Joshua Brindle wrote: <snip>
If we decide that it isn't supported then it has a fairly large impact on the utility of policy reloading, I think. Right now switching from e.g., a Samsung policy to an AOSP policy is difficult because of the divergence of types. They'll either be unlabeled during boot or the new policy will have to alias every type that is different in the new policy.
Thinking about this more, it isn't just /system. Aside from just file_contexts changes, if I push a new seapp_contexts that changes, e.g., levelFrom=none to levelFrom=user on a running device bad things will start to happen. We don't currently have a facility to relabel /data/data directories so the user is probably going to have to wipe, which will get rid of the custom policy and start the problem all over again.
For now OTA can sort of fix this but having something more robust for changing policies at runtime would be much more desirable. Is it possible to do something like encryption where apps are killed off, the partitions are relabeled and then init is rerun?
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
