Allow non-matched apps to launch when no match found Allows the zygote to still spawn apps in the zygote's context when no match is found in seapp_contexts. In enforcing mode, apps that are not matched will not be spawned. A "No match" message will (still) be printed to logcat. Change-Id: Ibe362cc8e168be7acae5162c9ff6a310233fcbe6

commit: 09f69843a9991d35888b35f0bfa8de0b11a824b2 [log] [tgz]
author: William Roberts <bill.c.roberts@gmail.com> Fri Jul 27 15:16:43 2012 -0700
committer: Stephen Smalley <sds@tycho.nsa.gov> Mon Jul 30 08:28:19 2012 -0400
tree: ee1948f019e7d1bb054f5399144d0c108547da87
parent: 1b36ad00bfbea16ad4456a9fd715e594d57f2fd6 [diff] [blame]
diff --git a/src/android.c b/src/android.c
index 9120379..d159961 100644
--- a/src/android.c
+++ b/src/android.c

@@ -525,7 +525,8 @@
 		selinux_log(SELINUX_ERROR,
 			    "%s:  No match for app with uid %d, seinfo %s, name %s\n",
 			    __FUNCTION__, uid, seinfo, pkgname);
-		rc = -1;
+
+		rc = (security_getenforce() == 0) ? 0 : -1;
 		goto out;
 	}
commit	09f69843a9991d35888b35f0bfa8de0b11a824b2	[log] [tgz]
author	William Roberts <bill.c.roberts@gmail.com>	Fri Jul 27 15:16:43 2012 -0700
committer	Stephen Smalley <sds@tycho.nsa.gov>	Mon Jul 30 08:28:19 2012 -0400
tree	ee1948f019e7d1bb054f5399144d0c108547da87
parent	1b36ad00bfbea16ad4456a9fd715e594d57f2fd6 [diff] [blame]