Ok. Thanks a lot for your explanation. It is clear now. -----Original Message----- From: Stephen Smalley [mailto:[email protected]] Sent: Friday, April 03, 2015 7:16 PM To: Datta, Souvik; [email protected] Subject: Re: Preventing untrusted_app domain from accessing database
On 04/03/2015 09:33 AM, Datta, Souvik wrote: > In the beginning my aim was to prevent the untrusted_app domain from > accessing the database through content provider. But from the reply from > William Roberts, I realized that that would be possible only through Android > Manifest file permission. > > But if I want to prevent a rogue downloadable app (untrusted_app > domain) from accessing the database fifle directly, would it be > possible to prevent this direct access by using security context in > Android 4.4.4 (with setenforce as 1) Yes. If untrusted_app is enforcing (i.e. not permissive), and the app is truly running in untrusted_app, and the database file is truly labeled with your new type, and no allow rule in the policy allows untrusted_app to access your new type (either directly or via any attribute associated with the type), then the app should not be able to directly access the file, irrespective of its file mode. If you see a different behavior, we'd need confirmation of the above facts, e.g. ps -Z output line showing that the app in question is truly in untrusted_app, ls -Z output line showing that the file in question is truly labeled with your new type, a copy of your /sepolicy file (make sure it is the same on the device as the one you built, i.e. that you reflashed the boot image after building and rebooted), and exactly how you are testing it. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
