The MLS levels used before in the policy was to provide isolation between multiple untrusted_apps. as the type rules allowed them to access their own and other apps private app sandboxes. MLS constraints were used to tighten this.
all aps, except untrusted_app run at s0, and untrusted_apps should get their level set from levelFrom=app in seapp_contexts. untrusted_app's should be getting a category tuple based on the appid. See libselinux/src/android.c line 422ish and seapp_contexts for the technical implementation details. Now, with respect to CTS, this tends not to be favorable last time I ran it with MLS cats on 3rd party (untrusted) apps. But I have not tested this recently. Bill On Mon, Jun 3, 2013 at 10:58 AM, Thomas COUDRAY <[email protected]> wrote: > Hi all, > > I have a question about isolating apps from each other. I use the samsung > default policy. > > > *From The SELinux Notebook p299:* > > Use of MLS categories to isolate apps > > > > But when I use ps -Z, all app processes are labeled like this > "u:r:untrusted_app:s0" / "u:r:system_app:s0" / "u:r:samsung_app:s0". > > There are all in the same category (s0). > > That mean that any process can interact with an s0 process from a > category perspective. > > And all processes with the same type (untrusted_app_t) and no > categories (s0) can affect each other from a selinux perspective. > > Someone tell me that the reason maybe why all untrusted apps have no > categories is to protect the remaining system resources that do have > categories. > > But I can't find system resources that have a category. Where are MLS > used? > > I don't know if I misunderstand something, but can any app (in the > same label) affect another app (from a selinux perspective) ? > > If it's true, how can I isolate my own new app? (make a new policy and > use type-enforcement on it ?) > > > Thanks, > > Thomas Coudray -- Respectfully, William C Roberts
