1. 10ecd05 Add neverallow rule for set_context_mgr. by dcashman · 10 years ago
  2. 0d08d47 Remove -unconfineddomain from neverallow rules. by Stephen Smalley · 10 years ago
  3. a7c04dc Remove domain:process from unconfined by Nick Kralevich · 11 years ago
  4. fee4915 Align SELinux property policy with init property_perms. by Stephen Smalley · 11 years ago
  5. 0db95cc unconfined: remove internet access by Nick Kralevich · 11 years ago
  6. a893eda Remove execmod access to system_file and exec_type. by Stephen Smalley · 11 years ago
  7. ee61528 Remove sdcard_type access from unconfineddomain. by Stephen Smalley · 11 years ago
  8. 631a5a8 Remove app_data_file access from unconfineddomain. by Stephen Smalley · 11 years ago
  9. 04b8a75 Remove write access to rootfs files. by Stephen Smalley · 11 years ago
  10. f3c3a1a Remove execute_no_trans from unconfineddomain. by Stephen Smalley · 11 years ago
  11. 5622cca entrypoint should always be explicitly allowed. by Stephen Smalley · 11 years ago
  12. 75e2ef9 Restrict use of context= mount options. by Stephen Smalley · 11 years ago
  13. ee49c0e remove shell_data_file from unconfined. by Nick Kralevich · 11 years ago
  14. 52dcc94 Changed unconfined process policy to a whitelist. by Riley Spahn · 11 years ago
  15. 3235f61 Restrict /data/security and setprop selinux.reload_policy access. by Stephen Smalley · 11 years ago
  16. 03ce512 Remove /system write from unconfined by Nick Kralevich · 11 years ago
  17. ad0d0fc Protect /data/property. by Stephen Smalley · 11 years ago
  18. 685e2f9 remove syslog_* from unconfined by Nick Kralevich · 11 years ago
  19. f853715 Remove setting /proc/self/attr/* from unconfined. by Stephen Smalley · 11 years ago
  20. fa34d47 unconfined: remove linux_immutable by Nick Kralevich · 11 years ago
  21. cd905ec Protect keystore's files. by Nick Kralevich · 11 years ago
  22. e8c9fda Exclude audit-related capabilities from unconfined domains. by Stephen Smalley · 11 years ago
  23. 853ffaa Deduplicate neverallow rules on selinuxfs operations. by Stephen Smalley · 11 years ago
  24. 3f40d4f Remove block device access from unconfined domains. by Stephen Smalley · 11 years ago
  25. 5487ca0 Remove several superuser capabilities from unconfined domains. by Stephen Smalley · 11 years ago
  26. b081cc1 Remove mount-related permissions from unconfined domains. by Stephen Smalley · 11 years ago
  27. 04ee5df Remove MAC capabilities from unconfined domains. by Stephen Smalley · 11 years ago
  28. fed8a2a Remove transition / dyntransition from unconfined by Nick Kralevich · 11 years ago
  29. 08fffc5 Revert "Revert "Strip file execute permissions from unconfined domains."" by Stephen Smalley · 11 years ago
  30. 8aae7bd Revert "Revert "Strip exec* permissions from unconfined domains."" by Stephen Smalley · 11 years ago
  31. 89740a6 Revert "Strip exec* permissions from unconfined domains." by Nick Kralevich · 11 years ago
  32. 4e416ea Strip exec* permissions from unconfined domains. by Stephen Smalley · 11 years ago
  33. 8b51674 Restrict ability to set checkreqprot. by Stephen Smalley · 11 years ago
  34. a730e50 Don't allow zygote init:binder call by Nick Kralevich · 11 years ago
  35. e6a7b37 Restrict mapping low memory. by Stephen Smalley · 11 years ago
  36. 95e0842 Restrict ptrace access by debuggerd and unconfineddomain. by Stephen Smalley · 11 years ago
  37. 7adb999 Restrict the ability to set usermodehelpers and proc security settings. by Stephen Smalley · 11 years ago
  38. d99e6d5 Restrict the ability to set SELinux enforcing mode to init. by Stephen Smalley · 11 years ago
  39. ddf98fa Neverallow access to the kmem device from userspace. by Geremy Condra · 11 years ago
  40. 84d8831 Clarify the expectations for the unconfined template. by Nick Kralevich · 11 years ago
  41. 2637198 Only init should be able to load a security policy by Nick Kralevich · 12 years ago
  42. 0c9708b domain.te: Add backwards compatibility for unlabeled files by Nick Kralevich · 12 years ago
  43. 274d292 Clean up remaining denials. by repo sync · 12 years ago
  44. 77d4731 Make all domains unconfined. by repo sync · 12 years ago
  45. 9aea69c Require entrypoint to be explicitly granted for unconfined domains. by Stephen Smalley · 12 years ago
  46. 9ce99e3 Update binder-related policy. by Stephen Smalley · 12 years ago
  47. 124720a Add policy for property service. by Stephen Smalley · 13 years ago
  48. 2dd4e51 SE Android policy. by Stephen Smalley · 13 years ago