On Fri, 2012-09-28 at 12:01 -0400, Joshua Brindle wrote: > Stephen Smalley wrote: > <snip> > > Wouldn't it be simpler to disable levelFromUid=true for regular apps and > > then just explicitly assign different level= values for personal vs > > business apps using seinfo tags? And then just enable the binder MLS > > constraint as is? > > > > I'm trying to get both separation of untrusted_apps and separation of > containers. > > I was trying to think of ways to do it with categories alone (like > levelFromUid=true extraCategories=c513 or something) but couldn't really > figure out if the constraint would work.
You could perhaps use ranges rather than single-level labels and encode your container information in the high level. Then you could write the constraints such that binder calls are only constrained based on the high levels (h1, h2) and not the low levels. Would require changes to the other constraints that presently ensure that everything stays single-level. Of course this doesn't address indirect communications via the framework services, content providers, etc or the shared access to the sdcard. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
