The booleans default to false because a policy based on package names could be circumvented by a malicious app impersonating an app mentioned in the policy that wasn't yet installed.
To enforce this, some of the types in mmac_types.xml require a combination of signature and package name. I suppose for pre-installed platform apps this concern isn't a problem and package names can be used since those apps are always installed and cannot be upgraded. On Fri, Jan 4, 2013 at 10:44 AM, Joman Chu <[email protected]> wrote: > We have a boolean that does this feature at the package installation phase. > > If you set persist.mac_applyNameTypes to true, a type that is the same as > the package name will be added to the list of types. > > If you set persist.mac_applePermTypes to true, for each permission, a type > that is the same as that permission wil be added to the list of types. > > This code is in > frameworks/base/core/java/android/content/pm/MMACtypes.java getTypes(). > > > On Fri, Jan 4, 2013 at 8:00 AM, Peck, Michael A <[email protected]> wrote: > >> It looks like Intent MAC is currently only working when the policy’s >> source or destination (in intent_mac.xml) is a package type, and not >> working when the policy’s source or destination is a package name. I >> assume you want package names to work too since intent_mac.xml uses them. >> **** >> >> ** ** >> >> The following code stuffs the package name in along with the package >> types that are being compared to the policies and appears to fix the >> problem.**** >> >> ** ** >> >> diff --git >> a/services/java/com/android/server/pm/PackageManagerService.java >> b/services/java/com/android/server/pm/PackageManagerService.java**** >> >> index 7b6142c..2e6e31d 100644**** >> >> --- a/services/java/com/android/server/pm/PackageManagerService.java**** >> >> +++ b/services/java/com/android/server/pm/PackageManagerService.java**** >> >> @@ -2735,9 +2735,11 @@ public class PackageManagerService extends >> IPackageManager.Stub {**** >> >> PackageParser.Package pkg = mPackages.get(pkgName);**** >> >> callingPkgs.add(pkg);**** >> >> callingTypes.addAll(getMMACtypesForPackage(pkgName));**** >> >> + callingTypes.add(pkgName);**** >> >> }**** >> >> ** ** >> >> - Set<String> dstTypes = dstPkg.applicationInfo.mmacTypes;**** >> >> + Set<String> dstTypes = new >> HashSet<String>(dstPkg.applicationInfo.mmacTypes);**** >> >> + dstTypes.add(dstPkg.packageName);**** >> >> ** ** >> >> if (IntentMAC.DEBUG_ICC) {**** >> >> Slog.v("SELINUX_MMAC", callingPkgs+"{"+callingTypes+"} => "+ >> **** >> >> ** ** >> > >
