Since underlying files are same between userdata and dm-<n>, there is no need to modify policies for files in userdata partition, right ?
On Tue, Oct 6, 2015 at 1:52 PM, Stephen Smalley <[email protected]> wrote: > On 10/06/2015 03:49 PM, Dinesh Garg wrote: > > Does anyone know how SEPolicies work for mapped devices? > > > > Android encrypts userdata partition using dm-crypt. Original SEPolicies > would be written for userdata partition but when device is encrypted, block > device would change from userdata to /dev/block/dm-<number> where number > is variable. I wonder how SEPolicies would work when device gets encrypted ? > > Presently, all /dev/block/dm-<n> devices are labeled with dm_device, which > is only accessible > under AOSP policy by init, ueventd, fsck, blkid (read-only), and vold. > > vold could probably take the label of the underlying device and compute a > derived label > to assign to the mapped one if you needed to distinguish them from one > another. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
