Gitiles
Code Review
Sign In
LeafOS
/
LeafOS-Project
/
android_system_sepolicy
/
f4c0a09bd3c77486faf53eb0c89fdc720dd10353
/
unconfined.te
10ecd05
Add neverallow rule for set_context_mgr.
by dcashman
· 10 years ago
0d08d47
Remove -unconfineddomain from neverallow rules.
by Stephen Smalley
· 10 years ago
a7c04dc
Remove domain:process from unconfined
by Nick Kralevich
· 11 years ago
fee4915
Align SELinux property policy with init property_perms.
by Stephen Smalley
· 11 years ago
0db95cc
unconfined: remove internet access
by Nick Kralevich
· 11 years ago
a893eda
Remove execmod access to system_file and exec_type.
by Stephen Smalley
· 11 years ago
ee61528
Remove sdcard_type access from unconfineddomain.
by Stephen Smalley
· 11 years ago
631a5a8
Remove app_data_file access from unconfineddomain.
by Stephen Smalley
· 11 years ago
04b8a75
Remove write access to rootfs files.
by Stephen Smalley
· 11 years ago
f3c3a1a
Remove execute_no_trans from unconfineddomain.
by Stephen Smalley
· 11 years ago
5622cca
entrypoint should always be explicitly allowed.
by Stephen Smalley
· 11 years ago
75e2ef9
Restrict use of context= mount options.
by Stephen Smalley
· 11 years ago
ee49c0e
remove shell_data_file from unconfined.
by Nick Kralevich
· 11 years ago
52dcc94
Changed unconfined process policy to a whitelist.
by Riley Spahn
· 11 years ago
3235f61
Restrict /data/security and setprop selinux.reload_policy access.
by Stephen Smalley
· 11 years ago
03ce512
Remove /system write from unconfined
by Nick Kralevich
· 11 years ago
ad0d0fc
Protect /data/property.
by Stephen Smalley
· 11 years ago
685e2f9
remove syslog_* from unconfined
by Nick Kralevich
· 11 years ago
f853715
Remove setting /proc/self/attr/* from unconfined.
by Stephen Smalley
· 11 years ago
fa34d47
unconfined: remove linux_immutable
by Nick Kralevich
· 11 years ago
cd905ec
Protect keystore's files.
by Nick Kralevich
· 11 years ago
e8c9fda
Exclude audit-related capabilities from unconfined domains.
by Stephen Smalley
· 11 years ago
853ffaa
Deduplicate neverallow rules on selinuxfs operations.
by Stephen Smalley
· 11 years ago
3f40d4f
Remove block device access from unconfined domains.
by Stephen Smalley
· 11 years ago
5487ca0
Remove several superuser capabilities from unconfined domains.
by Stephen Smalley
· 11 years ago
b081cc1
Remove mount-related permissions from unconfined domains.
by Stephen Smalley
· 11 years ago
04ee5df
Remove MAC capabilities from unconfined domains.
by Stephen Smalley
· 11 years ago
fed8a2a
Remove transition / dyntransition from unconfined
by Nick Kralevich
· 11 years ago
08fffc5
Revert "Revert "Strip file execute permissions from unconfined domains.""
by Stephen Smalley
· 11 years ago
8aae7bd
Revert "Revert "Strip exec* permissions from unconfined domains.""
by Stephen Smalley
· 11 years ago
89740a6
Revert "Strip exec* permissions from unconfined domains."
by Nick Kralevich
· 11 years ago
4e416ea
Strip exec* permissions from unconfined domains.
by Stephen Smalley
· 11 years ago
8b51674
Restrict ability to set checkreqprot.
by Stephen Smalley
· 11 years ago
a730e50
Don't allow zygote init:binder call
by Nick Kralevich
· 11 years ago
e6a7b37
Restrict mapping low memory.
by Stephen Smalley
· 11 years ago
95e0842
Restrict ptrace access by debuggerd and unconfineddomain.
by Stephen Smalley
· 11 years ago
7adb999
Restrict the ability to set usermodehelpers and proc security settings.
by Stephen Smalley
· 11 years ago
d99e6d5
Restrict the ability to set SELinux enforcing mode to init.
by Stephen Smalley
· 11 years ago
ddf98fa
Neverallow access to the kmem device from userspace.
by Geremy Condra
· 11 years ago
84d8831
Clarify the expectations for the unconfined template.
by Nick Kralevich
· 11 years ago
2637198
Only init should be able to load a security policy
by Nick Kralevich
· 12 years ago
0c9708b
domain.te: Add backwards compatibility for unlabeled files
by Nick Kralevich
· 12 years ago
274d292
Clean up remaining denials.
by repo sync
· 12 years ago
77d4731
Make all domains unconfined.
by repo sync
· 12 years ago
9aea69c
Require entrypoint to be explicitly granted for unconfined domains.
by Stephen Smalley
· 12 years ago
9ce99e3
Update binder-related policy.
by Stephen Smalley
· 12 years ago
124720a
Add policy for property service.
by Stephen Smalley
· 13 years ago
2dd4e51
SE Android policy.
by Stephen Smalley
· 13 years ago