On 04/18/2013 12:35 PM, Tai Nguyen (tainguye) wrote:
We build our SEAndroid user load and it doesn't map platform_app correctly. Only system_apps are mapped – all platform/shared/release apps are mapped to untrust_app. Where does seandroid look for these app signature to do the mapping?
They are matched based on mac_permissions.xml. The signature values in the external/sepolicy/mac_permissions.xml source file are replaced in the out/target/product/<device>/system/etc/security/mac_permissions.xml file with the certificates extracted from the .x509.pem files identified in the external/sepolicy/keys.conf configuration. So you would edit keys.conf to refer to the files containing your certificates and regenerate the mac_permissions.xml file.
I think it would be helpful to modify sign_target_files_apks to automatically rewrite the mac_permissions.xml configuration as well with the specified keys.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
