Imagine creating a type for every application that any developer has or could create... were talking a very large, clunky, brittle and unmaintainable policy. Android makes the distinction between apps based on package name and key, and in general SE 4 Android (SELinux) controls work well for bucketing this types fo things. Their is nothing preventing someone from making a very locked down and minimized device, but in general, for acceptance into Android this would not work.
As an OEM, you pretty much care about things you control and sign vs everyone else... so you end up with the 3 keys and untrusted app, with system vs platform around to take care of the uid based access controls. System represents a very privileged process on android. Bill On Wed, Oct 16, 2013 at 5:27 PM, Ruowen Wang <[email protected]> wrote: > Thanks for the clarification. Looks like I was wrong when I thought the > email app is signed by platform key. I actually don't want to use my own > key to sign the app, just leave it using the release/testkey key. > > I have tried again using the seinfo=release with my specific domain for > email app: > > user=_app name=com.android.email seinfo=release domain=email_app > type=email_app_data_file > > Now the email app in my nexus 7 is assigned using my domain, instead of > the general release_app domain. > > BTW, I am just curious why not provide fine-grained domain for each app. > Are the current platform_app, release_app domains too coarse-grained? > > Thank you very much! Have a nice day! > ---- > Looking forward to your reply > > Best Regards! > Sincerely yours, > > *Ruowen Wang* > **Graduate Student > Department of Computer Science > North Carolina State University > E-mail: [email protected] > > > > On Wed, Oct 16, 2013 at 3:49 PM, William Roberts <[email protected] > > wrote: > >> Also, if your signing it with your own key, you need to >> either extract the pem file (public key) from the app and set that up in >> keys.conf. >> >> Their is a decent readme in external/sepolicy/README >> >> The relevant files are: >> keys.conf : maps a pem file to an arbitrary tag in mac_permissions.xml >> (look for signature=@RELEASE). All this does is at build time jam the >> public key into that spot >> mac_pemrissions.xml : maps a signing key to an seinfo string >> seapp_contexts : maps a set of inputs (one of them being seinfo) into the >> runtime domain and app installation directory types... >> >> It can be a bit confusing traversing this in the beginning. >> >> Bill >> >> >> >> >> >> >> >> On Wed, Oct 16, 2013 at 5:40 AM, rpcraig <[email protected]> wrote: >> >>> On 10/16/2013 08:09 AM, rpcraig wrote: >>> >>> On 10/15/2013 11:11 PM, Ruowen Wang wrote: >>> >>> Hi SEAndroid, >>> >>> I am trying to see if it is possible to assign specific app using >>> specific domain name in seapp_context. For example, >>> >>> user=_app name=com.android.email seinfo=platform domain=email_app >>> type=email_app_data_file >>> >>> I want to assign the email app using email_app domain, but still using >>> platform key and seinfo=platform. Is this possible? I tried a little bit. >>> But it didn't work. If I want to make it work, do I need to modify some >>> code in selinux_android_setcontext? >>> >>> Thanks a lot, >>> Ruowen >>> >>> >>> If your using the AOSP email app then I believe that is signed with the >>> release/testkey key which would make the seinfo = release. Check out >>> external/sepolicy/mac_permissions.xml for clarification. >>> >>> >>> I would also make sure that the app is being installed with the correct >>> seinfo label on install. logcat should help with this. You did mention you >>> are signing with a different key so your output should look slightly >>> different then the following. >>> >>> >>> > adb lolcat | grep seinfo | grep email >>> I/SELinuxMMAC( 391): package (com.android.email) installed with >>> seinfo=release >>> >> >> >> >> -- >> Respectfully, >> >> William C Roberts >> >> > -- Respectfully, William C Roberts
