On 06/03/2015 02:56 AM, Redestig, Johan wrote: > When invoking utilities like rmdir from the init scripts it would still > be useful to specify in what domain you want them to be executed. > Alternatively one can wrap all such calls in scripts that are labeled, > though that seems a bit awkward?
If it is a built-in command, then it will just run in in-process and thus in init's domain. If it is an exec, then the new exec command supports specifying a seclabel as an option to exec. But that's different than the service seclabel option that he was talking about removing, which is used for services whose executables are in the rootfs or that are shell scripts rather than their own executables. Shell script files can be labeled and cause an automatic transition if they are directly executed but if they are run indirectly via /system/bin/sh then the kernel will only see it as an exec of sh and a read of the script file so no transition will occur automatically. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
