Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / private / app_neverallows.te
  1. f04db5b app.te: Delete apk_private_tmp_file neverallow by Nick Kralevich · 12 months ago
  2. 27b515e Add SELinux policy for storage areas by Ellen Arteca · 1 year, 4 months ago
  3. 000b251 stats_service: only disallow untrusted access by Tej Singh · 1 year, 7 months ago
  4. 4245d04 Allow system_server access to hidraw devices. by Daniel Norman · 1 year, 9 months ago
  5. b36ecf6 Merge changes from topic "iso_compute" by Charles Chen · 2 years, 7 months ago
  6. 3d4a6b7 Add isolated_compute_app domain by Charles Chen · 2 years, 8 months ago
  7. ccf8014 Share isolated properties across islolated apps by Charles Chen · 2 years, 8 months ago
  8. 214294c Add SELinux Policy For io_uring by Gil Cukierman · 2 years, 10 months ago
  9. cfdea5f Blocks untrusted apps to access /dev/socket/mdnsd from U by Yuyang Huang · 2 years, 8 months ago
  10. 24d90e7 Hide ro.debuggable and ro.secure from ephemeral and isolated applications by Alessandra Loro · 2 years, 10 months ago
  11. 6ecd207 Merge "Drop back-compatibility for hiding ro.debuggable and ro.secure" by Alessandra Loro · 3 years ago
  12. 40718f4 Allow getopt to eliminate warnings in MicrodroidBenchmarks tests by Alice Wang · 3 years ago
  13. 8a7dcb5 Drop back-compatibility for hiding ro.debuggable and ro.secure by Alessandra Loro · 3 years, 1 month ago
  14. d0e108f Disallow untrusted apps to read ro.debuggable and ro.secure by Alessandra Loro · 3 years, 2 months ago
  15. af609b2 Enforce MAC address restrictions for priv apps. by Bram Bonne · 3 years, 4 months ago
  16. 872a6f5 Restrict VM usage to platform_app. am: f96cd6557e by Alan Stokes · 4 years ago
  17. f96cd65 Restrict VM usage to platform_app. by Alan Stokes · 4 years ago
  18. c9996ff Merge "Add rules for virtualizationservice and crosvm" am: d59b429b63 am: cf84b7571b by Jiyong Park · 4 years, 1 month ago
  19. 5e20d83 Add rules for virtualizationservice and crosvm by Jiyong Park · 4 years, 2 months ago
  20. 3f36b24 Merge "untrusted_app_30: add new targetSdk domain" am: c1d9d9a85c am: 86943d839a by Bram Bonné · 4 years, 2 months ago
  21. ea5460a untrusted_app_30: add new targetSdk domain by Bram Bonné · 4 years, 4 months ago
  22. 2dec873 Revert "untrusted_app_30: add new targetSdk domain" am: f6fc9377ad am: dc26e38e21 by Paul Hobbs · 4 years, 2 months ago
  23. f6fc937 Revert "untrusted_app_30: add new targetSdk domain" by Paul Hobbs · 4 years, 2 months ago
  24. 040fa57 untrusted_app_30: add new targetSdk domain am: 55badc22c1 am: d9fea8c063 by Bram Bonné · 4 years, 2 months ago
  25. 55badc2 untrusted_app_30: add new targetSdk domain by Bram Bonné · 4 years, 4 months ago
  26. d631804 Merge "Add fusefs_type for FUSE filesystems" am: 53ef2e85e2 am: 93749a5278 by Thiébaud Weksteen · 4 years, 2 months ago
  27. 9ec5327 Add fusefs_type for FUSE filesystems by Thiébaud Weksteen · 4 years, 3 months ago
  28. 858893a Merge "Enforce RTM_GETLINK restrictions on all apps" am: 40bf1a6a70 am: a596c13e89 by Bram Bonné · 4 years, 4 months ago
  29. d65a7bf make ril.cdma.inecmmode system property internal by Nazanin · 4 years, 4 months ago
  30. a4433b4 Enforce RTM_GETLINK restrictions on all apps by Bram Bonné · 4 years, 4 months ago
