Thank you - How do I add myself to the watched list of changes made for seandroid?
Thanks, Tai On 2/26/14, 3:02 PM, "Stephen Smalley" <[email protected]> wrote: >On 02/26/2014 02:40 PM, Tai Nguyen (tainguye) wrote: >> Our device is still based on 4.1.1 version so the mapping mechanism is >>still old. >> >> For apps that comes with the image and signed with the media key then >>they are running as media_app domain as expected. >> However, when we sign a third party app with our media key and install >>it via adb then it runs as untrusted_app. >> >> I thought apps are grouped by signature by default, so I¹m not sure why >>a third party app signed with our media key is not in media_app domain. >> Is there any other configuration we need to have to assign this app to >>media_app domain? > >The AOSP code does not presently support assigning seinfo values to >third party apps, although we are trying to get this changed, see: >https://android-review.googlesource.com/#/c/80871/ > >The code in our branches does support assigning seinfo values to third >party apps. However, if you are using an old version, then the code is >also matching the permissions in the app's manifest against the allowed >permissions granted in the mac_permissions.xml stanza, and if your app >requests a permission not in that stanza, then it will fall out of that >stanza and end up in the default stanza, getting assigned untrusted_app >instead. To fix that, you add the permissions to the >mac_permissions.xml stanza. The setool can help with such matters. >That is all obsolete in our current code however which has dropped the >permissions support, shifting to EOps/AppOps for controlling app >operations instead. > > > > > > > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
