On Aug 29, 2015 9:17 AM, "Tal Palant" <[email protected]> wrote: > > Hi, > > I have a question regrading the usage of SEAndroid on the binder class. > > can it be used to control which applications access other applications components?
Yes and no. It controls access at the the process level. If N components run in a process than you grant at N components. > > does all ipc Android communication is done using binder? are there other ways? Unix domain socket is prevalent .. See installd or property service as an example. Also, intents and broadcasts count as ipc that built on top of binder. Think of binder as an ipc primitive. > > does the communication done not directly like using the system or something? Binder is direct between processes. Intents and broadcasts are middle manned by system server. > > in this case the rules on the binder can't prevent communication between applications components? If you name components you can use mac_permissions.xml and seapp_contexts to isolate xomponents. Iirc. I don't do a whole lot this high up in the stack. > > Thanks. > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
