Hi SEAndroid, i've created 2 new domain called DomainA_app and DomainB_app.In each file called DomainA_app.te and domainB_app.te i've put only this line
type DomainA_app, domain; app_domain(DomainA_app) same for DomainB_app. now if i run the command ps-Z each application have the right domain.If appA in the domain DomainA_app call appB in the domain domainB_app works well. I want to block the call from 2 apps of different domain so i've changed the file app.te i've substituited: binder_call(appdomain, appdomain) with this # Perform binder IPC to other apps. binder_call(shared_app, platform_app) binder_call(platform_app, shared_app) binder_call(shared_app, media_app) binder_call(media_app, shared_app) binder_call(shared_app, release_app) binder_call(release_app, shared_app) binder_call(platform_app, media_app) binder_call(media_app, platform_app) binder_call(platform_app, release_app) binder_call(release_app, platform_app) binder_call(media_app, release_app) binder_call(release_app, media_app) so the system's apps work well,but the appA and appB still work well too,so i think is the system_server that enable appA call and run appB through an intent. I want to know if there is a way to block call from appA to appB,maybe some neverallow or some modify inside system_server (or in another policy file). Thanks a lot for any help, Andrea