  31. aa4ce95 sepolicy: rules for uid/pid cgroups v2 hierarchy by Marco Ballesio · 4 years, 7 months ago
  32. aa8bb3a Revert^3 "sepolicy: rules for uid/pid cgroups v2 hierarchy" by Marco Ballesio · 4 years, 7 months ago
  33. a54bed6 Revert^2 "sepolicy: rules for uid/pid cgroups v2 hierarchy" by Marco Ballesio · 4 years, 7 months ago
  34. 7ce5e71 Merge "Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy"" by Jonglin Lee · 4 years, 9 months ago
  35. 51c04ac Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" by Jonglin Lee · 4 years, 9 months ago
  36. b18b394 Merge "sepolicy: rules for uid/pid cgroups v2 hierarchy" by Treehugger Robot · 4 years, 9 months ago
  37. ab5e7d3 Merge "Revert^3 "Enforce RTM_GETLINK restrictions on all 3p apps"" by Elliott Hughes · 4 years, 9 months ago
  38. 80b8e3c Revert^3 "Enforce RTM_GETLINK restrictions on all 3p apps" by Bram Bonné · 4 years, 9 months ago
  39. f46d7a2 sepolicy: rules for uid/pid cgroups v2 hierarchy by Marco Ballesio · 4 years, 10 months ago
  40. aff923a Merge "Revert^2 "Enforce RTM_GETLINK restrictions on all 3p apps"" by Bram Bonné · 4 years, 10 months ago
  41. 18ccf97 Revert^2 "Enforce RTM_GETLINK restrictions on all 3p apps" by Bram Bonné · 4 years, 10 months ago
  42. d083d24 Merge "Revert "Enforce RTM_GETLINK restrictions on all 3p apps"" by Tej Singh · 4 years, 10 months ago
  43. f48d1f8 Revert "Enforce RTM_GETLINK restrictions on all 3p apps" by Tej Singh · 4 years, 10 months ago
  44. 593c3b5 Merge "Enforce RTM_GETLINK restrictions on all 3p apps" by Bram Bonné · 4 years, 10 months ago
  45. a0518b7 Make kmsg_device mlstrustedobject. by Alan Stokes · 4 years, 11 months ago
  46. a43e26e untrusted_apps: AIDL vendor service parity w/ HIDL by Steven Moreland · 4 years, 11 months ago
  47. 03fb6ee Enforce RTM_GETLINK restrictions on all 3p apps by Jeff Vander Stoep · 5 years ago
  48. e346fbc simplify neverallowxperm for tun_device by Maciej Żenczykowski · 5 years ago
  49. 2aa8042 incident_service: only disallow untrusted access by Jeff Vander Stoep · 5 years ago
  50. fd54803 Allow mediaprovider_app access to /proc/filesystems. by Martijn Coenen · 6 years ago
  51. e3f1d5a Create new mediaprovider_app domain. by Martijn Coenen · 6 years ago
  52. b38a1d8 untrusted_app: disallow bind RTM_ROUTE socket by Jeff Vander Stoep · 6 years ago
  53. 1f7ae8e reland: untrusted_app_29: add new targetSdk domain by Jeff Vander Stoep · 6 years ago
  54. 1d241db Revert "untrusted_app_29: add new targetSdk domain" by Santiago Seifert · 6 years ago
  55. a1aa221 untrusted_app_29: add new targetSdk domain by Jeff Vander Stoep · 6 years ago
  56. 34a19b7 Merge "Revert "Allow MediaProvider to host FUSE devices."" by Zimuzo Ezeozue · 6 years ago
  57. 74a6730 Revert "Allow MediaProvider to host FUSE devices." by Zimuzo Ezeozue · 6 years ago
  58. b4d7815 Merge "Reland "sepolicy: rework ashmem_device permissions"" by Orion Hodson · 6 years ago
  59. b554a95 Reland "sepolicy: rework ashmem_device permissions" by Tri Vo · 6 years ago
  60. 5527d70 Revert "sepolicy: rework ashmem_device permissions" by Orion Hodson · 6 years ago
  61. 28903d9 untrusted_app_25: remove access to net.dns properties by Jeff Vander Stoep · 6 years ago
  62. d9dcea5 sepolicy: rework ashmem_device permissions by Tri Vo · 6 years ago
  63. e95c704 Access to HALs from untrusted apps is blacklist-based by Jiyong Park · 6 years ago
