On Fri, Aug 23, 2013 at 1:40 PM, Stephen Smalley <[email protected]> wrote:
> On 08/23/2013 04:24 PM, William Roberts wrote: > > On Fri, Aug 23, 2013 at 1:19 PM, Stephen Smalley <[email protected]> > wrote: > >> If we go the signed zip route, let's use a whole-file signature (as used > >> by OTA updates) please. Less prone to the recent APK signature > nonsense. > >> > >> If I recall, its just running jarsigner on the apk, correct? > > Per rpcraig, they both are signed using signapk but for OTA updates it > is called with the -w option (whole-file). > > >> Do we need to preserve the existing policy bundle format introduced in > >> 4.3 or is that something we can eliminate in favor of just a signed zip > >> file? > >> > > > > We might not have to rework that interface, but rather the backend > > extraction and wherever the bundle is created. > > The bundle must just be a single object, the zip file. > > I could be wrong, but I don't think the current bundle includes the > signature or version; that is passed separately in the intent. And the > bundle isn't a zip file. So we need to check what if any compatibility > constraints exist for the current UPDATE_SEPOLICY intent interface that > shipped in 4.3. > > >> If I understand correctly, you want to avoid having to take the policy > >> bundle / zip and expanding it out on the filesystem as is presently done > >> by the SELinuxPolicyInstallReceiver. Instead, you want all code that > >> loads policy files to directly open the bundle/zip, validate it, and > >> extract whatever files it needs from within into memory. Is that right? > >> > > > > Yeah something like that. > > > > > >> And if there is one under /data/security, you want to open both, > >> compare their version numbers (stored within the bundle/zip), and then > >> decide which one to use? > >> > > Yes > > Ok, I don't think that is too hard, just a matter of having libselinux > use the appropriate library for accessing zip files and adding the > corresponding logic on that side. > > > My biggest concern is having another library added to init... What do you think will have the smallest, easiest signed format to work with? -- Respectfully, William C Roberts
