On 08/23/2013 04:24 PM, William Roberts wrote: > On Fri, Aug 23, 2013 at 1:19 PM, Stephen Smalley <[email protected]> wrote: >> If we go the signed zip route, let's use a whole-file signature (as used >> by OTA updates) please. Less prone to the recent APK signature nonsense. >> >> If I recall, its just running jarsigner on the apk, correct?
Per rpcraig, they both are signed using signapk but for OTA updates it is called with the -w option (whole-file). >> Do we need to preserve the existing policy bundle format introduced in >> 4.3 or is that something we can eliminate in favor of just a signed zip >> file? >> > > We might not have to rework that interface, but rather the backend > extraction and wherever the bundle is created. > The bundle must just be a single object, the zip file. I could be wrong, but I don't think the current bundle includes the signature or version; that is passed separately in the intent. And the bundle isn't a zip file. So we need to check what if any compatibility constraints exist for the current UPDATE_SEPOLICY intent interface that shipped in 4.3. >> If I understand correctly, you want to avoid having to take the policy >> bundle / zip and expanding it out on the filesystem as is presently done >> by the SELinuxPolicyInstallReceiver. Instead, you want all code that >> loads policy files to directly open the bundle/zip, validate it, and >> extract whatever files it needs from within into memory. Is that right? >> > > Yeah something like that. > > >> And if there is one under /data/security, you want to open both, >> compare their version numbers (stored within the bundle/zip), and then >> decide which one to use? >> > Yes Ok, I don't think that is too hard, just a matter of having libselinux use the appropriate library for accessing zip files and adding the corresponding logic on that side. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
