Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / refs/heads/android-15 / public / netd.te
  1. 09b27c7 Add "DO NOT ADD statements" comments to public by Inseob Kim · 1 year, 5 months ago
  2. 75806ef Minimize public policy by Inseob Kim · 1 year, 5 months ago
  3. 448bd57 Remove all module_request rules by Eric Biggers · 2 years, 1 month ago
  4. 9a18423 Merge "strengthen system_file neverallows" by Steven Moreland · 2 years, 4 months ago
  5. 9c2a5cf strengthen system_file neverallows by Steven Moreland · 2 years, 4 months ago
  6. 099da6d Allow netd to perform SIGKILL on process dnsmasq by Ken Chen · 2 years, 4 months ago
  7. cfdea5f Blocks untrusted apps to access /dev/socket/mdnsd from U by Yuyang Huang · 2 years, 8 months ago
  8. b13921c much more finegrained bpf selinux privs for networking mainline by Maciej Żenczykowski · 3 years, 4 months ago
  9. 309a355 Add permissions for new netd AIDL HAL by Devin Moore · 3 years, 4 months ago
  10. b30e888 Add search in bpf directory for bpfdomains by Stephane Lee · 3 years, 6 months ago
  11. 70b0a77 Add sepolicy for mdns service by paulhu · 3 years, 9 months ago
  12. c23fb98 update post bpf tethering mainline module split from netd by Maciej Żenczykowski · 4 years, 6 months ago
  13. d68cb48 apply 'fs_bpf_tethering' label to /sys/fs/bpf/tethering by Maciej Żenczykowski · 4 years, 7 months ago
  14. f8ad339 Introduce app_data_file_type attribute. by Alan Stokes · 4 years, 11 months ago
  15. b01e1d9 Revert "Introduce app_data_file_type attribute." by Alan Stokes · 4 years, 10 months ago
  16. 27e0c74 Introduce app_data_file_type attribute. by Alan Stokes · 4 years, 11 months ago
  17. 8f280b0 sepolicy support for cgroup v2 by Marco Ballesio · 5 years ago
  18. a0e7a6d Update language to comply with Android's inclusive language guidance by Jeff Sharkey · 5 years ago
  19. e49acfa Add dontaudit statement to suppress denials by Ken Chen · 5 years ago
  20. f8155a0 netd: suppress dir write to /system by Jeff Vander Stoep · 5 years ago
  21. 55e5c9b Move system property rules to private by Inseob Kim · 6 years ago
  22. 49c73b0 cut down bpf related privileges by Maciej Żenczykowski · 6 years ago
  23. ef1493d netd: remove freshly added neverallows by Maciej Żenczykowski · 6 years ago
  24. d4a692f netd does not require and should not have SYS_ADMIN nor module loading privs by Maciej Żenczykowski · 6 years ago
  25. 1086c7d wifi_stack: Move to network_stack process by Roshan Pius · 6 years ago
  26. 3aa1c17 sepolicy: Permission changes for new wifi mainline module by Roshan Pius · 6 years ago
  27. 44328c0 sepolicy - move public clatd to private by Maciej Żenczykowski · 6 years ago
  28. 6450e00 selinux - allow netd to create tun device and pass it in via open fd across execve to clatd cli by Maciej Żenczykowski · 6 years ago
  29. 487fcb8 selinux - netd - tighten down bpf policy by Maciej Żenczykowski · 6 years ago
  30. 554b334 Sepolicy for netutils_wrapper to use binder call by Luke Huang · 6 years ago
  31. 524f25e Add sepolicy for resolver service by Luke Huang · 7 years ago
  32. 780fbad Add NetworkStack policies for netd and netlink by Remi NGUYEN VAN · 7 years ago
  33. e3d625b SEPolicy updates for adding native flag namespace(netd). by chenbruce · 7 years ago
