Thanks for the detailed answer. A follow up question if for instance intent is used it means that the communication is done using a system process, and you mentioned that the SEAndroid works on the process level, can SEAndroid also control the system process? can SEAndroid control IPC in this case? or SEAndroid can only control when the communication is direct between two processes?
On Mon, Aug 31, 2015 at 1:29 AM, William Roberts <[email protected]> wrote: > > On Aug 29, 2015 9:17 AM, "Tal Palant" <[email protected]> wrote: > > > > Hi, > > > > I have a question regrading the usage of SEAndroid on the binder class. > > > > can it be used to control which applications access other applications > components? > > Yes and no. It controls access at the the process level. If N components > run in a process than you grant at N components. > > > > does all ipc Android communication is done using binder? are there other > ways? > > Unix domain socket is prevalent .. See installd or property service as an > example. Also, intents and broadcasts count as ipc that built on top of > binder. > Think of binder as an ipc primitive. > > > > does the communication done not directly like using the system or > something? > > Binder is direct between processes. Intents and broadcasts are middle > manned by system server. > > > > in this case the rules on the binder can't prevent communication between > applications components? > > If you name components you can use mac_permissions.xml and seapp_contexts > to isolate xomponents. Iirc. I don't do a whole lot this high up in the > stack. > > > > > Thanks. > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to > [email protected]. > -- טל פולו פלנט כי שם כזה יש רק אחד
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
