On 10/06/2015 03:49 PM, Dinesh Garg wrote: > Does anyone know how SEPolicies work for mapped devices? > > Android encrypts userdata partition using dm-crypt. Original SEPolicies would > be written for userdata partition but when device is encrypted, block device > would change from userdata to /dev/block/dm-<number> where number is > variable. I wonder how SEPolicies would work when device gets encrypted ?
Presently, all /dev/block/dm-<n> devices are labeled with dm_device, which is only accessible under AOSP policy by init, ueventd, fsck, blkid (read-only), and vold. vold could probably take the label of the underlying device and compute a derived label to assign to the mapped one if you needed to distinguish them from one another. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
