I just updated Chrome from Play Store and now it stops working with our device policy in enforcing mode. Audit messages show that it tried to open file /data/data/com.android.chrome/app_chrome/icudtl.dat.
That file is labeled based on seapp_context of the Chrome app which is based on signature. Since Chrome sandbox runs as isolated_app which doesn’t have access to Chrome app data file (e.g., google_app_data_file). Thus, it stops working. At the high level, if we want to treat isolated app as a specialized instance of the main app, it should have some relationship to the main app (e.g., able to read main app data). Thus, it seems like we need to map isolated_app with signer as well so that we can create specific rules for customized isolated_app to access its main app data. Is that the recommendation to handle situation like this (e.g., google_isolated_app and google_app)? Or is it better just map it to the main app (i.e., google_app instead of isolated_app)? Is there other option? Thanks, Tai
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
