Ok, but not really the answer I was after. The security model used at the lower levels seem to make sense in that you're just reinforcing the existing security model there. i.e. installd should only be able to do a select number of things and your SELinux policy just reinforces that. But when it comes to apps it seems your current security model isn't really reinforcing the Android model. Aren't all apps considered equal? Yes, they are run in their own sandbox protected by their uid with granted permissions based on signature or location. But, it seems like to reinforce that notion all system apps should be put into the same domain. And then all non system apps should be put into a separate domain. Why the current distinction among the system apps, i.e. media, platform, release, and shared? Aren't they just equivalent; same partitioned set? This just seems like unneeded complexity in the policy and divergence from Android documentation concerning apps.
On Tuesday, January 14, 2014 9:46:31 AM UTC-5, Stephen Smalley wrote: > > On 01/11/2014 11:54 AM, [email protected] <javascript:> wrote: > > Curious as to why certain apps receive certain SELinux contexts when > they > > are running. According to the external/sepolicy/untrusted.te file > (comments > > at the top), it seems that any app that is running between uid 10_000 > and > > 99_000 should receive the untrusted_app domain. Yet with a recent build > of > > master it is clear that certain apps don't follow this convention. i.e. > the > > Launcher app on my device has u0_a13 which translates to 10_013 yet runs > in > > the shared_app domain. So after searching the shared_app.te file I > noticed > > the comments that any app signed with the shared > > Apps are labeled based on mac_permissions.xml (maps signer and > optionally package to seinfo value) and seapp_contexts (maps user and > optionally seinfo value to domain for process and type for data > directory). > > More info: http://selinuxproject.org/page/SEAndroid > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
