I tried below tag in mac_permissions.xml as my .mk flle in vendors had
local cetificate as presigned-
<signer signature="@PRESIGNED" >
<seinfo value="mysevalue" />
</signer>
But I wasn't able to label it perfectly.
Then I tried below tag-
<package name="com.mypackage">
<seinfo value="mysevalue" />
</package>
But still I wasn't able to label it perfectly.
Am is missing something ??
On Mon, Dec 15, 2014 at 11:17 AM, Pankaj Kushwaha <
[email protected]> wrote:
>
> I am currently thinking to add a signer tag in mac_permisison.xml and
> include package stanzas in that tag, but I am not sure what sign shall I
> use for this third party app.
> I will give a custom seinfo in that tag for my package.
>
>
>
> On Mon, Dec 15, 2014 at 10:58 AM, Pankaj Kushwaha <
> [email protected]> wrote:
>>
>> Thanks a lot for the info.
>> But I am in still in other issues. I don't have the keys from which app
>> is signed and the client for which I am working won't share the key (due to
>> the fear that if I have the key I might replace their app from devices). So
>> that's the reason I was trying to find other ways.
>>
>> On Fri, Dec 12, 2014 at 9:41 PM, William Roberts <
>> [email protected]> wrote:
>>>
>>>
>>> On Dec 12, 2014 5:33 AM, "Stephen Smalley" <[email protected]> wrote:
>>> >
>>> > With regard to your other question (about reverting the changes and
>>> just
>>> > using name= with seinfo=default in your seapp_contexts), I don't think
>>> > anything would currently prevent you from doing that but you'll lose
>>> the
>>> > safety check for any future changes you make, and if that app is ever
>>> > removed from your build but the corresponding seapp_contexts line is
>>> not
>>> > removed, you'll leave open the potential for any app with the same name
>>> > to run in that domain. So I wouldn't recommend it. At some point, we
>>> > will likely add something to the CTS to check that the device
>>> > seapp_contexts file does not have any such entries, so it will be
>>> > enforced for production devices, but that doesn't exist in the current
>>> > CTS AFAIK.
>>>
>>> As stephen mentioned not using a signing key is very bad practice. I
>>> would also strongly emphasize that you take the advice given here. It is
>>> really no additional work to just add the signing key into the build files
>>> and use your own seinfo.
>>>
>>> >
>>> > On 12/12/2014 06:02 AM, Pankaj Kushwaha wrote:
>>> > > Hi,
>>> > >
>>> > > In my case, our app is a 3rd party app which will be pre-built (part
>>> of
>>> > > system.img) and will be uploaded on google play as well for any
>>> updated
>>> > > (just like gmail, google maps, etc).
>>> > >
>>> > > So there are no chances that anyone else will install app with same
>>> > > package name.
>>> > > Will there be any other consequences if I revert these two patches ?
>>> > >
>>> > > Also can you please guide me on how to add a new signer for my app ?
>>> > > Because my apk doesn't have any .mk file so how will the system know
>>> > > that app has to pick which seinfo from mac_permissions.xml ?
>>> > > I just keep my signed apk in vendor/<oem>/common/apps/ folder.
>>> > >
>>> > > Thanks
>>> > > Pankaj Kushwaha
>>> > >
>>> > > On Thu, Dec 11, 2014 at 8:18 PM, Stephen Smalley <[email protected]
>>> > > <mailto:[email protected]>> wrote:
>>> > >
>>> > > Correct. We simply want to preclude the unsafe practice of
>>> assigning
>>> > > domain by package name only, as anyone can create an app with any
>>> > > package name, and first one to be installed with that name
>>> wins. So you
>>> > > must bind it to a specific signature as well.
>>> > >
>>> > > On 12/11/2014 09:35 AM, William Roberts wrote:
>>> > > > It appears to me that you can just specify a signer in Mac
>>> perms XML
>>> > > > with and use a custom seinfo in seapp contexts.
>>> > > >
>>> > > > On Dec 10, 2014 10:56 PM, "Pankaj Kushwaha"
>>> > > > <[email protected]
>>> > > <mailto:[email protected]>
>>> > > <mailto:[email protected]
>>> > > <mailto:[email protected]>>>
>>> > > > wrote:
>>> > > >
>>> > > > Hi,
>>> > > >
>>> > > > I was running some of the third party apps in my custom
>>> domain, by
>>> > > > adding below line in seapp_context-
>>> > > > user=_app seinfo=default name=<pacakge_name>
>>> domain=<custom_domain>
>>> > > > type=<custom_file_type>
>>> > > > and tehre were few other changes as well.
>>> > > >
>>> > > > But in android L I am unable to do so because of below
>>> patches-
>>> > > > https://android-review.googlesource.com/#/c/90142/
>>> > > > https://android-review.googlesource.com/#/c/90143/
>>> > > >
>>> > > > I just wanted to know that is there any other way to run
>>> my app in
>>> > > > custom domain in andorid L ?
>>> > > > If not, if I remove above two patches in what way will it
>>> effect my
>>> > > > other functionality ?
>>> > > >
>>> > > > Thanks
>>> > > > Pankaj Kushwaha
>>> > > >
>>> > > > _______________________________________________
>>> > > > Seandroid-list mailing list
>>> > > > [email protected]
>>> > > <mailto:[email protected]>
>>> > > <mailto:[email protected]
>>> > > <mailto:[email protected]>>
>>> > > > To unsubscribe, send email to
>>> [email protected]
>>> > > <mailto:[email protected]>
>>> > > > <mailto:[email protected]
>>> > > <mailto:[email protected]>>.
>>> > > > To get help, send an email containing "help" to
>>> > > > [email protected]
>>> > > <mailto:[email protected]>
>>> > > > <mailto:[email protected]
>>> > > <mailto:[email protected]>>.
>>> > > >
>>> > > >
>>> > > >
>>> > > > _______________________________________________
>>> > > > Seandroid-list mailing list
>>> > > > [email protected] <mailto:
>>> [email protected]>
>>> > > > To unsubscribe, send email to
>>> [email protected]
>>> > > <mailto:[email protected]>.
>>> > > > To get help, send an email containing "help" to
>>> > > [email protected]
>>> > > <mailto:[email protected]>.
>>> > > >
>>> > >
>>> > >
>>> > >
>>> > > _______________________________________________
>>> > > Seandroid-list mailing list
>>> > > [email protected]
>>> > > To unsubscribe, send email to [email protected].
>>> > > To get help, send an email containing "help" to
>>> [email protected].
>>> > >
>>> >
>>> > _______________________________________________
>>> > Seandroid-list mailing list
>>> > [email protected]
>>> > To unsubscribe, send email to [email protected].
>>> > To get help, send an email containing "help" to
>>> [email protected].
>>>
>>
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
