Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / public / kernel.te
  1. 09b27c7 Add "DO NOT ADD statements" comments to public by Inseob Kim · 1 year, 5 months ago
  2. 75806ef Minimize public policy by Inseob Kim · 1 year, 5 months ago
  3. 568fd1f Allow kernel to write to shell_data_file loop devices in userdebug builds. by David Anderson · 3 years, 2 months ago
  4. 4b8ece3 Allow the kernel to read shell_data_file by Jooyung Han · 4 years, 2 months ago
  5. 9ec5327 Add fusefs_type for FUSE filesystems by Thiébaud Weksteen · 4 years, 3 months ago
  6. ab8b3df Add kernel permission for bootconfig proc file by Alistair Delva · 4 years, 6 months ago
  7. 9f79473 Allow kernel to write to update_engine_data_file by Tianjie Xu · 6 years ago
  8. b46ef10 Update kernel permissions to pass libdm snapshot unit test by Ram Muthiah · 6 years ago
  9. faa2933 Add permission required by libdm_test by Hridya Valsaraju · 6 years ago
  10. ea61d19 Adding vendor_apex_file for /vendor/apex by Jooyung Han · 6 years ago
  11. d6fdcef Sepolicy: Move otapreopt_chroot to private by Andreas Gampe · 6 years ago
  12. 0a6c2d0 Allow `otapreopt_chroot` to mount APEX packages using `apexd` logic. by Roland Levillain · 7 years ago
  13. b85acbb Allow the kernel to read staging_data_file. by Martijn Coenen · 7 years ago
  14. ac2b2d4 Allow the kernel to access apexd file descriptors. by Martijn Coenen · 7 years ago
  15. fb13ddd kernel: allow write access to /data/misc/vold/virtual_disk by Nick Kralevich · 7 years ago
  16. 095fbea Strengthen ptrace neverallow rules by Nick Kralevich · 7 years ago
  17. 23c9d91 Start partitioning off privapp_data_file from app_data_file by Nick Kralevich · 7 years ago
  18. 90b21ee init is a dynamic executable by Jiyong Park · 7 years ago
  19. 64ff9e9 domain.te & kernel.te: allow kernel to write nativetest_data_file by Yongqin Liu · 7 years ago
  20. 34e35e9 Add label for kernel test files and executables by Sandeep Patil · 8 years ago
  21. 9b2e0cb sepolicy: Add rules for non-init namespaces by Benjamin Gordon · 8 years ago
  22. bc1c545 Remove proc label access from kernel domain. by Tri Vo · 8 years ago
  23. 91d398d Sync internal master and AOSP sepolicy. by Dan Cashman · 8 years ago
  24. 1c5ea06 Merge "Add drm and kernel permissions to mediaprovider" am: 224b4eace9 am: 34b7684401 by Jerry Zhang · 8 years ago
  25. 6f9ac6e Add drm and kernel permissions to mediaprovider by Jerry Zhang · 8 years ago
  26. 204da47 Merge commit '24d3a1cc3fd0705d4dc8c7484e55c7107dc8b928' into manual_merge_24d3a1cc by Jerry Zhang · 8 years ago
  27. 9f152d9 Split mediaprovider as a separate domain from priv_app by Jerry Zhang · 8 years ago
  28. c9cf736 file_context: explicitly label all file context files by Sandeep Patil · 8 years ago
  29. 3f724c9 Grant kernel access to new "virtual_disk" file. by Jeff Sharkey · 8 years ago
  30. 3927086 kernel: neverallow dac_{override,read_search} perms by Jeff Vander Stoep · 9 years ago
  31. 02cfce4 kernel.te: tighten entrypoint / execute_no_trans neverallow by Nick Kralevich · 9 years ago
  32. cc39f63 Split general policy into public and private components. by dcashman · 9 years ago[Renamed (98%) from kernel.te]
  33. 108677c kernel: remove domain_deprecated attribute by Jeff Vander Stoep · 9 years ago
  34. 7ef8073 audit domain_deprecated perms for removal by Jeff Vander Stoep · 9 years ago
  35. 98fbb31 Merge \"Simplify /dev/kmsg SELinux policy.\" am: aa2aa21902 by Elliott Hughes · 9 years ago
  36. 63b33dc Simplify /dev/kmsg SELinux policy. by Elliott Hughes · 9 years ago
  37. 35a9247 Merge "Allow reading loop device in update_engine_unittests." am: aeeeab290f by Sen Jiang · 9 years ago
  38. 2b26729 Allow reading loop device in update_engine_unittests. by Sen Jiang · 9 years ago
  39. d25d57a Allow access to media_rw_data_file for now. by Daniel Rosenberg · 9 years ago
  40. 35a1451 Replace "neverallow domain" by "neverallow *" by Nick Kralevich · 10 years ago
  41. bc2b76b kernel: grant perms from domain_deprecated by Jeff Vander Stoep · 10 years ago
  42. 52e9d04 kernel.te: drop allow kernel untrusted_app:fd use; by Nick Kralevich · 10 years ago
