2013/11/27 Stephen Smalley <[email protected]>
> On 11/27/2013 07:37 AM, Severin Friede wrote: > > Dear Mr. Smalley > > > > thank you for your answer, I really appreciate that! > > > > as I mentioned, I wrote 2 test apps (s1 & s2). both are able to read and > > write a file to their own internal storage folder and to a common folder > on > > the external storage (sdcard). So far it works as expected. > > > > 1) I create the external sdcard for an emulator with mksdcard, the > > filesystem is fat32, so unfortunatly this won't work like you've > explained. > > > > 2.) I tried to deny write permissions to internal and external storage > for > > 3rd party apps (untrusted apps). I modified the "untrusted_app.te" file > and > > uncomment the following lines: > > > > # Internal SDCard rw access. > > #allow untrustedappdomain sdcard_internal:dir create_dir_perms; > > #allow untrustedappdomain sdcard_internal:file create_file_perms; > > > > # External SDCard rw access. > > #allow untrustedappdomain sdcard_external:dir create_dir_perms; > > #allow untrustedappdomain sdcard_external:file create_file_perms; > > > > Then I rebuild the policy and loaded it through the SEAdmin App: > > > > buildsebundle -k build/target/product/security/testkey.pk8 > > out/target/product/manta/root/* > > > > adb push selinux_bundle.zip /sdcard/ > > > > this stayed without success so I tried a different method > > Sorry, did you trigger the reload via SEAdmin after pushing the bundle? > What error did you get? Did it unpack the files under /data/security? > What version of Android are you using - master, 4.4, 4.3? > > yes, i first compiled the policy, then pushed it via adb push and then triggered the reload with SEAdmin. Finally i could deny the read and write permissions to the external storage for untrusted apps. i had to delete the /data/security folder before reloading the "selinux_bundle.zip". Seems that updating the existing files/folders doesn't work in my environment. Can you please tell me how i can recognize that an error appeared? I am using Android 4.3.
