| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 1 | ################################################# |
| 2 | # MLS policy constraints |
| 3 | # |
| 4 | |
| Alan Stokes | 7bde36e | 2022-03-09 16:41:06 +0000 | [diff] [blame^] | 5 | # We aren't using MLS in Microdroid. But the policy grammar requires |
| 6 | # at least one MLS declaration, and checkpolicy enforces this. We |
| 7 | # don't want to disable MLS, since we share some file labels with the |
| 8 | # host (e.g. files in APEXes) which does have MLS. So we include this |
| 9 | # fairly harmless constraint. |
| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 10 | |
| Alan Stokes | 7bde36e | 2022-03-09 16:41:06 +0000 | [diff] [blame^] | 11 | # Process transition: Require equivalence. |
| 12 | mlsconstrain process { transition dyntransition } (h1 eq h2 and l1 eq l2); |