On 02/20/2013 04:10 PM, Tai Nguyen (tainguye) wrote:
Hi,
When upgrading a device to seandroid version, what is the recommendation
for setting security context for existing files? We would like to avoid
factory reset the device (ie. Wipe) if we can. Is it possible to setup
transition rules to move unlabeled files to new security context?
I wouldn't generally recommend doing that; factory reset is much
cleaner, simpler, and more secure.
But if you must, you could conceivably perform restorecon on portions of
/data. But you need to be careful about app-writable or shell-writable
directories, or make sure you run restorecon in a domain that cannot
read/follow symlinks in those directories.
The hardest part would be getting the security contexts correct on app
data directories. restorecon won't address that issue for you. Normally
those are labeled by installd upon creation based on the inputs provided
by the PMS and the seapp_contexts configuration. Might require some
additional tooling to support that.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
