Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b55f10e937360f42ce573c7eb9b7914ea75edd49
  1. b55f10e Fix perfprofd denial (simpleperf debugfs read). by Than McIntosh · 10 years ago
  2. 59c4aa7 Merge "auditallow gpu_device execute access" by Nick Kralevich · 10 years ago
  3. 0243e5c system_server.te: remove policy load permissions by Jeff Vander Stoep · 10 years ago
  4. 73bdbd9 auditallow gpu_device execute access by Daniel Micay · 10 years ago
  5. 008d7f1 Drop the default stanza from mac_permissions.xml by Robert Craig · 10 years ago
  6. 2cc9420 install_recovery: drop toolbox auditallow by Nick Kralevich · 10 years ago
  7. 7238833 sepolicy: Apply dhcpcd sepolicy to dhcpcd-6.8.2 by Samuel Tan · 10 years ago
  8. 7af012f Merge "Only allow toolbox exec where /system exec was already allowed." by Nick Kralevich · 10 years ago
  9. e5c7321 Merge "file_contexts: label zram devices" by Jeffrey Vander Stoep · 10 years ago
  10. aa0d8fe dontaudit su servicemanager:service_manager list by Nick Kralevich · 10 years ago
  11. 5bc4a95 file_contexts: label zram devices by William Roberts · 10 years ago
  12. a3c97a7 Only allow toolbox exec where /system exec was already allowed. by Stephen Smalley · 10 years ago
  13. 4abd409 Relax neverallow rule for loading an updated SELinux policy. by Nick Kralevich · 10 years ago
  14. 6d0e9c8 init.te: delete kernel load policy support by Nick Kralevich · 10 years ago
  15. 48d98e3 Merge "system_server: remove old dalvik JIT rules on user/userdebug builds" by Nick Kralevich · 10 years ago
  16. 23cde87 system_server: remove old dalvik JIT rules on user/userdebug builds by Nick Kralevich · 10 years ago
  17. be98d9c Add /data/local/tmp neverallow rules by Nick Kralevich · 10 years ago
  18. acfd140 Merge "eliminate some anr_data_file permissions." by Nick Kralevich · 10 years ago
  19. f4d39ca allow domain adbd:unix_stream_socket ioctl; by Nick Kralevich · 10 years ago
  20. bf65c7e mediaserver: remove /system/bin/toolbox exec access by Nick Kralevich · 10 years ago
  21. 031e5ce Android.mk: Cleanup GENERAL_*_CONTEXTS variables by William Roberts · 10 years ago
  22. 6aabc1c Android.mk: drop polluting variables by William Roberts · 10 years ago
  23. 979adff eliminate some anr_data_file permissions. by Nick Kralevich · 10 years ago
  24. 13b6b7e checkfc: add support for comparing two file_contexts files. by Stephen Smalley · 10 years ago
  25. c2d0191 Update Android.mk to support file_contexts.bin by Richard Haines · 10 years ago
  26. bc2a49f Don't assume ordering of $(wildcard ...) by Dan Willemsen · 10 years ago
  27. 3d32817 Add SELinux settings to support tracing during boot. by Yasuhiro Matsuda · 10 years ago
  28. 1de9c49 auditallow w_file_perms for mediaserver by Daniel Micay · 10 years ago
  29. f71decc Merge "Add support for building without ramdisk" by Daniel Rosenberg · 10 years ago
  30. 6f7de29 Merge "Do not allow apps to access network address file" by Jeffrey Vander Stoep · 10 years ago
  31. e45cad7 Do not allow apps to access network address file by Jeff Vander Stoep · 10 years ago
  32. e208585 Merge "Revert "Do not allow apps to access network address file"" by Jeffrey Vander Stoep · 10 years ago
  33. db7bc4b Revert "Do not allow apps to access network address file" by Jeffrey Vander Stoep · 10 years ago
  34. 6627345 Merge "Do not allow apps to access network address file" by Jeffrey Vander Stoep · 10 years ago
  35. 2dabf17 Do not allow apps to access network address file by Jeff Vander Stoep · 10 years ago
  36. e6b6744 Add support for building without ramdisk by Daniel Rosenberg · 10 years ago
  37. e244f2d Allow init to mount filesystems on properly labeled folders by Daniel Rosenberg · 10 years ago
  38. d218558 Android.mk: Add support for BOARD_SEPOLICY_M4DEFS by William Roberts · 10 years ago
  39. 29a463d Use build fingerprint from file by Colin Cross · 10 years ago
  40. 1a6e29e Merge "android.mk: drop duplicate spaces" by Nick Kralevich · 10 years ago
  41. 8540253 android.mk: drop duplicate spaces by William Roberts · 10 years ago
  42. 354710e Prevent appdomain from creating globally readable symlinks. by dcashman · 10 years ago
  43. 8e16deb Add /data/vendor/lib as a library location under ASan. by Evgenii Stepanov · 10 years ago
  44. f2c4e12 neverallow service_manager / service_manager_type by Nick Kralevich · 10 years ago
  45. 10a3a36 Merge "Allow domains to read tmpfs symlinks." by dcashman · 10 years ago
  46. 2b0b829 Allow domains to read tmpfs symlinks. by dcashman · 10 years ago
  47. 26cd912 Give /proc/iomem a more specific label. by dcashman · 10 years ago
  48. ffc86be Correct local variables for file_contexts_asan by William Roberts · 10 years ago
