aboutsummaryrefslogtreecommitdiffstats
path: root/app.te
Commit message (Expand)AuthorAgeFilesLines
* Resolve overlapping rules between app.te and net.te.Stephen Smalley2014-02-251-25/+0
* Finish fixing Zygote descriptor leakage problemDave Platt2014-02-051-4/+0
* sepolicy: Add write_logd, read_logd & control_logdMark Salyzyn2014-02-041-0/+5
* assert: Do not allow access to generic device:chr_fileWilliam Roberts2014-02-031-3/+0
* Allow all appdomains to grab file attributes of wallpaper_file.Robert Craig2014-01-241-1/+1
* Address bug report denials.Nick Kralevich2014-01-211-1/+2
* Allow mediaserver to connect to bluetooth.Stephen Smalley2014-01-161-1/+0
* Add an exception for bluetooth to the sysfs neverallow rule.Stephen Smalley2014-01-131-1/+1
* Remove unlabeled execute access from domain, add to appdomain.Stephen Smalley2014-01-091-0/+4
* Remove ping domain.Stephen Smalley2014-01-071-2/+1
* Only allow PROT_EXEC for ashmem where required.Stephen Smalley2014-01-021-0/+1
* Remove execmem permission from domain, add to appdomain.Stephen Smalley2014-01-021-0/+3
* Allow use of art as the Android runtime.Stephen Smalley2014-01-021-0/+3
* Add rules to permit CTS security-related tests to run.Stephen Smalley2013-12-181-3/+24
* app.te: allow getopt/getattr on zygote socketNick Kralevich2013-12-171-0/+4
* initial dumpstate domainNick Kralevich2013-12-161-0/+4
* Move gpu_device type and rules to core policy.Stephen Smalley2013-12-121-0/+4
* Allow apps to execute pingNick Kralevich2013-12-111-0/+1
* Allow untrusted apps to execute binaries from their sandbox directories.Stephen Smalley2013-12-111-1/+1
* Support run-as and ndk-gdb functionality.Stephen Smalley2013-12-091-1/+14
* Allow app-app communication via pipesNick Kralevich2013-12-061-0/+3
* Neverallow access to the kmem device from userspace.Geremy Condra2013-11-071-3/+0
* fix typoNick Kralevich2013-10-251-1/+1
* Confine bluetooth app.Stephen Smalley2013-10-221-1/+0
* Allow apps to use the USB Accessory functionalityNick Kralevich2013-10-091-0/+8
* Except the shell domain from the transition neverallow rule.Stephen Smalley2013-09-301-1/+2
* Expand the set of neverallow rules applied to app domains.Stephen Smalley2013-09-271-7/+134
* 1/2: Rename domain "system" to "system_server".Alex Klyubin2013-09-171-3/+3
* Drop obsolete comments about SEAndroidManager.Stephen Smalley2013-09-131-1/+0
* Do not permit appdomain to create/write to download_file.Stephen Smalley2013-09-131-1/+1
* Remove duplicated rules between appdomain and isolated_app.Stephen Smalley2013-09-131-1/+0
* Allow apps to execute app_data_filesNick Kralevich2013-09-121-1/+1
* Fix denials encountered while getting bugreports.Geremy Condra2013-08-301-2/+2
* Only init should be able to load a security policyNick Kralevich2013-07-151-1/+1
* untrusted_app.te / isolated_app.te / app.te first passNick Kralevich2013-07-131-1/+163
* Move *_app into their own fileNick Kralevich2013-07-121-68/+10
* domain.te: Add backwards compatibility for unlabeled filesNick Kralevich2013-07-101-0/+2
* Make all domains unconfined.repo sync2013-05-201-143/+6
* Move domains into per-domain permissive mode.repo sync2013-05-141-0/+6
* Add rules for asec containers.repo sync2013-05-081-0/+4
* Add downloaded file policy.Geremy Condra2013-04-051-0/+11
* Add new domains for private apps.Robert Craig2013-04-051-2/+4
* Allow apps to execute the shell or system commands unconditionally.Stephen Smalley2013-04-051-0/+4
* Allow fstat of platform app /data/data files.Stephen Smalley2013-04-051-1/+1
* Coalesce rules for allowing execution of shared objects by app domains.Stephen Smalley2013-04-051-4/+1
* Strip unnecessary trailing semicolon on macro calls.Stephen Smalley2013-04-051-1/+1
* Allow all domains to read the log devices.Stephen Smalley2013-04-051-9/+0
* Add the ability to stat files under /cache for media_app.Geremy Condra2013-03-291-0/+6
* Drop separate domain for browser.Stephen Smalley2013-03-281-9/+0
* Eliminate most of the app policy booleans.Stephen Smalley2013-03-281-33/+6
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 17:28:10 +0000