On 08/20/2013 11:22 AM, William Roberts wrote: > Yeah I have ran into this before. In Samsung we just sent an OTA, as it was > no big deal. We either need something like relabeld or a way for the kernel > to set the security attribute at file open based on the policy, rather than > needing to label.... I'm not a huge fan of labeling.
Labeling may be painful at times, but all the alternatives are far worse. And setting the security attribute at file open would defeat the entire purpose. Anyway, that's rather off-topic. I think we need to decide whether labeling changes for /system are legal via the /data/security policy or whether that level of change requires a new boot image policy and thus a custom load. Even if we support a restorecon -R /system as part of policy reload, the system partition will be mounted before the /data/security policy gets loaded so those files will all be treated as unlabeled up to that point. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
