I am currently thinking to add a signer tag in mac_permisison.xml and include package stanzas in that tag, but I am not sure what sign shall I use for this third party app. I will give a custom seinfo in that tag for my package.
On Mon, Dec 15, 2014 at 10:58 AM, Pankaj Kushwaha < [email protected]> wrote: > > Thanks a lot for the info. > But I am in still in other issues. I don't have the keys from which app is > signed and the client for which I am working won't share the key (due to > the fear that if I have the key I might replace their app from devices). So > that's the reason I was trying to find other ways. > > On Fri, Dec 12, 2014 at 9:41 PM, William Roberts <[email protected] > > wrote: >> >> >> On Dec 12, 2014 5:33 AM, "Stephen Smalley" <[email protected]> wrote: >> > >> > With regard to your other question (about reverting the changes and just >> > using name= with seinfo=default in your seapp_contexts), I don't think >> > anything would currently prevent you from doing that but you'll lose the >> > safety check for any future changes you make, and if that app is ever >> > removed from your build but the corresponding seapp_contexts line is not >> > removed, you'll leave open the potential for any app with the same name >> > to run in that domain. So I wouldn't recommend it. At some point, we >> > will likely add something to the CTS to check that the device >> > seapp_contexts file does not have any such entries, so it will be >> > enforced for production devices, but that doesn't exist in the current >> > CTS AFAIK. >> >> As stephen mentioned not using a signing key is very bad practice. I >> would also strongly emphasize that you take the advice given here. It is >> really no additional work to just add the signing key into the build files >> and use your own seinfo. >> >> > >> > On 12/12/2014 06:02 AM, Pankaj Kushwaha wrote: >> > > Hi, >> > > >> > > In my case, our app is a 3rd party app which will be pre-built (part >> of >> > > system.img) and will be uploaded on google play as well for any >> updated >> > > (just like gmail, google maps, etc). >> > > >> > > So there are no chances that anyone else will install app with same >> > > package name. >> > > Will there be any other consequences if I revert these two patches ? >> > > >> > > Also can you please guide me on how to add a new signer for my app ? >> > > Because my apk doesn't have any .mk file so how will the system know >> > > that app has to pick which seinfo from mac_permissions.xml ? >> > > I just keep my signed apk in vendor/<oem>/common/apps/ folder. >> > > >> > > Thanks >> > > Pankaj Kushwaha >> > > >> > > On Thu, Dec 11, 2014 at 8:18 PM, Stephen Smalley <[email protected] >> > > <mailto:[email protected]>> wrote: >> > > >> > > Correct. We simply want to preclude the unsafe practice of >> assigning >> > > domain by package name only, as anyone can create an app with any >> > > package name, and first one to be installed with that name wins. >> So you >> > > must bind it to a specific signature as well. >> > > >> > > On 12/11/2014 09:35 AM, William Roberts wrote: >> > > > It appears to me that you can just specify a signer in Mac >> perms XML >> > > > with and use a custom seinfo in seapp contexts. >> > > > >> > > > On Dec 10, 2014 10:56 PM, "Pankaj Kushwaha" >> > > > <[email protected] >> > > <mailto:[email protected]> >> > > <mailto:[email protected] >> > > <mailto:[email protected]>>> >> > > > wrote: >> > > > >> > > > Hi, >> > > > >> > > > I was running some of the third party apps in my custom >> domain, by >> > > > adding below line in seapp_context- >> > > > user=_app seinfo=default name=<pacakge_name> >> domain=<custom_domain> >> > > > type=<custom_file_type> >> > > > and tehre were few other changes as well. >> > > > >> > > > But in android L I am unable to do so because of below >> patches- >> > > > https://android-review.googlesource.com/#/c/90142/ >> > > > https://android-review.googlesource.com/#/c/90143/ >> > > > >> > > > I just wanted to know that is there any other way to run my >> app in >> > > > custom domain in andorid L ? >> > > > If not, if I remove above two patches in what way will it >> effect my >> > > > other functionality ? >> > > > >> > > > Thanks >> > > > Pankaj Kushwaha >> > > > >> > > > _______________________________________________ >> > > > Seandroid-list mailing list >> > > > [email protected] >> > > <mailto:[email protected]> >> > > <mailto:[email protected] >> > > <mailto:[email protected]>> >> > > > To unsubscribe, send email to >> [email protected] >> > > <mailto:[email protected]> >> > > > <mailto:[email protected] >> > > <mailto:[email protected]>>. >> > > > To get help, send an email containing "help" to >> > > > [email protected] >> > > <mailto:[email protected]> >> > > > <mailto:[email protected] >> > > <mailto:[email protected]>>. >> > > > >> > > > >> > > > >> > > > _______________________________________________ >> > > > Seandroid-list mailing list >> > > > [email protected] <mailto: >> [email protected]> >> > > > To unsubscribe, send email to >> [email protected] >> > > <mailto:[email protected]>. >> > > > To get help, send an email containing "help" to >> > > [email protected] >> > > <mailto:[email protected]>. >> > > > >> > > >> > > >> > > >> > > _______________________________________________ >> > > Seandroid-list mailing list >> > > [email protected] >> > > To unsubscribe, send email to [email protected]. >> > > To get help, send an email containing "help" to >> [email protected]. >> > > >> > >> > _______________________________________________ >> > Seandroid-list mailing list >> > [email protected] >> > To unsubscribe, send email to [email protected]. >> > To get help, send an email containing "help" to >> [email protected]. >> >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
