It looks like Intent MAC is currently only working when the policy's source or
destination (in intent_mac.xml) is a package type, and not working when the
policy's source or destination is a package name. I assume you want package
names to work too since intent_mac.xml uses them.
The following code stuffs the package name in along with the package types that
are being compared to the policies and appears to fix the problem.
diff --git a/services/java/com/android/server/pm/PackageManagerService.java
b/services/java/com/android/server/pm/PackageManagerService.java
index 7b6142c..2e6e31d 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -2735,9 +2735,11 @@ public class PackageManagerService extends
IPackageManager.Stub {
PackageParser.Package pkg = mPackages.get(pkgName);
callingPkgs.add(pkg);
callingTypes.addAll(getMMACtypesForPackage(pkgName));
+ callingTypes.add(pkgName);
}
- Set<String> dstTypes = dstPkg.applicationInfo.mmacTypes;
+ Set<String> dstTypes = new
HashSet<String>(dstPkg.applicationInfo.mmacTypes);
+ dstTypes.add(dstPkg.packageName);
if (IntentMAC.DEBUG_ICC) {
Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+
