On 10/13/2014 02:34 AM, Pankaj Kushwaha wrote: > Hi, > > I was reading CCD requirements published at - > http://static.googleusercontent.com/media/source.android.com/en/us/compatibility/android-cdd.pdf > > Under 9.7. Kernel Security Features there is a line which I was confused > about. > It says "Device MUST support dynamic updates of the SELinux policy file > without requiring a system image update" > > I am confused that how will I update SEPolicy without FOTA upgrade. > If I update policy buy pushing it at /data/security/current/ then will it > be in compliance with the document above ?
I can't speak to compliance to the CDD (I guess that's a question for android-compatibility), but for what it is worth, I believe that you are correct, and that further you can leverage the existing SELinuxPolicyInstallReceiver in AOSP to support pushing policies to /data/security/current rather than rolling your own mechanism. We have some notes on that mechanism at: http://seandroid.bitbucket.org/PolicyUpdates.html However, Android 4.4.3 removed support for using the /data/security/current policy due to some problems with the implementation. Those problems were resolved by a series of changes in AOSP master but I have not seen them show up in any 4.4 release. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