  43. d22987b Create attribute for moving perms out of domain by Jeff Vander Stoep · 10 years ago
  44. 94ee59b audit mtp sync permission by Jeff Vander Stoep · 10 years ago
  45. 9ba8ade Fix MTP sync by Jeff Vander Stoep · 10 years ago
  46. 618efe8 kernel: allow rebooting, and writing to /dev/__kmsg__ by Nick Kralevich · 10 years ago
  47. 5aac86d Revert "Revert "SELinux policy changes for re-execing init."" by Elliott Hughes · 10 years ago
  48. c450759 Revert "SELinux policy changes for re-execing init." by Nick Kralevich · 10 years ago
  49. 46e832f SELinux policy changes for re-execing init. by Elliott Hughes · 10 years ago
  50. 883fcfc kernel: allow usbfs:dir search by Nick Kralevich · 10 years ago
  51. 753b95f Allow kernel to read asec_image_file. by dcashman · 10 years ago
  52. 1025d13 kernel.te: fix MTP sync by Nick Kralevich · 11 years ago
  53. 9fe810b allow kernel to use vold file descriptors by Nick Kralevich · 11 years ago
  54. 4308ce8 kernel: make kernel an mlstrustedsubject by Nick Kralevich · 11 years ago
  55. bd5f8e3 kernel: remove permissive_or_unconfined() by Stephen Smalley · 11 years ago
  56. 0a296fb am f3926937: Merge "Switch kernel and init to permissive_or_unconfined()." by Daniel Cashman · 11 years ago
  57. a523aac Switch kernel and init to permissive_or_unconfined(). by Stephen Smalley · 11 years ago
  58. b0a9951 Allow kernel thread to read app data files by Nick Kralevich · 11 years ago
  59. 28b26bc support kernel writes to external SDcards by Nick Kralevich · 11 years ago
  60. 4c6b135 support kernel writes to external SDcards by Nick Kralevich · 11 years ago
  61. e9c90bd reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed) after branching. Please do not merge. by Ed Heyl · 11 years ago
  62. 374b2a1 Rename sdcard_internal/external types. by Stephen Smalley · 11 years ago
  63. a1558be Allow kernel sdcard read access as well for MTP sync. by Stephen Smalley · 11 years ago
  64. eb6b74f Allow kernel sdcard access for MTP sync. by Stephen Smalley · 11 years ago
  65. f3c3a1a Remove execute_no_trans from unconfineddomain. by Stephen Smalley · 11 years ago
  66. bac4ccc Prevent adding transitions to kernel or init domains. by Stephen Smalley · 11 years ago
  67. 718bf84 Allow mounting of usbfs. by Stephen Smalley · 11 years ago
  68. 73b0346 Explictly allow init and kernel unlabeled access. by Stephen Smalley · 11 years ago
  69. eb1bbf2 Clean up kernel, init, and recovery domains. by Stephen Smalley · 11 years ago
  70. 03ce512 Remove /system write from unconfined by Nick Kralevich · 11 years ago
  71. 356f4be Restrict requesting contexts other than policy-defined defaults. by Stephen Smalley · 11 years ago
  72. cdae7de Drop unused rules for raw I/O, mknod, and block device access. by Stephen Smalley · 11 years ago
  73. abae8a9 Revisit kernel setenforce by Nick Kralevich · 11 years ago
  74. 02dac03 Drop relabelto_domain() macro and its associated definitions. by Stephen Smalley · 11 years ago
  75. 3f40d4f Remove block device access from unconfined domains. by Stephen Smalley · 12 years ago
  76. 5487ca0 Remove several superuser capabilities from unconfined domains. by Stephen Smalley · 12 years ago
  77. b081cc1 Remove mount-related permissions from unconfined domains. by Stephen Smalley · 12 years ago
  78. fed8a2a Remove transition / dyntransition from unconfined by Nick Kralevich · 12 years ago
  79. 8b51674 Restrict ability to set checkreqprot. by Stephen Smalley · 12 years ago
  80. fea6e66 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 12 years ago
  81. 9e8b8d9 Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode." by Nick Kralevich · 12 years ago
  82. bf12e22 Allow kernel domain, not init domain, to set SELinux enforcing mode. by Stephen Smalley · 12 years ago
  83. b1d8164 Make kernel / init enforcing by Nick Kralevich · 12 years ago
  84. 217f8af Fix more long-tail denials. by Geremy Condra · 12 years ago
  85. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 12 years ago
  86. 50e37b9 Move domains into per-domain permissive mode. by repo sync · 12 years ago
  87. 2dd4e51 SE Android policy. by Stephen Smalley · 14 years ago