Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/tags/FP2-open-16.11.0 / domain.te
  1. cc13203 am 7cd346a7: am 0055ea90: Allow recovery to create device nodes and modify rootfs by Nick Kralevich · 10 years ago
  2. 0055ea9 Allow recovery to create device nodes and modify rootfs by Nick Kralevich · 10 years ago
  3. d7e004e allow coredump functionality by Nick Kralevich · 10 years ago
  4. f2c0118 zygote: allow replacing /proc/cpuinfo by Nick Kralevich · 10 years ago
  5. 47bd730 Add support for factory reset protection. by dcashman · 10 years ago
  6. 9d2703a Prohibit execute to fs_type other than rootfs for most domains. by Stephen Smalley · 10 years ago
  7. bf69632 DO NOT MERGE: Remove service_manager audit_allows. by Riley Spahn · 10 years ago
  8. 344fc10 Add access control for each service_manager action. by Riley Spahn · 10 years ago
  9. b59dc27 Drop sys_rawio neverallow for tee by Nick Kralevich · 10 years ago
  10. 9f6af08 New domain "install_recovery" by Nick Kralevich · 10 years ago
  11. 3508d61 fix build. by Nick Kralevich · 10 years ago
  12. 76206ab Add neverallow rules further restricing service_manager. by Riley Spahn · 10 years ago
  13. c626a88 Allow init to relabel rootfs files. by Stephen Smalley · 10 years ago
  14. 04b8a75 Remove write access to rootfs files. by Stephen Smalley · 10 years ago
  15. bac4ccc Prevent adding transitions to kernel or init domains. by Stephen Smalley · 10 years ago
  16. 00b180d Eliminate some duplicated rules. by Stephen Smalley · 10 years ago
  17. 75e2ef9 Restrict use of context= mount options. by Stephen Smalley · 10 years ago
  18. 8670305 Remove world-read access to /data/dalvik-cache/profiles by Nick Kralevich · 10 years ago
  19. 42fb824 Refactor the shell domains. by Stephen Smalley · 10 years ago
  20. cb23ca9 Remove domain unlabeled access. by Stephen Smalley · 10 years ago
  21. 6f6c425 Adjust rules around /data/app entities by Christopher Tate · 10 years ago
  22. 3235f61 Restrict /data/security and setprop selinux.reload_policy access. by Stephen Smalley · 10 years ago
  23. 2c8bf56 Only auditallow unlabeled accesses not allowed elsewhere. by Stephen Smalley · 10 years ago
  24. 03ce512 Remove /system write from unconfined by Nick Kralevich · 10 years ago
  25. ad0d0fc Protect /data/property. by Stephen Smalley · 10 years ago
  26. 629fbc9 Assert executable content (mostly) only loaded from /system by Nick Kralevich · 10 years ago
  27. 356f4be Restrict requesting contexts other than policy-defined defaults. by Stephen Smalley · 10 years ago
  28. f007d03 make /dev/zero read-write by Nick Kralevich · 10 years ago
  29. 7a186b3 Suppress installd auditallow by Nick Kralevich · 10 years ago
  30. 5ce079b Bring back the unlabeled allowall rules by Nick Kralevich · 10 years ago
  31. 7ffb997 Neverallow low memory mappings. by Stephen Smalley · 10 years ago
  32. abae8a9 Revisit kernel setenforce by Nick Kralevich · 10 years ago
  33. 02dac03 Drop relabelto_domain() macro and its associated definitions. by Stephen Smalley · 10 years ago
  34. e69a32a Drop rw access to unlabeled files. by Stephen Smalley · 10 years ago
  35. 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
  36. 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago
  37. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 10 years ago
  38. 20feb75 Allow all domains to read from socket_device directory. by Robert Craig · 10 years ago
  39. 3dad7b6 Address system_server denials. by Stephen Smalley · 10 years ago
  40. 1601132 Clean up socket rules. by Stephen Smalley · 10 years ago
  41. f926817 Allow reading of /data/security/current symlink. by Stephen Smalley · 10 years ago
  42. 96eeb1e initial policy for uncrypt. by Nick Kralevich · 10 years ago
  43. 3f40d4f Remove block device access from unconfined domains. by Stephen Smalley · 10 years ago
  44. 5487ca0 Remove several superuser capabilities from unconfined domains. by Stephen Smalley · 10 years ago
  45. b081cc1 Remove mount-related permissions from unconfined domains. by Stephen Smalley · 10 years ago
  46. 48b1883 Introduce asec_public_file type. by Robert Craig · 10 years ago
  47. 8ed750e sepolicy: Add write_logd, read_logd & control_logd by Mark Salyzyn · 11 years ago
  48. a637b2f assert: Do not allow access to generic device:chr_file by William Roberts · 10 years ago
  49. d0919ec assert: do not allow raw access to generic block_device by William Roberts · 10 years ago
  50. 04ee5df Remove MAC capabilities from unconfined domains. by Stephen Smalley · 10 years ago
