Hi, Stephen Thanks bunch for your reply. Suppose if we really have special permission requirements, what should be the "right" way to do that?
thanks again Joe ________________________________________ From: Stephen Smalley <stephen.smal...@gmail.com> Sent: Monday, February 09, 2015 7:44 AM To: Dong Zhou Cc: seandroid-list@tycho.nsa.gov Subject: Re: To allow custom domain to extend system_app type (SEAndroid) One caveat I would note is that you should not define new app domains unless they truly have unique permission requirements. Domains are equivalence classes. On Mon, Feb 9, 2015 at 1:07 AM, Dong Zhou <dong.z...@gm.com> wrote: > Hi, there > > > Sorry for this entry level question. > > > In SEAndroid AOSP release, I understand domain and appdomain are attributes, > then you can define types inherit the access permissions from them. > Actaully, system_app, platform_app and untrusted_app are all using macros to > inherit from appdomain attribute. My question is, if we want to define my > customer domains, some inherit from system_app, some from platform_app or > untrusted_app. But since those are already defined as types, how can I > extend an existing type instead of an attribute? > > > What is the recommended way to handle this? > > > thanks a lot! > > > Joe > > > > > > Nothing in this message is intended to constitute an electronic signature > unless a specific statement to the contrary is included in this message. > > Confidentiality Note: This message is intended only for the person or entity > to which it is addressed. It may contain confidential and/or privileged > material. Any review, transmission, dissemination or other use, or taking of > any action in reliance upon this message by persons or entities other than > the intended recipient is prohibited and may be unlawful. If you received > this message in error, please contact the sender and delete it from your > computer. > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message. Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
