Skip to content
Snippets Groups Projects
Select Git revision
  • n-iot-preview-4
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

mac_permissions.xml

Blame
  • user avatar
    Robert Craig authored
    All non matching apps will simply receive the seinfo
    label of "default" implicitly. No need to further
    clarify things anymore with an explicit default stanza.
    
    Change-Id: Ib7b01ee004775f24db9a69340a31784b967ce030
    Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
    008d7f14
    History
    mac_permissions.xml 1.82 KiB
    <?xml version="1.0" encoding="utf-8"?>
    <policy>
    
    <!--
    
        * A signature is a hex encoded X.509 certificate or a tag defined in
          keys.conf and is required for each signer tag. The signature can
          either appear as a set of attached cert child tags or as an attribute.
        * A signer tag must contain a seinfo tag XOR multiple package stanzas.
        * Each signer/package tag is allowed to contain one seinfo tag. This tag
          represents additional info that each app can use in setting a SELinux security
          context on the eventual process as well as the apps data directory.
        * seinfo assignments are made according to the following rules:
          - Stanzas with package name refinements will be checked first.
          - Stanzas w/o package name refinements will be checked second.
          - The "default" seinfo label is automatically applied.
    
        * valid stanzas can take one of the following forms:
    
         // single cert protecting seinfo
         <signer signature="@PLATFORM" >
           <seinfo value="platform" />
         </signer>
    
         // multiple certs protecting seinfo (all contained certs must match)
         <signer>
           <cert signature="@PLATFORM1"/>
           <cert signature="@PLATFORM2"/>
           <seinfo value="platform" />
         </signer>
    
         // single cert protecting explicitly named app
         <signer signature="@PLATFORM" >
           <package name="com.android.foo">
             <seinfo value="bar" />
           </package>
         </signer>
    
         // multiple certs protecting explicitly named app (all certs must match)
         <signer>
           <cert signature="@PLATFORM1"/>
           <cert signature="@PLATFORM2"/>
           <package name="com.android.foo">
             <seinfo value="bar" />
           </package>
         </signer>
    -->
    
        <!-- Platform dev key in AOSP -->
        <signer signature="@PLATFORM" >
          <seinfo value="platform" />
        </signer>
    
    </policy>