index
:
android_external_sepolicy
caf/cm-12.0
caf/cm-12.1
cm-10.1
cm-10.2
cm-11.0
cm-12.0
cm-12.1
cm-13.0
jellybean
jellybean-stable
mr1.1-staging
shipping/cm-11.0
stable/cm-10.2
stable/cm-11.0
stable/cm-11.0-XNF8Y
stable/cm-11.0-XNF9X
stable/cm-11.0-XNG2S
stable/cm-11.0-XNG3C
stable/cm-12.0-YNG1I
stable/cm-12.0-YNG1T
stable/cm-12.0-YNG1TA
stable/cm-12.0-YNG3C
stable/cm-12.0-YNG4N
stable/cm-12.1-YOG3C
stable/cm-12.1-YOG4P
stable/cm-12.1-YOG7D
stable/cm-13.0-ZNH0E
stable/cm-13.0-ZNH2K
stable/cm-13.0-ZNH2KB
stable/cm-13.0-ZNH5Y
staging/cm-12.0-caf
staging/cm-12.1
staging/cm-13.0+r22
Unnamed repository; edit this file 'description' to name the repository.
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
isolated_app.te
Commit message (
Expand
)
Author
Age
Files
Lines
*
Further restrict socket ioctls available to apps
Jeff Vander Stoep
2016-05-27
1
-1
/
+1
*
Remove service_manager_local_audit_domain.
dcashman
2015-06-08
1
-2
/
+0
*
restrict app access to socket ioctls
Jeff Vander Stoep
2015-06-05
1
-0
/
+3
*
isolated_app: Do not allow access to the gpu_device.
Nick Kralevich
2015-04-09
1
-0
/
+3
*
isolated_app: allow app_data_file lock
Nick Kralevich
2015-04-09
1
-1
/
+1
*
Record observed service accesses.
dcashman
2015-04-01
1
-0
/
+2
*
update isolated_app service_manager rules
Nick Kralevich
2015-03-05
1
-16
/
+12
*
Revert "isolated_app: Do not allow access to the gpu_device."
Nick Kralevich
2015-01-20
1
-3
/
+0
*
Make system_server_service an attribute.
dcashman
2015-01-14
1
-0
/
+16
*
Restrict service_manager find and list access.
dcashman
2014-12-15
1
-8
/
+3
*
Do not allow isolated_app to directly open app data files.
Stephen Smalley
2014-12-02
1
-0
/
+6
*
Revert "Do not allow isolated_app to directly open app data files."
Nick Kralevich
2014-10-17
1
-6
/
+0
*
Do not allow isolated_app to directly open app data files.
Stephen Smalley
2014-10-06
1
-0
/
+6
*
Remove net_domain() from isolated_app.
Stephen Smalley
2014-10-03
1
-1
/
+0
*
isolated_app: remove app_data_file execute
Nick Kralevich
2014-10-01
1
-6
/
+0
*
isolated_app: Do not allow access to the gpu_device.
Robert Sesek
2014-09-11
1
-0
/
+3
*
Further refined service_manager auditallow statements.
Riley Spahn
2014-07-18
1
-1
/
+6
*
Add access control for each service_manager action.
Riley Spahn
2014-07-14
1
-0
/
+4
*
isolated_app: allow app_data_file execute
Nick Kralevich
2014-06-27
1
-0
/
+6
*
Clean up, unify, and deduplicate app domain rules.
Stephen Smalley
2014-03-07
1
-9
/
+0
*
Resolve overlapping rules between app.te and net.te.
Stephen Smalley
2014-02-25
1
-0
/
+1
*
Remove legacy rules from dumpstate in init domain.
Stephen Smalley
2014-01-09
1
-3
/
+0
*
Make the isolated_app domain enforcing.
Stephen Smalley
2013-12-02
1
-1
/
+0
*
Remove duplicated rules between appdomain and isolated_app.
Stephen Smalley
2013-09-13
1
-3
/
+0
*
Fix more long-tail denials.
Geremy Condra
2013-09-05
1
-0
/
+6
*
Move isolated_app.te / untrusted_app.te into permissive
Nick Kralevich
2013-07-16
1
-0
/
+1
*
untrusted_app.te / isolated_app.te / app.te first pass
Nick Kralevich
2013-07-13
1
-2
/
+9
*
Move *_app into their own file
Nick Kralevich
2013-07-12
1
-0
/
+15