Stephen Smalley wrote: <snip>
Wouldn't it be simpler to disable levelFromUid=true for regular apps and then just explicitly assign different level= values for personal vs business apps using seinfo tags? And then just enable the binder MLS constraint as is?
I'm trying to get both separation of untrusted_apps and separation of containers.
I was trying to think of ways to do it with categories alone (like levelFromUid=true extraCategories=c513 or something) but couldn't really figure out if the constraint would work.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
