Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
fp2-dev
/
platform
/
external
/
sepolicy
/
refs/tags/FP2-open-16.11.0
/
system_server.te
aaecd1e
allow system_server to set ro.build.fingerprint
by Nick Kralevich
· 10 years ago
2d1650f
allow system_server to set kernel scheduling priority
by Nick Kralevich
· 10 years ago
51bfecf
Pull keychain-data policy out of system-data
by Robin Lee
· 10 years ago
2380d05
allow system_server oemfs read access
by Nick Kralevich
· 10 years ago
47bd730
Add support for factory reset protection.
by dcashman
· 10 years ago
de08be8
Allow system reset_uid, sync_uid, password_uid
by Robin Lee
· 10 years ago
372d0df
Remove system_server create access from /data/dalvik-cache
by Brian Carlstrom
· 10 years ago
997461b
Allow system_server to talk to netlink directly.
by Sreeram Ramachandran
· 10 years ago
aa8e657
Revert "fix system_server dex2oat exec"
by Narayan Kamath
· 10 years ago
bf69632
DO NOT MERGE: Remove service_manager audit_allows.
by Riley Spahn
· 10 years ago
d263576
Remove auditallow from system_server.
by Riley Spahn
· 10 years ago
344fc10
Add access control for each service_manager action.
by Riley Spahn
· 10 years ago
10370f5
fix system_server dex2oat exec
by Nick Kralevich
· 10 years ago
81839df
reconcile aosp (3a8c5dc05fb7696dd81b8a7c1b2524224154e8ea) after branching. Please do not merge.
by Ed Heyl
· 10 years ago
5d60f04
sepolicy: allow system server to remove cgroups
by Colin Cross
· 10 years ago
d8447fd
Typedef+rules for SysSer to access persistent block device
by Andres Morales
· 10 years ago
be092af
Rules to allow installing package directories.
by Jeff Sharkey
· 10 years ago
d00eff4
system_server: bring back sdcard_type neverallow rule
by Nick Kralevich
· 10 years ago
596bcc7
Remove keystore auditallow statements from system.
by Riley Spahn
· 10 years ago
1196d2a
Adding policies for KeyStore MAC.
by Riley Spahn
· 10 years ago
8c6552a
Allow system_server to read all /proc files
by Nick Kralevich
· 10 years ago
fee4915
Align SELinux property policy with init property_perms.
by Stephen Smalley
· 10 years ago
97a2cfd
Allow Bluetooth app to initiate DHCP service on bt-pan interface.
by Paul Jensen
· 10 years ago
04e730b
system_server: allow open /dev/snd and read files
by Nick Kralevich
· 10 years ago
00b180d
Eliminate some duplicated rules.
by Stephen Smalley
· 10 years ago
fad4d5f
Fix SELinux policies to allow resource overlays.
by Nick Kralevich
· 10 years ago
a76d9dd
system_server profile access
by Nick Kralevich
· 10 years ago
96d9af4
allow system_server getattr on /data/dalvik-cache/profiles
by Nick Kralevich
· 10 years ago
8670305
Remove world-read access to /data/dalvik-cache/profiles
by Nick Kralevich
· 10 years ago
f90c41f
Add SELinux rules for service_manager.
by Riley Spahn
· 10 years ago
13d5886
system_server: Adds permission to system_server to write sysfs file
by Ruchi Kandoi
· 10 years ago
6bb672e
Make the system_server domain enforcing.
by Stephen Smalley
· 11 years ago
2cc6d63
Allow system_server access to /data/media files passed via Binder.
by Stephen Smalley
· 10 years ago
f85c1fc
Allow installd, vold, system_server unlabeled access.
by Stephen Smalley
· 10 years ago
8599e34
Introduce wakelock_use()
by Nick Kralevich
· 10 years ago
a16a59e
Remove graphics_device access.
by Stephen Smalley
· 10 years ago
782e084
Allow system_server to read tombstones.
by Stephen Smalley
· 10 years ago
538edd3
Restrict system_server to only the data file types needed.
by Stephen Smalley
· 10 years ago
02dac03
Drop relabelto_domain() macro and its associated definitions.
by Stephen Smalley
· 10 years ago
cd905ec
Protect keystore's files.
by Nick Kralevich
· 10 years ago
53cde70
Report graphics_device accesses by system_server or mediaserver.
