Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6ef32753e7592cb39bab6e9329e54faa73629eea
  1. 6ef3275 remove mako specific neverallow exception by Nick Kralevich · 10 years ago
  2. 16873c1 neverallow read to shell- and app-writable symlinks. by Stephen Smalley · 10 years ago
  3. 6462027 neverallow transitions to shell by William Roberts · 10 years ago
  4. 7c065a9 neverallow "write ops" on system_data_file from "others" by William Roberts · 10 years ago
  5. b39ff99 am b23b49f9: am 0abf74eb: fs_use: Enabled loading security xattrs for squashfs by Mohamad Ayyash · 10 years ago
  6. b23b49f am 0abf74eb: fs_use: Enabled loading security xattrs for squashfs by Mohamad Ayyash · 10 years ago
  7. 0abf74e fs_use: Enabled loading security xattrs for squashfs by Mohamad Ayyash · 11 years ago
  8. 1bcff87 neverallow write access to /data/dalvik-cache directories. by Stephen Smalley · 10 years ago
  9. 904099c Merge "Allow clatd CAP_IPC_LOCK for mmap()" into mnc-dev by Erik Kline · 10 years ago
  10. e708451 Allow clatd CAP_IPC_LOCK for mmap() by Erik Kline · 10 years ago
  11. f8fd5ab installd restorecon now requires getattr. by Jeff Sharkey · 10 years ago
  12. df54526 Merge "sdcardd: ensure that init never executes sdcard daemon" into mnc-dev by Nick Kralevich · 10 years ago
  13. 50897fe sdcardd: ensure that init never executes sdcard daemon by Nick Kralevich · 10 years ago
  14. 46452b8 Merge "Allow vold to change priority when benchmarking." into mnc-dev by Jeff Sharkey · 10 years ago
  15. 769b96f Allow vold to change priority when benchmarking. by Jeff Sharkey · 10 years ago
  16. 4ae4309 Update perfprofd rules to allow wake_unlock inspection. by Than McIntosh · 10 years ago
  17. d245789 Allow recovery to read files with oemfs label by Tao Bao · 10 years ago
  18. 73f7e76 sepolicy-analyze: use headers from common selinux project. by dcashman · 10 years ago
  19. 918bea4 tools: use headers from common selinux project by Jeff Vander Stoep · 10 years ago
  20. 86987a0 Merge "New "selinux.restorecon" control property." into mnc-dev by Jeff Sharkey · 10 years ago
  21. 7617cd4 New "selinux.restorecon" control property. by Jeff Sharkey · 10 years ago
  22. ba8821b Merge changes from topic 'na-move-to-installd' into mnc-dev by Narayan Kamath · 10 years ago
  23. 4b4b2b9 Remove service_manager_local_audit_domain. by dcashman · 10 years ago
  24. 93a7ab8 Merge "Allow /dev/klog access, drop mknod and __null__ access" into mnc-dev by Nick Kralevich · 10 years ago
  25. e265197 Allow /dev/klog access, drop mknod and __null__ access by Nick Kralevich · 10 years ago
  26. 5a23b16 Merge "restrict app access to socket ioctls" into mnc-dev by Jeff Vander Stoep · 10 years ago
  27. de9b530 restrict app access to socket ioctls by Jeff Vander Stoep · 10 years ago
  28. 9aafd4a Allow installd to link apk_data_file and dalvikcache_data_file. by Narayan Kamath · 10 years ago
  29. 01898ea Revert "Allow system_server to link,relabel and create_dir dalvikcache_data_file." by Narayan Kamath · 10 years ago
  30. dc496c2 Merge "Move crypt commands to a different listener in vold" into mnc-dev by Paul Lawrence · 10 years ago
  31. 41f233f Allow system_server to link,relabel and create_dir dalvikcache_data_file. by Narayan Kamath · 10 years ago
  32. 3aac44e Move crypt commands to a different listener in vold by Paul Lawrence · 10 years ago
  33. 7e0838a logd: logpersistd by Mark Salyzyn · 10 years ago
  34. 35e5015 DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl by Paul Lawrence · 10 years ago
  35. e2c0c9d DO NOT MERGE Securely encrypt the master key by Paul Lawrence · 10 years ago
  36. 8dcf48c Merge "Allow system_app to find all system services." into mnc-dev by dcashman · 10 years ago
  37. 48c1f61 Allow system_app to find all system services. by dcashman · 10 years ago
  38. 12e8b61 Merge "Allow system server and uncrypt to operate pipe file" into mnc-dev by Tao Bao · 10 years ago
  39. 70c6dbf Allow system server and uncrypt to operate pipe file by Tao Bao · 10 years ago
  40. 20d0ad0 Remove zygote security class declaration. by Stephen Smalley · 10 years ago
  41. 83554d2 Merge "Selinux: Allow system_server to create fpdata dir." into mnc-dev by Jim Miller · 10 years ago
  42. a39b131 Selinux: Allow system_server to create fpdata dir. by Jim Miller · 10 years ago
  43. 894911d Expand rtc_device label to match all rtc class drivers. by dcashman · 10 years ago
  44. b3df438 Merge "Rename keystore methods and delete unused permissions" into mnc-dev by Chad Brubaker · 10 years ago
  45. 5d78c07 Merge "Add selinux policy for fingerprintd" into mnc-dev by Jim Miller · 10 years ago
  46. a983621 Merge "camera: Add AIDL interface for CameraServiceProxy." into mnc-dev by Ruben Brunk · 10 years ago
  47. 264eb65 Add selinux policy for fingerprintd by Jim Miller · 10 years ago
  48. e1edbe9 camera: Add AIDL interface for CameraServiceProxy. by Ruben Brunk · 10 years ago