  64. b27a746 Merge "Remove vintf_service." am: cacefc6a78 by Steven Moreland · 6 years ago
  65. 4bb0a98 Remove vintf_service. by Steven Moreland · 6 years ago
  66. 88fedc2 Merge "Reland "Re-open /dev/binder access to all."" am: aa6793febd by Steven Moreland · 6 years ago
  67. aa6793f Merge "Reland "Re-open /dev/binder access to all."" by Steven Moreland · 6 years ago
  68. b5a4640 selinux: remove sysfs_mac_address am: f1e71dc75c by Tri Vo · 6 years ago
  69. f1e71dc selinux: remove sysfs_mac_address by Tri Vo · 6 years ago
  70. 8f5e8e5 Do not allow untrusted apps to read sysfs_net files am: 804d99ac76 by Maciej enczykowski · 6 years ago
  71. 804d99a Do not allow untrusted apps to read sysfs_net files by Maciej Żenczykowski · 6 years ago
  72. b75b047 Reland "Re-open /dev/binder access to all." by Steven Moreland · 6 years ago
  73. db28fe2 Revert "Re-open /dev/binder access to all." am: 6b2eaade82 by Steven Moreland · 6 years ago
  74. 6b2eaad Revert "Re-open /dev/binder access to all." by Steven Moreland · 6 years ago
  75. 169bfcf Merge changes Icdf207c5,I20aa48ef am: 30a06d278f by Steven Moreland · 6 years ago
  76. 94ff361 Re-open /dev/binder access to all. by Steven Moreland · 6 years ago
  77. cf289bc Allow MediaProvider to host FUSE devices. am: b56cc6fb1f by Zim · 6 years ago
  78. b56cc6f Allow MediaProvider to host FUSE devices. by Zim · 6 years ago
  79. e7e6fff Merge "Properly define hal_codec2 and related policies" into qt-dev by Pawin Vongmasa · 6 years ago
  80. 609c243 Properly define hal_codec2 and related policies by Pawin Vongmasa · 6 years ago
  81. 52bcfdf Merge "Remove unneeded permissions" into qt-dev am: 2b34e6ad9f by Marco Nelissen · 6 years ago
  82. ba258f0 Remove unneeded permissions by Marco Nelissen · 7 years ago
  83. 68b6f80 Use explicit whitelist for HIDL app neverallows. by Steven Moreland · 6 years ago
  84. 8eff3e2 Deprecate /mnt/sdcard -> /storage/self/primary symlink. by Tri Vo · 6 years ago
  85. 19200ae ephemeral_app: restore /dev/ashmem open permissions by Tri Vo · 6 years ago
  86. 0da2ecd ephemeral_app: restore /dev/ashmem open permissions by Tri Vo · 6 years ago
  87. 8b12ff5 Neverallow app open access to /dev/ashmem by Tri Vo · 7 years ago
  88. 877fe9d audit apps opening /dev/ashmem by Tri Vo · 7 years ago
  89. 73d0a67 sepolicy for ashmemd by Tri Vo · 7 years ago
  90. 0ac2eec Neverallow executable files and symlink following by Jeff Vander Stoep · 7 years ago
  91. e17b293 Allow app to conntect to BufferHub service by Jiwen 'Steve' Cai · 7 years ago
  92. fb66c6f rename rs_data_file to app_exec_data_file by Nick Kralevich · 7 years ago
  93. 41a871b Permissions for InputClassifier HAL by Siarhei Vishniakou · 8 years ago
  94. 65a89c1 Revert "remove app_data_file execute" by Nick Kralevich · 7 years ago
  95. b362474 remove app_data_file execute by Nick Kralevich · 7 years ago
  96. 0eb0a16 bless app created renderscript files by Nick Kralevich · 7 years ago
  97. e7040ea Add power.stats HAL 1.0 sepolicy by Benjamin Schwartz · 7 years ago
  98. 55d9096 SEPolicy changes to allow kcov access in userdebug. by Dan Austin · 7 years ago
  99. 535c5d2 Remove 'dex2oat_exec' from untrusted_app by David Brazdil · 7 years ago
  100. a194d37 Tighten up handling of new classes by Nick Kralevich · 7 years ago