No, Android 5.0 Lollipop does not enable levelFrom= for apps, and apps only run in a different domain if they have a specific platform UID (e.g. system, radio) or are platform-signed. Otherwise, they all run in untrusted_app and are only isolated from each other via DAC.
Current AOSP master has levelFrom=user enabled in external/sepolicy/seapp_contexts, and thus apps running for different Android users (if multi-user) are further isolated by SELinux. You know that you could find out these kinds of things for yourself just by building and running 5.0 or master on the emulator or a Nexus device and trying it out yourself... On 12/10/2014 01:02 AM, Tal Palant wrote: > i just wanted to know if there is any change regarding this. > > On Sat, Dec 6, 2014 at 7:52 PM, William Roberts > <[email protected] <mailto:[email protected]>> wrote: > > > On Dec 6, 2014 7:54 AM, "Tal Palant" <[email protected] > <mailto:[email protected]>> wrote: > > > > Does it mean that each application can only access her files? as i > recall each application doesn't have a separate domain, is that correct? > > Exactly which line item in the links above is prompting this question? > > Off hand I recall seeing MLS support added in for untrusted and > platform app domains. However I haven't looked at the specifics of > the MLS constraints to find out what is blocked specifically. Also, > I am Not sure if this support is only on master and was merged after L. > > > > > another question is anything changed in the influence that selinux > has on ipc or system permission model? > > > > On Mon, Dec 1, 2014 at 8:03 PM, Stephen Smalley > <[email protected] <mailto:[email protected]>> wrote: > >> > >> Yes, see: > >> https://source.android.com/devices/tech/security/se-linux.html > >> https://source.android.com/devices/tech/security/enhancements50.html > >> > >> On Mon, Dec 1, 2014 at 12:04 PM, Tal Palant <[email protected] > <mailto:[email protected]>> wrote: > >> > is it true that all applications are set for enforcing mode? > >> > > >> > On Mon, Dec 1, 2014 at 6:41 PM, Tal Palant > <[email protected] <mailto:[email protected]>> wrote: > >> >> > >> >> Hi, > >> >> > >> >> does anyone has good summary of what changes were insert into > the official > >> >> version L? > >> > > >> > > >> > > >> > > >> > -- > >> > טל פולו פלנט > >> > כי שם כזה יש רק אחד > >> > > >> > _______________________________________________ > >> > Seandroid-list mailing list > >> > [email protected] <mailto:[email protected]> > >> > To unsubscribe, send email to > [email protected] > <mailto:[email protected]>. > >> > To get help, send an email containing "help" to > >> > [email protected] > <mailto:[email protected]>. > > > > > > > > > > -- > > טל פולו פלנט > > כי שם כזה יש רק אחד > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] <mailto:[email protected]> > > To unsubscribe, send email to [email protected] > <mailto:[email protected]>. > > To get help, send an email containing "help" to > [email protected] > <mailto:[email protected]>. > > > > > -- > טל פולו פלנט > כי שם כזה יש רק אחד > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
