Dear stephen, I am using aosp android-4.4_r1 downloaded from/ https://android.googlesource.com/platform/manifest -b android-4.4_r1 Regards, Harish
On Thu, Sep 25, 2014 at 6:50 PM, Stephen Smalley <[email protected]> wrote: > On 09/25/2014 05:52 AM, harish kavali wrote: > > Dear all, > > > > I am trying to run my apps which are self-signed with my custom > key > > under my custom domain .I had followed the below steps , but > unfortunately > > my app not running in my custom domain but it is running in untrusted_app > > domain. > > > > 1.creating the custom keys > > make_key customkey "/C=IN/ST=AP/L=Hyderabad/CN=www. > > <http://www.cdachyd.in/>example.com" given password: abc123 it generated > > customkey.x509.pem, customkey.pk8, copied these keys in > > "*build/target/product/security/" > > *2.added [@CUSTOMKEY] in keys.conf > > ALL: customkey.x509.pem > > > > 3.created new domain named custom_app.te just copied the contents of > > untrusted_app.te and named it as custom_app.te and stored it in the " > > *device/lge/hammerhead/sepolicy*" > > 4.added seapp_contexts entry in " > > *device/lge/hammerhead/sepolicy/seapp_contexts*" > > > > user=_app seinfo=custom domain=custom_app type=app_data_file > > > > 5.added a mac_permissions.xml file to " > > *device/lge/hammerhead/sepolicy/mac_permissions.xml*" > > which contains > > > > <policy> <!-- custom key --> <signer signature="@CUSTOM"> <seinfo > > value="custom" /> </signer> </policy> > > > > 6.changed the BoardConfig.mk file > > > > BOARD_SEPOLICY_UNION := \ device.te \ app.te \ cdac_app.te\ > seapp_contexts\ > > mac_permissions.xml\ file_contexts > > > > 7.build the aosp source by executing > > > > lunch aosp_hammerhead-userdebug > > > > flashed the device with generated image > > > > 8.signed one sample application with same custom_keys created before > > java -jar signapk.jar customkey.x509.pem customkey.pk8 Sample.apk > > application_signed.apk > > Zipaligned the apk with zipalign command and installed the apk > > > > launched the apk and executed ps -Z command from adb shell > > > > u:r:untrusted_app:s0 u0_a53 1961 178 com.example.sample > > > > but this is not expected, ps -Z should give > > > > u:r:custom_app:s0 u0_a53 1961 178 com.example.sample > > > > i had checked /system/etc/security/mac_permissions.xml in shell > > my signer tag for custom domain had added in it with expanded x509 > > signature > > > > i had checked /seapp_contests in shell > > the entry for custom domain is there > > user=_app seinfo=custom domain=custom_app type=app_data_file > > Can any one please help me where i am missing * Regards Harish k* > > Which version/branch are you using? android-4.4.4_r1 or master from > AOSP, or seandroid-4.4.4 or seandroid from our bitbucket repositories? > > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
