-
Stephen Smalley authoredThe app_* syntax was a legacy of the original approach of looking up the username returned by getpwuid() and the original username encoding scheme by bionic. With the recent changes to move away from this approach, there is no reason to retain that syntax. Instead, just use _app to match app UIDs and _isolated to match isolated service UIDs. The underscore prefix is to signify that these are not real usernames and to avoid conflicts with any system usernames. Requires a corresponding change to libselinux. Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredThe app_* syntax was a legacy of the original approach of looking up the username returned by getpwuid() and the original username encoding scheme by bionic. With the recent changes to move away from this approach, there is no reason to retain that syntax. Instead, just use _app to match app UIDs and _isolated to match isolated service UIDs. The underscore prefix is to signify that these are not real usernames and to avoid conflicts with any system usernames. Requires a corresponding change to libselinux. Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>