Hi, In Android.mk under sepolicy/external, there is a definition that seems illogical to us:
FORCE_PERMISSIVE_TO_UNCONFINED:=true ifeq ($(TARGET_BUILD_VARIANT),user) # User builds are always forced unconfined+enforcing FORCE_PERMISSIVE_TO_UNCONFINED:=true endif Would it be instead better to have it this way: FORCE_PERMISSIVE_TO_UNCONFINED:=true ifeq ($(TARGET_BUILD_VARIANT),userdebug) # Userdebug builds are not forced to unconfined+enforcing FORCE_PERMISSIVE_TO_UNCONFINED:=false endif It would allow userdebug builds to have permissive domains, which greatly helps if you need to run some special debug/logging utilities and don't want to waste time on creating policies for them. Opinions? Best Regards, Elena.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
