On Sep 28, 2015 8:40 PM, "Tal Palant" <[email protected]> wrote: > > So just to sum up Seandroid can only help in case there s a direct binder between two processes?
Yes. > > Which is less common if I understand correctly > > On Tue, 29 Sep 2015 at 04:09 William Roberts <[email protected]> wrote: >> >> >> On Sep 28, 2015 8:10 AM, "Tal Palant" <[email protected]> wrote: >> > >> > Thanks for the detailed answer. >> > >> > A follow up question if for instance intent is used it means that the communication is done using a system process, and you mentioned that the SEAndroid works on the process level, can SEAndroid also control the system process? can SEAndroid control IPC in this case? or SEAndroid can only control when the communication is direct between two processes? >> >> Intents are sent from one process through the system server process and delivered to another process. So you would need to cut off binder access to the system server, however this is not feasible. Applications will not work without binder access to system server. >> >> You need to make activity manager service (ams), which runs inside of system server process, smart enough to control intents. AMS is already smart enough to check against android permissions, you could also add logic to check other things. IIRC Intent mac branch out of the seandroid project has support for intent controls. >> >> > >> > On Mon, Aug 31, 2015 at 1:29 AM, William Roberts < [email protected]> wrote: >> >> >> >> >> >> On Aug 29, 2015 9:17 AM, "Tal Palant" <[email protected]> wrote: >> >> > >> >> > Hi, >> >> > >> >> > I have a question regrading the usage of SEAndroid on the binder class. >> >> > >> >> > can it be used to control which applications access other applications components? >> >> >> >> Yes and no. It controls access at the the process level. If N components run in a process than you grant at N components. >> >> > >> >> > does all ipc Android communication is done using binder? are there other ways? >> >> >> >> Unix domain socket is prevalent .. See installd or property service as an example. Also, intents and broadcasts count as ipc that built on top of binder. >> >> Think of binder as an ipc primitive. >> >> > >> >> > does the communication done not directly like using the system or something? >> >> >> >> Binder is direct between processes. Intents and broadcasts are middle manned by system server. >> >> > >> >> > in this case the rules on the binder can't prevent communication between applications components? >> >> >> >> If you name components you can use mac_permissions.xml and seapp_contexts to isolate xomponents. Iirc. I don't do a whole lot this high up in the stack. >> >> >> >> > >> >> > Thanks. >> >> > >> >> > _______________________________________________ >> >> > Seandroid-list mailing list >> >> > [email protected] >> >> > To unsubscribe, send email to [email protected]. >> >> > To get help, send an email containing "help" to [email protected]. >> > >> > >> > >> > >> > -- >> > טל פולו פלנט >> > כי שם כזה יש רק אחד
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
