On 03/11/2013 01:17 PM, Stephen Smalley wrote:
On 03/11/2013 12:49 PM, Richard Haines wrote:
I've been using setool to generate entries for the mac_permissions file
and come across a minor problem when using "setool --policy ..." with
4.2.2.
I generate an entry as Example 1 and add it to mac_permissions.xml.
I then run setool --policy as Example 2, but it states the app would
be rejected.
However I installed the updated mac_permissions.xml file and run Android
with MMAC enforcing - The app works correctly (if I remove a permission
the app fails to load - which is also correct).
Does setool --policy just check the <default> entries, or am I missing
something ??
Try using the generated mac_permissions.xml file instead, i.e.
setool --policy
out/target/product/<device>/system/etc/security/mac_permissions.xml ...
The source mac_permissions.xml file no longer contains the full
signature string but only a symbolic tag that is expanded during build
based on external/sepolicy/keys.conf.
It seems there was also a bug in setool. Try running repo sync and
rebuilding.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
