On 08/26/2014 11:01 AM, Tai Nguyen (tainguye) wrote: > > > On 8/26/14, 10:54 AM, "Stephen Smalley" <[email protected]> wrote: > >> On 08/26/2014 10:03 AM, Tai Nguyen (tainguye) wrote: >>> All, >>> >>> We are upgrading from JB to KK and noticed that shared_app, media_app, >>> released_app are no longer supported in KK. >>> I wonder why we dropped those domain and how do we handle data >>> migration. >> >> We increasingly found that we had to allow the same permissions to >> untrusted_app as to any of those domains, so it wasn't a useful >> distinction. > > Agree that there not much differences, however, if we want to keep them > separate, we still can add those permission in app_domain without much > effort, right?
Yes; you can always revert the coalescing of those domains. But I suspect it would be more useful to assign specific domains to specific apps (by specifying both signer and package name in mac_permissions.xml) rather than just grouping them by signer alone, and only where you truly need to distinguish their OS-level permissions (not their Android permissions). >> >> Are you talking about upgrading from seandroid-4.3 to seandroid-4.4.4 or >> just from android-4.3 to android-4.4.4? >> >> I don't think vanilla 4.4 has the change to the app domains. >> seandroid-4.4.4 does since it includes a backport of changes from AOSP >> master, but it also includes the relabeling support so it should >> automatically relabel /data on upgrade for you if there are any changes >> needed. But note that you only need a relabel for changes to the file >> types assigned to the /data/data directories, not for the domains >> themselves. > > We are upgrading from 4.1.2 to 4.4.4 seandroid-4.4.4 includes the changes to support automatic relabeling of /data and /data/data/<pkgdir> directories upon upgrades, so the labels should be automatically fixed on upgrade without requiring extra work on your part. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
