years ago
  23. 8ee37b4 reconcile aosp (c103da877b72aae80616dbc192982aaf75dfe888) after branching. Please do not merge. by Ed Heyl · 10 years ago
  24. e9c90bd reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed) after branching. Please do not merge. by Ed Heyl · 10 years ago
  25. be66069 Remove -unconfineddomain from neverallow rules by Nick Kralevich · 10 years ago
  26. 77eb352 Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer API for wake alarms. by Sharvil Nanavati · 10 years ago
  27. 22e0c41 Remove auditallow statements causing log spam. by Riley Spahn · 10 years ago
  28. 1196d2a Adding policies for KeyStore MAC. by Riley Spahn · 10 years ago
  29. cf61069 Only allow app domains to access SDcard via fuse mount. by Stephen Smalley · 10 years ago
  30. fad4d5f Fix SELinux policies to allow resource overlays. by Nick Kralevich · 10 years ago
  31. 8670305 Remove world-read access to /data/dalvik-cache/profiles by Nick Kralevich · 10 years ago
  32. 42fb824 Refactor the shell domains. by Stephen Smalley · 10 years ago
  33. 84ed890 Merge adf_device into graphics_device by Nick Kralevich · 10 years ago
  34. 6f6c425 Adjust rules around /data/app entities by Christopher Tate · 10 years ago
  35. 78706f9 add execmod to various app domains by Nick Kralevich · 10 years ago
  36. 3235f61 Restrict /data/security and setprop selinux.reload_policy access. by Stephen Smalley · 10 years ago
  37. 685e2f9 remove syslog_* from unconfined by Nick Kralevich · 10 years ago
  38. f821b5a allow shell dmesg by Nick Kralevich · 10 years ago
  39. 9786af2 Define SELinux policy for RELRO sharing support. by Torne (Richard Coles) · 10 years ago
  40. 4fce0ef Fix use of valgrind via app wrapping by Nick Kralevich · 10 years ago
  41. 71db411 Remove duplicate neverallow rule. by dcashman · 10 years ago
  42. 681a687 Drop appdomain unlabeled file execute. by Stephen Smalley · 10 years ago
  43. 7004789 Add policies for Atomic Display Framework by Greg Hackmann · 10 years ago
  44. 91a4f8d Label app data directories for system UID apps with a different type. by Stephen Smalley · 10 years ago
  45. 1545b60 allow untrusted_app to write to MMS files by Nick Kralevich · 10 years ago
  46. 6736bac Define types for an OEM-provided filesystem. by Jeff Sharkey · 10 years ago
  47. 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
  48. 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago
  49. 9ba844f Coalesce shared_app, media_app, release_app into untrusted_app. by Stephen Smalley · 10 years ago
  50. 3fbc536 Allow reading of radio data files passed over binder. by Stephen Smalley · 10 years ago
  51. f9c3257 Get rid of separate download_file type. by Stephen Smalley · 10 years ago
  52. dc88dca Get rid of separate platform_app_data_file type. by Stephen Smalley · 10 years ago
  53. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 10 years ago
  54. b0db712 Clean up, unify, and deduplicate app domain rules. by Stephen Smalley · 10 years ago
  55. 3dad7b6 Address system_server denials. by Stephen Smalley · 10 years ago
  56. 2737cef Allow stat/read of /data/media files by app domains. by Stephen Smalley · 10 years ago
  57. 28afdd9 Deduplicate binder_call rules. by Stephen Smalley · 10 years ago
  58. 2c347e0 Drop obsolete keystore_socket type and rules. by Stephen Smalley · 10 years ago
  59. 85708ec Resolve overlapping rules between app.te and net.te. by Stephen Smalley · 10 years ago
  60. 0b218ec Finish fixing Zygote descriptor leakage problem by Dave Platt · 10 years ago
  61. 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
  62. a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 10 years ago
  63. fc4c6b7 Allow all appdomains to grab file attributes of wallpaper_file. by Robert Craig · 10 years ago
  64. 2e7a301 Address bug report denials. by Nick Kralevich · 10 years ago
  65. 09f6a99 Allow mediaserver to connect to bluetooth. by Stephen Smalley · 10 years ago
  66. df8af76 Add an exception for bluetooth to the sysfs neverallow rule. by Stephen Smalley · 10 years ago
  67. 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 10 years ago
  68. 396015c Remove ping domain. by Stephen Smalley · 10 years ago
  69. e7ec2f5 Only allow PROT_EXEC for ashmem where required. by Stephen Smalley · 10 years ago
  70. ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 10 years ago
  71. 527316a Allow use of art as the Android runtime. by Stephen Smalley · 10 years ago
  72. 5946937 Add rules to permit CTS security-related tests to run. by Stephen Smalley · 11 years ago
  73. 61dc350 app.te: allow getopt/getattr on zygote socket by Nick Kralevich · 11 years ago
  74. 09e6abd initial dumpstate domain by Nick Kralevich · 11 years ago
  75. 3ba9012 Move gpu_device type and rules to core policy. by Stephen Smalley · 11 years ago
  76. cf6b350 Allow apps to execute ping by Nick Kralevich · 11 years ago
  77. 6531712 Allow untrusted apps to execute binaries from their sandbox directories. by Stephen Smalley · 11 years ago
  78. 48759ca Support run-as and ndk-gdb functionality. by Stephen Smalley · 11 years ago
  79. 82fc3b5 Allow app-app communication via pipes by Nick Kralevich · 11 years ago
  80. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  81. 73c5ea7 fix typo by Nick Kralevich · 11 years ago
  82. d7fd22e Confine bluetooth app. by Stephen Smalley · 11 years ago
  83. 0b8c20e Allow apps to use the USB Accessory functionality by Nick Kralevich · 11 years ago
  84. 5708544 Except the shell domain from the transition neverallow rule. by Stephen Smalley · 11 years ago
  85. 2a273ad Expand the set of neverallow rules applied to app domains. by Stephen Smalley · 11 years ago
  86. 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
  87. a62d5c6 Drop obsolete comments about SEAndroidManager. by Stephen Smalley · 11 years ago
  88. 17454cf Do not permit appdomain to create/write to download_file. by Stephen Smalley · 11 years ago
  89. 5b00f22 Remove duplicated rules between appdomain and isolated_app. by Stephen Smalley · 11 years ago
  90. a24a991 Allow apps to execute app_data_files by Nick Kralevich · 11 years ago
  91. 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
  92. 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
  93. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  94. 748fdef Move *_app into their own file by Nick Kralevich · 11 years ago
  95. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
  96. 77d4731 Make all domains unconfined. by repo sync · 11 years ago
  97. 50e37b9 Move domains into per-domain permissive mode. by repo sync · 11 years ago
  98. 11153ef Add rules for asec containers. by repo sync · 11 years ago
  99. bfb26e7 Add downloaded file policy. by Geremy Condra · 11 years ago
  100. ffd8c44 Add new domains for private apps. by Robert Craig · 11 years ago