My view is that the 3rd party app should still require an entry in the Intent_MAC policy as this offers greater security. After reading http://www.cs.berkeley.edu/~afelt/intentsecurity-mobisys.pdf then that seems reasonable.
In the end of course the final policy depends on the security requirements and so long as the policy meets these then everyone is full of happiness and light (well maybe not the users or support). The good news is that (from what I've tested) the Intent and Content Provider MMAC code works on the basic principle that all access is denied unless explicitly allowed so flexible policies can be written. Richard ----- Original Message ----- From: rpcraig <[email protected]> To: Richard Haines <[email protected]> Cc: seandroid <[email protected]> Sent: Wednesday, 17 July 2013, 18:35 Subject: Re: Intent_MAC - Possible patch for intent_mac.xml What if your example platform app exposes a service that intends to allow anyone to use? -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
