Another issue exists with reloadable policy support that I avoided at Samsung by relying on their willingness to apply system updates via OTA.
Right now, relabeling anything is impossible on anything except an OTA, else you need to explicitly restorecon the file. Even then, userdata typically cannot be relabled (typically writing to userdata on an OTA is a not so good thing using an update script to run restorecons on your behalf). So the question is, how can make policy updates more capable, notably the userdata relabeling for both userdata OTA and update scenarios as well as updating system from a userdata update. Do we simply say certain things cannot happen? >From my time commercializing it, I can say the only time I ever had to relabel existing userdata was when I switch MLS cats. However, we were not in production, so a wipe was reluctantly tolerated. Thoughts: relabeld -- smart enough for userdata, and quick. Being able to generate the delta between polices and smartly applying the update. allowing relabeld write access to system (unshare remount system) -- very concerning -- Respectfully, William C Roberts
