I wrote a script that will allow one to override seapp_contexts if you pass your concatenated seapp_contexts file through it. For instance, suppose you have the following declarations in your seapp_contexts user=app_* seinfo=release name=com.android.browser domain=browser_app type=platform_app_data_file user=app_* seinfo=release name=com.android.browser domain=browser_app type=new_thing after running through the tool, such as ./check_seapp -o seapp_contexts seapp_contexts.intermediate seapp_contacts will contain the following lines: user=app_* seinfo=release name=com.android.browser domain=browser_app type=new_thing This is a first, rough draft. Comments on large flaws, or general acceptance are appreciated. We can focus on clean up later. Order matters, the last one with matching input selectors is the one chosen for output. I was struggling under where this should be contained, sepolicy or checkpolicy, and for now, consider the code LGPL'd. I was also debating on whether or not to do this in python, but building for android (http://source.android.com/source/initializing.html) states that python is required. -- Respectfully, William C Roberts
Attachment:
check_seapp.py
Description: Binary data
