aboutsummaryrefslogtreecommitdiffstats
path: root/domain.te
Commit message (Expand)AuthorAgeFilesLines
* Revisit kernel setenforceNick Kralevich2014-05-121-1/+2
* Drop relabelto_domain() macro and its associated definitions.Stephen Smalley2014-05-091-3/+0
* Drop rw access to unlabeled files.Stephen Smalley2014-05-081-17/+3
* Audit accesses on unlabeled files.Stephen Smalley2014-04-181-0/+3
* Define a type for /data/dalvik-cache/profiles.Stephen Smalley2014-04-091-0/+2
* Deduplicate neverallow rules on selinuxfs operations.Stephen Smalley2014-03-101-0/+8
* Allow all domains to read from socket_device directory.Robert Craig2014-03-061-1/+1
* Address system_server denials.Stephen Smalley2014-03-051-0/+2
* Clean up socket rules.Stephen Smalley2014-02-251-1/+2
* Allow reading of /data/security/current symlink.Stephen Smalley2014-02-241-1/+2
* initial policy for uncrypt.Nick Kralevich2014-02-191-2/+2
* Remove block device access from unconfined domains.Stephen Smalley2014-02-121-1/+1
* Remove several superuser capabilities from unconfined domains.Stephen Smalley2014-02-121-0/+10
* Remove mount-related permissions from unconfined domains.Stephen Smalley2014-02-111-0/+5
* Introduce asec_public_file type.Robert Craig2014-02-111-0/+4
* sepolicy: Add write_logd, read_logd & control_logdMark Salyzyn2014-02-041-0/+3
* assert: Do not allow access to generic device:chr_fileWilliam Roberts2014-02-031-0/+5
* assert: do not allow raw access to generic block_deviceWilliam Roberts2014-02-031-0/+4
* Remove MAC capabilities from unconfined domains.Stephen Smalley2014-01-301-0/+3
* Support running adbd in the su domain.Nick Kralevich2014-01-231-0/+14
* Drop legacy device types.Stephen Smalley2014-01-161-1/+0
* Remove domain init:unix_stream_socket connectto permission.Stephen Smalley2014-01-091-3/+0
* Allow access to unlabeled socket and fifo files.Stephen Smalley2014-01-091-2/+1
* Remove unlabeled execute access from domain, add to appdomain.Stephen Smalley2014-01-091-1/+1
* Restrict ability to set checkreqprot.Stephen Smalley2014-01-081-1/+1
* Create proc_net type for /proc/sys/net entries.Robert Craig2014-01-071-0/+1
* Don't allow zygote init:binder callNick Kralevich2014-01-031-0/+4
* Address adb backup/restore denials.Stephen Smalley2014-01-031-1/+2
* Remove execmem permission from domain, add to appdomain.Stephen Smalley2014-01-021-1/+1
* Confine shell domain in -user builds only.Stephen Smalley2013-12-181-5/+8
* Label /data/misc/zoneinfoNick Kralevich2013-12-131-0/+3
* Restrict ptrace access by debuggerd and unconfineddomain.Stephen Smalley2013-12-091-0/+3
* Allow kernel domain, not init domain, to set SELinux enforcing mode.Stephen Smalley2013-12-061-2/+11
* Revert "Allow kernel domain, not init domain, to set SELinux enforcing mode."Nick Kralevich2013-12-061-11/+2
* Allow kernel domain, not init domain, to set SELinux enforcing mode.Stephen Smalley2013-12-061-2/+11
* Restrict the ability to set usermodehelpers and proc security settings.Stephen Smalley2013-12-061-0/+5
* Drop tegra specific label from policy.Robert Craig2013-12-051-1/+0
* Restrict the ability to set SELinux enforcing mode to init.Stephen Smalley2013-12-021-2/+2
* Neverallow access to the kmem device from userspace.Geremy Condra2013-11-071-0/+4
* Move goldfish-specific rules to their own directory.Stephen Smalley2013-11-061-6/+0
* Move sysfs_devices_system_cpu to the central policy.Nick Kralevich2013-10-301-0/+1
* Start confining ueventdWilliam Roberts2013-10-081-2/+2
* Restrict access to /dev/hw_random to system_server and init.Alex Klyubin2013-10-031-0/+3
* Make sure exec_type is assigned to all entrypoint types.Stephen Smalley2013-09-271-0/+3
* 1/2: Rename domain "system" to "system_server".Alex Klyubin2013-09-171-1/+1
* Remove sys_nice capability from domains.Stephen Smalley2013-09-131-3/+0
* Drop domain write access to sysfs for the emulator.Stephen Smalley2013-09-131-2/+1
* Permit writing to /dev/random and /dev/urandom.Alex Klyubin2013-09-101-2/+2
* Fix denials encountered while getting bugreports.Geremy Condra2013-08-301-1/+1
* Only init should be able to load a security policyNick Kralevich2013-07-151-0/+7
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 15:26:32 +0000