index
:
external/sepolicy.git
brillo-m10-dev
brillo-m10-release
brillo-m7-dev
brillo-m7-mr-dev
brillo-m7-release
brillo-m8-dev
brillo-m8-release
brillo-m9-dev
brillo-m9-release
ics-plus-aosp
idea133
idea133-weekly-release
jb-dev
jb-mr0-release
jb-mr1-dev
jb-mr1-dev-plus-aosp
jb-mr1-release
jb-mr1.1-cts-dev
jb-mr1.1-dev
jb-mr1.1-dev-plus-aosp
jb-mr1.1-release
jb-mr2-cts-dev
jb-mr2-dev
jb-mr2-release
jb-mr2.0-release
jb-mr2.0.0-release
jb-release
kitkat-cts-dev
kitkat-cts-release
kitkat-dev
kitkat-mr1-release
kitkat-mr1.1-release
kitkat-mr2-release
kitkat-mr2.1-release
kitkat-mr2.2-release
kitkat-release
kitkat-wear
l-preview
linaro-armv8-14.08
linaro-armv8-14.09
linaro-armv8-master
linaro-lollipop
linaro-marshmallow
lollipop-cts-dev
lollipop-cts-release
lollipop-dev
lollipop-mr1-cts-dev
lollipop-mr1-cts-release
lollipop-mr1-dev
lollipop-mr1-fi-release
lollipop-mr1-release
lollipop-mr1-wfc-release
lollipop-release
lollipop-wear-release
main
marshmallow-cts-dev
marshmallow-cts-release
marshmallow-dev
marshmallow-dr-dev
marshmallow-dr-dragon-release
marshmallow-dr-release
marshmallow-dr1.5-dev
marshmallow-dr1.5-release
marshmallow-dr1.6-release
marshmallow-mr1-dev
marshmallow-mr1-release
marshmallow-mr2-release
marshmallow-mr3-release
marshmallow-release
master
master-soong
n-preview-1
selinux-hacks-lava
tools_r20
tools_r21
tools_r22
tools_r22.2
about
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
isolated_app.te
Age
Commit message (
Expand
)
Author
2016-05-03
DO NOT MERGE: Neverallow isolated and untrusted apps to write system properties
Johan Redestig
2015-06-08
Remove service_manager_local_audit_domain.
dcashman
2015-06-05
restrict app access to socket ioctls
Jeff Vander Stoep
2015-04-09
isolated_app: Do not allow access to the gpu_device.
Nick Kralevich
2015-04-09
isolated_app: allow app_data_file lock
Nick Kralevich
2015-04-01
Record observed service accesses.
dcashman
2015-03-05
update isolated_app service_manager rules
Nick Kralevich
2015-01-20
Revert "isolated_app: Do not allow access to the gpu_device."
Nick Kralevich
2015-01-14
Make system_server_service an attribute.
dcashman
2014-12-15
Restrict service_manager find and list access.
dcashman
2014-12-02
Do not allow isolated_app to directly open app data files.
Stephen Smalley
2014-10-17
Revert "Do not allow isolated_app to directly open app data files."
android-l-preview_r2
l-preview
Nick Kralevich
2014-10-06
Do not allow isolated_app to directly open app data files.
Stephen Smalley
2014-10-03
Remove net_domain() from isolated_app.
Stephen Smalley
2014-10-01
isolated_app: remove app_data_file execute
Nick Kralevich
2014-09-11
isolated_app: Do not allow access to the gpu_device.
Robert Sesek
2014-07-18
Further refined service_manager auditallow statements.
Riley Spahn
2014-07-14
Add access control for each service_manager action.
Riley Spahn
2014-06-27
isolated_app: allow app_data_file execute
Nick Kralevich
2014-03-07
Clean up, unify, and deduplicate app domain rules.
Stephen Smalley
2014-02-25
Resolve overlapping rules between app.te and net.te.
Stephen Smalley
2014-01-09
Remove legacy rules from dumpstate in init domain.
Stephen Smalley
2013-12-02
Make the isolated_app domain enforcing.
Stephen Smalley
2013-09-13
Remove duplicated rules between appdomain and isolated_app.
Stephen Smalley
2013-09-05
Fix more long-tail denials.
Geremy Condra
2013-07-16
Move isolated_app.te / untrusted_app.te into permissive
Nick Kralevich
2013-07-13
untrusted_app.te / isolated_app.te / app.te first pass
Nick Kralevich
2013-07-12
Move *_app into their own file
Nick Kralevich