aboutsummaryrefslogtreecommitdiffstats
path: root/domain.te
Commit message (Expand)AuthorAgeFilesLines
* domain: Restore original neverallow rules for shipping buildsRicardo Cerqueira2015-06-161-1/+5
* Merge tag 'android-5.1.0_r1' into HEADstaging/cm-12.1Ricardo Cerqueira2015-03-101-0/+4
|\
| * am 7cd346a7: am 0055ea90: Allow recovery to create device nodes and modify ro...Nick Kralevich2014-11-071-2/+2
| |\
| | * Allow recovery to create device nodes and modify rootfsNick Kralevich2014-11-071-2/+2
| * | allow coredump functionalityNick Kralevich2014-10-311-0/+4
| |/
* | Let recovery be an exception to some datafile neverallow rulesRicardo Cerqueira2015-01-031-5/+5
* | sepolicy: New type sdcard_posix for labeled filesystemsTom Marshall2014-12-121-1/+1
* | Merge tag 'android-5.0.0_r5' into HEADRicardo Cerqueira2014-11-141-2/+2
|\ \
| * | Allow recovery to create device nodes and modify rootfsNick Kralevich2014-11-071-2/+2
| |/
* / domain: Create a dummy domain for qc's rmt and let it access /dev/memRicardo Cerqueira2014-11-061-3/+4
|/
* zygote: allow replacing /proc/cpuinfoNick Kralevich2014-09-261-0/+1
* Add support for factory reset protection.dcashman2014-09-081-0/+2
* Prohibit execute to fs_type other than rootfs for most domains.Stephen Smalley2014-07-211-1/+6
* DO NOT MERGE: Remove service_manager audit_allows.Riley Spahn2014-07-181-2/+0
* Add access control for each service_manager action.Riley Spahn2014-07-151-0/+5
* Drop sys_rawio neverallow for teeNick Kralevich2014-07-091-2/+5
* New domain "install_recovery"Nick Kralevich2014-07-081-1/+1
* fix build.Nick Kralevich2014-07-071-1/+1
* Add neverallow rules further restricing service_manager.Riley Spahn2014-07-071-0/+7
* Allow init to relabel rootfs files.Stephen Smalley2014-06-231-1/+1
* Remove write access to rootfs files.Stephen Smalley2014-06-191-0/+3
* Prevent adding transitions to kernel or init domains.Stephen Smalley2014-06-181-1/+17
* Eliminate some duplicated rules.Stephen Smalley2014-06-171-1/+2
* Restrict use of context= mount options.Stephen Smalley2014-06-161-0/+10
* Remove world-read access to /data/dalvik-cache/profilesNick Kralevich2014-06-121-2/+0
* Refactor the shell domains.Stephen Smalley2014-06-111-1/+1
* Remove domain unlabeled access.Stephen Smalley2014-06-031-21/+3
* Adjust rules around /data/app entitiesChristopher Tate2014-06-031-0/+1
* Restrict /data/security and setprop selinux.reload_policy access.Stephen Smalley2014-05-301-0/+17
* Only auditallow unlabeled accesses not allowed elsewhere.Stephen Smalley2014-05-301-4/+11
* Remove /system write from unconfinedNick Kralevich2014-05-291-0/+4
* Protect /data/property.Stephen Smalley2014-05-291-0/+4
* Assert executable content (mostly) only loaded from /systemNick Kralevich2014-05-231-0/+14
* Restrict requesting contexts other than policy-defined defaults.Stephen Smalley2014-05-231-1/+1
* make /dev/zero read-writeNick Kralevich2014-05-201-1/+1
* Suppress installd auditallowNick Kralevich2014-05-191-2/+4
* Bring back the unlabeled allowall rulesNick Kralevich2014-05-171-0/+12
* Neverallow low memory mappings.Stephen Smalley2014-05-141-0/+3
* Revisit kernel setenforceNick Kralevich2014-05-121-1/+2
* Drop relabelto_domain() macro and its associated definitions.Stephen Smalley2014-05-091-3/+0
* Drop rw access to unlabeled files.Stephen Smalley2014-05-081-17/+3
* Audit accesses on unlabeled files.Stephen Smalley2014-04-181-0/+3
* Define a type for /data/dalvik-cache/profiles.Stephen Smalley2014-04-091-0/+2
* Deduplicate neverallow rules on selinuxfs operations.Stephen Smalley2014-03-101-0/+8
* Allow all domains to read from socket_device directory.Robert Craig2014-03-061-1/+1
* Address system_server denials.Stephen Smalley2014-03-051-0/+2
* Clean up socket rules.Stephen Smalley2014-02-251-1/+2
* Allow reading of /data/security/current symlink.Stephen Smalley2014-02-241-1/+2
* initial policy for uncrypt.Nick Kralevich2014-02-191-2/+2
* Remove block device access from unconfined domains.Stephen Smalley2014-02-121-1/+1
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 16:06:22 +0000