GPS wrote:
Hi Stephen, Thanks for taking time to reply.
2. If you need to assign a specific domain to a system app, you can use
seapp_contexts for that purpose.
This is precisely what I need help with. I would like to keep a system apk,
instead of a daemon. I have written an apk that implements my service, its
own aidl etc.
This service is meant to be called from apps, which might come from
play-store etc (i.e. will be untrusted/third party, but might consider
signature security etc). Ideally I would like the service to be started or
bound from these apps, but, if required, I can also start the service from
BOOT_COMPLETED intent if it helps.
Can you please guide me on what to modify in seapp_contexts file? I do not
fully understand this file. In AOSP, following are the contents of file
externals/sepolicy/seapp_contexts:
....
isSystemServer=true domain=system_server
user=system domain=system_app type=system_app_data_file
user=bluetooth domain=bluetooth type=bluetooth_data_file
user=nfc domain=nfc type=nfc_data_file
...
What does it represent? Do all apps started by "system" user get
"system_app" context? How to ensure that a specific *user* owns the process
of the service I am interested in? Or is it the other way around?
system_app is a domain, as defined in the SELinux policy. Per the
seapp_contexts above all apps that run as the system UID will get the
system_app context. An app is run as the system UID if the
AndroidManifest.xml has android:sharedUserId="android.uid.system".
If your app will not run as the system UID (and it should not, unless
there is a good reason) then the way to run it in a different context is
to either add the signature to mac_permissions.xml (see the setool
program in AOSP) and to give it a unique seinfo, and then use the seinfo
in your seapp_contexts like:
user=_app seinfo=YOUR_SEINFO domain=YOUR_app type=app_data_file
levelFrom=user
However, if it is signed with the platform signing key then you'd need
to use name=, like:
user=_app seinfo=platform name=YOUR_PACKAGE_NAME domain=YOUR_app
type=YOUR_app_data_file levelFrom=user
Does that make sense?
Thanks
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-security-discuss+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
