On 08/12/2014 11:11 PM, Pankaj Kushwaha wrote: > Hi, > > I was thinking two make two different sepolicies for two users present on > same tablet. > Is it possible somehow ?? > > I started it with creating different policies for untrusted_app first. > For this I thought of passing different seinfo for owner and secondary user > and on based of different seinfo like default and default_owner I will > write rules in seapp_context to give these applications different labels > like untrusted_app and untrusted_app_owner, and then write rules for this. > But when I tried this actually, i came to know that in > PackageManagerService.java installation of app happens only once, whether I > am in primary user or secondary user. So wasn't able to change label at > time of installation. > > Then I thought of changing levelfrom tag in seapp_context, replaced > levelfrom=none to levelfrom=user, that added sensitivity and cgroup to the > label. It made all apps to crash at boot itself. > > I observed that user for same application across different users is u0_a27 > and u10_a27, u0_a65 and u10_a65 and so on. > > Can anyone please help me in achieving this ? > Is there any way to write rules on cgroup basis or user basis ?
Can you provide more information about exactly what was in your seapp_contexts (full contents) and the nature of the crash, output from dmesg and logcat? levelFrom=user should "work" modulo permission denials; it may be necessary to mark certain domains or types as mlstrustedsubject or mlstrustedobject to exempt them from the restriction. Also, what exactly are you using: vanilla AOSP or our modified repositories, and what version/branch? _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
