Thank you for the reply, so I understand that to control intent delivery via the system_server I could use something like the intent firewall, but I would like to know if I can archive the same result by writing directly in the policy files, I'm thinking about to leave the app.te file with its rules only for the trusted application and make another domain for other applications with the same rules used in the app.te file but isolated from the first one.Maybe something that doesn't allow intents like this appA-->system_server system_server-->appB.
Thanks, Andrea 2013/11/6 Stephen Smalley <[email protected]> > On 11/06/2013 09:48 AM, Damian Gerow wrote: > > I'm trying to build a recent (yesterday) fresh check-out for a grouper > device, but I've run into a few problems building the kernel. I've poked > around, and while I expect I'm doing something wrong, I'm not entirely sure > what it is. Note that I'm also failing to build seandroid itself, even > though I am successfully building vanilla AOSP for the same target > (full_grouper-userdebug). > > > > Specifically, after a fresh checkout of android-4.3_r1.1, I have three > issues: > > > > 1) There's no 'tegra3_android_defconfig' anymore. The only > configuration file that seems appropriate is > arch/arm/configs/tegra_defconfig, but... > > 2) The resulting kernel configuration doesn't have any CONFIG_SELINUX_* > options set, unlike what I would expect to see (and do, when using eg. > tuna_defconfig) > > 3) The resulting kernel doesn't compile: > > > > ----- > > [~/src/external/android/seandroid-4.3/kernel/omap]$ make ARCH=arm > CROSS_COMPILE=$PREFIX/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/bin/arm-eabi- > > scripts/kconfig/conf --silentoldconfig Kconfig > > warning: (MACH_HARMONY && MACH_KAEN && MACH_SEABOARD) selects > MACH_HAS_SND_SOC_TEGRA_WM8903 which has unmet direct dependencies (SOUND && > !M68K && SND && SND_SOC) > > warning: (MACH_HARMONY && MACH_KAEN && MACH_SEABOARD) selects > MACH_HAS_SND_SOC_TEGRA_WM8903 which has unmet direct dependencies (SOUND && > !M68K && SND && SND_SOC) > > CHK include/linux/version.h > > CHK include/generated/utsrelease.h > > make[1]: `include/generated/mach-types.h' is up to date. > > CALL scripts/checksyscalls.sh > > CHK include/generated/compile.h > > GZIP kernel/config_data.gz > > IKCFG kernel/config_data.h > > CC kernel/configs.o > > LD kernel/built-in.o > > CC drivers/misc/akm8975.o > > > > <snip> > > > > drivers/misc/akm8975.c:540:2: error: unknown field 'ioctl' specified in > initializer > > drivers/misc/akm8975.c:540:2: warning: initialization from incompatible > pointer type [enabled by default] > > drivers/misc/akm8975.c:540:2: warning: (near initialization for > 'akmd_fops.fsync') [enabled by default] > > drivers/misc/akm8975.c:547:2: error: unknown field 'ioctl' specified in > initializer > > drivers/misc/akm8975.c:547:2: warning: initialization from incompatible > pointer type [enabled by default] > > drivers/misc/akm8975.c:547:2: warning: (near initialization for > 'akm_aot_fops.fsync') [enabled by default] > > drivers/misc/akm8975.c: In function 'akm8975_store': > > drivers/misc/akm8975.c:87:16: warning: ignoring return value of > 'kstrtoul', declared with attribute warn_unused_result [-Wunused-result] > > make[2]: *** [drivers/misc/akm8975.o] Error 1 > > make[1]: *** [drivers/misc] Error 2 > > make: *** [drivers] Error 2 > > [/src/external/android/seandroid-4.3/kernel/omap] $ > > As per the table, Nexus 7 (grouper) uses kernel/tegra, not kernel/omap. > > Also, you don't need to build the kernel per se with 4.3 and later; the > prebuilt kernel already has SELinux enabled. > > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. >
