aboutsummaryrefslogtreecommitdiffstats
path: root/domain.te
Commit message (Expand)AuthorAgeFilesLines
* domain: relax execmod restrictionsNick Kralevich2015-04-011-1/+4
* Adding e4crypt supportPaul Lawrence2015-03-271-0/+1
* add neverallow rules for execmodNick Kralevich2015-03-241-0/+15
* Add new "procrank" SELinux domain.Nick Kralevich2015-03-191-1/+8
* neverallow su_exec:file executeNick Kralevich2015-03-141-0/+5
* Only allow system_server to send commands to zygote.dcashman2015-03-091-0/+4
* Allow init to execute /sbin/slideshowSami Tolvanen2015-02-261-1/+1
* Revert /proc/net related changesNick Kralevich2015-02-251-2/+1
* sepolicy: remove block_device access from install_recoveryStephen Smalley2015-02-241-1/+1
* neverallow mounton lnk_file fifo_file sock_fileNick Kralevich2015-02-231-0/+4
* domain.te: neverallow System V IPC classesNick Kralevich2015-02-111-0/+18
* Remove service_manager_type auditing of shell source domain.dcashman2015-02-061-1/+1
* don't allow mounting on top of /system files/directoriesNick Kralevich2015-02-051-0/+3
* Add compile time checks for /data/dalvik-cache accessNick Kralevich2015-01-301-0/+10
* domain.te: allow /proc/net/psched accessNick Kralevich2015-01-221-0/+2
* remove /proc/net read access from domain.teNick Kralevich2015-01-141-1/+0
* Make system_server_service an attribute.dcashman2015-01-141-0/+3
* Restrict service_manager find and list access.dcashman2014-12-151-5/+0
* Add neverallow rule for set_context_mgr.dcashman2014-12-101-0/+3
* Revert " Add neverallow rule for set_context_mgr."dcashman2014-12-091-3/+0
* Add neverallow rule for set_context_mgr.dcashman2014-12-051-0/+3
* Allow recovery to create device nodes and modify rootfsNick Kralevich2014-11-071-2/+2
* recovery.te: add /data neverallow rulesNick Kralevich2014-11-051-2/+2
* allow coredump functionalityNick Kralevich2014-10-311-0/+4
* Remove -unconfineddomain from neverallow rules.Stephen Smalley2014-10-211-5/+6
* Remove block_device:blk_file access from fsck.Stephen Smalley2014-10-211-1/+1
* Define specific block device types for system and recovery partitions.Stephen Smalley2014-10-021-0/+6
* Do not allow init to execute anything without changing domains.Stephen Smalley2014-09-281-1/+5
* zygote: allow replacing /proc/cpuinfoNick Kralevich2014-09-261-0/+1
* Add support for factory reset protection.dcashman2014-09-191-0/+2
* Remove /dev/log/* accessNick Kralevich2014-09-181-2/+0
* assert that no domain can set default propertiesNick Kralevich2014-08-221-0/+4
* tighten up neverallow rules for init binder operationsNick Kralevich2014-08-211-3/+3
* Remove dumpstate from servicemanager list auditallow.Riley Spahn2014-07-281-1/+1
* Prohibit execute to fs_type other than rootfs for most domains.Stephen Smalley2014-07-211-1/+6
* Add access control for each service_manager action.Riley Spahn2014-07-141-0/+5
* Drop sys_rawio neverallow for teeNick Kralevich2014-07-091-2/+5
* New domain "install_recovery"Nick Kralevich2014-07-081-1/+1
* fix build.Nick Kralevich2014-07-071-1/+1
* Add neverallow rules further restricing service_manager.Riley Spahn2014-07-071-0/+7
* Allow init to relabel rootfs files.Stephen Smalley2014-06-231-1/+1
* Remove write access to rootfs files.Stephen Smalley2014-06-191-0/+3
* Prevent adding transitions to kernel or init domains.Stephen Smalley2014-06-181-1/+17
* Eliminate some duplicated rules.Stephen Smalley2014-06-171-1/+2
* Restrict use of context= mount options.Stephen Smalley2014-06-161-0/+10
* Remove world-read access to /data/dalvik-cache/profilesNick Kralevich2014-06-121-2/+0
* Refactor the shell domains.Stephen Smalley2014-06-111-1/+1
* Remove domain unlabeled access.Stephen Smalley2014-06-031-21/+3
* Adjust rules around /data/app entitiesChristopher Tate2014-06-031-0/+1
* Restrict /data/security and setprop selinux.reload_policy access.Stephen Smalley2014-05-301-0/+17
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 14:21:17 +0000