What if the example app exposes a service that follows the "correct" rules
by assigning an access permission? Maybe the permission even has a
signature protection level and only other equally singed apps can access.
Should the app still be made to suffer? I think the debate to have at this
point is whether the original construction of the intent mac code and its
goals were correct and not necessarily whether the policy built on top of
that is correct at this point. So all this probably falls inline with some
of Michael's points. I would imagine that even the original author would
probably tell you the code and design goals are a bit lacking. Not sure if
trying to polish any of this code is gonna make a lick of a difference.
After all, if we don't trust third parties at all then let's just cut off
their binder access completely. That should make things real easy for us
then.
