aboutsummaryrefslogtreecommitdiffstats
path: root/isolated_app.te
Commit message (Expand)AuthorAgeFilesLines
* Further restrict socket ioctls available to appsJeff Vander Stoep2016-05-271-1/+1
* Remove service_manager_local_audit_domain.dcashman2015-06-081-2/+0
* restrict app access to socket ioctlsJeff Vander Stoep2015-06-051-0/+3
* isolated_app: Do not allow access to the gpu_device.Nick Kralevich2015-04-091-0/+3
* isolated_app: allow app_data_file lockNick Kralevich2015-04-091-1/+1
* Record observed service accesses.dcashman2015-04-011-0/+2
* update isolated_app service_manager rulesNick Kralevich2015-03-051-16/+12
* Revert "isolated_app: Do not allow access to the gpu_device."Nick Kralevich2015-01-201-3/+0
* Make system_server_service an attribute.dcashman2015-01-141-0/+16
* Restrict service_manager find and list access.dcashman2014-12-151-8/+3
* Do not allow isolated_app to directly open app data files.Stephen Smalley2014-12-021-0/+6
* Revert "Do not allow isolated_app to directly open app data files."Nick Kralevich2014-10-171-6/+0
* Do not allow isolated_app to directly open app data files.Stephen Smalley2014-10-061-0/+6
* Remove net_domain() from isolated_app.Stephen Smalley2014-10-031-1/+0
* isolated_app: remove app_data_file executeNick Kralevich2014-10-011-6/+0
* isolated_app: Do not allow access to the gpu_device.Robert Sesek2014-09-111-0/+3
* Further refined service_manager auditallow statements.Riley Spahn2014-07-181-1/+6
* Add access control for each service_manager action.Riley Spahn2014-07-141-0/+4
* isolated_app: allow app_data_file executeNick Kralevich2014-06-271-0/+6
* Clean up, unify, and deduplicate app domain rules.Stephen Smalley2014-03-071-9/+0
* Resolve overlapping rules between app.te and net.te.Stephen Smalley2014-02-251-0/+1
* Remove legacy rules from dumpstate in init domain.Stephen Smalley2014-01-091-3/+0
* Make the isolated_app domain enforcing.Stephen Smalley2013-12-021-1/+0
* Remove duplicated rules between appdomain and isolated_app.Stephen Smalley2013-09-131-3/+0
* Fix more long-tail denials.Geremy Condra2013-09-051-0/+6
* Move isolated_app.te / untrusted_app.te into permissiveNick Kralevich2013-07-161-0/+1
* untrusted_app.te / isolated_app.te / app.te first passNick Kralevich2013-07-131-2/+9
* Move *_app into their own fileNick Kralevich2013-07-121-0/+15
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 07:15:49 +0000