On 09/22/2015 06:01 AM, Inamdar Sharif wrote: > Hi Guys, > > > > How do I restrict the access of a particular dev/ node to only a > particular system app , other system app should not be able to access it?? > > > > For example, > > If I have node dev/abc , system apps as A, B, C. > > So I want system app A should only be able to access dev/abc > > > > System app B and C should not be able to access that node. > > > > So how do I prevent this scenario using SELinux??
You assign a specific type to the device node (i.e. define a type for it in your device/nvidia/<board>/sepolicy/device.te file, assign it to the /dev node in your file_contexts file) and assign a specific domain to the system app that is allowed access (i.e. define a new domain for the authorized app, assign a specific seinfo value based on signer and package in your mac_permissions.xml file, assign a specific domain and type based on seinfo in your seapp_contexts file). Then you can further add a neverallow rule to ensure that no other domains can ever access the device node. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
