aboutsummaryrefslogtreecommitdiffstats
path: root/untrusted_app.te
Commit message (Expand)AuthorAgeFilesLines
* gatekeeperd: use more specific label for /data fileNick Kralevich2015-04-171-0/+4
* Enforce more specific service access.dcashman2015-04-091-22/+0
* Enforce more specific service access.dcashman2015-04-081-6/+3
* Enforce more specific service access.dcashman2015-04-071-11/+0
* Enforce more specific service access.dcashman2015-04-071-7/+0
* Enforce more specific service access.dcashman2015-04-071-7/+0
* Assign app_api_service attribute to services.dcashman2015-04-061-6/+0
* Assign app_api_service attribute to services.dcashman2015-04-031-4/+0
* Add system_api_service and app_api_service attributes.dcashman2015-04-031-1/+4
* Record observed service accesses.dcashman2015-04-011-0/+7
* Add graphicsstats serviceJohn Reck2015-03-271-0/+1
* Don't grant hard link capabilities by default.Nick Kralevich2015-03-271-0/+8
* neverallow untrusted_app as a mlstrustedsubject.Stephen Smalley2015-03-131-0/+10
* Move allow rules before neverallow rules.Stephen Smalley2015-03-131-4/+4
* Record observed bluetooth service access.dcashman2015-03-061-0/+1
* allow untrusted_app read /data/anr/traces.txtNick Kralevich2015-03-051-0/+8
* move untrusted_app statement to the correct file.Nick Kralevich2015-03-051-0/+5
* Record observed system_server servicemanager service requests.dcashman2015-03-031-0/+14
* Allow platform_app access to keystore.dcashman2015-03-021-1/+0
* appdomain: relax netlink_socket neverallow ruleNick Kralevich2015-01-281-1/+4
* Record service accesses.dcashman2015-01-161-37/+2
* Remove known system_server service accesses from auditing.dcashman2015-01-151-25/+41
* Make system_server_service an attribute.dcashman2015-01-141-0/+59
* Restrict service_manager find and list access.dcashman2014-12-151-12/+7
* sepolicy: allow system apps to access ASECPawit Pornkitprasan2014-12-121-1/+0
* fix whitespaceNick Kralevich2014-10-141-1/+1
* relax neverallow rules on NETLINK_KOBJECT_UEVENT socketsNick Kralevich2014-09-211-0/+3
* Allow untrusted_app access to temporary apk files.dcashman2014-08-061-0/+4
* Further refined service_manager auditallow statements.Riley Spahn2014-07-181-0/+1
* Remove radio_service from untrusted_app auditallow.Riley Spahn2014-07-151-0/+1
* Add access control for each service_manager action.Riley Spahn2014-07-141-0/+11
* Don't use don'tNick Kralevich2014-07-091-1/+1
* ensure that untrusted_app can't set propertiesNick Kralevich2014-07-091-0/+6
* Add neverallow rules further restricing service_manager.Riley Spahn2014-07-071-0/+5
* add execmod to various app domainsNick Kralevich2014-06-021-2/+2
* untrusted_app: neverallow debugfsNick Kralevich2014-05-131-0/+8
* Make the untrusted_app domain enforcing.Stephen Smalley2014-05-011-1/+0
* Coalesce shared_app, media_app, release_app into untrusted_app.Stephen Smalley2014-04-041-1/+17
* Clean up, unify, and deduplicate app domain rules.Stephen Smalley2014-03-071-8/+0
* Remove redundant socket rules.Stephen Smalley2014-02-241-7/+0
* Clarify meaning of untrusted_app and app domain assignment logic.Stephen Smalley2014-02-211-3/+14
* Introduce asec_public_file type.Robert Craig2014-02-111-0/+2
* Support forcing permissive domains to unconfined.Nick Kralevich2014-01-111-1/+1
* Allow untrusted apps to execute binaries from their sandbox directories.Stephen Smalley2013-12-111-0/+4
* Isolate untrusted app ptys from other domains.Stephen Smalley2013-09-271-1/+1
* Revert "Add the ability to write shell files to the untrusted_app domain."Nick Kralevich2013-09-041-4/+1
* Add the ability to write shell files to the untrusted_app domain.Geremy Condra2013-08-161-1/+4
* Permit apps to bind TCP/UDP sockets to a hostnameAlex Klyubin2013-07-161-0/+3
* Move isolated_app.te / untrusted_app.te into permissiveNick Kralevich2013-07-161-0/+1
* Allow apps to create listening portsNick Kralevich2013-07-161-2/+2
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 02:41:59 +0000