In the beginning my aim was to prevent the untrusted_app domain from accessing the database through content provider. But from the reply from William Roberts, I realized that that would be possible only through Android Manifest file permission.
But if I want to prevent a rogue downloadable app (untrusted_app domain) from accessing the database fifle directly, would it be possible to prevent this direct access by using security context in Android 4.4.4 (with setenforce as 1) -----Original Message----- From: Stephen Smalley [mailto:[email protected]] Sent: Friday, April 03, 2015 6:51 PM To: Datta, Souvik; [email protected] Subject: Re: Preventing untrusted_app domain from accessing database On 04/03/2015 09:16 AM, Datta, Souvik wrote: > Hello Stephen, > > I am using Android 4.4.4 which is distributed by a Silicon Vendor for > the embedded target that I am working on. I went ahead and modified > <build>/external/sepolicy/untrusted_app.te file by commenting out > #permissive untrusted_app; and then did a build. But this did not have > any effect. In other words, the process belonging to untrusted_app > domain could still access the database > (u:object_r:hm_phonebookaccess_data_file:s0) > > Is there any other way, this can be handled other than moving to a different > version of SEAndroid? Are you trying to prevent direct access to the file or the ability to use the ContentProvider? Two different issues. The former is enforceable by SELinux at the kernel level. The latter is a matter of Android permissions enforced by the middleware. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
