I'm curious what kinds of per-app compatibility issues have occurred? Android recently deprecated Context.MODE_WORLD_READABLE and MODE_WORLD_WRITABLE, which could help in making an argument that they really don't want apps to be able to access the internal storage directories of other apps? http://developer.android.com/reference/android/content/Context.html#MODE_WORLD_READABLE
I did run into an app that shares world readable (and encrypted) files in its internal storage directory with other apps -- that would be one example of a compatibility issue. (I'd argue that they should use a Content Provider instead.) Thanks, Mike >-----Original Message----- >From: [email protected] [mailto:owner-seandroid- >[email protected]] On Behalf Of Stephen Smalley >Sent: Tuesday, January 08, 2013 9:51 AM >To: William Roberts >Cc: [email protected] >Subject: Re: multi user support > >On 01/08/2013 09:23 AM, Stephen Smalley wrote: >> On 01/07/2013 09:53 PM, William Roberts wrote: >>> Just wondering what the status of multi user support for tablets with >>> SEAndroid is, is Manta there yet? >> >> We do have support for correct labeling of secondary user app data >> directories in our branches and uploaded to AOSP as: >> https://android-review.googlesource.com/#/c/44530/ >> >> Not sure if that is what you are asking though. > >One thing that we haven't explored yet is leveraging the new >levelFrom=user support in seapp_contexts. That will require changes not >only to seapp_contexts but also to the rest of the policy to reflect the >change in how we are applying the MLS model, from a per-app basis to a >per-user basis. It should be significantly simpler and more compatible >than doing it on a per-app basis. > > > >-- >This message was distributed to subscribers of the seandroid-list mailing list. >If you no longer wish to subscribe, send mail to [email protected] >with >the words "unsubscribe seandroid-list" without quotes as the message. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
