On 02/12/2013 03:24 PM, Tai Nguyen (tainguye) wrote:
Hi,
I see that untrusted app can have these permission via a boolean. I wonder
why trusted app (e.g., system_app) do not?
platform_app, release_app, shared_app, and media_app all have
net_domain() unconditionally. untrusted_app has it via boolean so that
it can be disabled if desired.
system_app is only for apps that need to run in the system UID (same UID
as system_server), which should only be the case for a very few apps,
e.g. Settings. Haven't seen a need for those permissions for those apps
thus far in our usage. You could of course add net_domain(system_app)
to system.te but I'm wondering why your app has to run in system UID vs
just being a regular release_app?
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
