On Aug 13, 2014 12:34 AM, "Pankaj Kushwaha" <[email protected]> wrote: > > Comments inline- > > > On Wed, Aug 13, 2014 at 10:17 AM, William Roberts < [email protected]> wrote: >> >> >> On Aug 12, 2014 8:13 PM, "Pankaj Kushwaha" < [email protected]> wrote: >> > >> > Hi, >> > >> > I was thinking two make two different sepolicies for two users present on same tablet. >> > Is it possible somehow ?? >> >> What's the use case? > > PK : there isn't any use case. I was trying to develop something new (a new feature). >> >> > >> > I started it with creating different policies for untrusted_app first. >> > For this I thought of passing different seinfo for owner and secondary user and on based of different seinfo like default and default_owner I will write rules in seapp_context to give these applications different labels like untrusted_app and untrusted_app_owner, and then write rules for this. >> > But when I tried this actually, i came to know that in PackageManagerService.java installation of app happens only once, whether I am in primary user or secondary user. So wasn't able to change label at time of installation. >> > >> > Then I thought of changing levelfrom tag in seapp_context, replaced levelfrom=none to levelfrom=user, that added sensitivity and cgroup to the label. It made all apps to crash at boot itself. >> >> MLS is not used on aosp so it hasn't been tested. Perhaps the NSA reference policy has those rules worked out? >> >> You should put the device in permissive mode and collect the audit logs and post them. > > PK : denials is not the issue. I was just trying that how can I have different label for same app running for two different users on same device, so that I can write different policies for them. >> >> > >> > I observed that user for same application across different users is u0_a27 and u10_a27, u0_a65 and u10_a65 and so on. >> > >> > Can anyone please help me in achieving this ? >> > Is there any way to write rules on cgroup basis or user basis ? >> >> Right now you could use the levelfrom construct and mls constraints but those are typically written to be applied consistently. If you know the uid of the user you could specify it in user=<uid> and than set a new type, but this is very static. The use case and deployment scenario would really drive what might need to change to support this. > > PK : I tried adding following line in seapp_contexts file and made a new file named untrusted_app_owner.te - > user=_app seinfo=default name=com.andrwq.recorder domain=untrusted_app_owner type=app_data_file levelFrom=none user=u0_*
You can't have user twice, did this get past the check_seapp tool? My previous mention of putting uid there won't work, obviously the uids change per package. That only works for fixed uid things typically integrated by an OEM. I don't know if prefix matching is supported off the top of my head, is it mentioned in the file comments of seapp_contexts? > > When I installed this package i.e. com.andrwq.recorder in owner (primary user) I expected that it will create a label untrusted_app_owner, but it was still untrusted_app. Also i tried modifying above line used, user=u0 and user=0, but still the same result. >> >> > >> > Thanks >> > Pankaj Kushwaha >> > >> > _______________________________________________ >> > Seandroid-list mailing list >> > [email protected] >> > To unsubscribe, send email to [email protected]. >> > To get help, send an email containing "help" to [email protected]. > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
