kgal
commented
10 years ago Copied from Android. Removed SELinux for most other AAs too.
Closed jeffblank closed 10 years ago
kgal
commented
10 years ago Copied from Android. Removed SELinux for most other AAs too.
This was meant to be about file permissions, not SELinux contexts: "The application must be configured by default to have file permissions which protect it from unprivileged processes."
Please add regular file permissions wording; it could be as simple as searching for world-writable files or sensitive world-readable files etc. We should chat about our expectations for SELinux policy, too (+Steve G).