Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 44f3d0f0975dc9822dd91650adb6fc2a6a3575c0
  1. 44f3d0f Add a few permissions required by fastbootd by Hridya Valsaraju · 7 years ago
  2. ad16547 Merge "Allow init to set powerctl property" by Treehugger Robot · 7 years ago
  3. 196b12e Track isolated_app SELinux denial. by felkachang · 7 years ago
  4. 0096e7a Merge "Move some rules around" by Nick Kralevich · 7 years ago
  5. c22d14b Merge "checkseapp: check the size of key value pairs" by Treehugger Robot · 7 years ago
  6. 1e5021c Move some rules around by Nick Kralevich · 7 years ago
  7. eb74dd9 checkseapp: check the size of key value pairs by liwugang · 7 years ago
  8. b1dad09 Allow heap profiling everything except TCB on userdebug. by Florian Mayer · 7 years ago
  9. ea9cf81 Merge "Add rules to dump health traces" by Yifan Hong · 7 years ago
  10. b2d0d4a Merge "[gpuservice] allow "adb shell cmd gpu vkjson"" by Treehugger Robot · 7 years ago
  11. c1ab4ae Merge "Add compile time check for expanded attribute neverallow failure" by Treehugger Robot · 7 years ago
  12. 0d53ef2 Add rules to dump health traces by Yifan Hong · 7 years ago
  13. b7aee44 Merge "grant system_server read permission of server_configurable_flags_data" by Hongyi Zhang · 7 years ago
  14. ff0f79c [gpuservice] allow "adb shell cmd gpu vkjson" by Yiwei Zhang · 7 years ago
  15. d36b1d5 Allow init to set powerctl property by Branden Archer · 7 years ago
  16. 94c8893 Add compile time check for expanded attribute neverallow failure by Nick Kralevich · 7 years ago
  17. b61ac07 grant system_server read permission of server_configurable_flags_data by Hongyi Zhang · 7 years ago
  18. 478ca55 Allow vold to remount by Daniel Rosenberg · 7 years ago
  19. d81a36a Merge "Allow audioserver to access persist.log.tag" by Mikhail Naganov · 7 years ago
  20. f56b5d9 Merge "use hal_bootctl_server in neverallow rule" by Nick Kralevich · 7 years ago
  21. 536d341 use hal_bootctl_server in neverallow rule by Nick Kralevich · 7 years ago
  22. 6b2a4ae use tmpfile during build by Nick Kralevich · 7 years ago
  23. c3b3fdf Merge "Remove permission for APEX manifest." by Treehugger Robot · 7 years ago
  24. 4df603a Remove permission for APEX manifest. by Dario Freni · 7 years ago
  25. 017c1ac Merge "SELinux policy for new managed system update APIs" by Treehugger Robot · 7 years ago
  26. bffe163 SELinux policy for new managed system update APIs by Neda Topoljanac · 7 years ago
  27. d1b18a7 Merge "Allow to execute postinstall in adb sideload" by Treehugger Robot · 7 years ago
  28. 1817cbd Allow to execute postinstall in adb sideload by Yifan Hong · 7 years ago
  29. ddd43bf allow recovery FUNCTIONFS_ENDPOINT_DESC by Nick Kralevich · 7 years ago
  30. ac317b9 Merge "Add com.android.resolv-file_contexts to /system/sepolicy/apex" by Treehugger Robot · 7 years ago
  31. a5121f6 Add com.android.resolv-file_contexts to /system/sepolicy/apex by chenbruce · 7 years ago
  32. bacf448 allow system_server BLKSECDISCARD BLKDISCARD by Nick Kralevich · 7 years ago
  33. 6f324ff Merge "grant permissions of dir /data/server_configurable_flags" by Hongyi Zhang · 7 years ago
  34. 7e44292 Merge "place dex2oat auditallow statements in userdebug_or_eng blocks" by Treehugger Robot · 7 years ago
  35. 4aecb3f grant permissions of dir /data/server_configurable_flags by Hongyi Zhang · 7 years ago
  36. cfe1bae place dex2oat auditallow statements in userdebug_or_eng blocks by Nick Kralevich · 7 years ago
  37. d9047e6 Remove obsolete BOARD_SEPOLICY_REPLACE / BOARD_SEPOLICY_IGNORE by Nick Kralevich · 7 years ago
  38. c7be91d Merge "Allow webview_zygote to JIT." by Nicolas Geoffray · 7 years ago
  39. b78af6c Merge "Allow adb root to send config to perfetto" by Hector Dearman · 7 years ago
  40. 5a6d94b Merge "Allow PackageManager to communicate to apexd." by Dario Freni · 7 years ago
  41. cf4d526 Allow webview_zygote to JIT. by Nicolas Geoffray · 7 years ago
  42. 04dcdea Merge "Add `file_contexts` for Release Runtime APEX module." by Roland Levillain · 7 years ago
  43. 3fa4ac5 Allow adb root to send config to perfetto by Hector Dearman · 7 years ago
  44. 95c8372 Merge "Remove 'dex2oat_exec' from untrusted_app" by David Brazdil · 7 years ago
  45. 535c5d2 Remove 'dex2oat_exec' from untrusted_app by David Brazdil · 7 years ago
  46. 83f25e2 Revert "Add placeholder iris and face policy for vold data directory" by Nick Kralevich · 7 years ago
  47. 7ad743b Allow PackageManager to communicate to apexd. by Dario Freni · 7 years ago
  48. 41ddb80 Merge "sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout" by Lalit Maganti · 7 years ago
  49. 0f3decf Property to enable heap profile from process startup. by Florian Mayer · 7 years ago
