Hi, A set of changes to the external/sepolicy master branch were released yesterday in AOSP. We have made an initial merge into our seandroid branch, trying to retain consistency where possible but dropping out permissive and unconfined_domain() statements as well as other various other rules that seemed undesirable. Some particular changes to note that we did merge include:
1) The app.te file was split up into separate files for each app domain. We have switched to the new file layout but preserved our rules for the app domains. 2) The neverallow rules were split up and moved from assert.te (now deleted) to individual .te files based on the domain used in the neverallow rule. We have also switched to this layout but brought over our additional neverallow rules. 3) A few policy booleans were deleted, including debugfs and the sdcard-related booleans; these are unconditionally allowed in the AOSP policy. We dropped them for now from our policy as well, although we could restore them if needed. Thus far we have only merged the changes onto the seandroid branch; the seandroid-4.3 branch is unchanged at present. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
