Hi everyone, I wrote a small policy analysis tool for my bachelor thesis. Using this tool, I found the following rule in the policy for Android 7.1:
allow runas radio : process dyntransition I figured out that the radio type is assigned to com.android.phone. However, executing # run-as com.android.phone id yields the following error: run-as: Package 'com.android.phone' is not an application . This is due to the fact that run-as rejects system packages (see here [1]). This means that the selinux_android_setcontext() call here [2], can never be reached, so this rule has no effect. Is there any reason why this allow rule is present in the policy? Thanks in advance! Best, Jonas Cirotzki References: [1] https://android.googlesource.com/platform/system/core.git/+/android-7.1.2_r36/run-as/run-as.c#165 [2] https://android.googlesource.com/platform/system/core.git/+/android-7.1.2_r36/run-as/run-as.c#194
