From 92dfa31f7800ff9184e8525dfd471211c90b9d31 Mon Sep 17 00:00:00 2001
From: William Roberts <bill.c.roberts@gmail.com>
Date: Mon, 29 Sep 2014 10:29:48 -0700
Subject: [PATCH] seinfo for platform based domains should be stated
 explicitly.

The current policy would allow any application that were to
"magically" get a sensitive UID into the coresponding
sensitive domain. Rather then only using UID as an input
selector, require seinfo=platform.

Change-Id: I8a7490ed55bdcd3e4a116aece2c3522b384024ec
---
 seapp_contexts | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/seapp_contexts b/seapp_contexts
index 2b8aec072..f92d11835 100644
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -41,12 +41,12 @@
 # level may be used to specify a fixed level for any UID.
 #
 isSystemServer=true domain=system_server
-user=system domain=system_app type=system_app_data_file
-user=bluetooth domain=bluetooth type=bluetooth_data_file
-user=nfc domain=nfc type=nfc_data_file
-user=radio domain=radio type=radio_data_file
-user=shared_relro domain=shared_relro
-user=shell domain=shell type=shell_data_file
+user=system seinfo=platform domain=system_app type=system_app_data_file
+user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=nfc seinfo=platform domain=nfc type=nfc_data_file
+user=radio seinfo=platform domain=radio type=radio_data_file
+user=shared_relro seinfo=platform domain=shared_relro
+user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user
-- 
GitLab