Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / private / untrusted_app_all.te
  1. 99a4cbc Grant lockdown integrity to all processes by Thiébaud Weksteen · 1 year, 7 months ago
  2. 941ba72 sepolicy: rework perfetto producer/profiler rules for "user" builds by Ryan Savitski · 2 years, 7 months ago
  3. 685cc43 Merge "Ignore access to /proc/zoneinfo for apps" by Thiébaud Weksteen · 2 years, 11 months ago
  4. d601699 Ignore access to /proc/zoneinfo for apps by Thiébaud Weksteen · 2 years, 11 months ago
  5. 3060852 Allow priv apps to use virtualizationservice by Alan Stokes · 2 years, 11 months ago
  6. 8a5c159 Allow untrusted app to use virtualizationservice - even on user builds by Jiyong Park · 3 years, 4 months ago
  7. 3696a20 Revert "Revert "allow simpleperf to profile more app types."" by Yabin Cui · 3 years, 11 months ago
  8. 47d4b1f Allow test apps to use the virtualizationservice by Jiyong Park · 3 years, 11 months ago
  9. f96cd65 Restrict VM usage to platform_app. by Alan Stokes · 4 years ago
  10. b85fd25 Merge "Allow access to trace_data_file from untrusted_app context" by Pirama Arumuga Nainar · 4 years ago
  11. dd2079d Revert "allow simpleperf to profile more app types." by Yabin Cui · 4 years ago
  12. 0612731 Allow access to trace_data_file from untrusted_app context by Pirama Arumuga Nainar · 4 years ago
  13. 39f4970 SEPolicy for compos_verify_key. by Alan Stokes · 4 years ago
  14. 26de4c4 allow simpleperf to profile more app types. by Yabin Cui · 4 years, 2 months ago
  15. b61bcc8 Allow appdomain sepolicy search access to /mnt/media_rw by Zim · 4 years, 5 months ago
  16. bcfca1a Add SELinux lockdown policy by Thiébaud Weksteen · 4 years, 6 months ago
  17. 2543715 never allow untrusted apps accessing debugfs_tracing by Adam Shih · 4 years, 9 months ago
  18. 826b92f Clarify comments on 3rd party app attributes. by Steven Moreland · 5 years ago
  19. 3db5a31 sepolicy: clean up redundant rules around gpuservice by Yiwei Zhang · 5 years ago
  20. 67a8248 initial policy for traced_perf daemon (perf profiler) by Ryan Savitski · 6 years ago
  21. ffa0dd9 perf_event: rules for system and simpleperf domain by Ryan Savitski · 6 years ago
  22. 607bc67 Prevent apps from causing presubmit failures by Jeff Vander Stoep · 6 years ago
  23. b4d7815 Merge "Reland "sepolicy: rework ashmem_device permissions"" by Orion Hodson · 6 years ago
  24. b554a95 Reland "sepolicy: rework ashmem_device permissions" by Tri Vo · 6 years ago
  25. 5527d70 Revert "sepolicy: rework ashmem_device permissions" by Orion Hodson · 6 years ago
  26. 5e52281 Allow Java domains to be Perfetto producers. by Florian Mayer · 6 years ago
  27. d9dcea5 sepolicy: rework ashmem_device permissions by Tri Vo · 6 years ago
  28. bfcddbe sepolicy: remove ashmemd by Tri Vo · 6 years ago
  29. 8a7bed9 Remove mediacodec_service. by Steven Moreland · 6 years ago
  30. 132b081 Remove perfprofd references. by Elliott Hughes · 6 years ago
  31. 9fbc87c ashmem: expand app access by Tri Vo · 7 years ago
  32. 8b12ff5 Neverallow app open access to /dev/ashmem by Tri Vo · 7 years ago
  33. 931623e Audit execution of app_data_file by untrusted_app. by Alan Stokes · 7 years ago
  34. 877fe9d audit apps opening /dev/ashmem by Tri Vo · 7 years ago
  35. 544d6b3 Game Driver: sepolicy update for plumbing GpuStats into GpuService by Yiwei Zhang · 7 years ago
  36. 9ea8c07 allow untrusted_app_all system_linker_exec:file execute_no_trans by Nick Kralevich · 7 years ago
  37. 73d0a67 sepolicy for ashmemd by Tri Vo · 7 years ago
  38. 337f564 Allow permissions needed for gdb debugging by Nick Kralevich · 7 years ago
