On Fri, 2012-09-28 at 14:13 -0400, Stephen Smalley wrote: > On Fri, 2012-09-28 at 12:01 -0400, Joshua Brindle wrote: > > Stephen Smalley wrote: > > <snip> > > > Wouldn't it be simpler to disable levelFromUid=true for regular apps and > > > then just explicitly assign different level= values for personal vs > > > business apps using seinfo tags? And then just enable the binder MLS > > > constraint as is? > > > > > > > I'm trying to get both separation of untrusted_apps and separation of > > containers. > > > > I was trying to think of ways to do it with categories alone (like > > levelFromUid=true extraCategories=c513 or something) but couldn't really > > figure out if the constraint would work. > > You could perhaps use ranges rather than single-level labels and encode > your container information in the high level. Then you could write the > constraints such that binder calls are only constrained based on the > high levels (h1, h2) and not the low levels. Would require changes to > the other constraints that presently ensure that everything stays > single-level.
Actually, on second thought, I don't think it requires changes to the other constraints. mlstrustedsubject domains should already be able to create ranged processes. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
