thanks.. On Tue, Oct 14, 2014 at 8:11 PM, Stephen Smalley <[email protected]> wrote:
> On 10/13/2014 02:34 AM, Pankaj Kushwaha wrote: > > Hi, > > > > I was reading CCD requirements published at - > > > http://static.googleusercontent.com/media/source.android.com/en/us/compatibility/android-cdd.pdf > > > > Under 9.7. Kernel Security Features there is a line which I was confused > > about. > > It says "Device MUST support dynamic updates of the SELinux policy file > > without requiring a system image update" > > > > I am confused that how will I update SEPolicy without FOTA upgrade. > > If I update policy buy pushing it at /data/security/current/ then will it > > be in compliance with the document above ? > > I can't speak to compliance to the CDD (I guess that's a question for > android-compatibility), but for what it is worth, I believe that you are > correct, and that further you can leverage the existing > SELinuxPolicyInstallReceiver in AOSP to support pushing policies to > /data/security/current rather than rolling your own mechanism. We have > some notes on that mechanism at: > http://seandroid.bitbucket.org/PolicyUpdates.html > > However, Android 4.4.3 removed support for using the > /data/security/current policy due to some problems with the > implementation. Those problems were resolved by a series of changes in > AOSP master but I have not seen them show up in any 4.4 release. > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
