Hi, In our seandroid branch and seandroid-4.x branches, we have (always had) levelFrom=app as the default in seapp_contexts for third party apps, i.e. each third party is assigned a unique level (unique category set computed from its UID) that isolates it from other third party apps wrt process and kernel-managed object (e.g. files, sockets) operations.
In AOSP, they have levelFrom=none or equivalently no levelFrom= specifier at all, so they are not currently using levels or the mls policy. I was interested in finding out if anyone is in fact relying on the current levelFrom= defaults in our policy, or if we should align with AOSP by default. Also, I'd be interested in hearing if anyone has looked at switching from levelFrom=app to levelFrom=user (i.e. per-user levels, to provide stronger user isolation on Android than just UID separation) and the corresponding changes to the set of mlstrustedsubject domains and mlstrustedobject types (e.g. platform_app_domain() should likely drop mlstrustedsubject for that usage scenario as even the platform apps should be instantiated per user and be subject to the user isolation). That might be more workable without creating compatibility issues as apps shouldn't expect to be able to directly communicate across user boundaries. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
