Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / refs/tags/fp2-sibon-17.12.1 / untrusted_app.te
  1. 90ccbcf Further restrict socket ioctls available to apps by Jeff Vander Stoep · 8 years ago
  2. 6ab438d Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into mnc-dr-dev by Nick Kralevich · 9 years ago
  3. ac8b575 untrusted_apps: Allow untrusted apps to find healthd_service. by Ruchi Kandoi · 9 years ago
  4. 0b764ae Allow untrusted_app to list services. by dcashman · 9 years ago
  5. de9b530 restrict app access to socket ioctls by Jeff Vander Stoep · 9 years ago
  6. 6e1f405 Allow MediaProvider to traverse /mnt/media_rw. by Jeff Sharkey · 9 years ago
  7. 929c858 Merge "Allow tty and wireless extensions ioctls" into mnc-dev by Jeff Vander Stoep · 9 years ago
  8. a0fbeb9 Allow tty and wireless extensions ioctls by Jeff Vander Stoep · 9 years ago
  9. f6d12c6 dontaudit untrusted_app exec_type:file getattr by Nick Kralevich · 9 years ago
  10. 34a468f Update sepolicy to add label for /data/misc/perfprofd. by Dehao Chen · 9 years ago
  11. 86f30cb Deny untrusted app ioctl access to MAC addr by Jeff Vander Stoep · 9 years ago
  12. ab5cf66 Expand access to gatekeeperd. by Alex Klyubin · 9 years ago
  13. 367757d gatekeeperd: use more specific label for /data file by Nick Kralevich · 9 years ago
  14. bd7f580 Enforce more specific service access. by dcashman · 9 years ago
  15. 03a6f64 Enforce more specific service access. by dcashman · 9 years ago
  16. 91b7c67 Enforce more specific service access. by dcashman · 9 years ago
  17. 3cc6fc5 Enforce more specific service access. by dcashman · 9 years ago
  18. d4c78f4 Enforce more specific service access. by dcashman · 9 years ago
  19. 4cdea7f Assign app_api_service attribute to services. by dcashman · 9 years ago
  20. b075338 Assign app_api_service attribute to services. by dcashman · 9 years ago
  21. d12993f Add system_api_service and app_api_service attributes. by dcashman · 9 years ago
  22. 8af4e9c Record observed service accesses. by dcashman · 9 years ago
  23. e8064af Add graphicsstats service by John Reck · 9 years ago
  24. 85ce2c7 Don't grant hard link capabilities by default. by Nick Kralevich · 9 years ago
  25. eaece93 neverallow untrusted_app as a mlstrustedsubject. by Stephen Smalley · 9 years ago
  26. b8caf7f Move allow rules before neverallow rules. by Stephen Smalley · 9 years ago
  27. bb3cef4 Record observed bluetooth service access. by dcashman · 9 years ago
  28. 1aafc4c allow untrusted_app read /data/anr/traces.txt by Nick Kralevich · 10 years ago
  29. 8be3e77 move untrusted_app statement to the correct file. by Nick Kralevich · 9 years ago
  30. 23f3361 Record observed system_server servicemanager service requests. by dcashman · 9 years ago
  31. 6a2451b Allow platform_app access to keystore. by dcashman · 9 years ago
  32. d31936f appdomain: relax netlink_socket neverallow rule by Nick Kralevich · 9 years ago
  33. 566e8fe Record service accesses. by dcashman · 9 years ago
  34. c631ede Remove known system_server service accesses from auditing. by dcashman · 9 years ago
  35. 4a89cdf Make system_server_service an attribute. by dcashman · 9 years ago
  36. cd82557 Restrict service_manager find and list access. by dcashman · 9 years ago
  37. c06ed8f sepolicy: allow system apps to access ASEC by Pawit Pornkitprasan · 9 years ago
  38. 8c6dba9 fix whitespace by Nick Kralevich · 10 years ago
  39. 642b804 relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets by Nick Kralevich · 10 years ago
  40. fbbe9e9 Allow untrusted_app access to temporary apk files. by dcashman · 10 years ago
  41. 603bc20 Further refined service_manager auditallow statements. by Riley Spahn · 10 years ago
  42. af8d7ca Remove radio_service from untrusted_app auditallow. by Riley Spahn · 10 years ago
  43. b8511e0 Add access control for each service_manager action. by Riley Spahn · 10 years ago
  44. f583566 Don't use don't by Nick Kralevich · 10 years ago
  45. 99d86c7 ensure that untrusted_app can't set properties by Nick Kralevich · 10 years ago
  46. 76206ab Add neverallow rules further restricing service_manager. by Riley Spahn · 10 years ago
  47. 78706f9 add execmod to various app domains by Nick Kralevich · 10 years ago
  48. 4bdd13e untrusted_app: neverallow debugfs by Nick Kralevich · 10 years ago
  49. 3a4eb96 Make the untrusted_app domain enforcing. by Stephen Smalley · 10 years ago
  50. 9ba844f Coalesce shared_app, media_app, release_app into untrusted_app. by Stephen Smalley · 10 years ago
  51. b0db712 Clean up, unify, and deduplicate app domain rules. by Stephen Smalley · 10 years ago
  52. 1eb9403 Remove redundant socket rules. by Stephen Smalley · 10 years ago
  53. d823f83 Clarify meaning of untrusted_app and app domain assignment logic. by Stephen Smalley · 10 years ago
  54. 48b1883 Introduce asec_public_file type. by Robert Craig · 10 years ago
  55. 623975f Support forcing permissive domains to unconfined. by Nick Kralevich · 10 years ago
  56. 6531712 Allow untrusted apps to execute binaries from their sandbox directories. by Stephen Smalley · 10 years ago
  57. 2dc4acf Isolate untrusted app ptys from other domains. by Stephen Smalley · 11 years ago
  58. 2f40a17 Revert "Add the ability to write shell files to the untrusted_app domain." by Nick Kralevich · 11 years ago
  59. 29d0d40 Add the ability to write shell files to the untrusted_app domain. by Geremy Condra · 11 years ago
  60. 7cda86e Permit apps to bind TCP/UDP sockets to a hostname by Alex Klyubin · 11 years ago
  61. 24617fc Move isolated_app.te / untrusted_app.te into permissive by Nick Kralevich · 11 years ago
  62. 59faed0 Allow apps to create listening ports by Nick Kralevich · 11 years ago
  63. 8a2ebe3 Temporarily allow untrusted apps to read shell data files. by Nick Kralevich · 11 years ago
  64. 6634a10 untrusted_app.te / isolated_app.te / app.te first pass by Nick Kralevich · 11 years ago
  65. 748fdef Move *_app into their own file by Nick Kralevich · 11 years ago