Right now, we have to upgrade/reload the whole policy. Is it possible to support incremental update? The idea is that the based policy form (OEM) vendor can be secure which may cause some apps to fail. Each (enterprise) customers may use different apps so there is a needs to provision additional policy to enable their apps. In this scenario, the active policy will be based policy + customer policy. The customer policy must be signed and authenticated but that is different issue.
This allows the (OEM) vendor to ship with a secure policy and customers to customize the policy for their needs. On 4/25/14, 10:55 AM, "Stephen Smalley" <[email protected]> wrote: >On 04/24/2014 06:56 PM, Arun Chandrasekaran wrote: >> Hi there, >> My understanding is that a written policy file can be >> loaded into the kernel without reboot and that it can take effect soon >> after. If this is the case, am I correct in thinking that a written >> policy file can be sent as an over-the-air update to a phone and >> instrumented to be loaded at run time? > >See: >http://selinuxproject.org/page/SEforAndroid#Policy_Updates > >_______________________________________________ >Seandroid-list mailing list >[email protected] >To unsubscribe, send email to [email protected]. >To get help, send an email containing "help" to >[email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
