Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
fp2-dev
/
platform
/
external
/
sepolicy
/
refs/tags/fp2-sibon-17.11.2
/
domain.te
5f13b7d
sepolicy: Fixup neverallow for su in userdebug/eng
by Maarten Derks
· 7 years ago
90ccbcf
Further restrict socket ioctls available to apps
by Jeff Vander Stoep
· 8 years ago
e827a8a
Relax neverallow rule for loading an updated SELinux policy.
by Nick Kralevich
· 9 years ago
356df32
init.te: delete kernel load policy support
by Nick Kralevich
· 9 years ago
301555e
Allow domains to read tmpfs symlinks.
by dcashman
· 9 years ago
6ef3275
remove mako specific neverallow exception
by Nick Kralevich
· 9 years ago
16873c1
neverallow read to shell- and app-writable symlinks.
by Stephen Smalley
· 9 years ago
6462027
neverallow transitions to shell
by William Roberts
· 9 years ago
7c065a9
neverallow "write ops" on system_data_file from "others"
by William Roberts
· 9 years ago
1bcff87
neverallow write access to /data/dalvik-cache directories.
by Stephen Smalley
· 9 years ago
ba8821b
Merge changes from topic 'na-move-to-installd' into mnc-dev
by Narayan Kamath
· 9 years ago
e265197
Allow /dev/klog access, drop mknod and __null__ access
by Nick Kralevich
· 9 years ago
01898ea
Revert "Allow system_server to link,relabel and create_dir dalvikcache_data_file."
by Narayan Kamath
· 9 years ago
41f233f
Allow system_server to link,relabel and create_dir dalvikcache_data_file.
by Narayan Kamath
· 9 years ago
e2c0c9d
DO NOT MERGE Securely encrypt the master key
by Paul Lawrence
· 9 years ago
34a468f
Update sepolicy to add label for /data/misc/perfprofd.
by Dehao Chen
· 9 years ago
3c242ca
Ensure that domain and appdomain attributes are assigned.
by Stephen Smalley
· 9 years ago
9b8505b
am a331c593: am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init.""
by Elliott Hughes
· 9 years ago
5aac86d
Revert "Revert "SELinux policy changes for re-execing init.""
by Elliott Hughes
· 9 years ago
ad7719c
am 6b82aaeb: am 6d97d9b8: Merge "Revert "SELinux policy changes for re-execing init.""
by Nick Kralevich
· 9 years ago
c450759
Revert "SELinux policy changes for re-execing init."
by Nick Kralevich
· 9 years ago
25ed8fa
am f17bbab7: am ecd57731: Merge "SELinux policy changes for re-execing init."
by Elliott Hughes
· 9 years ago
46e832f
SELinux policy changes for re-execing init.
by Elliott Hughes
· 9 years ago
fd47d02
Merge "Remove recovery from mknod neverallow rule"
by Nick Kralevich
· 9 years ago
98a2f7f
Remove recovery from mknod neverallow rule
by Nick Kralevich
· 9 years ago
4d9c99d
am 38885bc4: am e96c3abe: Add neverallow for mounting on proc
by dcashman
· 9 years ago
e96c3ab
Add neverallow for mounting on proc
by dcashman
· 9 years ago
710c5a2
am 29f90b1e: am 7f2bb0c1: Merge "Enforce more specific service access."
by dcashman
· 9 years ago
bd7f580
Enforce more specific service access.
by dcashman
· 9 years ago
722efc2
am 41c5ead3: am b62b2020: Merge "domain: relax execmod restrictions"
by Nick Kralevich
· 9 years ago
998ce77
domain: relax execmod restrictions
by Nick Kralevich
· 9 years ago
38af1da
Adding e4crypt support
by Paul Lawrence
· 9 years ago
eee5d20
am 1df53474: am a7eb161e: Merge "add neverallow rules for execmod"
by Nick Kralevich
· 9 years ago
359101a
add neverallow rules for execmod
by Nick Kralevich
· 9 years ago
9a6d315
am 671d16fe: am 581f25b0: Merge "Add new "procrank" SELinux domain."
by Nick Kralevich
· 9 years ago
a191398
Add new "procrank" SELinux domain.
by Nick Kralevich
· 9 years ago
84fa314
am f836abef: am 8bd13687: neverallow su_exec:file execute
by Nick Kralevich
· 9 years ago
8bd1368
neverallow su_exec:file execute
by Nick Kralevich
· 9 years ago
8138401
Adding e4crypt support
by Paul Lawrence
· 9 years ago
7b2d879
am 1193bdf4: am 6843a793: am 8f81dcad: Only allow system_server to send commands to zygote.
by dcashman
· 9 years ago
8f81dca
Only allow system_server to send commands to zygote.
by dcashman
· 9 years ago
7ceb4cc
Revert "Allow recovery to create device nodes and modify rootfs"
by Nick Kralevich
· 9 years ago
9d87c64
Allow init to execute /sbin/slideshow
by Sami Tolvanen
· 9 years ago
5cf3994
Revert /proc/net related changes
by Nick Kralevich
· 9 years ago
f5e7162
sepolicy: remove block_device access from install_recovery
by Stephen Smalley
· 9 years ago
74ddf30
neverallow mounton lnk_file fifo_file sock_file
by Nick Kralevich
· 9 years ago
14d5619
domain.te: neverallow System V IPC classes
by Nick Kralevich
· 9 years ago
616c787
Remove service_manager_type auditing of shell source domain.