  39. 87e9123 disallow priv-apps from following untrusted app symlinks. by Nick Kralevich · 7 years ago
  40. 3e5668f Make Android Studio Instant Run work again by Nick Kralevich · 7 years ago
  41. ca0690e Allow heap profiling of certain app domains on user builds by Ryan Savitski · 7 years ago
  42. fb66c6f rename rs_data_file to app_exec_data_file by Nick Kralevich · 7 years ago
  43. 65a89c1 Revert "remove app_data_file execute" by Nick Kralevich · 7 years ago
  44. b362474 remove app_data_file execute by Nick Kralevich · 7 years ago
  45. 0eb0a16 bless app created renderscript files by Nick Kralevich · 7 years ago
  46. 55d9096 SEPolicy changes to allow kcov access in userdebug. by Dan Austin · 7 years ago
  47. 5dc2c8c Revert "Revert "Enforce execve() restrictions for API > 28"" by Yabin Cui · 7 years ago
  48. 15d1a12 Revert "Enforce execve() restrictions for API > 28" by Nick Kralevich · 7 years ago
  49. 0dd738d Enforce execve() restrictions for API > 28 by Nick Kralevich · 7 years ago
  50. 0bfa7b5 Switch to r_file_perms by Nick Kralevich · 7 years ago
  51. d78e07c Remove untrusted app access to /proc/net by Jeff Vander Stoep · 7 years ago
  52. c47e149 Revert "auditallow app_data_file execute" by Nick Kralevich · 7 years ago
  53. f3eb985 Remove legacy execmod access from API >= 26. by Nick Kralevich · 7 years ago
  54. d90d001 Revert "Remove legacy execmod access." by Nick Kralevich · 7 years ago
  55. 4738b93 auditallow app_data_file execute by Nick Kralevich · 7 years ago
  56. 41b21ee Delete untrusted_v2_app by Nick Kralevich · 7 years ago
  57. 23c9d91 Start partitioning off privapp_data_file from app_data_file by Nick Kralevich · 7 years ago
  58. 0f11ffc Remove legacy execmod access. by Alan Stokes · 7 years ago
  59. 708aa90 Temporarily add auditing of execmod by apps. by Alan Stokes · 7 years ago
  60. 9c7396d Suppress denials for apps accessing storage too early by Jeff Vander Stoep · 7 years ago
  61. 7a4af30 Start the process of locking down proc/net by Jeff Vander Stoep · 7 years ago
  62. 252b015 Allow getsockopt and setsockopt for Encap Sockets by Nathan Harold · 7 years ago
  63. 3aa7ca5 Add untrusted_app_27 by Jeff Vander Stoep · 7 years ago
  64. d93ef54 Hide some denials. by Joel Galenson · 7 years ago
  65. 278147e Adding permission for traceur to use content provider by Max Bires · 8 years ago
  66. ee26864 Allow More Apps to Recv UDP Sockets from SystemServer by Nathan Harold · 8 years ago
  67. c80f9e0 Perfetto SELinux policies by Primiano Tucci · 8 years ago
  68. 63f4677 Allow vendor apps to use surfaceflinger_service by Jeff Vander Stoep · 8 years ago
  69. 91d398d Sync internal master and AOSP sepolicy. by Dan Cashman · 8 years ago
  70. ef7b210 untrusted_apps: allow untrusted_apps to execute from /vendor/app by Sandeep Patil · 8 years ago
  71. eda4b88 Correct documentation in untrusted_app_all by Chad Brubaker · 8 years ago
  72. b93f049 Add media services to ephemeral_app by Chad Brubaker · 8 years ago
  73. b238fe6 Split preloads into media_file and data_file by Fyodor Kupolov · 8 years ago
  74. 9be90fb Revert "Remove execmod support for newer API versions" by Nick Kralevich · 9 years ago
  75. 38d3eca Remove execmod support for newer API versions by Nick Kralevich · 9 years ago
  76. b4f354f Move /proc/tty/drivers access to untrusted_app_25 by Nick Kralevich · 9 years ago
  77. 7291641 MediaCAS: adding media.cas to service by Chong Zhang · 9 years ago
  78. d152425 Allow all untrusted_apps to create ptys by Jeff Vander Stoep · 9 years ago
  79. bacb6d7 untrusted_app: policy versioning based on targetSdkVersion by Jeff Vander Stoep · 9 years ago