hi, I tried to do as Halen suggested, but now my java app (which run as service) isn't starting. in the log I have this error: installd: invalid apk path '*/path/to/my/apk*' (bad prefix) while I see the apk in that path. and then I get: ActivityManager: Process ProcessRecord{dd649ae 3859:*my.service.name <http://my.service.name>*/1000} failed to attach
What am I doing wrong? What I changed from the previous version is: - adding seapp_contexts - adding mac_permissions.xml - adding new_domain.te I suspect my error is with the mac_permissions.xml file. Where do I put it? under the same folder as the rest sepolicy settings of my app? (I have a whole stack, built of native service and native libraries). what exactly is its content? this is what I have now: <?xml version="1.0" encoding="utf-8"?> <policy> <signer signature="@PLATFORM" > <package name="*my.service.name <http://my.service.name>*"> <seinfo value="*my_seinfo_val*" /> </package> </signer> </policy> Thanks!! 2016-12-02 20:40 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > On 12/02/2016 01:31 PM, Helen Chiang wrote: > > On Fri, Dec 2, 2016 at 10:09 AM, Stephen Smalley <s...@tycho.nsa.gov > > <mailto:s...@tycho.nsa.gov>> wrote: > > > > On 12/02/2016 12:28 PM, Helen Chiang wrote: > > > I have a similar situation. We're customizing AOSP (Marshmallow and > > > Nougat) and developing a device diagnostic service that runs as > "system" > > > user and installed as a privileged app. The use cases of this app > is to > > > read /proc/<PID>/stat periodically for overall OS process > information. > > > > Generally I would expect such functionality to go into the > > system_server, as part of the AMS, or another system service. An app > > could certainly present the UI for viewing that information, but > > wouldn't directly need to access the /proc/pid files. > > > > > > I can't find any APIs from AMS that will return CPU elapsed time. > > SystemHealthManager is only on Nougat and the stats it returns is > > dependent on battery status so it wouldn't satisfy our use case. > > Ultimately, we're planning to create a new system service that will > > provide the info but for our immediate needs, we have to customize the > > policy files. > > Yes, I would extend AMS I think. > > > > > > > > In principal, this app should be able to access everything that a > > > system_app would, in addition to /proc/<PID>/stat. It also creates > and > > > access shared memory and unix sockets. Your previous answer > implied that > > > it would be insecure to make "system_app" a mlstrustedsubject. So, > I > > > want to create a new domain that has all the access as system_app > and > > > priv_app + mlstrustedsubject. Is there a way to do this without > copying > > > and pasting the rules directly from system_app and priv_app te > files? > > > Also, what allow rules are needed for shared memory and socket > r/w ? > > > > No, you'd have to copy and modify the rules at present (if this > became > > common, then one would perhaps move the rules to a macro in > te_macros or > > elsewhere, and then call the macro from both files). However, you > have > > to be careful because there may be neverallow rules on system_app or > > priv_app that will prevent compiling your policy if you copy certain > > rules to your new domain that are supposed to be restricted to only > > system_app or priv_app, and CTS also checks those neverallows. > > > > > > I did run into and removed the offending allow rules. Are you saying > > that if everything compiles with AOSP rules, CTS won't be an issue or > > does CTS have additional checks? > > You removed the offending allow rules from your domain, or the > neverallow rules that triggered the failure? CTS has a collection of > SELinux tests, including checking all neverallows from the AOSP policy > for that version of Android. So you can't just remove neverallows from > your policy to escape them. But if you removed the offending allow > rules and your app still works, that is ok. seandroid.bitbucket.org has > a list of CTS tests related to SELinux, although it may not be entirely > up-to-date. > > > > 2. seapp_contexts > > > > > > user=system seinfo=mydiag domain=trusted_diag type=app_data_file > > > levelFrom=user > > > > Why levelFrom=user? Does your app run per-user? If so, then it > would > > already run with the same category set as the user's apps and > therefore > > wouldn't need mlstrustedsubject. > > > > > > It also needs access to files for system_app, and radio. Would still > > need mlstrustedsubject then? > > What kind of access? Read or write? > Also, you probably ought to use your own type (e.g. > type=mydiag_app_data_file) for your data files rather than just leaving > them in app_data_file, since that is accessible to untrusted apps > (modulo DAC). >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.