Hi,
I am using Android 4.4.4.
I have written a policy which prevents any app which belongs to untrusted_t
domain from accessing a database. The database belongs to another
user app (com.example.contentprovideruser) which has been assigned a specific
domain i.e., "hm_phonebookaccess_app" and the database (which belongs to domain
"hm_phonebookaccess_app")
a specific type i.e, "hm_phonebookaccess_data_file".
I then added the following line in file
$MYDROID/external/sepolicy/seapp_contexts :-
user=_app domain=hm_phonebookaccess_app name=com.example.contentprovideruser
type=hm_phonebookaccess_data_file
I have also added my policy file as part of BoardConfig.mk as follows:-
BOARD_SEPOLICY_DIRS := device/ti/jacinto6evm/sepolicy
BOARD_SEPOLICY_UNION := \
healthd.te \
file.te \
phonebookaccess.te <--- My Policy file
With the above changes, I am able to prevent any process which belongs to
untrusted_app from accessing the database which belongs to
com.example.contentprovideruser. For this ofcourse, I had to remove "permissive
untrusted_app" from untrustedapp_te.
Now there is a requirement that "com.example.contentprovideruser" is to be made
as a platform app.
I have two questions here:-
a) Can some one please tell me how do I set the domain of
"com.example.contentprovideruser" which is now a platform app as
"hm_phonebookaccess_app" and
the database (which belongs to "com.example.contentprovideruser") as
"hm_phonebookaccess_data_file"?
In otherwords, which files do I have to update to make my policy
(phonebookaccess.te) applicable for a platform app.
b) If there is another platform app, say X, which shares the same UI as
"com.example.contentprovideruser" but belongs to a different domain say the
default domain for platform apps, (assumption here is that I have successfully
modified the domain and database that belongs to
"com.example.contentprovideruser" to "hm_phonebookaccess_app" and
"hm_phonebookaccess_data_file" respectively) would platform app X, be able to
do a raw binary access of the database which belongs to
"com.example.contentprovideruser".
Thanks and Regards,
Souvik
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
