Hello, I'm doing some experiments with the native servicemanager and I have a couple of questions on how SELinux policy might help harden my prototype.
I am familiar with selinux_binder_transfer_binder() in hooks.c which is used in the kernel binder driver to check to see if a transfer between two sids is allowed by policy. This is kind of what I'm looking for, but I need to understand how to add more discernment regarding the allow/deny decision. Specifically, I would like to prevent certain apps from transferring system service capabilities to other apps. In other words, I want the context manager to be the ONLY way for an app to get the capability for a system service. I realize normal apps
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
