Thanks a lot for the info. But I am in still in other issues. I don't have the keys from which app is signed and the client for which I am working won't share the key (due to the fear that if I have the key I might replace their app from devices). So that's the reason I was trying to find other ways.
On Fri, Dec 12, 2014 at 9:41 PM, William Roberts <[email protected]> wrote: > > > On Dec 12, 2014 5:33 AM, "Stephen Smalley" <[email protected]> wrote: > > > > With regard to your other question (about reverting the changes and just > > using name= with seinfo=default in your seapp_contexts), I don't think > > anything would currently prevent you from doing that but you'll lose the > > safety check for any future changes you make, and if that app is ever > > removed from your build but the corresponding seapp_contexts line is not > > removed, you'll leave open the potential for any app with the same name > > to run in that domain. So I wouldn't recommend it. At some point, we > > will likely add something to the CTS to check that the device > > seapp_contexts file does not have any such entries, so it will be > > enforced for production devices, but that doesn't exist in the current > > CTS AFAIK. > > As stephen mentioned not using a signing key is very bad practice. I would > also strongly emphasize that you take the advice given here. It is really > no additional work to just add the signing key into the build files and use > your own seinfo. > > > > > On 12/12/2014 06:02 AM, Pankaj Kushwaha wrote: > > > Hi, > > > > > > In my case, our app is a 3rd party app which will be pre-built (part of > > > system.img) and will be uploaded on google play as well for any updated > > > (just like gmail, google maps, etc). > > > > > > So there are no chances that anyone else will install app with same > > > package name. > > > Will there be any other consequences if I revert these two patches ? > > > > > > Also can you please guide me on how to add a new signer for my app ? > > > Because my apk doesn't have any .mk file so how will the system know > > > that app has to pick which seinfo from mac_permissions.xml ? > > > I just keep my signed apk in vendor/<oem>/common/apps/ folder. > > > > > > Thanks > > > Pankaj Kushwaha > > > > > > On Thu, Dec 11, 2014 at 8:18 PM, Stephen Smalley <[email protected] > > > <mailto:[email protected]>> wrote: > > > > > > Correct. We simply want to preclude the unsafe practice of > assigning > > > domain by package name only, as anyone can create an app with any > > > package name, and first one to be installed with that name wins. > So you > > > must bind it to a specific signature as well. > > > > > > On 12/11/2014 09:35 AM, William Roberts wrote: > > > > It appears to me that you can just specify a signer in Mac perms > XML > > > > with and use a custom seinfo in seapp contexts. > > > > > > > > On Dec 10, 2014 10:56 PM, "Pankaj Kushwaha" > > > > <[email protected] > > > <mailto:[email protected]> > > > <mailto:[email protected] > > > <mailto:[email protected]>>> > > > > wrote: > > > > > > > > Hi, > > > > > > > > I was running some of the third party apps in my custom > domain, by > > > > adding below line in seapp_context- > > > > user=_app seinfo=default name=<pacakge_name> > domain=<custom_domain> > > > > type=<custom_file_type> > > > > and tehre were few other changes as well. > > > > > > > > But in android L I am unable to do so because of below > patches- > > > > https://android-review.googlesource.com/#/c/90142/ > > > > https://android-review.googlesource.com/#/c/90143/ > > > > > > > > I just wanted to know that is there any other way to run my > app in > > > > custom domain in andorid L ? > > > > If not, if I remove above two patches in what way will it > effect my > > > > other functionality ? > > > > > > > > Thanks > > > > Pankaj Kushwaha > > > > > > > > _______________________________________________ > > > > Seandroid-list mailing list > > > > [email protected] > > > <mailto:[email protected]> > > > <mailto:[email protected] > > > <mailto:[email protected]>> > > > > To unsubscribe, send email to > [email protected] > > > <mailto:[email protected]> > > > > <mailto:[email protected] > > > <mailto:[email protected]>>. > > > > To get help, send an email containing "help" to > > > > [email protected] > > > <mailto:[email protected]> > > > > <mailto:[email protected] > > > <mailto:[email protected]>>. > > > > > > > > > > > > > > > > _______________________________________________ > > > > Seandroid-list mailing list > > > > [email protected] <mailto: > [email protected]> > > > > To unsubscribe, send email to [email protected] > > > <mailto:[email protected]>. > > > > To get help, send an email containing "help" to > > > [email protected] > > > <mailto:[email protected]>. > > > > > > > > > > > > > > > > _______________________________________________ > > > Seandroid-list mailing list > > > [email protected] > > > To unsubscribe, send email to [email protected]. > > > To get help, send an email containing "help" to > [email protected]. > > > > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to > [email protected]. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
