On Sat, Feb 21, 2015 at 5:30 PM, William Roberts <[email protected]> wrote:
> > > On Sat, Feb 21, 2015 at 5:19 PM, William Roberts <[email protected] > > wrote: > >> I am intentionally asking these off mailing list as I am working rogue >> for a few days not to tip someone off, hope this doesn't bother you. >> > > Their was initially one question I meant to ask off list, but I removed it > from the list as I answered this question and failed to update the > the opening sentence. Sorry for any confusion. > > >> >> 1. why is /system/bin/install-recovery.sh using an explicit seclabel in >> service as well as a type transition rule? I see others doing this as well. >> >> Whats the current state of CTS for SELinux, Is it still the: >> 1. runtime domain checks >> 2. all domans enforcing check >> 3. No booleans check >> 4. neverallow tests >> >> is it all contained in these files or is something else I am missing: >> ./hostsidetests/security/src/android/cts/security/SELinuxHostTest.java >> ./tests/tests/security/src/android/security/cts/SELinuxTest.java >> ./tests/tests/security/jni/android_security_cts_SELinuxTest.cpp >> ./tools/selinux >> ./tools/selinux/SELinuxNeverallowTestGen.py >> ./tools/selinux/SELinuxNeverallowTestFrame.py >> >> >> Also I see that their is still a test on init_shell domain, this could likely go. We should also make sure that CTS test process domain is untrusted hopefully catching any cases where 3rd party app domain has been mucked with. 1. /* 2. * Nothing should be running in this domain, cardinality test is all thats 3. * needed 4. */ 5. public void testInitShellDomain() throws DeviceNotAvailableException { 6. assertDomainEmpty("u:r:init_shell:s0"); 7. } > > > -- > Respectfully, > > William C Roberts > > -- Respectfully, William C Roberts
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
