Log - adf210d654c19c51ab0fdd7e7b20d7864201134f - android_system_sepolicy

adf210d allow policy to create a file by vfat (fs_type) for a case using sdcardfs by Eric Bae · 9 years ago
d0feed8 Merge "lmkd: grant read access to all of /sys" into nyc-dev by TreeHugger Robot · 9 years ago
11c79b2 lmkd: grant read access to all of /sys by Jeff Vander Stoep · 9 years ago
42aaf5a Grant access to net_raw and net_admin to dumpstate. by Felipe Leme · 9 years ago
5143b6a allow radio to find nfc_service by Hyejin · 9 years ago
b71cf12 Merge "Keep pre-existing sysfs write permissions." into nyc-dev by TreeHugger Robot · 9 years ago
d261aa9 Merge "Revert "dumpstate: Change SELinux policy to allow reading /data/misc/profiles"" into nyc-dev by David Brazdil · 9 years ago
50e3899 Revert "dumpstate: Change SELinux policy to allow reading /data/misc/profiles" by David Brazdil · 9 years ago
a4e2aa1 Allow installd to delete the foreign-dex folder by Amith Yamasani · 9 years ago
17cfd3f Keep pre-existing sysfs write permissions. by dcashman · 9 years ago
92e79e2 Add SIOCGSTAMP SIOCGSTAMPNS to unpriv_sock_ioctls by Nick Kralevich · 9 years ago
43151dd Merge "Allow access to sysfs usb nodes." into nyc-dev by TreeHugger Robot · 9 years ago
f8f4d3e reduce mediaserver permissions by Marco Nelissen · 9 years ago
b144eba Allow access to sysfs usb nodes. by dcashman · 9 years ago
c878a02 allow radio to find cameraserver_service for video calls by Jeff Vander Stoep · 9 years ago
f31a55c Merge "dumpstate: Change SELinux policy to allow reading /data/misc/profiles" into nyc-dev by David Brazdil · 9 years ago
70a3124 dumpstate: Change SELinux policy to allow reading /data/misc/profiles by David Brazdil · 9 years ago
44c98bb Regression for log.tag properties by Mark Salyzyn · 9 years ago
bb8a352 Enable profman pretty printing by David Sehr · 9 years ago
ed413a8 Merge "sepolicy: broaden system_server access to foreign_dex_data_file." into nyc-dev by Narayan Kamath · 9 years ago
a34afee Merge "Allow shell to set log.tag.* properties" into nyc-dev by TreeHugger Robot · 9 years ago
d38962b Allow shell to set log.tag.* properties by Jeff Vander Stoep · 9 years ago
d82df3b sepolicy: broaden system_server access to foreign_dex_data_file. by Narayan Kamath · 9 years ago
7005e25 expose control over unpriv perf access to shell by Daniel Micay · 9 years ago
a5d0792 SELinux policy for /data/misc/profman by David Sehr · 9 years ago
0e1153e Merge "Remove tee_device access from mediaserver" into nyc-dev by Marco Nelissen · 9 years ago
d875ab6 Allow mediaserver to read preloads_data_file by Fyodor Kupolov · 9 years ago
dd930dd Remove tee_device access from mediaserver by Marco Nelissen · 9 years ago
49ac2a3 SELinux policies for /data/preloads directory by Fyodor Kupolov · 9 years ago
13bdd39 sepolicy: broaden system_server access to foreign_dex_data_file{dir}. by Narayan Kamath · 9 years ago
ad7a0ad sepolicy: add support for devices without cache partition by Patrick Tjin · 9 years ago
26e675c Merge "sepolicy: add support for new tracefs" into nyc-dev by TreeHugger Robot · 9 years ago
50c2909 Merge changes from topic 'dump_bluetooth_through_debuggerd' into nyc-dev by Andreas Gampe · 9 years ago
97573fd sepolicy: add support for new tracefs by Christian Poetzsch · 9 years ago
1a5fcec Merge "DO NOT MERGE. Remove isolated_app's ability to read sysfs." into nyc-dev by TreeHugger Robot · 9 years ago
cbfa8dd Sepolicy: Allow debuggerd to dump backtraces of Bluetooth by Andreas Gampe · 9 years ago
0983db4 Sepolicy: Refactor long lines for debuggerd backtraces by Andreas Gampe · 9 years ago
b84c86b DO NOT MERGE. Remove isolated_app's ability to read sysfs. by dcashman · 9 years ago
95fd381 Merge "Add CAP_IPC_LOCK and pinner to system_server" into nyc-dev by Philip Cuadra · 9 years ago
8d19cab Merge "dontaudit user_profile_foreign_dex_data_file open, read." into nyc-dev by Richard Uhler · 9 years ago
dfa2986 dontaudit user_profile_foreign_dex_data_file open, read. by Richard Uhler · 9 years ago
1cfdb12 Add /data/lib64, /data/vendor/lib64 to ASan sepolicy. by Evgenii Stepanov · 9 years ago
96da70e Add CAP_IPC_LOCK and pinner to system_server by Philip Cuadra · 9 years ago
39cfed0 Allow the system to rename wallpaper files by Christopher Tate · 9 years ago
87c1147 Allow ueventd to relabel block devices by Mihai Serban · 9 years ago
ea0c294 Add no_x_file_perm to property related files. by Nick Kralevich · 9 years ago
24a7f16 Disallow /misc access except for a few domains. by Nick Kralevich · 9 years ago
2d6fa72 don't allow debuggerd to ptrace itself. by Nick Kralevich · 9 years ago
ebc72b6 Merge "Remove execmem permission for mediaserver" into nyc-dev by Jeff Tinker · 9 years ago
