Hi Pankaj, What you are doing seems fine to me, it seems to meet your needs. We modify UserInfo and other code because our use case is more complicated than yours. You are essentially hard coding which domain apps belong in based on user id, whereas we need to be able to set this from a server and make it persistent on the phone. For your case, what you are doing is fine.
Cheers, Chris. On Thu, Aug 14, 2014 at 5:25 AM, Pankaj Kushwaha < [email protected]> wrote: > Hi Chris, > > I created a new domain untrusted_app_owner.te and wrote some rules in it, > and other one i.e. untrusted_app.te is same as it is. > I made seinfo changes in ActivityManagerService, so that when app is > started it checks whether user is 0 or any secondary user. > > If seinfo is 'default' and user is 0 it passes seinfo as 'default_owner' > else it passes 'default'. Now in seapp_context I have written code such > that if we get seinfo as 'deafult_owner' we give that a label > 'untrusted_app_owner'. > > Now in this way if a run a app, say Google chrome in owner it gets > labelled as 'untrusted_app_owner' and if I run same app in any other user > it gets labelled as 'untrusted_app' and hence follows rule as written in > untrusted_app_owner.te and untrusted_app. > > I have almost done what I was willing to do. > Now my question is, Is this approach fine ?? > Also I wanted to know that what was the reason to modify code in UserInfo, > UserManager ,DevicePolicyManager and user xml files ? > > I got this when i grepped all running processes with 'chrome' - > u:r:untrusted_app:s0 u10_a31 6484 6400 com.android.chrome > u:r:untrusted_app_owner:s0 u0_a31 8580 127 com.android.chrome > > Thanks > Pankaj Kushwaha > > > > > > On Thu, Aug 14, 2014 at 11:21 AM, Pankaj Kushwaha < > [email protected]> wrote: > >> Yes Nguyen, this is exactly what I want to do, so that I can create >> different policies for owner and secondary users. >> >> Thanks Stephen, I will try to use boolean as you mentioned in end of your >> mail. I pulled google's master branch somewhere around Januray and then >> started modified policies on my own, that might be the reason that >> applications are crashing when i changed levefrom tag to 'user' from >> 'none'. Anyways that is not working so I have again modified and using >> levelfrom=none in my seapp_context. >> Will try to write isOwner to differentiate between owner and secondary >> users and hence write different policies. >> >> Thanks Chris, this is exactly what I want (you sort of read my mind). If >> the booleans, as suggested by Stephen doesn't fulfill my requirements I >> will try the changes as suggested by you. Though it requires a lot of >> changes, but I will try to do them. Will be really thankful to you if you >> can post the pull request as you mentioned above. In the mean time I will >> follow your guidance to achieve my goal. >> >> Thanks >> Pankaj Kushwaha >> >> >> >> >> On Wed, Aug 13, 2014 at 9:53 PM, Chris Stone < >> [email protected]> wrote: >> >>> Hi Pankaj, >>> >>> At Graphite Software we have done what you are trying to do. I will just >>> give you some background on what we are doing because it helps to define >>> the use case. Our Secure Spaces product uses Android's multi user >>> capabilities to create multiple spaces on phones. For instance, you can >>> have a personal space, a work space, or a mobile banking space. Each of >>> these spaces has different security needs. We have the ability to set >>> different SELinux policies for each space to meet those needs. For >>> instance, one may want apps in their work space or mobile banking space to >>> run in a much stricter SELinux policy than their personal space. >>> >>> We did this by changing frameworks/base classes. We add a field to the >>> UserInfo class which contains an seinfo value for that user. Then we modify >>> ActivityManagerService to use the seinfo value from the UserInfo class when >>> it launches an app. There is also a bunch of other changes to things like >>> DevicePolicyManager and UserManager to make the seinfo value persistent in >>> the user xml files. Of course, we also add domains to the SELinux policy >>> which defines the allows, and link those domains to the seinfo value via >>> seapp_contexts. >>> >>> In our case, the seinfo value is set from policy which is downloaded >>> from our management server when the space is created, although we also have >>> a test app that runs on the phone to set policy for the different spaces on >>> the phone. >>> >>> My intent here is just to give you an idea of how you could achieve what >>> you are trying to do. One way is to modify the appropriate classes in >>> frameworks base, which is what we have done. If there is enough interest I >>> could post a pull request with our changes to the SEAndroid bitbucket repo. >>> However, I could not do this quickly due to delivery deadlines that are >>> keeping me pretty busy, and because I would have to modify our solution to >>> make it more generic, i.e., not dependent on our management server. >>> >>> Cheers, >>> Chris Stone. >>> >>> >>> On Tue, Aug 12, 2014 at 11:11 PM, Pankaj Kushwaha < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I was thinking two make two different sepolicies for two users present >>>> on same tablet. >>>> Is it possible somehow ?? >>>> >>>> I started it with creating different policies for untrusted_app first. >>>> For this I thought of passing different seinfo for owner and secondary >>>> user and on based of different seinfo like default and default_owner I will >>>> write rules in seapp_context to give these applications different labels >>>> like untrusted_app and untrusted_app_owner, and then write rules for this. >>>> But when I tried this actually, i came to know that in >>>> PackageManagerService.java installation of app happens only once, whether I >>>> am in primary user or secondary user. So wasn't able to change label at >>>> time of installation. >>>> >>>> Then I thought of changing levelfrom tag in seapp_context, replaced >>>> levelfrom=none to levelfrom=user, that added sensitivity and cgroup to the >>>> label. It made all apps to crash at boot itself. >>>> >>>> I observed that user for same application across different users is >>>> u0_a27 and u10_a27, u0_a65 and u10_a65 and so on. >>>> >>>> Can anyone please help me in achieving this ? >>>> Is there any way to write rules on cgroup basis or user basis ? >>>> >>>> Thanks >>>> Pankaj Kushwaha >>>> >>>> _______________________________________________ >>>> Seandroid-list mailing list >>>> [email protected] >>>> To unsubscribe, send email to [email protected]. >>>> To get help, send an email containing "help" to >>>> [email protected]. >>>> >>> >>> >> >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
