Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/tags/fp2-sibon-17.10.1 / domain.te
  1. 5f13b7d sepolicy: Fixup neverallow for su in userdebug/eng by Maarten Derks · 7 years ago
  2. 90ccbcf Further restrict socket ioctls available to apps by Jeff Vander Stoep · 8 years ago
  3. e827a8a Relax neverallow rule for loading an updated SELinux policy. by Nick Kralevich · 9 years ago
  4. 356df32 init.te: delete kernel load policy support by Nick Kralevich · 9 years ago
  5. 301555e Allow domains to read tmpfs symlinks. by dcashman · 9 years ago
  6. 6ef3275 remove mako specific neverallow exception by Nick Kralevich · 9 years ago
  7. 16873c1 neverallow read to shell- and app-writable symlinks. by Stephen Smalley · 9 years ago
  8. 6462027 neverallow transitions to shell by William Roberts · 9 years ago
  9. 7c065a9 neverallow "write ops" on system_data_file from "others" by William Roberts · 9 years ago
  10. 1bcff87 neverallow write access to /data/dalvik-cache directories. by Stephen Smalley · 9 years ago
  11. ba8821b Merge changes from topic 'na-move-to-installd' into mnc-dev by Narayan Kamath · 9 years ago
  12. e265197 Allow /dev/klog access, drop mknod and __null__ access by Nick Kralevich · 9 years ago
  13. 01898ea Revert "Allow system_server to link,relabel and create_dir dalvikcache_data_file." by Narayan Kamath · 9 years ago
  14. 41f233f Allow system_server to link,relabel and create_dir dalvikcache_data_file. by Narayan Kamath · 9 years ago
  15. e2c0c9d DO NOT MERGE Securely encrypt the master key by Paul Lawrence · 9 years ago
  16. 34a468f Update sepolicy to add label for /data/misc/perfprofd. by Dehao Chen · 9 years ago
  17. 3c242ca Ensure that domain and appdomain attributes are assigned. by Stephen Smalley · 9 years ago
  18. 9b8505b am a331c593: am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 9 years ago
  19. 5aac86d Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 9 years ago
  20. ad7719c am 6b82aaeb: am 6d97d9b8: Merge "Revert "SELinux policy changes for re-execing init."" by Nick Kralevich · 9 years ago
  21. c450759 Revert "SELinux policy changes for re-execing init." by Nick Kralevich · 9 years ago
  22. 25ed8fa am f17bbab7: am ecd57731: Merge "SELinux policy changes for re-execing init." by Elliott Hughes · 9 years ago
  23. 46e832f SELinux policy changes for re-execing init. by Elliott Hughes · 9 years ago
  24. fd47d02 Merge "Remove recovery from mknod neverallow rule" by Nick Kralevich · 9 years ago
  25. 98a2f7f Remove recovery from mknod neverallow rule by Nick Kralevich · 9 years ago
  26. 4d9c99d am 38885bc4: am e96c3abe: Add neverallow for mounting on proc by dcashman · 9 years ago
  27. e96c3ab Add neverallow for mounting on proc by dcashman · 9 years ago
  28. 710c5a2 am 29f90b1e: am 7f2bb0c1: Merge "Enforce more specific service access." by dcashman · 9 years ago
  29. bd7f580 Enforce more specific service access. by dcashman · 9 years ago
  30. 722efc2 am 41c5ead3: am b62b2020: Merge "domain: relax execmod restrictions" by Nick Kralevich · 9 years ago
  31. 998ce77 domain: relax execmod restrictions by Nick Kralevich · 9 years ago
  32. 38af1da Adding e4crypt support by Paul Lawrence · 9 years ago
  33. eee5d20 am 1df53474: am a7eb161e: Merge "add neverallow rules for execmod" by Nick Kralevich · 9 years ago
  34. 359101a add neverallow rules for execmod by Nick Kralevich · 9 years ago
  35. 9a6d315 am 671d16fe: am 581f25b0: Merge "Add new "procrank" SELinux domain." by Nick Kralevich · 9 years ago
  36. a191398 Add new "procrank" SELinux domain. by Nick Kralevich · 9 years ago
  37. 84fa314 am f836abef: am 8bd13687: neverallow su_exec:file execute by Nick Kralevich · 9 years ago
  38. 8bd1368 neverallow su_exec:file execute by Nick Kralevich · 9 years ago
  39. 8138401 Adding e4crypt support by Paul Lawrence · 9 years ago
  40. 7b2d879 am 1193bdf4: am 6843a793: am 8f81dcad: Only allow system_server to send commands to zygote. by dcashman · 9 years ago
  41. 8f81dca Only allow system_server to send commands to zygote. by dcashman · 9 years ago
  42. 7ceb4cc Revert "Allow recovery to create device nodes and modify rootfs" by Nick Kralevich · 9 years ago
  43. 9d87c64 Allow init to execute /sbin/slideshow by Sami Tolvanen · 9 years ago
  44. 5cf3994 Revert /proc/net related changes by Nick Kralevich · 9 years ago
  45. f5e7162 sepolicy: remove block_device access from install_recovery by Stephen Smalley · 9 years ago
  46. 74ddf30 neverallow mounton lnk_file fifo_file sock_file by Nick Kralevich · 9 years ago
  47. 14d5619 domain.te: neverallow System V IPC classes by Nick Kralevich · 9 years ago
  48. 616c787 Remove service_manager_type auditing of shell source domain. by dcashman · 9 years ago
