Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 91c2580bce945a23c308d257c23fb8c7ef0795ab / private
  1. 91c2580 Add placeholder iris and face policy for vold data directory by Kevin Chyn · 7 years ago
  2. 2725edc Wider neverallow rules for coredomain /dev access. by Tri Vo · 7 years ago
  3. 9cded32 Merge "Remove coredomain /dev access no longer needed after Treble" by Tri Vo · 7 years ago
  4. ad16547 Merge "Allow init to set powerctl property" by Treehugger Robot · 7 years ago
  5. 196b12e Track isolated_app SELinux denial. by felkachang · 7 years ago
  6. 8a6cc52 Remove coredomain /dev access no longer needed after Treble by Tri Vo · 7 years ago
  7. 1e5021c Move some rules around by Nick Kralevich · 7 years ago
  8. b1dad09 Allow heap profiling everything except TCB on userdebug. by Florian Mayer · 7 years ago
  9. ea9cf81 Merge "Add rules to dump health traces" by Yifan Hong · 7 years ago
  10. b2d0d4a Merge "[gpuservice] allow "adb shell cmd gpu vkjson"" by Treehugger Robot · 7 years ago
  11. 0d53ef2 Add rules to dump health traces by Yifan Hong · 7 years ago
  12. ff0f79c [gpuservice] allow "adb shell cmd gpu vkjson" by Yiwei Zhang · 7 years ago
  13. d36b1d5 Allow init to set powerctl property by Branden Archer · 7 years ago
  14. b61ac07 grant system_server read permission of server_configurable_flags_data by Hongyi Zhang · 7 years ago
  15. d81a36a Merge "Allow audioserver to access persist.log.tag" by Mikhail Naganov · 7 years ago
  16. bffe163 SELinux policy for new managed system update APIs by Neda Topoljanac · 7 years ago
  17. bacf448 allow system_server BLKSECDISCARD BLKDISCARD by Nick Kralevich · 7 years ago
  18. cfe1bae place dex2oat auditallow statements in userdebug_or_eng blocks by Nick Kralevich · 7 years ago
  19. c7be91d Merge "Allow webview_zygote to JIT." by Nicolas Geoffray · 7 years ago
  20. b78af6c Merge "Allow adb root to send config to perfetto" by Hector Dearman · 7 years ago
  21. 5a6d94b Merge "Allow PackageManager to communicate to apexd." by Dario Freni · 7 years ago
  22. cf4d526 Allow webview_zygote to JIT. by Nicolas Geoffray · 7 years ago
  23. 3fa4ac5 Allow adb root to send config to perfetto by Hector Dearman · 7 years ago
  24. 95c8372 Merge "Remove 'dex2oat_exec' from untrusted_app" by David Brazdil · 7 years ago
  25. 535c5d2 Remove 'dex2oat_exec' from untrusted_app by David Brazdil · 7 years ago
  26. 83f25e2 Revert "Add placeholder iris and face policy for vold data directory" by Nick Kralevich · 7 years ago
  27. 7ad743b Allow PackageManager to communicate to apexd. by Dario Freni · 7 years ago
  28. 41ddb80 Merge "sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout" by Lalit Maganti · 7 years ago
  29. 0f3decf Property to enable heap profile from process startup. by Florian Mayer · 7 years ago
  30. e80631f Merge "Add new cpu variant related rules to SELinux" by Treehugger Robot · 7 years ago
  31. d600c0c allow system_server to read device_config_reset_performed_prop by Hongyi Zhang · 7 years ago
  32. 544a0d5 Add new cpu variant related rules to SELinux by Haibo Huang · 7 years ago
  33. 745d383 Merge "sepolicies for sys prop enabling flag health check" by Hongyi Zhang · 7 years ago
  34. 99ce20e Merge "Allow zygote to JIT." by Nicolas Geoffray · 7 years ago
  35. 39a3905 Merge "Audit /dev access that might no longer be needed after Treble" by Treehugger Robot · 7 years ago
  36. 6949a39 Allow zygote to JIT. by Nicolas Geoffray · 7 years ago
  37. d918c8d Remove redundant cgroup type/labelings. by Tri Vo · 7 years ago
  38. fe14d48 Merge "Don't label /dev/cam from system sepolicy" by Tri Vo · 7 years ago
  39. 3e09808 Audit /dev access that might no longer be needed after Treble by Tri Vo · 7 years ago
  40. c2f8f67 Merge "SEPolicy for InputFlinger Service." by Treehugger Robot · 7 years ago
  41. da492f4 sepolicies for sys prop enabling flag health check by Hongyi Zhang · 7 years ago
  42. 6e92480 Merge "[SEPolicy] Name GPU service back to "gpu"" by Treehugger Robot · 7 years ago
  43. a49b27a SEPolicy for InputFlinger Service. by Robert Carr · 7 years ago
  44. ddda7e8 Don't label /dev/cam from system sepolicy by Tri Vo · 7 years ago
  45. 174a025 [SEPolicy] Name GPU service back to "gpu" by Yiwei Zhang · 7 years ago
  46. fe4061d remove system_server debugfs:file r_file_perms by Nick Kralevich · 7 years ago
  47. 6567cc2 Merge "Further protect app private data files" by Treehugger Robot · 7 years ago
  48. d6ae1a5 sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout by Lalit Maganti · 7 years ago
  49. a194d37 Tighten up handling of new classes by Nick Kralevich · 7 years ago
