I started this thread because the device I am working on is very different from a typical phone/tablet environment (I work for GM, so it is not too hard to imagine the device :-)) , we have tons of customization to AOSP. Default policy is a great starting point, but don't always work. There are many cases like "i want system_app permissions plus a little more". So as far as i can see , "extending" default policies is not bad approach at all. It is true it might be over privileged in some cases, but it is a trade-off between development time + future maintain-ablity vs. least privileged model.
I'd love to see SEAndroid policies become more extendable. thanks Joe ________________________________ From: Seandroid-list <seandroid-list-boun...@tycho.nsa.gov> on behalf of Elena Reshetova <elena.reshet...@gmail.com> Sent: Wednesday, February 11, 2015 11:49 AM To: William Roberts Cc: seandroid-list@tycho.nsa.gov; Stephen Smalley Subject: Re: To allow custom domain to extend system_app type (SEAndroid) While you can get finer grained granularity write custom domains for everything from the OEM perspective Its awften the case that a particular system app that does some additional privelege that other system apps don't do. So by going a route where most people will not copy + paste system_app allow rules and fixthem up for their domain, its also harder for them to stay in line, and recoeve fixes to the base policy. Suppose, you remove some allowance from base system_app becuase it closes some hole, or removes a privelege that is no longer needed do to code change. All the copy + pastes for these new domains will likely never get this change, as they wont ever re-avaulate existing domains, just add to them. +1 The worst of all is trying to sync up the rules that were for some reason copied: becomes a never ending nightmare. I would rather define a correct hierarchy when I know what I am doing and what I want to archive and be done with it. Versus, copy now, maintain forever. But I agree that hierarchy via attributes should be done with a great care for each particular case. Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message. Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
