On 01/03/2016 10:06 PM, weiyuan wrote:
The other system likes an embedded Linux distribution.
These system have separated exec files in a different partition, but some of
them may have the same filename.
As your suggestion, I think it's a good way that simply set process in the
different system have different domains.
Then, compile those policies in both systems into a single one sepolicy file.
But it seems that the non-android system will have to follow Android's
neverallow.
Is there any way that can let Android system get pass the CTS test, and
meanwhile the other system can add
some policies that may break Android's neverallow.
Do you need all of the systems running simultaneously? If not, then you
could keep the different policies separate and only load the appropriate
policy for the currently booted environment.
If you do need them all to run simultaneously, then the only way I can
see to avoid a problem with the neverallow checking is to virtualize the
policy in some manner, either by virtualizing the entire kernel (i.e.
run multiple Linux kernels each with its own policy on a hypervisor), or
by introducing some kind of policy namespace support within SELinux
itself. The latter is not a trivial undertaking.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
