Now that I am not on my phone, a more complete example for seapp_contexts entry:
user=system name=com.custom.system.app domain=custom_system_app type=custom_system_app_data_file On Fri, Sep 26, 2014 at 8:00 AM, William Roberts <[email protected]> wrote: > Can't you set name in seapp_contexts to the package name of the custom app, > then set seinfo to platform? > > On Sep 26, 2014 5:50 AM, "Stephen Smalley" <[email protected]> wrote: >> >> On 09/26/2014 05:00 AM, harish kavali wrote: >> > Dear all, >> > >> > >> > Need help for the following issue , i am trying to run a app whose >> > *SharedUSerID is android.uid.system *& signed with platform certificate >> > in >> > custom domain but in seapp_contexts file >> > already a entry is there like >> > >> > user=system domain=system type=system_data_file >> > >> > i want to run the my app which is platform signed & having system as >> > shared >> > user id in a custom domain , >> > can i do this without affecting other apps >> >> Yes, you can nest a package stanza within the platform stanza to assign >> a specific seinfo value to the app. Looks like: >> >> mac_permissions.xml: >> <signer signature="@PLATFORM" > >> <seinfo value="platform" /> >> <package name="name-of-package"> >> <seinfo value="foo"> >> </package> >> </signer> >> >> seapp_contexts: >> user=system seinfo=foo domain=foo type=foo_data_file >> >> However, I don't believe we currently provide a way to do that without >> modifying external/sepolicy/mac_permissions.xml; the current logic for >> combining it with device/*/*/sepolicy/mac_permissions.xml won't merge >> multiple signer stanzas with the same signature and the SELinuxMMAC code >> will end up just using one of them. >> >> >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. -- Respectfully, William C Roberts _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
