On 08/16/2013 07:36 AM, Richard Haines wrote:
I've just uploaded this patch to Gerrit, however it only applies to
the vanilla
Android policy:
When SELinux is in enforcement mode it is not possible to launch apps.
This rule will also allow the system to initialise even if enforcement
mode is enabled during the boot process.
Change-Id: I922b98267964e888faa36762c49c02661824d38c
Signed-off-by: Richard Haines <[email protected]>
---
system.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/system.te b/system.te
index fc76cd4..8734485 100644
--- a/system.te
+++ b/system.te
@@ -9,3 +9,5 @@ unconfined_domain(system);
# Create a socket for receiving info from wpa.
type_transition system wifi_data_file:sock_file system_wpa_socket;
+# Allow zygote to launch apps
+allow system self:zygote { specifyseinfo specifyids };
--
1.8.3.1
I certainly agree that we need to fix these types of issues. However, we
are presently working on fixing the delta that exists between the SE for
Android ref policies and that which exists in AOSP. We currently have 5
other patches uploaded that will help bring the AOSP device specific
policy inline with SE for Android.
I'm not sure if doing this piecemeal will be much benefit. I would think
that having multiple people trying to bring the policy inline will be a
big headache. Your patch will be part of the larger one offered by us
though.
I'm open to differing opinions on this though.
