You could always wrap them in a boolean as well On Mar 7, 2013 8:06 AM, "Radzykewycz, T (Radzy)" <[email protected]> wrote:
> I might suggest that things of this nature be put in separate files that > are easy to remove for more secure use cases. For example, aosp.te > > ________________________________________ > From: [email protected] [ > [email protected]] on behalf of Stephen Smalley [ > [email protected]] > Sent: Thursday, March 07, 2013 5:37 AM > To: Persaud, Ryan K. > Cc: [email protected] > Subject: Re: Libraries in the assets directory > > On 03/06/2013 05:03 PM, Persaud, Ryan K. wrote: > > While testing the Netflix application com.netflix.mediaclient, I got the > > following denial: > > > > type=1400 audit(1362425946.431:10): avc: denied { execute } for > > pid=890 comm="Thread-100" > > path="/data/data/com.netflix.mediaclient/files/libcrittercism-ndk.so" > > dev=mtdblock1 ino=855 scontext=u:r:untrusted_app:s0:c48,c256 > > tcontext=u:object_r:app_data_file:s0:c48,c256 tclass=file > > > > Netflix put the libcrittercism-ndk.so library in the assets directory > > instead of lib when the apk was generated. Consequently when the app is > > installed, libcrittercism-ndk.so gets placed into the files directory. > > I’ve noted two other applications, com.imangi.templerun2 and > > com.kiloo.subwaysurf, that also have libraries in the assets directory. > > Should the default SEAndroid policy reflect this practice? > > Preferably not, as this violates separation of code and data, but may be > required in the default policy of AOSP and commodity devices for > compatibility. > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. >
