tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "priv_app: use per-app selinux contexts"

Browse source 
There's some fragility in how selinux contexts are assigned
to apps with sharedUserId. As a result, some apps which share
a UID can end up in separate selinux domains. This causes bugs
when part of the app has the levelFrom=all categories set, and
other parts only have levelFrom=user resulting in an mls category
mismatch. Until this is fixed, revert back to using levelFrom=user
for priv_app.

This reverts commit 4e7769e040.
Bug: 188141923
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate

Change-Id: Ic4256f9056f2c218ca94628d0707eb893f83fa5a
This commit is contained in:
Jeff Vander Stoep 2021-06-07 14:04:46 +02:00
parent b8c6055b6f
commit 538e0d6d0e
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/seapp_contexts
View file

@ -158,7 +158,6 @@ user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=31 isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all