On 06/23/2014 01:23 PM, Sloan, John [GCS] wrote: > Are there any known gotchas in the MMAC in CyanogenMod 10.2 that can > lead to apps being assigned the default seinfo tag? > > > > I used setool to generate a whitelist for our apps that assign them to > our own seinfo tag. > > I built and installed the mac_permissions.xml file. > > I verified that it contains the stanzas that setool generated. > > But some of our apps apps get our seinfo tag, and some get the default tag. > > Those that get the default tag end up in the untrusted_app context as > expected. > > Perusing logcat I don’t see any smoking gun between the ones that work > and the ones that don’t. > > Using setool to check APKs from both an app that works and one that does > not work indicates both pass the policy. > > > > Thanks in advance, and apologies for the broad question.
Unless they are using the SELinuxMMAC.java from our seandroid* branches, you cannot assign a specific seinfo value to non-system apps. There is a change uploaded to AOSP master to add that support to AOSP, but it is still pending: https://android-review.googlesource.com/#/c/80871/ _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
