Hello,
We are trying to get seandroid 4.0.4 working on some custom hardware based on
the OMAP3EVM. Unfortunately, we do not have the latest Android builds working
on this hardware, so we have to use 4.0.4.
I have gotten SELinux and SEAndroid running, but am having trouble with app
labeling. I have tried signing with a custom key (and adding the necessary
changes to mac_permissions, keys.conf, seapp_context, and app.te) as well as
signing with the platform key provided in build/target/product/security. I have
verified the signature from the generated mac_permissions.xml matches the
signature of my app (logged with PackageManager from within the app), but it is
still listed as untrusted_app in ps.
I also tried editing mac_permissions.xml so the default entry is given an
seinfo label of "default":
<!-- All other keys -->
<default>
<seinfo value="default" />
</default>
and then edited seapp_contexts to check for seinfo="default" for untrusted_app.
user=_app seinfo=default domain=untrusted_app type=app_data_file
levelFrom=app
This resulted in all apps being started in the kernel domain.
It looks like the seinfo value is not being set. Is there a way to check the
seinfo value from adb?
Is there a step I am missing? Where should I look to solve this issue?
Thanks,
Dan
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
