The problem is in our mac_permissions.xml. It appears that our version is from ICS which doesn’t have the tag @PLATFORM/@MEDIA. After fixing that, it works perfectly.
Tai From: Robert Craig <[email protected]<mailto:[email protected]>> Date: Friday, January 24, 2014 at 4:39 PM To: Tai Nguyen <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: mac_permission.xml questions The mykeys.conf that you're referencing in that command, is that the same as the contents of the keys.conf file you gave earlier? I find it weird that the insertkeys.py script could even find the keys referenced in that file given that are w.r.t to top of the Android tree and not relative to the directory from which your executing the script. When you open your eng.xml and user.xml files are the keys actually in there? I remember there being a -v option. Does that give you any indication of what might be happening? Anyway, I just tried to run something similar on a 4.1 branch of external/sepolicy and believe I got the expected results. [@PLATFORM] ENG : build/target/product/security/platform.x509.pem USERDEBUG : build/target/product/security/platform.x509.pem USER : vendor/test/common/sepolicy/platform.x509.pem [@MEDIA] ENG : build/target/product/security/media.x509.pem USERDEBUG : build/target/product/security/media.x509.pem USER : vendor/test/common/sepolicy/media.x509.pem [@SHARED] ENG : build/target/product/security/shared.x509.pem USERDEBUG : build/target/product/security/shared.x509.pem USER : vendor/test/common/sepolicy/shared.x509.pem # Example of ALL TARGET_BUILD_VARIANTS [@RELEASE] ENG : build/target/product/security/testkey.x509.pem USERDEBUG : build/target/product/security/testkey.x509.pem USER : vendor/test/common/sepolicy/testkey.x509.pem > ./tools/insertkeys.py -t eng -c /home/bobbio/seandroid > /home/bobbio/seandroid/external/sepolicy/keys.conf > /home/bobbio/seandroid/external/sepolicy/mac_permissions.xml > eng.xml > ./tools/insertkeys.py -t user -c /home/bobbio/seandroid > /home/bobbio/seandroid/external/sepolicy/keys.conf > /home/bobbio/seandroid/external/sepolicy/mac_permissions.xml > user.xml > diff -q eng.xml user.xml Files eng.xml and user.xml differ On Fri, Jan 24, 2014 at 3:40 PM, Tai Nguyen (tainguye) <[email protected]<mailto:[email protected]>> wrote: It seems the problem is in the inserkeys.py script mydroid/external/sepolicy> ./insertkeys.py -t user mykeys.conf mac_permissions.xml > user.xml mydroid/external/sepolicy> ./insertkeys.py -t eng mykeys.conf mac_permissions.xml > eng.xml mydroid/external/sepolicy> diff user.xml eng.xml mydroid/external/sepolicy> Tai On 1/24/14, 3:30 PM, "Tai Nguyen (tainguye)" <[email protected]<mailto:[email protected]>> wrote: >Thanks, Steve. So that is the expected behavior. I need to troubleshoot >this issue on my end then. > >Tai > >On 1/24/14, 3:26 PM, "Stephen Smalley" ><[email protected]<mailto:[email protected]>> wrote: > >>On 01/24/2014 03:17 PM, Tai Nguyen (tainguye) wrote: >>> I used command mm -B in external/sepolicy directory. We are still using >>> 4.1.1 code base. >>> I¹m currently looking into the insertKeys.py to troubleshoot this >>>issue. >> >>I can't replicate in our current tree, >> >>cd master >>source build/envsetup.sh >>lunch aosp_hammerhead-userdebug >>mmm -B external/sepolicy >>cp out/target/product/hammerhead/system/etc/security/mac_permissions.xml >>. >>lunch aosp_hammerhead-user >>mmm -B external/sepolicy >>diff >>out/target/product/hammerhead/system/etc/security/mac_permissions.xml >>mac_permissions.xml >> >>shows that they differ if I have different USER and USERDEBUG entries in >>my keys.conf. >> >> > > >_______________________________________________ >Seandroid-list mailing list >[email protected]<mailto:[email protected]> >To unsubscribe, send email to >[email protected]<mailto:[email protected]>. >To get help, send an email containing "help" to >[email protected]<mailto:[email protected]>. _______________________________________________ Seandroid-list mailing list [email protected]<mailto:[email protected]> To unsubscribe, send email to [email protected]<mailto:[email protected]>. To get help, send an email containing "help" to [email protected]<mailto:[email protected]>.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
