index
:
android_external_sepolicy
caf/cm-12.0
caf/cm-12.1
cm-10.1
cm-10.2
cm-11.0
cm-12.0
cm-12.1
cm-13.0
jellybean
jellybean-stable
mr1.1-staging
shipping/cm-11.0
stable/cm-10.2
stable/cm-11.0
stable/cm-11.0-XNF8Y
stable/cm-11.0-XNF9X
stable/cm-11.0-XNG2S
stable/cm-11.0-XNG3C
stable/cm-12.0-YNG1I
stable/cm-12.0-YNG1T
stable/cm-12.0-YNG1TA
stable/cm-12.0-YNG3C
stable/cm-12.0-YNG4N
stable/cm-12.1-YOG3C
stable/cm-12.1-YOG4P
stable/cm-12.1-YOG7D
stable/cm-13.0-ZNH0E
stable/cm-13.0-ZNH2K
stable/cm-13.0-ZNH2KB
stable/cm-13.0-ZNH5Y
staging/cm-12.0-caf
staging/cm-12.1
staging/cm-13.0+r22
Unnamed repository; edit this file 'description' to name the repository.
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
domain.te
Commit message (
Expand
)
Author
Age
Files
Lines
*
domain: Restore original neverallow rules for shipping builds
Ricardo Cerqueira
2015-06-16
1
-1
/
+5
*
Merge tag 'android-5.1.0_r1' into HEAD
staging/cm-12.1
Ricardo Cerqueira
2015-03-10
1
-0
/
+4
|
\
|
*
am 7cd346a7: am 0055ea90: Allow recovery to create device nodes and modify ro...
Nick Kralevich
2014-11-07
1
-2
/
+2
|
|
\
|
|
*
Allow recovery to create device nodes and modify rootfs
Nick Kralevich
2014-11-07
1
-2
/
+2
|
*
|
allow coredump functionality
Nick Kralevich
2014-10-31
1
-0
/
+4
|
|
/
*
|
Let recovery be an exception to some datafile neverallow rules
Ricardo Cerqueira
2015-01-03
1
-5
/
+5
*
|
sepolicy: New type sdcard_posix for labeled filesystems
Tom Marshall
2014-12-12
1
-1
/
+1
*
|
Merge tag 'android-5.0.0_r5' into HEAD
Ricardo Cerqueira
2014-11-14
1
-2
/
+2
|
\
\
|
*
|
Allow recovery to create device nodes and modify rootfs
Nick Kralevich
2014-11-07
1
-2
/
+2
|
|
/
*
/
domain: Create a dummy domain for qc's rmt and let it access /dev/mem
Ricardo Cerqueira
2014-11-06
1
-3
/
+4
|
/
*
zygote: allow replacing /proc/cpuinfo
Nick Kralevich
2014-09-26
1
-0
/
+1
*
Add support for factory reset protection.
dcashman
2014-09-08
1
-0
/
+2
*
Prohibit execute to fs_type other than rootfs for most domains.
Stephen Smalley
2014-07-21
1
-1
/
+6
*
DO NOT MERGE: Remove service_manager audit_allows.
Riley Spahn
2014-07-18
1
-2
/
+0
*
Add access control for each service_manager action.
Riley Spahn
2014-07-15
1
-0
/
+5
*
Drop sys_rawio neverallow for tee
Nick Kralevich
2014-07-09
1
-2
/
+5
*
New domain "install_recovery"
Nick Kralevich
2014-07-08
1
-1
/
+1
*
fix build.
Nick Kralevich
2014-07-07
1
-1
/
+1
*
Add neverallow rules further restricing service_manager.
Riley Spahn
2014-07-07
1
-0
/
+7
*
Allow init to relabel rootfs files.
Stephen Smalley
2014-06-23
1
-1
/
+1
*
Remove write access to rootfs files.
Stephen Smalley
2014-06-19
1
-0
/
+3
*
Prevent adding transitions to kernel or init domains.
Stephen Smalley
2014-06-18
1
-1
/
+17
*
Eliminate some duplicated rules.
Stephen Smalley
2014-06-17
1
-1
/
+2
*
Restrict use of context= mount options.
Stephen Smalley
2014-06-16
1
-0
/
+10
*
Remove world-read access to /data/dalvik-cache/profiles
Nick Kralevich
2014-06-12
1
-2
/
+0
*
Refactor the shell domains.
Stephen Smalley
2014-06-11
1
-1
/
+1
*
Remove domain unlabeled access.
Stephen Smalley
2014-06-03
1
-21
/
+3
*
Adjust rules around /data/app entities
Christopher Tate
2014-06-03
1
-0
/
+1
*
Restrict /data/security and setprop selinux.reload_policy access.
Stephen Smalley
2014-05-30
1
-0
/
+17
*
Only auditallow unlabeled accesses not allowed elsewhere.
Stephen Smalley
2014-05-30
1
-4
/
+11
*
Remove /system write from unconfined
Nick Kralevich
2014-05-29
1
-0
/
+4
*
Protect /data/property.
Stephen Smalley
2014-05-29
1
-0
/
+4
*
Assert executable content (mostly) only loaded from /system
Nick Kralevich
2014-05-23
1
-0
/
+14
*
Restrict requesting contexts other than policy-defined defaults.
Stephen Smalley
2014-05-23
1
-1
/
+1
*
make /dev/zero read-write
Nick Kralevich
2014-05-20
1
-1
/
+1
*
Suppress installd auditallow
Nick Kralevich
2014-05-19
1
-2
/
+4
*
Bring back the unlabeled allowall rules
Nick Kralevich
2014-05-17
1
-0
/
+12
*
Neverallow low memory mappings.
Stephen Smalley
2014-05-14
1
-0
/
+3
*
Revisit kernel setenforce
Nick Kralevich
2014-05-12
1
-1
/
+2
*
Drop relabelto_domain() macro and its associated definitions.
Stephen Smalley
2014-05-09
1
-3
/
+0
*
Drop rw access to unlabeled files.
Stephen Smalley
2014-05-08
1
-17
/
+3
*
Audit accesses on unlabeled files.
Stephen Smalley
2014-04-18
1
-0
/
+3
*
Define a type for /data/dalvik-cache/profiles.
Stephen Smalley
2014-04-09
1
-0
/
+2
*
Deduplicate neverallow rules on selinuxfs operations.
Stephen Smalley
2014-03-10
1
-0
/
+8
*
Allow all domains to read from socket_device directory.
Robert Craig
2014-03-06
1
-1
/
+1
*
Address system_server denials.
Stephen Smalley
2014-03-05
1
-0
/
+2
*
Clean up socket rules.
Stephen Smalley
2014-02-25
1
-1
/
+2
*
Allow reading of /data/security/current symlink.
Stephen Smalley
2014-02-24
1
-1
/
+2
*
initial policy for uncrypt.
Nick Kralevich
2014-02-19
1
-2
/
+2
*
Remove block device access from unconfined domains.
Stephen Smalley
2014-02-12
1
-1
/
+1
[next]