Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
split untrusted_app SELinux domain to make app_data_file execute optional #530
Comments
thestinger
added
Type: enhancement
project
labels
Dec 15, 2016
thestinger
referenced this issue
Dec 15, 2016
Closed
disallow executing app data for the base system and add a property for third party apps #375
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
Dec 19, 2016
Contributor
See https://android-review.googlesource.com/#/c/169950/ for an earlier attempt.
|
See https://android-review.googlesource.com/#/c/169950/ for an earlier attempt. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
Dec 19, 2016
Contributor
This has been implemented for the base system by splitting the domain untrusted_base_app and untrusted_app. It would still be nice to allow third party apps to opt-in to similar hardening but it's very unlikely that it would see much adoption without upstream doing this, so this can be closed for now.
|
This has been implemented for the base system by splitting the domain untrusted_base_app and untrusted_app. It would still be nice to allow third party apps to opt-in to similar hardening but it's very unlikely that it would see much adoption without upstream doing this, so this can be closed for now. |
thestinger commentedDec 15, 2016
It should be possible to entirely remove this for all apps included in the base system. It will need to start out as opt-in for third party apps but it could become opt-out at a new API level if this feature was landed upstream. It needs to be implemented before considering that.