81b7675 Whitelist additional unix socket ioctl by Jeff Vander Stoep · 9 years ago
916623a Merge "Re-introduce camera_device type" into nyc-dev by Jeffrey Vander Stoep · 9 years ago
cc8a09f Re-introduce camera_device type by Jeff Vander Stoep · 9 years ago
b21b313 Remove execmem permission for mediaserver by Jeff Tinker · 9 years ago
7b8413d Move boot_control HAL permissions to an attribute. by Alex Deymo · 9 years ago
959b036 Merge "buildtime/cts enforce no inet access for media domains" into nyc-dev by Jeffrey Vander Stoep · 9 years ago
21f77f6 buildtime/cts enforce no inet access for media domains by Jeff Vander Stoep · 9 years ago
8785a64 Merge "Selinux: Policies for otapreopt_chroot and postinstall_dexopt" into nyc-dev by TreeHugger Robot · 9 years ago
e5d8a94 Selinux: Policies for otapreopt_chroot and postinstall_dexopt by Andreas Gampe · 9 years ago
fbb6d2d Merge changes I9cdd52a2,Idf00e7a6 into nyc-dev by Mukesh Agrawal · 9 years ago
9a6f8f7 Define more ioctl types by Jeff Vander Stoep · 9 years ago
d9b0a34 Allow system_server to hard link its own files by Christopher Tate · 9 years ago
e651f6f allow system server to set log.tag.WifiHAL by mukesh agrawal · 9 years ago
84cfde2 limit shell's access to log.* properties by mukesh agrawal · 9 years ago
44f40a7 Merge "Allow bugreports to dump the native netd service state." into nyc-dev by Lorenzo Colitti · 9 years ago
f7bfd48 Allow bugreports to dump the native netd service state. by Lorenzo Colitti · 9 years ago
af82243 drop watchdogd from CAP_SYS_RAWIO neverallow by Nick Kralevich · 9 years ago
7141f10 do not enforce neverallow on CAP_SYS_RAWIO on debug builds by Jeff Vander Stoep · 9 years ago
0959aa6 Merge "drop vold from sys_rawio neverallow exception" into nyc-dev by TreeHugger Robot · 9 years ago
f77bc23 Merge "Further restrict socket ioctls available to apps" into nyc-dev by TreeHugger Robot · 9 years ago
3233353 Further restrict socket ioctls available to apps by Jeff Vander Stoep · 9 years ago
a499041 drop vold from sys_rawio neverallow exception by Nick Kralevich · 9 years ago
0e61a7a neverallow /data/anr access for isolated/untrusted apps by Nick Kralevich · 9 years ago
70f6c34 Merge "Unify dumped native stack traces" into nyc-dev by Andy Hung · 9 years ago
b3e4737 Merge "Add memory leak detection to mediaserver" into nyc-dev by Andy Hung · 9 years ago
3eae017 Merge "selinux changes for DNS metrics." into nyc-dev by Lorenzo Colitti · 9 years ago
f3bfc96 Unify dumped native stack traces by Andy Hung · 9 years ago
becb0c8 Add memory leak detection to mediaserver by Andy Hung · 9 years ago
8b9b89e Add memory leak detection to audioserver by Andy Hung · 9 years ago
7da9b2a Merge "define SIOCGIFDSTADDR as unprivileged ioctl" into nyc-dev by TreeHugger Robot · 9 years ago
d61e6d5 Merge "Allow shell to read /proc/meminfo." into nyc-dev by TreeHugger Robot · 9 years ago
de0ce9c Allow shell to read /proc/meminfo. by dcashman · 9 years ago
0e27e9b define SIOCGIFDSTADDR as unprivileged ioctl by Jeff Vander Stoep · 9 years ago
71d6ddc selinux changes for DNS metrics. by Lorenzo Colitti · 9 years ago
e3151bd Restore /mnt/sdcard symlink read access by Nick Kralevich · 9 years ago
e038062 Merge "Allow all apps to discover contexthub_service" into nyc-dev by Peng Xu · 9 years ago
7df44d8 Allow all apps to discover contexthub_service by Peng Xu · 9 years ago
ac52f46 Allow postinstall_file to be an entrypoint. by Alex Deymo · 9 years ago
541e9d5 Merge "Allow init and vold writing misc block device." into nyc-dev by Yabin Cui · 9 years ago
3e8d1bf Add ro.sys.safemode property. by dcashman · 10 years ago
3fc55e5 Merge "Enforce restrictions on kernel module origin" into nyc-dev by Jeffrey Vander Stoep · 9 years ago
10908ff Merge "Add module_load permission to system class" into nyc-dev by Jeffrey Vander Stoep · 9 years ago
6634400 Enforce restrictions on kernel module origin by Jeff Vander Stoep · 9 years ago
6d77d85 Add module_load permission to system class by Jeff Vander Stoep · 9 years ago
c1a23d0 Allow init and vold writing misc block device. by Yabin Cui · 9 years ago
182c4f3 Merge "Update selinux policy for VrManager AIDL." into nyc-dev by Ruben Brunk · 9 years ago
743969b Update selinux policy for VrManager AIDL. by Ruben Brunk · 9 years ago
4a0c803 Expand bluetooth access to media_rw_data_file for now. by Daniel Rosenberg · 9 years ago
75b25dd Allow system_server to execute timeout. by Jeff Sharkey · 9 years ago
b80bdef Allow search/getattr access to media_rw_data_file for now. by Daniel Rosenberg · 9 years ago
a2ed1ce Merge "Define gpu_service and allow surfaceflinger to provide it" into nyc-dev by Jesse Hall · 9 years ago