Hi SEAndroid developers.
I want to give a security context to downloaded application (from market).
After studying MMAC, I realized that I can classify the applications using
app signing key.
I modified mac_permissions.xml, seapp_contexts and so on...
And I made my application using my own key in order to assign my_domain to
my app, and install the app to my device (adb install).
But my application was still in the untrusted_app domain.
I found the reason in the below code (SELinuxMMAC.java).
-------------------------------------------------------------------------------------------------------
public static void assignSeinfoValue(PackageParser.Package pkg) {
/*
* Non system installed apps should be treated the same. This
* means that any post-loaded apk will be assigned the default
* tag, if one exists in the policy, else null, without respect
* to the signing key.
*/
if (((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) ||
((pkg.applicationInfo.flags &
ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)) {
// We just want one of the signatures to match.
for (Signature s : pkg.mSignatures) {
if (s == null)
continue;
if (sSigSeinfo.containsKey(s)) {
String seinfo = pkg.applicationInfo.seinfo =
sSigSeinfo.get(s);
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "package (" + pkg.packageName + ") labeled
with seinfo=" + seinfo);
return;
}
}
// Check for seinfo labeled by package.
if (sPackageSeinfo.containsKey(pkg.packageName)) {
String seinfo = pkg.applicationInfo.seinfo =
sPackageSeinfo.get(pkg.packageName);
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "package (" + pkg.packageName +
") labeled with seinfo=" + seinfo);
return;
}
}
// If we have a default seinfo value then great, otherwise
// we set a null object and that is what we started with.
String seinfo = pkg.applicationInfo.seinfo = sSigSeinfo.get(null);
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "package (" + pkg.packageName +
") labeled with seinfo=" + (seinfo == null ? "null" :
seinfo));
}
-------------------------------------------------------------------------------------------------------
I don't want to use package name or app name because of the security
problem.
Is there any way to assign security context to downloaded app using my app
signing key ?
Thank you
Best regards
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
