On 01/11/2014 11:54 AM, [email protected] wrote: > Curious as to why certain apps receive certain SELinux contexts when they > are running. According to the external/sepolicy/untrusted.te file (comments > at the top), it seems that any app that is running between uid 10_000 and > 99_000 should receive the untrusted_app domain. Yet with a recent build of > master it is clear that certain apps don't follow this convention. i.e. the > Launcher app on my device has u0_a13 which translates to 10_013 yet runs in > the shared_app domain. So after searching the shared_app.te file I noticed > the comments that any app signed with the shared
Apps are labeled based on mac_permissions.xml (maps signer and optionally package to seinfo value) and seapp_contexts (maps user and optionally seinfo value to domain for process and type for data directory). More info: http://selinuxproject.org/page/SEAndroid -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
