Thanks Bill. We do have restore_recursive in our code. That’s one of the reason I thought we have the app data relabelled correctly as well. However, I expect the code that label app directories will be in either package manager or installd, right?
Thanks, Tai From: William Roberts <[email protected]<mailto:[email protected]>> Date: Friday, April 3, 2015 at 6:24 PM To: Tai Nguyen <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Question on seapp_context Off the top of my head git blame the init.rc on master for restorecon_recursive /data and there's a patch in libselinux to support storing the hash of fc when a restore on happens to prevent label walks when no change was made. Offhand from my cellphone I don't have the change ids handy. On Apr 3, 2015 6:14 PM, "Tai Nguyen (tainguye)" <[email protected]<mailto:[email protected]>> wrote: Thanks. That would explain what we see. Which version support /data relabeling? And, how do we find the patch for the /data relabeling. Thanks, Tai From: William Roberts <[email protected]<mailto:[email protected]>> Date: Friday, April 3, 2015 at 5:49 PM To: Tai Nguyen <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Question on seapp_context IIRC 4.4 doesn't support /data relabeling On Apr 3, 2015 5:05 PM, "Tai Nguyen (tainguye)" <[email protected]<mailto:[email protected]>> wrote: Do we have any restriction on using app_data_file domain for system_app? We made the following change, but the data directory still show system_app_data_file. - File mac_permissions.xml <signer signature="@PLATFORM" > <!-- CFG app --> <package name="cip.cfg"> <seinfo value="cfg_app" /> </package> - File seapp_contexts user=system seinfo=cfg_app name=cip.cfg domain=system_app type=app_data_file This is for KitKat 4.4 code base. The app needs to be system_app for other interaction but its data does not need to be protected. Thanks, Tai _______________________________________________ Seandroid-list mailing list [email protected]<mailto:[email protected]> To unsubscribe, send email to [email protected]<mailto:[email protected]>. To get help, send an email containing "help" to [email protected]<mailto:[email protected]>.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