  34. 7b57104 Use bpfloader to create bpf maps instead of netd by Chenbo Feng · 7 years ago
  35. 5f3ba92 sepolicy changes for network stack app by Remi NGUYEN VAN · 7 years ago
  36. 5e37271 Introduce system_file_type by Nick Kralevich · 7 years ago
  37. 342362a sepolicy: grant dac_read_search to domains with dac_override by Benjamin Gordon · 7 years ago
  38. 23c9d91 Start partitioning off privapp_data_file from app_data_file by Nick Kralevich · 7 years ago
  39. 8a8d4ef public/netd.te: allow netd to operate icmp_socket that passed to it by Yongqin Liu · 7 years ago
  40. 7a4af30 Start the process of locking down proc/net by Jeff Vander Stoep · 7 years ago
  41. 4de238e Allow dumpstate to read property_type by Jaekyun Seok · 7 years ago
  42. bdf2a9c Rename qtaguid_proc to conform to name conventions by Jeff Vander Stoep · 7 years ago
  43. 569e22e netd: silence innocuous denials to /proc and /sys by Tri Vo · 7 years ago
  44. 566411e Add sepolicy to lock down bpf access by Chenbo Feng · 8 years ago
  45. 7ae939e Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid" by Luis Hector Chavez · 8 years ago
  46. 08f92f9 sepolicy: New sepolicy classes and rules about bpf object by Chenbo Feng · 8 years ago
  47. 254ad0d sepolicy: Allow mount cgroupv2 and bpf fs by Chenbo Feng · 8 years ago
  48. 9b2e0cb sepolicy: Add rules for non-init namespaces by Benjamin Gordon · 8 years ago
  49. cc781f7 Allow netd to read the /dev/xt_qtaguid by Chenbo Feng · 8 years ago
  50. 185941a sepolicy: allow netd to write to qtaguid file by Chenbo Feng · 8 years ago
  51. 640e595 Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid by Luis Hector Chavez · 8 years ago
  52. 8dabc2c Restrict netd fwk policy. by Tri Vo · 8 years ago
  53. 91d398d Sync internal master and AOSP sepolicy. by Dan Cashman · 8 years ago
  54. d7989e8 Merge "netd: relax binder neverallow rules for hwservices" am: 4fc64f2fc3 by Jeffrey Vander Stoep · 8 years ago
  55. 07c650e netd: relax binder neverallow rules for hwservices by Jeff Vander Stoep · 8 years ago
  56. 7c34e83 Move domain_deprecated into private policy by Jeff Vander Stoep · 8 years ago
  57. f692d2f Explicitly allow netd to take the iptables lock. am: 9273c1bb5c by Lorenzo Colitti · 8 years ago
  58. 9273c1b Explicitly allow netd to take the iptables lock. by Lorenzo Colitti · 8 years ago
  59. 34bc175 Merge "Revert "Temporarily revert the SELinux policy for persist.netd.stable_secret."" by Lorenzo Colitti · 8 years ago
  60. 5b3efd3 Revert "Temporarily revert the SELinux policy for persist.netd.stable_secret." by Lorenzo Colitti · 8 years ago
  61. 9822937 Merge "Temporarily revert the SELinux policy for persist.netd.stable_secret." by Lorenzo Colitti · 8 years ago
  62. 07e631d Temporarily revert the SELinux policy for persist.netd.stable_secret. by Lorenzo Colitti · 8 years ago
  63. 14a3cb2 SELinux policy for secure persistent netd storage am: abb1ba6532 am: 5ee87b0092 by Joel Scherpelz · 8 years ago
  64. abb1ba6 SELinux policy for secure persistent netd storage by Joel Scherpelz · 8 years ago
  65. 0f52004 Revert "SELinux policy for secure persistent netd storage" am: 06486796a4 by Bartosz Fabianowski · 8 years ago
  66. 0648679 Revert "SELinux policy for secure persistent netd storage" by Bartosz Fabianowski · 8 years ago
