The short answer is that you'll need to construct another signer stanza
using the eclipse cert like those already in the mac_permissions.xml
file. You'll need to grab the X509 representation of the cert and add an
entry. Our setool could potentially help if you can grab the apk first.
You'll also have to add the seinfo child tag that corresponds to your
seapp_contexts entry. So in your case this would be 'release'. The
stanza you'll want to create will look something like:
<signer signature="your cert" >
<allow-all />
<seinfo value="release" />
</signer>
What this stanza means is that any app signed with 'your cert' will
receive an seinfo value of release. The allow-all tag simply means that
any set of permissions is allowed. There is a lot of good documentation
concerning this file and the seapp_contexts file. The
mac_permissions.xml file under external/sepolicy has some good notes as
well as external/sepolicy/seapp_contexts. Another good source of info is
http://selinuxproject.org/page/NB_SEforAndroid_1 which Richard Haines as
worked to compile.
Some obvious general advice though is that you should never incorporate
a signer stanza in your mac_permissions.xml file that uses the eclipse
cert or any other dev cert(s).
On 07/18/2013 04:46 PM, Alex Gerdov wrote:
On Thu, Jul 18, 2013 at 10:20 PM, Alex Gerdov <[email protected]
<mailto:[email protected]>> wrote:
Your are right, I've used auto-generated Eclipse key to sign the app.
I've found the keys you mentioned, but what do I need to do with
them now?
On Thu, Jul 18, 2013 at 2:30 PM, rpcraig <[email protected]
<mailto:[email protected]>> wrote:
On 07/18/2013 07:23 AM, Alex Gerdov wrote:
Hello,
I've tried to label an app I created with my own custom
label, but it always gets the "untrusted_app" context.
I've made the following changes:
"type my_app, domain;
app_domain(my_app)"
to app.te and
"user=_app seinfo=release name=com.text.myapp
domain=my_app type=platform_app_data_file"
to seapp_contexts
Can anyone please tell me what I'm missing?
Thanks.
Are you signing this new app with a different key then any of
release keys in AOSP? The mac_permissions.xml file
(external/sepolicy/mac_permissions.xml) maintains a mapping
for the various seinfo tags under the protection of the apps
signature. It could be that your app's sig is not matching any
entry in the mac_permissions.xml file and thus falling into
the default bin with seinfo=default.
