On Thu, 2012-09-27 at 22:00 -0400, Joshua Brindle wrote: > Stephen Smalley wrote: > > On Thu, 2012-09-27 at 09:34 -0400, Stephen Smalley wrote: > <snip> > > For now I would recommend at least this patch, to disable levelFromUid > > for isolated services. You'll still need to add allow rules for the > > interactions with the app domain, but you shouldn't need > > mlstrustedsubject. > > > > Should we add rules to allow appdomain access to isolated_app? If > isolated services is now encouraged it will be more common, right?
Yes, I think so. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
