On 08/12/2013 10:22 AM, William Roberts wrote: > Since we are building outside of an OEMs tree, I would imagine you're not > using their private key to sign your applications that should be platform, > etc (Except for the NSA ;-) ). I would imagine that everyone here made an > additional entry in seapp_contexts and mac_perms.xml? However, IMO if I'm > not the one holding the key it should go into untrusted_app. I can't > remember if when I was at Samsung if we resigned the APK's or not, I am > pretty sure we did not. > > As far as permissions go, its non-system uid which means its capability set > is NULL, so at most it can/would use hidden APIs, etc. And if the keys > aren't matching, it should get through signature based Android permission > checks, so whats the real reasoning behind either platform or release > domain?
As I recall, they do require some kernel-level permissions that we do not grant to untrusted_app in our policy. And they likely expect to share files and communicate freely without the MLS restrictions. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