  49. 75268b0 Merge "allow procrank to write to bug report" by Jeff Vander Stoep · 10 years ago
  50. af16c40 allow procrank to write to bug report by Jeff Vander Stoep · 10 years ago
  51. 7028bdc neverallow: domain execute data_file_type by William Roberts · 10 years ago
  52. 99fe8df hide checkseapp command invocation by William Roberts · 10 years ago
  53. b876993 use a general sepolicy when building general targets by William Roberts · 10 years ago
  54. 3a74555 Drop unused variable in Android.mk by William Roberts · 10 years ago
  55. 4ee7131 Introduce seapp_neverallow test by William Roberts · 10 years ago
  56. da52e85 correct colon usage on make targets by William Roberts · 10 years ago
  57. 81e1f90 check_seapp: add support for "neverallow" checks by William Roberts · 10 years ago
  58. 33edd30 Merge "neverallow PROT_EXEC stack or heap." by Daniel Cashman · 10 years ago
  59. 7d65b54 check_seapp: mac build memory leak by William Roberts · 10 years ago
  60. 5328d97 neverallow PROT_EXEC stack or heap. by Stephen Smalley · 10 years ago
  61. 9c7570e Fix grouper build by allowing mknod in recovery by Jeff Vander Stoep · 10 years ago
  62. 3cba84e Merge "Run idmap in its own domain." by Daniel Cashman · 10 years ago
  63. e956b31 Merge "drop unused option -s" by Daniel Cashman · 10 years ago
  64. f26b6d4 drop unused option -s by William Roberts · 10 years ago
  65. 31d88a7 Allow /dev/klog access, drop mknod and __null__ access by Nick Kralevich · 10 years ago
  66. b335e38 Run idmap in its own domain. by Stephen Smalley · 10 years ago
  67. 8d3a1b5 correct all error messages by William Roberts · 10 years ago
  68. 9d439d3 neverallow read to shell- and app-writable symlinks. by Stephen Smalley · 10 years ago
  69. e010f08 Merge "neverallow write access to /data/dalvik-cache directories." by Nick Kralevich · 10 years ago
  70. d9bf7b3 neverallow write access to /data/dalvik-cache directories. by Stephen Smalley · 10 years ago
  71. 8a22477 Allow clatd CAP_IPC_LOCK for mmap() by Erik Kline · 10 years ago
  72. 4b4c564 Merge "Extend sepolicy for SANITIZE_TARGET." by Evgenii Stepanov · 10 years ago
  73. 9303048 Extend sepolicy for SANITIZE_TARGET. by Evgenii Stepanov · 10 years ago
  74. 773d412 check_seapp: Correct output on duplicate entries by William Roberts · 10 years ago
  75. cc905d8 Merge "Update perfprofd rules to allow wake_unlock inspection." by Than McIntosh · 10 years ago
  76. f0f6ee2 Allow recovery to read files with oemfs label by Tao Bao · 10 years ago
  77. beadf17 Update perfprofd rules to allow wake_unlock inspection. by Than McIntosh · 10 years ago
  78. 96136d8 sepolicy-analyze: use headers from common selinux project. by dcashman · 10 years ago
  79. b6ecbce Merge "Allow system server and uncrypt to operate pipe file" by Tao Bao · 10 years ago
  80. 51b33ac Allow system server and uncrypt to operate pipe file by Tao Bao · 10 years ago
  81. 53b4801 tools: use headers from common selinux project by Jeff Vander Stoep · 10 years ago
  82. eab26fa Remove service_manager_local_audit_domain. by dcashman · 10 years ago
  83. 0d22c6c logd: logpersistd by Mark Salyzyn · 10 years ago
  84. bf0c34d Allow system_app to find all system services. by dcashman · 10 years ago
  85. e8178b3 Remove unused userspace security classes. by Stephen Smalley · 10 years ago
  86. a0c9d20 Remove zygote security class declaration. by Stephen Smalley · 10 years ago
  87. 5ca3dfe Update MODULE_LICENSE by Bill Yi · 10 years ago
  88. a9bfc88 Merge "Expand rtc_device label to match all rtc class drivers." by dcashman · 10 years ago
  89. 7ceda71 Add MODULE_LICENSE by Bill Yi · 10 years ago
  90. 1b4b3b9 Expand rtc_device label to match all rtc class drivers. by dcashman · 10 years ago
  91. c759489 Label /dev/rtc0 as rtc_device. by dcashman · 10 years ago
  92. 72aeb01 Merge "neverallow cache_file and derivatives execute" by Nick Kralevich · 10 years ago
  93. a7621f8 Merge "make unix_socket_connect() for property service a warning" by Jeffrey Vander Stoep · 10 years ago
  94. 6c30016 neverallow cache_file and derivatives execute by William Roberts · 10 years ago
  95. cbc8f79 Rename keystore methods and delete unused permissions by Chad Brubaker · 10 years ago
  96. 1b4e69a make unix_socket_connect() for property service a warning by William Roberts · 10 years ago
  97. e5916eb Merge "Tweak perfprofd sepolicy to include ipc_lock self capability." by Than McIntosh · 10 years ago
  98. 728fe3d Tweak perfprofd sepolicy to include ipc_lock self capability. by Than McIntosh · 10 years ago
  99. d1fa4d3 neverallow transitions to shell by William Roberts · 10 years ago
  100. 529a863 neverallow "write ops" on system_data_file from "others" by William Roberts · 10 years ago