> > Is getenforce an adb command now or should that be adb shell getenforce? > > Overuse of negation actually means overuse of attributes, I think. The > bad thing in that rule is the use of domain, not the use of negation. > > The device example is good but there are sometimes good reasons to split > out a device type like kgl_devices or something that needs to be > accessed by other domains. > > Definitely emphasizing that no devices should be labeled device is good, > I've seen that a lot. The same goes for generically labeled properties. > > Label new services does not cover labeling things running from ramdisk > (e.g., using seclabel in init.rc) > > Thanks Josh, I'll get these fixed.
> There should probably also be a section on mitigating assertion > violations. One very unfortunate thing about the AOSP policy is that the > assertions actually make it hard to lock down the policy more than > upstream has. > Let us know when you hit these (setting p
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
