On 04/29/2014 09:50 AM, Tai Nguyen (tainguye) wrote: > Right now, we have to upgrade/reload the whole policy. Is it possible to > support incremental update? > The idea is that the based policy form (OEM) vendor can be secure which > may cause some apps to fail. > Each (enterprise) customers may use different apps so there is a needs to > provision additional policy > to enable their apps. In this scenario, the active policy will be based > policy + customer policy. > The customer policy must be signed and authenticated but that is different > issue. > > This allows the (OEM) vendor to ship with a secure policy and customers to > customize the policy for their needs.
In Linux distributions, we have a concept of policy modules, where the final policy is generated from a base module and a collection of non-base modules, and users can add non-base modules with custom rule sets. This however does not exist in Android presently because we intentionally avoided building libsepol for the device due to license and footprint concerns and therefore do not support linking policy modules and expanding them to a final kernel policy on the device. You could however do that on a server and just ship the final policy to the device. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
