index
:
android_external_sepolicy
caf/cm-12.0
caf/cm-12.1
cm-10.1
cm-10.2
cm-11.0
cm-12.0
cm-12.1
cm-13.0
jellybean
jellybean-stable
mr1.1-staging
shipping/cm-11.0
stable/cm-10.2
stable/cm-11.0
stable/cm-11.0-XNF8Y
stable/cm-11.0-XNF9X
stable/cm-11.0-XNG2S
stable/cm-11.0-XNG3C
stable/cm-12.0-YNG1I
stable/cm-12.0-YNG1T
stable/cm-12.0-YNG1TA
stable/cm-12.0-YNG3C
stable/cm-12.0-YNG4N
stable/cm-12.1-YOG3C
stable/cm-12.1-YOG4P
stable/cm-12.1-YOG7D
stable/cm-13.0-ZNH0E
stable/cm-13.0-ZNH2K
stable/cm-13.0-ZNH2KB
stable/cm-13.0-ZNH5Y
staging/cm-12.0-caf
staging/cm-12.1
staging/cm-13.0+r22
Unnamed repository; edit this file 'description' to name the repository.
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
domain.te
Commit message (
Expand
)
Author
Age
Files
Lines
*
domain: relax execmod restrictions
Nick Kralevich
2015-04-01
1
-1
/
+4
*
Adding e4crypt support
Paul Lawrence
2015-03-27
1
-0
/
+1
*
add neverallow rules for execmod
Nick Kralevich
2015-03-24
1
-0
/
+15
*
Add new "procrank" SELinux domain.
Nick Kralevich
2015-03-19
1
-1
/
+8
*
neverallow su_exec:file execute
Nick Kralevich
2015-03-14
1
-0
/
+5
*
Only allow system_server to send commands to zygote.
dcashman
2015-03-09
1
-0
/
+4
*
Allow init to execute /sbin/slideshow
Sami Tolvanen
2015-02-26
1
-1
/
+1
*
Revert /proc/net related changes
Nick Kralevich
2015-02-25
1
-2
/
+1
*
sepolicy: remove block_device access from install_recovery
Stephen Smalley
2015-02-24
1
-1
/
+1
*
neverallow mounton lnk_file fifo_file sock_file
Nick Kralevich
2015-02-23
1
-0
/
+4
*
domain.te: neverallow System V IPC classes
Nick Kralevich
2015-02-11
1
-0
/
+18
*
Remove service_manager_type auditing of shell source domain.
dcashman
2015-02-06
1
-1
/
+1
*
don't allow mounting on top of /system files/directories
Nick Kralevich
2015-02-05
1
-0
/
+3
*
Add compile time checks for /data/dalvik-cache access
Nick Kralevich
2015-01-30
1
-0
/
+10
*
domain.te: allow /proc/net/psched access
Nick Kralevich
2015-01-22
1
-0
/
+2
*
remove /proc/net read access from domain.te
Nick Kralevich
2015-01-14
1
-1
/
+0
*
Make system_server_service an attribute.
dcashman
2015-01-14
1
-0
/
+3
*
Restrict service_manager find and list access.
dcashman
2014-12-15
1
-5
/
+0
*
Add neverallow rule for set_context_mgr.
dcashman
2014-12-10
1
-0
/
+3
*
Revert " Add neverallow rule for set_context_mgr."
dcashman
2014-12-09
1
-3
/
+0
*
Add neverallow rule for set_context_mgr.
dcashman
2014-12-05
1
-0
/
+3
*
Allow recovery to create device nodes and modify rootfs
Nick Kralevich
2014-11-07
1
-2
/
+2
*
recovery.te: add /data neverallow rules
Nick Kralevich
2014-11-05
1
-2
/
+2
*
allow coredump functionality
Nick Kralevich
2014-10-31
1
-0
/
+4
*
Remove -unconfineddomain from neverallow rules.
Stephen Smalley
2014-10-21
1
-5
/
+6
*
Remove block_device:blk_file access from fsck.
Stephen Smalley
2014-10-21
1
-1
/
+1
*
Define specific block device types for system and recovery partitions.
Stephen Smalley
2014-10-02
1
-0
/
+6
*
Do not allow init to execute anything without changing domains.
Stephen Smalley
2014-09-28
1
-1
/
+5
*
zygote: allow replacing /proc/cpuinfo
Nick Kralevich
2014-09-26
1
-0
/
+1
*
Add support for factory reset protection.
dcashman
2014-09-19
1
-0
/
+2
*
Remove /dev/log/* access
Nick Kralevich
2014-09-18
1
-2
/
+0
*
assert that no domain can set default properties
Nick Kralevich
2014-08-22
1
-0
/
+4
*
tighten up neverallow rules for init binder operations
Nick Kralevich
2014-08-21
1
-3
/
+3
*
Remove dumpstate from servicemanager list auditallow.
Riley Spahn
2014-07-28
1
-1
/
+1
*
Prohibit execute to fs_type other than rootfs for most domains.
Stephen Smalley
2014-07-21
1
-1
/
+6
*
Add access control for each service_manager action.
Riley Spahn
2014-07-14
1
-0
/
+5
*
Drop sys_rawio neverallow for tee
Nick Kralevich
2014-07-09
1
-2
/
+5
*
New domain "install_recovery"
Nick Kralevich
2014-07-08
1
-1
/
+1
*
fix build.
Nick Kralevich
2014-07-07
1
-1
/
+1
*
Add neverallow rules further restricing service_manager.
Riley Spahn
2014-07-07
1
-0
/
+7
*
Allow init to relabel rootfs files.
Stephen Smalley
2014-06-23
1
-1
/
+1
*
Remove write access to rootfs files.
Stephen Smalley
2014-06-19
1
-0
/
+3
*
Prevent adding transitions to kernel or init domains.
Stephen Smalley
2014-06-18
1
-1
/
+17
*
Eliminate some duplicated rules.
Stephen Smalley
2014-06-17
1
-1
/
+2
*
Restrict use of context= mount options.
Stephen Smalley
2014-06-16
1
-0
/
+10
*
Remove world-read access to /data/dalvik-cache/profiles
Nick Kralevich
2014-06-12
1
-2
/
+0
*
Refactor the shell domains.
Stephen Smalley
2014-06-11
1
-1
/
+1
*
Remove domain unlabeled access.
Stephen Smalley
2014-06-03
1
-21
/
+3
*
Adjust rules around /data/app entities
Christopher Tate
2014-06-03
1
-0
/
+1
*
Restrict /data/security and setprop selinux.reload_policy access.
Stephen Smalley
2014-05-30
1
-0
/
+17
[next]