  49. 74df7f5 don't allow mounting on top of /system files/directories by Nick Kralevich · 9 years ago
  50. 3c77d4d Add compile time checks for /data/dalvik-cache access by Nick Kralevich · 9 years ago
  51. 0f0324c domain.te: allow /proc/net/psched access by Nick Kralevich · 9 years ago
  52. 99940d1 remove /proc/net read access from domain.te by Nick Kralevich · 9 years ago
  53. 4a89cdf Make system_server_service an attribute. by dcashman · 9 years ago
  54. cd82557 Restrict service_manager find and list access. by dcashman · 9 years ago
  55. 10ecd05 Add neverallow rule for set_context_mgr. by dcashman · 9 years ago
  56. 6322a32 Revert " Add neverallow rule for set_context_mgr." by dcashman · 9 years ago
  57. 76f3fe3 Add neverallow rule for set_context_mgr. by dcashman · 9 years ago
  58. 1795b66 Allow recovery to create device nodes and modify rootfs by Nick Kralevich · 10 years ago
  59. a17a266 recovery.te: add /data neverallow rules by Nick Kralevich · 10 years ago
  60. ca62a8b allow coredump functionality by Nick Kralevich · 10 years ago
  61. 0d08d47 Remove -unconfineddomain from neverallow rules. by Stephen Smalley · 10 years ago
  62. 3da1ffb Remove block_device:blk_file access from fsck. by Stephen Smalley · 10 years ago
  63. 206b1a6 Define specific block device types for system and recovery partitions. by Stephen Smalley · 10 years ago
  64. 8a0c25e Do not allow init to execute anything without changing domains. by Stephen Smalley · 10 years ago
  65. 2de0287 zygote: allow replacing /proc/cpuinfo by Nick Kralevich · 10 years ago
  66. f37ce3f Add support for factory reset protection. by dcashman · 10 years ago
  67. a10bfd8 Remove /dev/log/* access by Nick Kralevich · 10 years ago
  68. 99aa03d assert that no domain can set default properties by Nick Kralevich · 10 years ago
  69. 65feafc tighten up neverallow rules for init binder operations by Nick Kralevich · 10 years ago
  70. 840e522 Remove dumpstate from servicemanager list auditallow. by Riley Spahn · 10 years ago
  71. 4644ac4 Prohibit execute to fs_type other than rootfs for most domains. by Stephen Smalley · 10 years ago
  72. b8511e0 Add access control for each service_manager action. by Riley Spahn · 10 years ago
  73. b59dc27 Drop sys_rawio neverallow for tee by Nick Kralevich · 10 years ago
  74. 9f6af08 New domain "install_recovery" by Nick Kralevich · 10 years ago
  75. 3508d61 fix build. by Nick Kralevich · 10 years ago
  76. 76206ab Add neverallow rules further restricing service_manager. by Riley Spahn · 10 years ago
  77. c626a88 Allow init to relabel rootfs files. by Stephen Smalley · 10 years ago
  78. 04b8a75 Remove write access to rootfs files. by Stephen Smalley · 10 years ago
  79. bac4ccc Prevent adding transitions to kernel or init domains. by Stephen Smalley · 10 years ago
  80. 00b180d Eliminate some duplicated rules. by Stephen Smalley · 10 years ago
  81. 75e2ef9 Restrict use of context= mount options. by Stephen Smalley · 10 years ago
  82. 8670305 Remove world-read access to /data/dalvik-cache/profiles by Nick Kralevich · 10 years ago
  83. 42fb824 Refactor the shell domains. by Stephen Smalley · 10 years ago
  84. cb23ca9 Remove domain unlabeled access. by Stephen Smalley · 10 years ago
  85. 6f6c425 Adjust rules around /data/app entities by Christopher Tate · 10 years ago
  86. 3235f61 Restrict /data/security and setprop selinux.reload_policy access. by Stephen Smalley · 10 years ago
  87. 2c8bf56 Only auditallow unlabeled accesses not allowed elsewhere. by Stephen Smalley · 10 years ago
  88. 03ce512 Remove /system write from unconfined by Nick Kralevich · 10 years ago
  89. ad0d0fc Protect /data/property. by Stephen Smalley · 10 years ago
  90. 629fbc9 Assert executable content (mostly) only loaded from /system by Nick Kralevich · 10 years ago
  91. 356f4be Restrict requesting contexts other than policy-defined defaults. by Stephen Smalley · 10 years ago
  92. f007d03 make /dev/zero read-write by Nick Kralevich · 10 years ago
  93. 7a186b3 Suppress installd auditallow by Nick Kralevich · 10 years ago
  94. 5ce079b Bring back the unlabeled allowall rules by Nick Kralevich · 10 years ago
  95. 7ffb997 Neverallow low memory mappings. by Stephen Smalley · 10 years ago
  96. abae8a9 Revisit kernel setenforce by Nick Kralevich · 10 years ago
  97. 02dac03 Drop relabelto_domain() macro and its associated definitions. by Stephen Smalley · 10 years ago
  98. e69a32a Drop rw access to unlabeled files. by Stephen Smalley · 10 years ago
  99. 2562843 Audit accesses on unlabeled files. by Stephen Smalley · 10 years ago
  100. 19c5090 Define a type for /data/dalvik-cache/profiles. by Stephen Smalley · 10 years ago