On 08/14/2014 05:25 AM, Pankaj Kushwaha wrote: > Hi Chris, > > I created a new domain untrusted_app_owner.te and wrote some rules in it, > and other one i.e. untrusted_app.te is same as it is. > I made seinfo changes in ActivityManagerService, so that when app is > started it checks whether user is 0 or any secondary user. > > If seinfo is 'default' and user is 0 it passes seinfo as 'default_owner' > else it passes 'default'. Now in seapp_context I have written code such > that if we get seinfo as 'deafult_owner' we give that a label > 'untrusted_app_owner'. > > Now in this way if a run a app, say Google chrome in owner it gets labelled > as 'untrusted_app_owner' and if I run same app in any other user it gets > labelled as 'untrusted_app' and hence follows rule as written in > untrusted_app_owner.te and untrusted_app. > > I have almost done what I was willing to do. > Now my question is, Is this approach fine ?? > Also I wanted to know that what was the reason to modify code in UserInfo, > UserManager ,DevicePolicyManager and user xml files ? > > I got this when i grepped all running processes with 'chrome' - > u:r:untrusted_app:s0 u10_a31 6484 6400 com.android.chrome > u:r:untrusted_app_owner:s0 u0_a31 8580 127 com.android.chrome
Question for both of you: What is the benefit of running the same app in different domains for different users? I can understanding wanting to reinforce multi-user separation in Android, which is why we have the levelFrom=user construct, but not separate domains. How would untrusted_app and untrusted_app_owner differ? In your earlier email, Chris, you said you might want stricter policy in the business space than in the personal space, but a) that seems dangerous (e.g. I would be more concerned about malware in the personal space escalating its privileges and attacking the business space), and b) I don't really see how/why the OS-level permissions needed by any regular app would really differ regardless of personal vs business space, except that I would want to separate them from each other. For the latter, levelFrom=user would seem a better fit, as it offers a way to prevent the personal apps from reading/writing files created by the business apps, although you still need to do a lot of work at the middleware layer too. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