by Stephen Smalley
· 10 years ago
3f3d6ff
Allow system_server pstore access.
by Nick Kralevich
· 10 years ago
e06e536
Allow inputflinger to call system_server.
by Stephen Smalley
· 10 years ago
971b5d7
Allow system_server to set ctl.bugreport property.
by Stephen Smalley
· 10 years ago
bafbf81
Allow system_server to read from log daemon.
by Stephen Smalley
· 10 years ago
6fe899a
Silence /proc/pid denials.
by Stephen Smalley
· 10 years ago
c181218
Deduplicate and rationalize system_server /proc/pid access.
by Stephen Smalley
· 10 years ago
d9d9d2f
temp fix for build breakage.
by Nick Kralevich
· 10 years ago
d331e00
Do not allow system_server to access SDcard files.
by Stephen Smalley
· 10 years ago
3dad7b6
Address system_server denials.
by Stephen Smalley
· 10 years ago
28afdd9
Deduplicate binder_call rules.
by Stephen Smalley
· 10 years ago
63b98b1
restore system_server zygote socket rules
by Nick Kralevich
· 10 years ago
37afd3f
Remove system_server and zygote unlabeled execute access.
by Stephen Smalley
· 10 years ago
0296b94
Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
by Stephen Smalley
· 10 years ago
2c347e0
Drop obsolete keystore_socket type and rules.
by Stephen Smalley
· 10 years ago
1601132
Clean up socket rules.
by Stephen Smalley
· 10 years ago
335faf2
Allow stat of /sys/module/lowmemorykiller files by system_server.
by Stephen Smalley
· 10 years ago
5467fce
initial lmkd policy.
by Nick Kralevich
· 10 years ago
418e2ab
Label /data/misc/wifi/sockets with wpa_socket.
by Stephen Smalley
· 10 years ago
8ed750e
sepolicy: Add write_logd, read_logd & control_logd
by Mark Salyzyn
· 11 years ago
208deb3
Allow dumpstate to run am and shell.
by Stephen Smalley
· 10 years ago
623975f
Support forcing permissive domains to unconfined.
by Nick Kralevich
· 10 years ago
959fdaa
Remove unlabeled execute access from domain, add to appdomain.
by Stephen Smalley
· 10 years ago
c50bf17
Address new system server denial.
by Robert Craig
· 10 years ago
37339c7
fix mediaserver selinux denials.
by Nick Kralevich
· 10 years ago
e7ec2f5
Only allow PROT_EXEC for ashmem where required.
by Stephen Smalley
· 10 years ago
527316a
Allow use of art as the Android runtime.
by Stephen Smalley
· 10 years ago
13e44ec
allow system_server block_suspend
by Nick Kralevich
· 10 years ago
c4d7c0d
system_server.te: allow getopt/getattr on zygote socket
by Nick Kralevich
· 11 years ago
3ba9012
Move gpu_device type and rules to core policy.
by Stephen Smalley
· 11 years ago
2b392fc
Move lmkd into it's own domain.
by Nick Kralevich
· 11 years ago
a49ba92
Allow SELinuxPolicyInstallReceiver to work.
by Stephen Smalley
· 11 years ago
af47ebb
Label /dev/fscklogs and allow system_server access to it.
by Stephen Smalley
· 11 years ago
2a604ad
Confine healthd, but leave it permissive for now.
by Stephen Smalley
· 11 years ago
cd95e0a
Allow system_server to set powerctl_prop
by Nick Kralevich
· 11 years ago
dd1ec6d
Give system_server / system_app ability to write some properties
by Nick Kralevich
· 11 years ago
1ff6441
Confine system_server, but leave it permissive for now.
by Stephen Smalley
· 11 years ago
353c72e
Move unconfined domains out of permissive mode.
by Nick Kralevich
· 11 years ago
ec7d39b
Introduce controls on wake lock interface
by William Roberts
· 11 years ago
8d68831
Restrict access to /dev/hw_random to system_server and init.
by Alex Klyubin
· 11 years ago
45ba665
Label and allow access to /data/system/ndebugsocket.
by Stephen Smalley
· 11 years ago
4103b3f
2/2: Rename domain "system" to "system_server".
by Alex Klyubin
· 11 years ago
1fdee11
1/2: Rename domain "system" to "system_server".
by Alex Klyubin
· 11 years ago