Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
fp2-dev
/
platform
/
external
/
sepolicy
/
refs/tags/fp2-sibon-17.12.1
/
untrusted_app.te
90ccbcf
Further restrict socket ioctls available to apps
by Jeff Vander Stoep
· 8 years ago
6ab438d
Merge "untrusted_apps: Allow untrusted apps to find healthd_service." into mnc-dr-dev
by Nick Kralevich
· 9 years ago
ac8b575
untrusted_apps: Allow untrusted apps to find healthd_service.
by Ruchi Kandoi
· 9 years ago
0b764ae
Allow untrusted_app to list services.
by dcashman
· 9 years ago
de9b530
restrict app access to socket ioctls
by Jeff Vander Stoep
· 9 years ago
6e1f405
Allow MediaProvider to traverse /mnt/media_rw.
by Jeff Sharkey
· 9 years ago
929c858
Merge "Allow tty and wireless extensions ioctls" into mnc-dev
by Jeff Vander Stoep
· 9 years ago
a0fbeb9
Allow tty and wireless extensions ioctls
by Jeff Vander Stoep
· 9 years ago
f6d12c6
dontaudit untrusted_app exec_type:file getattr
by Nick Kralevich
· 9 years ago
34a468f
Update sepolicy to add label for /data/misc/perfprofd.
by Dehao Chen
· 9 years ago
86f30cb
Deny untrusted app ioctl access to MAC addr
by Jeff Vander Stoep
· 9 years ago
ab5cf66
Expand access to gatekeeperd.
by Alex Klyubin
· 9 years ago
367757d
gatekeeperd: use more specific label for /data file
by Nick Kralevich
· 9 years ago
bd7f580
Enforce more specific service access.
by dcashman
· 9 years ago
03a6f64
Enforce more specific service access.
by dcashman
· 9 years ago
91b7c67
Enforce more specific service access.
by dcashman
· 9 years ago
3cc6fc5
Enforce more specific service access.
by dcashman
· 9 years ago
d4c78f4
Enforce more specific service access.
by dcashman
· 9 years ago
4cdea7f
Assign app_api_service attribute to services.
by dcashman
· 9 years ago
b075338
Assign app_api_service attribute to services.
by dcashman
· 9 years ago
d12993f
Add system_api_service and app_api_service attributes.
by dcashman
· 9 years ago
8af4e9c
Record observed service accesses.
by dcashman
· 9 years ago
e8064af
Add graphicsstats service
by John Reck
· 9 years ago
85ce2c7
Don't grant hard link capabilities by default.
by Nick Kralevich
· 9 years ago
eaece93
neverallow untrusted_app as a mlstrustedsubject.
by Stephen Smalley
· 9 years ago
b8caf7f
Move allow rules before neverallow rules.
by Stephen Smalley
· 9 years ago
bb3cef4
Record observed bluetooth service access.
by dcashman
· 9 years ago
1aafc4c
allow untrusted_app read /data/anr/traces.txt
by Nick Kralevich
· 10 years ago
8be3e77
move untrusted_app statement to the correct file.
by Nick Kralevich
· 9 years ago
23f3361
Record observed system_server servicemanager service requests.
by dcashman
· 9 years ago
6a2451b
Allow platform_app access to keystore.
by dcashman
· 9 years ago
d31936f
appdomain: relax netlink_socket neverallow rule
by Nick Kralevich
· 9 years ago
566e8fe
Record service accesses.
by dcashman
· 9 years ago
c631ede
Remove known system_server service accesses from auditing.
by dcashman
· 9 years ago
4a89cdf
Make system_server_service an attribute.
by dcashman
· 9 years ago
cd82557
Restrict service_manager find and list access.
by dcashman
· 9 years ago
c06ed8f
sepolicy: allow system apps to access ASEC
by Pawit Pornkitprasan
· 9 years ago
8c6dba9
fix whitespace
by Nick Kralevich
· 10 years ago
642b804
relax neverallow rules on NETLINK_KOBJECT_UEVENT sockets
by Nick Kralevich
· 10 years ago
fbbe9e9
Allow untrusted_app access to temporary apk files.
by dcashman
· 10 years ago
603bc20
Further refined service_manager auditallow statements.
by Riley Spahn
· 10 years ago
af8d7ca
Remove radio_service from untrusted_app auditallow.
by Riley Spahn
· 10 years ago
b8511e0
Add access control for each service_manager action.
by Riley Spahn
· 10 years ago
f583566
Don't use don't
by Nick Kralevich
· 10 years ago
99d86c7
ensure that untrusted_app can't set properties
by Nick Kralevich
· 10 years ago
76206ab
Add neverallow rules further restricing service_manager.
by Riley Spahn
· 10 years ago
78706f9
add execmod to various app domains
by Nick Kralevich
· 10 years ago
4bdd13e
untrusted_app: neverallow debugfs
by Nick Kralevich
· 10 years ago
3a4eb96
Make the untrusted_app domain enforcing.
by Stephen Smalley
· 10 years ago
9ba844f
Coalesce shared_app, media_app, release_app into untrusted_app.
by Stephen Smalley
· 10 years ago
b0db712
Clean up, unify, and deduplicate app domain rules.
by Stephen Smalley
· 10 years ago
1eb9403
Remove redundant socket rules.
by Stephen Smalley
· 10 years ago
d823f83
Clarify meaning of untrusted_app and app domain assignment logic.
by Stephen Smalley
· 10 years ago
48b1883
Introduce asec_public_file type.
by Robert Craig
· 10 years ago
623975f
Support forcing permissive domains to unconfined.
by Nick Kralevich
· 10 years ago
6531712
Allow untrusted apps to execute binaries from their sandbox directories.
by Stephen Smalley
· 10 years ago
2dc4acf
Isolate untrusted app ptys from other domains.
by Stephen Smalley
· 11 years ago
2f40a17
Revert "Add the ability to write shell files to the untrusted_app domain."
by Nick Kralevich
· 11 years ago
29d0d40
Add the ability to write shell files to the untrusted_app domain.
by Geremy Condra
· 11 years ago
7cda86e
Permit apps to bind TCP/UDP sockets to a hostname
by Alex Klyubin
· 11 years ago
24617fc
Move isolated_app.te / untrusted_app.te into permissive
by Nick Kralevich
· 11 years ago
59faed0
Allow apps to create listening ports
by Nick Kralevich
· 11 years ago
8a2ebe3
Temporarily allow untrusted apps to read shell data files.
by Nick Kralevich
· 11 years ago
6634a10
untrusted_app.te / isolated_app.te / app.te first pass
by Nick Kralevich
· 11 years ago
748fdef
Move *_app into their own file
by Nick Kralevich
· 11 years ago