Also, if your signing it with your own key, you need to either extract the pem file (public key) from the app and set that up in keys.conf.
Their is a decent readme in external/sepolicy/README The relevant files are: keys.conf : maps a pem file to an arbitrary tag in mac_permissions.xml (look for signature=@RELEASE). All this does is at build time jam the public key into that spot mac_pemrissions.xml : maps a signing key to an seinfo string seapp_contexts : maps a set of inputs (one of them being seinfo) into the runtime domain and app installation directory types... It can be a bit confusing traversing this in the beginning. Bill On Wed, Oct 16, 2013 at 5:40 AM, rpcraig <[email protected]> wrote: > On 10/16/2013 08:09 AM, rpcraig wrote: > > On 10/15/2013 11:11 PM, Ruowen Wang wrote: > > Hi SEAndroid, > > I am trying to see if it is possible to assign specific app using > specific domain name in seapp_context. For example, > > user=_app name=com.android.email seinfo=platform domain=email_app > type=email_app_data_file > > I want to assign the email app using email_app domain, but still using > platform key and seinfo=platform. Is this possible? I tried a little bit. > But it didn't work. If I want to make it work, do I need to modify some > code in selinux_android_setcontext? > > Thanks a lot, > Ruowen > > > If your using the AOSP email app then I believe that is signed with the > release/testkey key which would make the seinfo = release. Check out > external/sepolicy/mac_permissions.xml for clarification. > > > I would also make sure that the app is being installed with the correct > seinfo label on install. logcat should help with this. You did mention you > are signing with a different key so your output should look slightly > different then the following. > > > > adb lolcat | grep seinfo | grep email > I/SELinuxMMAC( 391): package (com.android.email) installed with > seinfo=release > -- Respectfully, William C Roberts
