On Dec 12, 2014 5:33 AM, "Stephen Smalley" <[email protected]> wrote: > > With regard to your other question (about reverting the changes and just > using name= with seinfo=default in your seapp_contexts), I don't think > anything would currently prevent you from doing that but you'll lose the > safety check for any future changes you make, and if that app is ever > removed from your build but the corresponding seapp_contexts line is not > removed, you'll leave open the potential for any app with the same name > to run in that domain. So I wouldn't recommend it. At some point, we > will likely add something to the CTS to check that the device > seapp_contexts file does not have any such entries, so it will be > enforced for production devices, but that doesn't exist in the current > CTS AFAIK.
As stephen mentioned not using a signing key is very bad practice. I would also strongly emphasize that you take the advice given here. It is really no additional work to just add the signing key into the build files and use your own seinfo. > > On 12/12/2014 06:02 AM, Pankaj Kushwaha wrote: > > Hi, > > > > In my case, our app is a 3rd party app which will be pre-built (part of > > system.img) and will be uploaded on google play as well for any updated > > (just like gmail, google maps, etc). > > > > So there are no chances that anyone else will install app with same > > package name. > > Will there be any other consequences if I revert these two patches ? > > > > Also can you please guide me on how to add a new signer for my app ? > > Because my apk doesn't have any .mk file so how will the system know > > that app has to pick which seinfo from mac_permissions.xml ? > > I just keep my signed apk in vendor/<oem>/common/apps/ folder. > > > > Thanks > > Pankaj Kushwaha > > > > On Thu, Dec 11, 2014 at 8:18 PM, Stephen Smalley <[email protected] > > <mailto:[email protected]>> wrote: > > > > Correct. We simply want to preclude the unsafe practice of assigning > > domain by package name only, as anyone can create an app with any > > package name, and first one to be installed with that name wins. So you > > must bind it to a specific signature as well. > > > > On 12/11/2014 09:35 AM, William Roberts wrote: > > > It appears to me that you can just specify a signer in Mac perms XML > > > with and use a custom seinfo in seapp contexts. > > > > > > On Dec 10, 2014 10:56 PM, "Pankaj Kushwaha" > > > <[email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>>> > > > wrote: > > > > > > Hi, > > > > > > I was running some of the third party apps in my custom domain, by > > > adding below line in seapp_context- > > > user=_app seinfo=default name=<pacakge_name> domain=<custom_domain> > > > type=<custom_file_type> > > > and tehre were few other changes as well. > > > > > > But in android L I am unable to do so because of below patches- > > > https://android-review.googlesource.com/#/c/90142/ > > > https://android-review.googlesource.com/#/c/90143/ > > > > > > I just wanted to know that is there any other way to run my app in > > > custom domain in andorid L ? > > > If not, if I remove above two patches in what way will it effect my > > > other functionality ? > > > > > > Thanks > > > Pankaj Kushwaha > > > > > > _______________________________________________ > > > Seandroid-list mailing list > > > [email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>> > > > To unsubscribe, send email to [email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>>. > > > To get help, send an email containing "help" to > > > [email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] > > <mailto:[email protected]>>. > > > > > > > > > > > > _______________________________________________ > > > Seandroid-list mailing list > > > [email protected] <mailto:[email protected]> > > > To unsubscribe, send email to [email protected] > > <mailto:[email protected]>. > > > To get help, send an email containing "help" to > > [email protected] > > <mailto:[email protected]>. > > > > > > > > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to [email protected]. > > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
