On Wed, Jul 11, 2012 at 1:22 PM, Haiqing Jiang <hqjiang1988@xxxxxxxxx> wrote:
Hi, all,According to the "Precedence Rules" of seapp contexts, the order of all the policies should follow:# (1) isSystemServer=true before isSystemServer=false.# (2) Specified user= string before unspecified user= string.# (3) Fixed user= string before user= prefix (i.e. ending in *).# (4) Longer user= prefix before shorter user= prefix.# (5) Specified seinfo= string before unspecified seinfo= string.# (6) Specified name= string before unspecified name= string.So, I don't think the current order is correct.isSystemServer=true domain=systemuser=system domain=system_app type=system_data_fileuser=nfc domain=nfc type=nfc_data_fileuser=radio domain=radio type=radio_data_fileuser=app_* domain=untrusted_app type=app_data_file levelFromUid=trueuser=app_* seinfo=platform domain=platform_app levelFromUid=trueuser=app_* seinfo=shared domain=shared_app levelFromUid=trueuser=app_* seinfo=media domain=media_app levelFromUid=trueuser=app_* seinfo=release domain=release_app levelFromUid=trueuser=app_* seinfo=release name=com.android.browser domain=browser_app levelFromUid=trueFor example, "user=app_* domain=untrusted_app type=app_data_file levelFromUid=true" shouldbe the last one. And "user=app_* seinfo=release domain=release_app levelFromUid=true" shouldfollow behind "user=app_* seinfo=release name=com.android.browser domain=browser_app levelFromUid=true".Could you help me to clarify that???? Thanks a lot.
--
-----------------------------------Haiqing Jiang, PH.D studentComputer Science Department, North Carolina State University
Respectfully,
William C Roberts
