On 12/10/2014 12:51 PM, Stephen Smalley wrote: > No, Android 5.0 Lollipop does not enable levelFrom= for apps, and apps > only run in a different domain if they have a specific platform UID > (e.g. system, radio) or are platform-signed. Otherwise, they all run in > untrusted_app and are only isolated from each other via DAC. > > Current AOSP master has levelFrom=user enabled in > external/sepolicy/seapp_contexts, and thus apps running for different > Android users (if multi-user) are further isolated by SELinux.
Also, we have this change back-ported on our seandroid-5.0.1 branch, so you can experiment with it even on a 5.0 build if using our branches. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