by dcashman
· 9 years ago
74df7f5
don't allow mounting on top of /system files/directories
by Nick Kralevich
· 9 years ago
3c77d4d
Add compile time checks for /data/dalvik-cache access
by Nick Kralevich
· 9 years ago
0f0324c
domain.te: allow /proc/net/psched access
by Nick Kralevich
· 9 years ago
99940d1
remove /proc/net read access from domain.te
by Nick Kralevich
· 9 years ago
4a89cdf
Make system_server_service an attribute.
by dcashman
· 9 years ago
cd82557
Restrict service_manager find and list access.
by dcashman
· 9 years ago
10ecd05
Add neverallow rule for set_context_mgr.
by dcashman
· 9 years ago
6322a32
Revert " Add neverallow rule for set_context_mgr."
by dcashman
· 9 years ago
76f3fe3
Add neverallow rule for set_context_mgr.
by dcashman
· 10 years ago
1795b66
Allow recovery to create device nodes and modify rootfs
by Nick Kralevich
· 10 years ago
a17a266
recovery.te: add /data neverallow rules
by Nick Kralevich
· 10 years ago
ca62a8b
allow coredump functionality
by Nick Kralevich
· 10 years ago
0d08d47
Remove -unconfineddomain from neverallow rules.
by Stephen Smalley
· 10 years ago
3da1ffb
Remove block_device:blk_file access from fsck.
by Stephen Smalley
· 10 years ago
206b1a6
Define specific block device types for system and recovery partitions.
by Stephen Smalley
· 10 years ago
8a0c25e
Do not allow init to execute anything without changing domains.
by Stephen Smalley
· 10 years ago
2de0287
zygote: allow replacing /proc/cpuinfo
by Nick Kralevich
· 10 years ago
f37ce3f
Add support for factory reset protection.
by dcashman
· 10 years ago
a10bfd8
Remove /dev/log/* access
by Nick Kralevich
· 10 years ago
99aa03d
assert that no domain can set default properties
by Nick Kralevich
· 10 years ago
65feafc
tighten up neverallow rules for init binder operations
by Nick Kralevich
· 10 years ago
840e522
Remove dumpstate from servicemanager list auditallow.
by Riley Spahn
· 10 years ago
4644ac4
Prohibit execute to fs_type other than rootfs for most domains.
by Stephen Smalley
· 10 years ago
b8511e0
Add access control for each service_manager action.
by Riley Spahn
· 10 years ago
b59dc27
Drop sys_rawio neverallow for tee
by Nick Kralevich
· 10 years ago
9f6af08
New domain "install_recovery"
by Nick Kralevich
· 10 years ago
3508d61
fix build.
by Nick Kralevich
· 10 years ago
76206ab
Add neverallow rules further restricing service_manager.
by Riley Spahn
· 10 years ago
c626a88
Allow init to relabel rootfs files.
by Stephen Smalley
· 10 years ago
04b8a75
Remove write access to rootfs files.
by Stephen Smalley
· 10 years ago
bac4ccc
Prevent adding transitions to kernel or init domains.
by Stephen Smalley
· 10 years ago
00b180d
Eliminate some duplicated rules.
by Stephen Smalley
· 10 years ago
75e2ef9
Restrict use of context= mount options.
by Stephen Smalley
· 10 years ago
8670305
Remove world-read access to /data/dalvik-cache/profiles
by Nick Kralevich
· 10 years ago
42fb824
Refactor the shell domains.
by Stephen Smalley
· 10 years ago
cb23ca9
Remove domain unlabeled access.
by Stephen Smalley
· 10 years ago
6f6c425
Adjust rules around /data/app entities
by Christopher Tate
· 10 years ago
3235f61
Restrict /data/security and setprop selinux.reload_policy access.
by Stephen Smalley
· 10 years ago
2c8bf56
Only auditallow unlabeled accesses not allowed elsewhere.
by Stephen Smalley
· 10 years ago
03ce512
Remove /system write from unconfined
by Nick Kralevich
· 10 years ago
ad0d0fc
Protect /data/property.
by Stephen Smalley
· 10 years ago
629fbc9
Assert executable content (mostly) only loaded from /system
by Nick Kralevich
· 10 years ago
356f4be
Restrict requesting contexts other than policy-defined defaults.
by Stephen Smalley
· 10 years ago
f007d03
make /dev/zero read-write
by Nick Kralevich
· 10 years ago
7a186b3
Suppress installd auditallow
by Nick Kralevich
· 10 years ago
5ce079b
Bring back the unlabeled allowall rules
by Nick Kralevich
· 10 years ago
7ffb997
Neverallow low memory mappings.
by Stephen Smalley
· 10 years ago
abae8a9
Revisit kernel setenforce
by Nick Kralevich
· 10 years ago
02dac03
Drop relabelto_domain() macro and its associated definitions.
by Stephen Smalley
· 10 years ago
e69a32a
Drop rw access to unlabeled files.
by Stephen Smalley
· 10 years ago
2562843
Audit accesses on unlabeled files.
by Stephen Smalley
· 10 years ago
19c5090
Define a type for /data/dalvik-cache/profiles.
by Stephen Smalley
· 10 years ago
Next »