  50. e80631f Merge "Add new cpu variant related rules to SELinux" by Treehugger Robot · 7 years ago
  51. d600c0c allow system_server to read device_config_reset_performed_prop by Hongyi Zhang · 7 years ago
  52. 544a0d5 Add new cpu variant related rules to SELinux by Haibo Huang · 7 years ago
  53. 745d383 Merge "sepolicies for sys prop enabling flag health check" by Hongyi Zhang · 7 years ago
  54. b1f6942 Merge "vold: remove access to /proc/net files" by Treehugger Robot · 7 years ago
  55. 99ce20e Merge "Allow zygote to JIT." by Nicolas Geoffray · 7 years ago
  56. 39a3905 Merge "Audit /dev access that might no longer be needed after Treble" by Treehugger Robot · 7 years ago
  57. 6949a39 Allow zygote to JIT. by Nicolas Geoffray · 7 years ago
  58. 7bff13f sepolicy: Grant mediaextractor access to files over all types of sdcard fs by Bruno Martins · 7 years ago
  59. b1feedc Allow domain to getattr on apex_mnt_dir by Jiyong Park · 7 years ago
  60. b16dcf5 Merge "Set filecontext for the test apex" by Treehugger Robot · 7 years ago
  61. 1c5d223 vold: remove access to /proc/net files by Nick Kralevich · 7 years ago
  62. d918c8d Remove redundant cgroup type/labelings. by Tri Vo · 7 years ago
  63. fe14d48 Merge "Don't label /dev/cam from system sepolicy" by Tri Vo · 7 years ago
  64. 3e09808 Audit /dev access that might no longer be needed after Treble by Tri Vo · 7 years ago
  65. c2f8f67 Merge "SEPolicy for InputFlinger Service." by Treehugger Robot · 7 years ago
  66. da492f4 sepolicies for sys prop enabling flag health check by Hongyi Zhang · 7 years ago
  67. 6e92480 Merge "[SEPolicy] Name GPU service back to "gpu"" by Treehugger Robot · 7 years ago
  68. 02ce98e Merge "remove system_server debugfs:file r_file_perms" by Treehugger Robot · 7 years ago
  69. a49b27a SEPolicy for InputFlinger Service. by Robert Carr · 7 years ago
  70. ddda7e8 Don't label /dev/cam from system sepolicy by Tri Vo · 7 years ago
  71. 174a025 [SEPolicy] Name GPU service back to "gpu" by Yiwei Zhang · 7 years ago
  72. fe4061d remove system_server debugfs:file r_file_perms by Nick Kralevich · 7 years ago
  73. 4592b0f Add `file_contexts` for Release Runtime APEX module. by Roland Levillain · 7 years ago
  74. 3d53307 Allow vendor_init to relabelfrom unlabeled. by Joel Galenson · 7 years ago
  75. 6567cc2 Merge "Further protect app private data files" by Treehugger Robot · 7 years ago
  76. d6ae1a5 sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout by Lalit Maganti · 7 years ago
  77. b23f71d Set filecontext for the test apex by Jiyong Park · 7 years ago
  78. a194d37 Tighten up handling of new classes by Nick Kralevich · 7 years ago
  79. 598a75c Further protect app private data files by Nick Kralevich · 7 years ago
  80. e00ca14 Merge "Delete get_prop(su, ...) rules" by Treehugger Robot · 7 years ago
  81. 118a106 Merge "Add placeholder iris and face policy for vold data directory" by Treehugger Robot · 7 years ago
  82. 2924f6e Merge "Move coredomains rules from private/domain.te to private/coredomain.te" by Treehugger Robot · 7 years ago
  83. 40d4b0b Delete get_prop(su, ...) rules by Nick Kralevich · 7 years ago
  84. 96b62a6 Merge "Rename APEX file_contexts as <name>-file_context" by Treehugger Robot · 7 years ago
  85. 92bde4b Add placeholder iris and face policy for vold data directory by Kevin Chyn · 7 years ago
  86. a289d52 Move coredomains rules from private/domain.te to private/coredomain.te by Tri Vo · 7 years ago
  87. cf7f20c Merge "racoon: allow ioctl TUNSETIFF" by Treehugger Robot · 7 years ago
  88. 3868557 Merge "Incidentd gets statsd incident section" by Treehugger Robot · 7 years ago
  89. c7f56cd Remove kmem_device selinux type. by Tri Vo · 7 years ago
  90. fb79404 Merge "allow apps tun_device ioctl TUNGETIFF;" by Treehugger Robot · 7 years ago
  91. 77fd9db Merge "Allow BLKIOMIN and BLKALIGNOFF to super device in update_engine." by Yifan Hong · 7 years ago
  92. 3ddaa63 racoon: allow ioctl TUNSETIFF by Nick Kralevich · 7 years ago
  93. 4652213 Merge "Allow dumpstate to call gpuservice over binder" by Treehugger Robot · 7 years ago
  94. f62362d Add idmap2 and idmap2d by Mårten Kongstad · 7 years ago
  95. 3b2df19 allow apps tun_device ioctl TUNGETIFF; by Nick Kralevich · 7 years ago
  96. 8d32223 Allow BLKIOMIN and BLKALIGNOFF to super device in update_engine. by Yifan Hong · 7 years ago
  97. 7ef01c3 Merge "Allow iw to be run at init phase." by Treehugger Robot · 7 years ago
  98. 920232b Merge "vold: allow ioctls BLKDISCARD and BLKGETSIZE" by Treehugger Robot · 7 years ago
  99. 5791e6e Merge "Fix the bound size and the variable name" by Treehugger Robot · 7 years ago
  100. fefc887 vold: allow ioctls BLKDISCARD and BLKGETSIZE by Nick Kralevich · 7 years ago