Coding style: space between if and (.
Implementation: Look at how we implemented prefix match support for username / cur->user.
Note that you need to take whether it is a prefix or exact match into consideration in the seapp_context_cmp function to ensure that exact matches always win.
Design: Matching on package name in seapp_contexts predated our mac_permissions.xml support. The mac_permissions.xml support is superior in that you can nest the package name entry within a signature entry and thereby ensure that it was signed by a particular certificate (as opposed to some random third party app with that name). Also we don't always get the same granularity for the seapp_contexts name; the process name that gets passed down is identical for content providers that share the same process. So I'm wondering whether we truly want to extend this feature in seapp_contexts rather than doing it at the mac_permissions.xml level.
Well this patch is obviously not in the MMAC Parser. I looked at that briefly and saw you using the pkgname as a key to the install policy and that registered to me as more of an architectural change vs a fairly trivial change in libselinux. I wont have the bandwidth to support that feature for at least another month, as this works now and I am a lot faster in C.
LGTM. However, we no longer have external/libselinux in our master local_manifest.xml file as we were synced up with AOSP in 4.3.
If we were to restore it, we'd keep using the seandroid branch there for local changes; master tracks AOSP master these days.