Hi Celadon team,
When trying to use CIC, I noticed that there are 2 flavours. "cic" and
"cic_dev". CIC is recommended to be used if we need SELinux functionality. Is
the expectation that SELinux would work in the exact same way INSIDE the container as it
would on a normal Android device like a smartphone?
I tried going through the labels of various processes inside the Android container. The
labels were all "unconfined_t" for processes, which is not expected per
Android's policies. So I was wondering if SELinux actually functioned fully inside the
container.
Are the additional SELinux policies written just to ensure the Android CTS tests pass and
not for actual SELinux functionality inside the container?
Thanks.
Kartik
Show replies by date