index
:
android_external_sepolicy
caf/cm-12.0
caf/cm-12.1
cm-10.1
cm-10.2
cm-11.0
cm-12.0
cm-12.1
cm-13.0
jellybean
jellybean-stable
mr1.1-staging
shipping/cm-11.0
stable/cm-10.2
stable/cm-11.0
stable/cm-11.0-XNF8Y
stable/cm-11.0-XNF9X
stable/cm-11.0-XNG2S
stable/cm-11.0-XNG3C
stable/cm-12.0-YNG1I
stable/cm-12.0-YNG1T
stable/cm-12.0-YNG1TA
stable/cm-12.0-YNG3C
stable/cm-12.0-YNG4N
stable/cm-12.1-YOG3C
stable/cm-12.1-YOG4P
stable/cm-12.1-YOG7D
stable/cm-13.0-ZNH0E
stable/cm-13.0-ZNH2K
stable/cm-13.0-ZNH2KB
stable/cm-13.0-ZNH5Y
staging/cm-12.0-caf
staging/cm-12.1
staging/cm-13.0+r22
Unnamed repository; edit this file 'description' to name the repository.
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
app.te
Commit message (
Expand
)
Author
Age
Files
Lines
*
Resolve overlapping rules between app.te and net.te.
Stephen Smalley
2014-02-25
1
-25
/
+0
*
Finish fixing Zygote descriptor leakage problem
Dave Platt
2014-02-05
1
-4
/
+0
*
sepolicy: Add write_logd, read_logd & control_logd
Mark Salyzyn
2014-02-04
1
-0
/
+5
*
assert: Do not allow access to generic device:chr_file
William Roberts
2014-02-03
1
-3
/
+0
*
Allow all appdomains to grab file attributes of wallpaper_file.
Robert Craig
2014-01-24
1
-1
/
+1
*
Address bug report denials.
Nick Kralevich
2014-01-21
1
-1
/
+2
*
Allow mediaserver to connect to bluetooth.
Stephen Smalley
2014-01-16
1
-1
/
+0
*
Add an exception for bluetooth to the sysfs neverallow rule.
Stephen Smalley
2014-01-13
1
-1
/
+1
*
Remove unlabeled execute access from domain, add to appdomain.
Stephen Smalley
2014-01-09
1
-0
/
+4
*
Remove ping domain.
Stephen Smalley
2014-01-07
1
-2
/
+1
*
Only allow PROT_EXEC for ashmem where required.
Stephen Smalley
2014-01-02
1
-0
/
+1
*
Remove execmem permission from domain, add to appdomain.
Stephen Smalley
2014-01-02
1
-0
/
+3
*
Allow use of art as the Android runtime.
Stephen Smalley
2014-01-02
1
-0
/
+3
*
Add rules to permit CTS security-related tests to run.
Stephen Smalley
2013-12-18
1
-3
/
+24
*
app.te: allow getopt/getattr on zygote socket
Nick Kralevich
2013-12-17
1
-0
/
+4
*
initial dumpstate domain
Nick Kralevich
2013-12-16
1
-0
/
+4
*
Move gpu_device type and rules to core policy.
Stephen Smalley
2013-12-12
1
-0
/
+4
*
Allow apps to execute ping
Nick Kralevich
2013-12-11
1
-0
/
+1
*
Allow untrusted apps to execute binaries from their sandbox directories.
Stephen Smalley
2013-12-11
1
-1
/
+1
*
Support run-as and ndk-gdb functionality.
Stephen Smalley
2013-12-09
1
-1
/
+14
*
Allow app-app communication via pipes
Nick Kralevich
2013-12-06
1
-0
/
+3
*
Neverallow access to the kmem device from userspace.
Geremy Condra
2013-11-07
1
-3
/
+0
*
fix typo
Nick Kralevich
2013-10-25
1
-1
/
+1
*
Confine bluetooth app.
Stephen Smalley
2013-10-22
1
-1
/
+0
*
Allow apps to use the USB Accessory functionality
Nick Kralevich
2013-10-09
1
-0
/
+8
*
Except the shell domain from the transition neverallow rule.
Stephen Smalley
2013-09-30
1
-1
/
+2
*
Expand the set of neverallow rules applied to app domains.
Stephen Smalley
2013-09-27
1
-7
/
+134
*
1/2: Rename domain "system" to "system_server".
Alex Klyubin
2013-09-17
1
-3
/
+3
*
Drop obsolete comments about SEAndroidManager.
Stephen Smalley
2013-09-13
1
-1
/
+0
*
Do not permit appdomain to create/write to download_file.
Stephen Smalley
2013-09-13
1
-1
/
+1
*
Remove duplicated rules between appdomain and isolated_app.
Stephen Smalley
2013-09-13
1
-1
/
+0
*
Allow apps to execute app_data_files
Nick Kralevich
2013-09-12
1
-1
/
+1
*
Fix denials encountered while getting bugreports.
Geremy Condra
2013-08-30
1
-2
/
+2
*
Only init should be able to load a security policy
Nick Kralevich
2013-07-15
1
-1
/
+1
*
untrusted_app.te / isolated_app.te / app.te first pass
Nick Kralevich
2013-07-13
1
-1
/
+163
*
Move *_app into their own file
Nick Kralevich
2013-07-12
1
-68
/
+10
*
domain.te: Add backwards compatibility for unlabeled files
Nick Kralevich
2013-07-10
1
-0
/
+2
*
Make all domains unconfined.
repo sync
2013-05-20
1
-143
/
+6
*
Move domains into per-domain permissive mode.
repo sync
2013-05-14
1
-0
/
+6
*
Add rules for asec containers.
repo sync
2013-05-08
1
-0
/
+4
*
Add downloaded file policy.
Geremy Condra
2013-04-05
1
-0
/
+11
*
Add new domains for private apps.
Robert Craig
2013-04-05
1
-2
/
+4
*
Allow apps to execute the shell or system commands unconditionally.
Stephen Smalley
2013-04-05
1
-0
/
+4
*
Allow fstat of platform app /data/data files.
Stephen Smalley
2013-04-05
1
-1
/
+1
*
Coalesce rules for allowing execution of shared objects by app domains.
Stephen Smalley
2013-04-05
1
-4
/
+1
*
Strip unnecessary trailing semicolon on macro calls.
Stephen Smalley
2013-04-05
1
-1
/
+1
*
Allow all domains to read the log devices.
Stephen Smalley
2013-04-05
1
-9
/
+0
*
Add the ability to stat files under /cache for media_app.
Geremy Condra
2013-03-29
1
-0
/
+6
*
Drop separate domain for browser.
Stephen Smalley
2013-03-28
1
-9
/
+0
*
Eliminate most of the app policy booleans.
Stephen Smalley
2013-03-28
1
-33
/
+6
[next]