OK. So I did put it in place, and still get this error: ActivityManager: Process ProcessRecord{dd649ae 3859:my.service.name/1000} failed to attach (I found the first error isn't related. It appears in the previous working logs too). It appears even when I put the mac_permissions, and in seapp_context file I write the the domain matches this seifo is system_app. I didn't find enough information about this error nor about any mac_permissions file problems.
thanks. 2016-12-06 22:39 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > On 12/06/2016 03:17 PM, Nys S wrote: > > hi, > > > > I tried to do as Halen suggested, but now my java app (which run as > > service) isn't starting. > > in the log I have this error: > > installd: invalid apk path '*/path/to/my/apk*' (bad prefix) > > while I see the apk in that path. > > and then I get: > > ActivityManager: Process ProcessRecord{dd649ae 3859:*my.service.name > > <http://my.service.name>*/1000} failed to attach > > > > What am I doing wrong? > > What I changed from the previous version is: > > - adding seapp_contexts > > - adding mac_permissions.xml > > - adding new_domain.te > > > > I suspect my error is with the mac_permissions.xml file. > > Where do I put it? under the same folder as the rest sepolicy settings > > of my app? (I have a whole stack, built of native service and native > > libraries). > > what exactly is its content? > > this is what I have now: > > > > <?xml version="1.0" encoding="utf-8"?> > > <policy> > > <signer signature="@PLATFORM" > > > <package name="*my.service.name <http://my.service.name>*"> > > <seinfo value="*my_seinfo_val*" /> > > </package> > > </signer> > > </policy> > > > > Thanks!! > > The AOSP policy lives in external/sepolicy (in M and earlier) or > system/sepolicy (in N and later). Device-specific policy files can be > added in a device/ or vendor/ subdirectory and merged with the AOSP > policy by specifying a BOARD_SEPOLICY_DIRS variable with the location of > your subdirectory in your BoardConfig.mk or equivalent. >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.