Arguably, we don't need a ScopedMinijail for a program that only execs,
but I'd rather keep the code consistent and have all uses of Minijail
be good examples.
Bug: 30156807
Change-Id: I08a968835e0f3e2afcd5e7736626edbed658cde2
We already have to have a Java and a native implementation; we don't
need _two_ native implementations.
Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136
Before invoking the specified command or a shell, set the
SELinux security context.
Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.
This relies on the /data/system/packages.list file generated by the
PackageManager service.
BEWARE: This is intended to be available on production devices !