  67. 36efd0c SELinux policy for secure persistent netd storage am: ef1fd98b6a am: 9381cb3dce by Joel Scherpelz · 8 years ago
  68. ef1fd98 SELinux policy for secure persistent netd storage by Joel Scherpelz · 8 years ago
  69. 76aab82 Move domain_deprecated into private policy by Jeff Vander Stoep · 8 years ago
  70. f627e55 restore permissions to /vendor for non-treble devices by Jeff Vander Stoep · 8 years ago
  71. 516c9ab Merge changes from topic 'ipsec-svc-pick' into oc-dev by Nathan Harold · 8 years ago
  72. 4a580cc Fix lock logspam and remove domain_deprecated rule by Nick Kralevich · 8 years ago
  73. 63a9315 Update Common NetD SEPolicy to allow Netlink XFRM by Nathan Harold · 9 years ago
  74. 7eb3dd3b Update Common NetD SEPolicy to allow Netlink XFRM by Nathan Harold · 9 years ago
  75. 5251ad1 netd.te: drop dccp_socket support by Nick Kralevich · 9 years ago
  76. 606d2fd te_macros: introduce add_service() macro by William Roberts · 9 years ago
  77. dd649da domain_deprecated.te: remove /proc/net access by Nick Kralevich · 9 years ago
  78. cc39f63 Split general policy into public and private components. by dcashman · 9 years ago[Renamed (96%) from netd.te]
  79. 59afa24 Change name in the rules after renaming dns_listener -> netd_listener by Michal Karpinski · 9 years ago
  80. 2802970 Add back fowner capability to netd by Christopher Wiley · 9 years ago
  81. bff9801 Enforce ioctl command whitelisting on all sockets by Jeff Vander Stoep · 9 years ago
  82. 7ef8073 audit domain_deprecated perms for removal by Jeff Vander Stoep · 9 years ago
  83. 8211568 Remove WiFi permissions from netd by Christopher Wiley · 9 years ago
  84. d29c1a0 SEPolicy to start hostapd via init by Christopher Wiley · 9 years ago
  85. 97db27d Define explicit label for wlan sysfs fwpath by Christopher Wiley · 9 years ago
  86. 17cfd3f Keep pre-existing sysfs write permissions. by dcashman · 9 years ago
  87. f7bfd48 Allow bugreports to dump the native netd service state. by Lorenzo Colitti · 9 years ago
  88. 71d6ddc selinux changes for DNS metrics. by Lorenzo Colitti · 9 years ago
  89. 423fd19 Update netlink socket classes. by Stephen Smalley · 10 years ago
  90. 5f376c1 Allow netd to check permissions. by Lorenzo Colitti · 10 years ago
  91. 9119f12 Revert "Revert "netd: restrict netd binder access to system_server"" by Lorenzo Colitti · 10 years ago
  92. b5594c2 Revert "netd: restrict netd binder access to system_server" by Lorenzo Colitti · 10 years ago
  93. 5445795 netd: restrict netd binder access to system_server by Jeff Vander Stoep · 10 years ago
  94. a92c7fe Merge "Allow the framework to communicate with netd via a binder service" into nyc-dev by Lorenzo Colitti · 10 years ago
  95. 5fba8e1 Permit bluetooth to run DhcpClient by Erik Kline · 10 years ago
  96. 24dcc8b Allow the framework to communicate with netd via a binder service by Lorenzo Colitti · 10 years ago
  97. 71a6a3e Allow netd to use NETLINK_SOCK_DIAG. by Lorenzo Colitti · 10 years ago
  98. 3351122 netd.te: Remove allow netd toolbox_exec:file rx_file_perms; by Nick Kralevich · 10 years ago
  99. d22987b Create attribute for moving perms out of domain by Jeff Vander Stoep · 10 years ago
  100. a3c97a7 Only allow toolbox exec where /system exec was already allowed. by Stephen Smalley · 10 years ago