Since underlying files are same between userdata and dm-<n>, there is no need to modify policies for files in userdata partition, right ?
On Tue, Oct 6, 2015 at 1:52 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > On 10/06/2015 03:49 PM, Dinesh Garg wrote: > > Does anyone know how SEPolicies work for mapped devices? > > > > Android encrypts userdata partition using dm-crypt. Original SEPolicies > would be written for userdata partition but when device is encrypted, block > device would change from userdata to /dev/block/dm-<number> where number > is variable. I wonder how SEPolicies would work when device gets encrypted ? > > Presently, all /dev/block/dm-<n> devices are labeled with dm_device, which > is only accessible > under AOSP policy by init, ueventd, fsck, blkid (read-only), and vold. > > vold could probably take the label of the underlying device and compute a > derived label > to assign to the mapped one if you needed to distinguish them from one > another. >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