  50. 598a75c Further protect app private data files by Nick Kralevich · 7 years ago
  51. 118a106 Merge "Add placeholder iris and face policy for vold data directory" by Treehugger Robot · 7 years ago
  52. 92bde4b Add placeholder iris and face policy for vold data directory by Kevin Chyn · 7 years ago
  53. a289d52 Move coredomains rules from private/domain.te to private/coredomain.te by Tri Vo · 7 years ago
  54. 3868557 Merge "Incidentd gets statsd incident section" by Treehugger Robot · 7 years ago
  55. c7f56cd Remove kmem_device selinux type. by Tri Vo · 7 years ago
  56. fb79404 Merge "allow apps tun_device ioctl TUNGETIFF;" by Treehugger Robot · 7 years ago
  57. 4652213 Merge "Allow dumpstate to call gpuservice over binder" by Treehugger Robot · 7 years ago
  58. f62362d Add idmap2 and idmap2d by Mårten Kongstad · 7 years ago
  59. 3b2df19 allow apps tun_device ioctl TUNGETIFF; by Nick Kralevich · 7 years ago
  60. 2e23af5 Allow iw to be run at init phase. by Tomasz Wasilczyk · 7 years ago
  61. 45f4847 Add userdebug selinux config for heapprofd. by Florian Mayer · 7 years ago
  62. 0c1848b SELinux changes for AppFuse by Risan · 7 years ago
  63. 7c275a6 Allow dumpstate to call gpuservice over binder by Joel Galenson · 7 years ago
  64. d2f3d18 Incidentd gets statsd incident section by Bookatz · 7 years ago
  65. ced1751 Remove mtd_device type. by Tri Vo · 7 years ago
  66. ca5b01b Merge "Remove dead *_device types from system sepolicy." by Treehugger Robot · 7 years ago
  67. c496db3 Add SELinux service for RoleManagerService by Eugene Susla · 7 years ago
  68. 049c03d bluetooth: allow TUNGETIFF TUNSETIFF by Nick Kralevich · 7 years ago
  69. b805ada Remove dead *_device types from system sepolicy. by Tri Vo · 7 years ago
  70. b965e3c Sepolicies for server configural flags reset by Hongyi Zhang · 7 years ago
  71. f40942f Add rules for /product{,_services}/overlay by Mårten Kongstad · 7 years ago
  72. 7924dc6 [SEPolicy] Configure policy for gpu service. by Peiyong Lin · 7 years ago
  73. ac6352d Merge "Allow bufferhub service to allocate buffer" by Treehugger Robot · 7 years ago
  74. e3c52b6 Merge "Allow adbd to read perfetto_traces_data_file." by Treehugger Robot · 7 years ago
  75. e7f1354 Merge changes from topic "runas_exec" by Yabin Cui · 7 years ago
  76. 5faae3a Merge "apexd_prop is defined for PRODUCT_COMPATIBLE_PROPERTY = false case" by Treehugger Robot · 7 years ago
  77. f270aea Allow adbd to read perfetto_traces_data_file. by Florian Mayer · 7 years ago
  78. 6a62606 Merge changes Ie0396d59,I75b2bade by Martijn Coenen · 7 years ago
  79. 341476d Allow apexd to configure /sys/block/dm- by Martijn Coenen · 7 years ago
  80. ac2b2d4 Allow the kernel to access apexd file descriptors. by Martijn Coenen · 7 years ago
  81. 0a65041 Allow audioserver to access persist.log.tag by Tomoharu Kasahara · 7 years ago
  82. b14c1a9 apexd_prop is defined for PRODUCT_COMPATIBLE_PROPERTY = false case by Jiyong Park · 7 years ago
  83. 52261e7 Add placeholder sepolicy for iris and face by Kevin Chyn · 7 years ago
  84. 1e58323 Allow bufferhub service to allocate buffer by Fan Xu · 7 years ago
  85. 05668e4 Merge "Remove buffer_hub_service compat mapping" by Fan Xu · 7 years ago
  86. ffa2b61 Add runas_app domain to allow running app data file via run-as. by Yabin Cui · 7 years ago
  87. 5dc2c8c Revert "Revert "Enforce execve() restrictions for API > 28"" by Yabin Cui · 7 years ago
  88. 2bb0085 Merge "Don't label /dev/{ akm8973.* accelerometer } from system sepolicy" by Tri Vo · 7 years ago
  89. fe39ed3 Don't label /dev/{ akm8973.* accelerometer } from system sepolicy by Tri Vo · 7 years ago
  90. 2d74a45 Remove buffer_hub_service compat mapping by Fan Xu · 7 years ago
  91. 5bf0c63 New service: intelligence_service by Felipe Leme · 7 years ago
  92. 5c48444 Merge "Update access_vectors" by Treehugger Robot · 7 years ago
  93. ced51dd Merge "tun_device: enforce ioctl restrictions" by Nick Kralevich · 7 years ago
  94. b3b9461 apexd exports its status via sysprop by Jiyong Park · 7 years ago
  95. ea1775d Update access_vectors by Nick Kralevich · 7 years ago
  96. 619c1ef tun_device: enforce ioctl restrictions by Nick Kralevich · 7 years ago
  97. a6f9892 sepolicy for server configurable flags by Hongyi Zhang · 7 years ago
  98. 0025220 isolated_app: add mmaps by Nick Kralevich · 7 years ago
  99. caf42d6 Transient SELinux domain for system_server JIT by Nick Kralevich · 7 years ago
  100. 29db0eb Merge "Revert "Enforce execve() restrictions for API > 28"" by Treehugger Robot · 7 years ago