Why don't you work on adding tests to CTS? You could also make a test suite that runs in the unconfined domain. If its truly native, by using the init daemon to start it, you will inherently run in that domain. You could declare a one shot service in the init.rc and then just use ctl.start ctl.stop to fire it off.
Running an APK in that domain doesn't make sense as anything not system server has its capabilities to do anything DAC wise stripped out. However, you could always start up an instance of a dalvik vm by hand, similar to what is done in Zygote. On Wed, Aug 28, 2013 at 9:00 AM, Stephen Smalley <[email protected]> wrote: > On 08/27/2013 02:12 PM, Tai Nguyen (tainguye) wrote: > > All, > > > > We are looking for recommendation to support incremental automation test > for SEAndroid device. Since it is expected that developers will add > automation tests and those tests are run automatically on the device for > every build, having the policies to support those unknown test programs is > a challenge. > > > > I think SEAndroid can handle test apk pretty well – However, we are not > sure about native (Linux) test programs. It seems that we may need to add > rules to transition these test programs to right domain. So, it seems that > the whole development team need to create rules for test programs. This is > not desirable because these test rules may end up in release/official > loads. In addition, the team may not have SEAndroid knowledge to create > right rules. > > > > We really appreciate if you can provide us your feedback or > recommendation. > > When you say "native (Linux) test programs", do you mean: > a) such programs executed from a regular (unprivileged) adb shell, > b) such programs executed from an adb shell after an adb root or via su, > c) such programs executed from an app > > Do the test programs do things that you don't want to permit on > production devices? Or are they testing functionality that should in > fact work on production devices? > > > > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. > -- Respectfully, William C Roberts
