On 02/09/2015 06:30 AM, 하현민 wrote: > I want to change isolated_app to use my custom attribute, not domain.te. > > So I changed "type isolated_app, domain" to "type isolated-app, > custom_attribute". > > For test, I made custom_attribute same with domain.te. > > But, when I bind or start isolatedProcess service, > security_check_context in android_security_setcontext returns -1 and > service die. (tested in emulator and Android 4.4.4_r2) > > All domains must use domain attribute? > > Or should I declare attribute somewhere besides > external/sepolicy/attributes?
You really shouldn't omit the domain attribute from any type used for a process, as other parts of the policy rely on the fact that all process types can be referenced via the domain attribute. Instead, if you wish to remove some permission allowed by domain.te from isolated_app, then remove it from domain.te and add it to all domains other than isolated_app (or better, only to those domains for which it is truly needed). _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
