On Thu, 2012-07-19 at 14:49 -0700, Haiqing Jiang wrote: > From: hqjiang <hqjiang1988@xxxxxxxxx> > > --- > seapp_contexts | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/seapp_contexts b/seapp_contexts > index 502206a..1e98f91 100644 > --- a/seapp_contexts > +++ b/seapp_contexts > @@ -38,3 +38,4 @@ user=app_* seinfo=shared domain=shared_app levelFromUid=true > user=app_* seinfo=media domain=media_app levelFromUid=true > user=app_* seinfo=release domain=release_app levelFromUid=true > user=app_* seinfo=release name=com.android.browser domain=browser_app levelFromUid=true > +user=app_* name=android.process.media domain=media_app levelFromUid=true Wouldn't this allow an arbitrary third party app to run in media_app, just by using android.process.media as its package name? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
