On 10/28/2014 09:38 AM, Tai Nguyen (tainguye) wrote: > Our app runs and system command line so we have a domain transition rule for > the command line. > domain_auto_trans(my_app, my_sh_exec, my_sh_domain) > > The rule works as expected in JB, however, it doesn’t work in KK. The shell > program runs as my_app domain. > Does KK block certain type of domain transition?
Likely the same issue as in: http://marc.info/?l=seandroid-list&m=141412798527687&w=2 Domain transitions on exec are suppressed by NO_NEW_PRIVS. What's the benefit of transitioning domains here? What do you allow to my_sh_domain that you do not want to allow to my_app or vice versa? _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
