I think different OEM vendor will have different mechanism to sign the user load, so it would be difficult to provide a common solution.
Anyway, on related note, how does seandroid map system_app? Is it based on UID? On 4/18/13 12:51 PM, "Stephen Smalley" <[email protected]> wrote: >On 04/18/2013 12:35 PM, Tai Nguyen (tainguye) wrote: >> We build our SEAndroid user load and it doesn't map platform_app >>correctly. Only system_apps are mapped all platform/shared/release >>apps are mapped to untrust_app. Where does seandroid look for these app >>signature to do the mapping? > >They are matched based on mac_permissions.xml. The signature values in >the external/sepolicy/mac_permissions.xml source file are replaced in >the out/target/product/<device>/system/etc/security/mac_permissions.xml >file with the certificates extracted from the .x509.pem files identified >in the external/sepolicy/keys.conf configuration. So you would edit >keys.conf to refer to the files containing your certificates and >regenerate the mac_permissions.xml file. > > >I think it would be helpful to modify sign_target_files_apks to >automatically rewrite the mac_permissions.xml configuration as well with >the specified keys. > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
