Commits
Robert Craig authored and Nick Kralevich committed 83b54ecab73
Allow different SELinux policies for third party apps. Prior support forced all third party apps to be resolved against the default stanza of the mac_permissions.xml file when assigning seinfo labels. This meant that all third party apps, in effect, were untrusted regardless of cert and therefore received the same selinux domain. This also had the unfortunate side effect of forcing certain third party apps into the wrong domains because of shared userid requests among apps. This patch removes that restriction and instead allows all apps, regardless of location, to be matched against the full mac_permissions.xml policy file. This then allows all apps signed with known good certs to receive the same selinux domains of other apps with whom they share trust. Change-Id: Iba569c046135c0e81140faf6296c5da26a243037 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>