Hmmm perhaps seinfo is null. Enable the debug macro in external/libselinux/src/android.c
And post the output. On Aug 8, 2013 11:13 AM, "Daniel Mirsky" <[email protected]> wrote: > Hello, > > We are trying to get seandroid 4.0.4 working on some custom hardware based > on the OMAP3EVM. Unfortunately, we do not have the latest Android builds > working on this hardware, so we have to use 4.0.4. > > I have gotten SELinux and SEAndroid running, but am having trouble with > app labeling. I have tried signing with a custom key (and adding the > necessary changes to mac_permissions, keys.conf, seapp_context, and app.te) > as well as signing with the platform key provided in > build/target/product/security. I have verified the signature from the > generated mac_permissions.xml matches the signature of my app (logged with > PackageManager from within the app), but it is still listed as > untrusted_app in ps. > > I also tried editing mac_permissions.xml so the default entry is given an > seinfo label of "default": > <!-- All other keys --> > <default> > <seinfo value="default" /> > </default> > > and then edited seapp_contexts to check for seinfo="default" for > untrusted_app. > user=_app seinfo=default domain=untrusted_app type=app_data_file > levelFrom=app > This resulted in all apps being started in the kernel domain. > > It looks like the seinfo value is not being set. Is there a way to check > the seinfo value from adb? > Is there a step I am missing? Where should I look to solve this issue? > > Thanks, > Dan > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. >
