> -----Original Message----- > From: Seandroid-list [mailto:[email protected]] On Behalf > Of James Muir > Sent: Monday, March 21, 2016 2:08 PM > To: [email protected] > Subject: google apps, untrusted_app domains > > I just installed a Marshmallow factory image (hammerhead-mra58) on my N5 and > I notice that the google apps all run under "untrusted_app" domains: > > $ adb shell > shell@hammerhead:/ $ ps -Z | grep 'google' > u:r:untrusted_app:s0:c512,c768 u0_a57 1597 212 > com.google.android.inputmethod.latin > u:r:untrusted_app:s0:c512,c768 u0_a22 2283 212 > com.google.android.setupwizard > u:r:untrusted_app:s0:c512,c768 u0_a53 2349 212 com.google.android.tts > u:r:untrusted_app:s0:c512,c768 u0_a11 7063 212 > com.google.android.gms.persistent > u:r:untrusted_app:s0:c512,c768 u0_a11 7082 212 > com.google.process.gapps > u:r:untrusted_app:s0:c512,c768 u0_a11 7111 212 com.google.android.gms > u:r:untrusted_app:s0:c512,c768 u0_a17 8880 212 > com.google.android.partnersetup > u:r:untrusted_app:s0:c512,c768 u0_a38 12054 212 > com.google.android.apps.cloudprint > u:r:untrusted_app:s0:c512,c768 u0_a27 12395 212 > com.google.android.googlequicksearchbox:search > u:r:untrusted_app:s0:c512,c768 u0_a27 12414 212 > com.google.android.googlequicksearchbox:interactor > u:r:untrusted_app:s0:c512,c768 u0_a55 13115 212 com.google.android.talk > u:r:untrusted_app:s0:c512,c768 u0_a62 14057 212 > com.google.android.apps.magazines > u:r:untrusted_app:s0:c512,c768 u0_a65 15070 212 > com.google.android.apps.photos > u:r:untrusted_app:s0:c512,c768 u0_a71 15130 212 com.google.android.gm > u:r:untrusted_app:s0:c512,c768 u0_a70 15156 212 > com.google.android.gm.exchange > u:r:untrusted_app:s0:c512,c768 u0_a69 15426 212 > com.google.android.deskclock > u:r:untrusted_app:s0:c512,c768 u0_a46 16580 212 > com.google.android.apps.fitness > u:r:untrusted_app:s0:c512,c768 u0_a27 16604 212 > com.google.android.googlequicksearchbox > u:r:untrusted_app:s0:c512,c768 u0_a34 17204 212 > com.google.android.calendar > > At one time, the recommendation was that google apps included in a ROM > should be assigned "platform_app"; there is a post from Stephen S (Feb > 2014) to this effect: > > https://marc.info/?l=seandroid-list&m=139353406611165&w=2 > > Does that recommendation still stand or is it obsolete now? Google presumably > has the gapps working correctly using "untrusted_app" now (however, I do see > lots of selinux denials with this factory image).
They run under untrusted_app. IIRS back in the day they had to be signed, I remember dealing with that issue on CM (again IIRC). I've seen denials for chrome on isolated_process, nothing really of note for the google apps though. > > -James M > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to Seandroid-list- > [email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