  49. 6e1f405 Allow MediaProvider to traverse /mnt/media_rw. by Jeff Sharkey · 10 years ago
  50. 807d8d0 Label /dev/rtc0 as rtc_device. by dcashman · 10 years ago
  51. eaa1a1e Rename keystore methods and delete unused permissions by Chad Brubaker · 10 years ago
  52. 77a8246 Add keystore user_changed permission by Chad Brubaker · 10 years ago
  53. 929c858 Merge "Allow tty and wireless extensions ioctls" into mnc-dev by Jeff Vander Stoep · 10 years ago
  54. a0fbeb9 Allow tty and wireless extensions ioctls by Jeff Vander Stoep · 10 years ago
  55. e5acc38 Merge "drop_caches label, vold scratch space on expanded." into mnc-dev by Jeff Sharkey · 10 years ago
  56. aee12c3 Tweak perfprofd sepolicy to include ipc_lock self capability. by Than McIntosh · 10 years ago
  57. c960596 drop_caches label, vold scratch space on expanded. by Jeff Sharkey · 10 years ago
  58. ae69694 Fix sepolicy-analyze libc++.so loading issue w/CTS. by dcashman · 10 years ago
  59. b5dc766 Merge "dontaudit untrusted_app exec_type:file getattr" into mnc-dev by Nick Kralevich · 10 years ago
  60. f6d12c6 dontaudit untrusted_app exec_type:file getattr by Nick Kralevich · 10 years ago
  61. 3526a66 Allow system_server to read/write /proc/uid_cputime/ module by Adam Lesinski · 10 years ago
  62. 415f0ba Label /oem files by Nick Kralevich · 10 years ago
  63. 2f5a6a9 Replace unix_socket_connect() and explicit property sets with macro by William Roberts · 10 years ago
  64. 34a468f Update sepolicy to add label for /data/misc/perfprofd. by Dehao Chen · 10 years ago
  65. 38d0247 New sepolicy for perfprofd, simpleperf. by Than McIntosh · 10 years ago
  66. 618efe8 kernel: allow rebooting, and writing to /dev/__kmsg__ by Nick Kralevich · 10 years ago
  67. 86f30cb Deny untrusted app ioctl access to MAC addr by Jeff Vander Stoep · 10 years ago
  68. 4286019 Merge "Allow system_app to list all services." into mnc-dev by dcashman · 10 years ago
  69. c6290ac Allow system_app to list all services. by dcashman · 10 years ago
  70. 64b01c6 Update policy version to enable ioctl whitelisting by Jeff Vander Stoep · 10 years ago
  71. ecc82e0 Allow installd to move APKs. by Jeff Sharkey · 10 years ago
  72. 3c242ca Ensure that domain and appdomain attributes are assigned. by Stephen Smalley · 10 years ago
  73. 37137da Merge "Make deviceidle accessible as system_api_service." into mnc-dev by dcashman · 10 years ago
  74. 31548db Make deviceidle accessible as system_api_service. by dcashman · 10 years ago
  75. ab5cf66 Expand access to gatekeeperd. by Alex Klyubin · 10 years ago
  76. 320a7ca am aeb110ce: am e05487ac: init.te: Don\'t allow mounting on top of /proc by Nick Kralevich · 10 years ago
  77. aeb110c am e05487ac: init.te: Don\'t allow mounting on top of /proc by Nick Kralevich · 10 years ago
  78. e05487a init.te: Don't allow mounting on top of /proc by Nick Kralevich · 10 years ago
  79. fd1c6e7 am 20f38b98: am 90c64542: Allow vold to move FUSE backing files directly. by Jeff Sharkey · 10 years ago
  80. 20f38b9 am 90c64542: Allow vold to move FUSE backing files directly. by Jeff Sharkey · 10 years ago
  81. c49d0c5 am d2aa96c5: am c2e31a77: Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  82. 90c6454 Allow vold to move FUSE backing files directly. by Jeff Sharkey · 10 years ago
  83. d2aa96c am c2e31a77: Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  84. 8b015f9 Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  85. 067bf0b am bf162a2a: am eb953648: Revert "Create context for ctl.console" by Jeffrey Vander Stoep · 10 years ago
  86. c2e31a7 Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  87. 91975b7 am 1bd407a0: am bbd56b71: Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  88. bf162a2 am eb953648: Revert "Create context for ctl.console" by Jeffrey Vander Stoep · 10 years ago
  89. 9b8505b am a331c593: am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 10 years ago
  90. bc5cd57 Revert "Create context for ctl.console" by Jeffrey Vander Stoep · 10 years ago
  91. eb95364 Revert "Create context for ctl.console" by Jeffrey Vander Stoep · 10 years ago
  92. 1bd407a am bbd56b71: Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  93. 525e374 Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  94. bbd56b7 Create context for ctl.console by Jeff Vander Stoep · 10 years ago
  95. a331c59 am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 10 years ago
  96. 5aac86d Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 10 years ago
  97. ad7719c am 6b82aaeb: am 6d97d9b8: Merge "Revert "SELinux policy changes for re-execing init."" by Nick Kralevich · 10 years ago
  98. 6b82aae am 6d97d9b8: Merge "Revert "SELinux policy changes for re-execing init."" by Nick Kralevich · 10 years ago
  99. 6d97d9b Merge "Revert "SELinux policy changes for re-execing init."" by Nick Kralevich · 10 years ago
  100. c450759 Revert "SELinux policy changes for re-execing init." by Nick Kralevich · 10 years ago