On 03/27/2014 03:12 PM, William Roberts wrote: > Linux user ids are set aside for apps that have isolated = true in > their manifest. It runs it as a separate process with its own UID. > > I dont have the code in front of me but their is a file in > system/core/ i think includes that defines the user id mappings. Its > included directly in libselinux/src/android.c > > Some info for the app side: > http://developer.android.com/guide/topics/manifest/service-element.html
Any process with an appid between AID_ISOLATED_START and AID_ISOLATED_END is mapped to user=_isolated by libselinux, and then seapp_contexts has an entry that maps user=_isolated to domain=isolated_app. As Bill said, this is only for services with an android:isolatedProcess="true" attribute. The Chrome sandbox is one example. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
