On 01/15/2015 03:01 PM, Stephen Smalley wrote: > On 01/14/2015 04:28 AM, Maytar Byle wrote: >> hello everyone! >> Lately, i wanted to add some rules into android 4.4.3 selinux policy >> files and i came accross a problem that i didn't how to approach to. >> i wanted to create domains that "inherite" all the rules from the >> untrusted_app or platform_app domains. >> of course i couldv'e just copy/paste the rules of those domains, but im >> searching for some more elegant way. >> >> This brings me to the following questions: >> 1) is there any elegant way to implement such an inheritance >> 2) in my lone journey trying to find a solution for this, i saw the >> 'attributes' file. in this file there are all the attributes definitions >> such as 'domain' or 'appdomain'. if theoretically i'd put platform_app >> as an attribute, will it be able to inherite from appdomain as it is >> happening now? In short, is the only available inheritance selinux >> provides if from attribute to type? > > Generally inheritance is either done via attributes (type sets) or via > macros (e.g. see the ones in te_macros). > > Additional resources for SELinux assistance: > SE for Android web site, http://seandroid.bitbucket.org/index.html > SE for Android mailing list, subscribe via email to > [email protected] > SELinux mailing list, subscribe via email to [email protected]
Also, this one: https://source.android.com/devices/tech/security/selinux/index.html -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
