Huh? Filesystem are mounted over those block devices. So the file labels are the same. On Oct 7, 2015 1:44 PM, "Dinesh Garg" <dinesh.g...@gmail.com> wrote:
> Since underlying files are same between userdata and dm-<n>, there is no > need to modify policies for files in userdata partition, right ? > > On Tue, Oct 6, 2015 at 1:52 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > >> On 10/06/2015 03:49 PM, Dinesh Garg wrote: >> > Does anyone know how SEPolicies work for mapped devices? >> > >> > Android encrypts userdata partition using dm-crypt. Original SEPolicies >> would be written for userdata partition but when device is encrypted, block >> device would change from userdata to /dev/block/dm-<number> where number >> is variable. I wonder how SEPolicies would work when device gets encrypted ? >> >> Presently, all /dev/block/dm-<n> devices are labeled with dm_device, >> which is only accessible >> under AOSP policy by init, ueventd, fsck, blkid (read-only), and vold. >> >> vold could probably take the label of the underlying device and compute a >> derived label >> to assign to the mapped one if you needed to distinguish them from one >> another. >> > > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