  51. 7d0f955 Support running adbd in the su domain. by Nick Kralevich · 10 years ago
  52. d9b8ef4 Drop legacy device types. by Stephen Smalley · 10 years ago
  53. 39fd781 Remove domain init:unix_stream_socket connectto permission. by Stephen Smalley · 10 years ago
  54. 91c290b Allow access to unlabeled socket and fifo files. by Stephen Smalley · 10 years ago
  55. 959fdaa Remove unlabeled execute access from domain, add to appdomain. by Stephen Smalley · 10 years ago
  56. 8b51674 Restrict ability to set checkreqprot. by Stephen Smalley · 10 years ago
  57. 529fcbe Create proc_net type for /proc/sys/net entries. by Robert Craig · 10 years ago
  58. a730e50 Don't allow zygote init:binder call by Nick Kralevich · 10 years ago
  59. c4021ce Address adb backup/restore denials. by Stephen Smalley · 10 years ago
  60. ad7df7b Remove execmem permission from domain, add to appdomain. by Stephen Smalley · 11 years ago
  61. 712ca0a Confine shell domain in -user builds only. by Stephen Smalley · 11 years ago
  62. 7466f9b Label /data/misc/zoneinfo by Nick Kralevich · 11 years ago
  63. 95e0842 Restrict ptrace access by debuggerd and unconfineddomain. by Stephen Smalley · 11 years ago
  64. fea6e66 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
  65. 9e8b8d9 Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." by Nick Kralevich · 11 years ago
  66. bf12e22 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 11 years ago
  67. 7adb999 Restrict the ability to set usermodehelpers and proc security settings. by Stephen Smalley · 11 years ago
  68. b254764 Drop tegra specific label from policy. by Robert Craig · 11 years ago
  69. d99e6d5 Restrict the ability to set SELinux enforcing mode to init. by Stephen Smalley · 11 years ago
  70. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  71. 2e0b4a1 Move goldfish-specific rules to their own directory. by Stephen Smalley · 11 years ago
  72. 967f39a Move sysfs_devices_system_cpu to the central policy. by Nick Kralevich · 11 years ago
  73. 85c5fc2 Start confining ueventd by William Roberts · 11 years ago
  74. 8d68831 Restrict access to /dev/hw_random to system_server and init. by Alex Klyubin · 11 years ago
  75. 0130154 Make sure exec_type is assigned to all entrypoint types. by Stephen Smalley · 11 years ago
  76. 1fdee11 1/2: Rename domain "system" to "system_server". by Alex Klyubin · 11 years ago
  77. c084503 Remove sys_nice capability from domains. by Stephen Smalley · 11 years ago
  78. 29326ed Drop domain write access to sysfs for the emulator. by Stephen Smalley · 11 years ago
  79. a247705 Permit writing to /dev/random and /dev/urandom. by Alex Klyubin · 11 years ago
  80. 8156073 Fix denials encountered while getting bugreports. by Geremy Condra · 11 years ago
  81. 2637198 Only init should be able to load a security policy by Nick Kralevich · 11 years ago
  82. 0b5b4fa Merge "untrusted_app.te / isolated_app.te / app.te first pass" by Nick Kralevich · 11 years ago
  83. ceff21b Merge "domain.te: Temporarily work around debuggerd connection bug" by Nick Kralevich · 11 years ago
  84. 5919d1c domain.te: Temporarily work around debuggerd connection bug by Nick Kralevich · 11 years ago
  85. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  86. 9a19885 remove "self:process ptrace" from domain, netd neverallow rules by Nick Kralevich · 11 years ago
  87. 8758cc5 domain.te: allow access to /sys/kernel/debug/tracing/trace_marker by Nick Kralevich · 11 years ago
  88. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 11 years ago
  89. dbd28d9 Enable SELinux protections for netd. by Nick Kralevich · 11 years ago
  90. 77d4731 Make all domains unconfined. by repo sync · 11 years ago
  91. 74ba8c8 run-as policy fixes. by Stephen Smalley · 11 years ago
  92. 0e856a0 Allow all domains to read /dev symlinks. by Stephen Smalley · 11 years ago
  93. 81fe5f7 Allow all domains to read the log devices. by Stephen Smalley · 11 years ago
  94. c529c66 Add policy for __properties__ device. by Geremy Condra · 11 years ago
  95. 4d3f108 Allow domain search/getattr access to security file by William Roberts · 11 years ago
  96. 1f5939a Allow search of tmpfs mount for /storage/emulated. by Stephen Smalley · 11 years ago
  97. 6136284 Permit fstat of property mapping. by Stephen Smalley · 11 years ago
  98. aeb512d Disable debugfs access by default. by Stephen Smalley · 11 years ago
  99. 40356b9 Allow domain to random_device by William Roberts · 11 years ago
  100. 7672eac Add SELinux policy for asec containers. by rpcraig · 12 years ago