On 08/14/2014 01:51 AM, Pankaj Kushwaha wrote: > Yes Nguyen, this is exactly what I want to do, so that I can create > different policies for owner and secondary users. > > Thanks Stephen, I will try to use boolean as you mentioned in end of your > mail. I pulled google's master branch somewhere around Januray and then > started modified policies on my own, that might be the reason that > applications are crashing when i changed levefrom tag to 'user' from > 'none'. Anyways that is not working so I have again modified and using > levelfrom=none in my seapp_context. > Will try to write isOwner to differentiate between owner and secondary > users and hence write different policies.
I don't think working from such an old snapshot of AOSP master is going to be overly useful to you, as a) much has changed in policy since that time - over 300 changes to external/sepolicy alone, and b) untrusted_app was still permissive_or_unconfined in AOSP master back in January (went enforcing+confined in May), so your untrusted_app domain will be permissive in -userdebug or -eng builds and unconfined in -user builds. Either update to current AOSP master, or, if you want a stable version as your baseline, use our seandroid-4.4.4 branch with android-4.4.4_r1. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
