diff options
author | Geremy Condra <gcondra@google.com> | 2013-03-26 19:10:08 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2013-03-26 19:45:18 +0000 |
commit | 60d4d71ead9e9ac96e9cb81380c254bac3a9df4f (patch) | |
tree | 997ba4d3e0d6a40b25eae66e77a6b7ce6ad4ad42 /README | |
parent | 82fe3d249f40629fe40f4feed258cccd95b2a374 (diff) | |
download | android_external_sepolicy-60d4d71ead9e9ac96e9cb81380c254bac3a9df4f.tar.gz android_external_sepolicy-60d4d71ead9e9ac96e9cb81380c254bac3a9df4f.tar.bz2 android_external_sepolicy-60d4d71ead9e9ac96e9cb81380c254bac3a9df4f.zip |
Revert "Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"""
This reverts commit cd4104e84b438827fddd6a7fe6cb86e91392152d
This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.
Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0
Diffstat (limited to 'README')
-rw-r--r-- | README | 44 |
1 files changed, 0 insertions, 44 deletions
@@ -75,47 +75,3 @@ BOARD_SEPOLICY_UNION := \ genfs_contexts \ file_contexts \ sepolicy.te - -SPECIFIC POLICY FILE INFORMATION - -mac_permissions.xml: - ABOUT: - The mac_permissions.xml file is used for controlling the mmac solutions - as well as mapping a public base16 signing key with an arbitrary seinfo - string. Details of the files contents can be found in a comment at the - top of that file. The seinfo string, previously mentioned, is the same string - that is referenced in seapp_contexts. - - This file can be replaced through BOARD_SEPOLICY_REPLACE containing the - value "mac_permissions.xml", however, appending (UNION) does NOT exist - and will cause a build time failure. It is important to note the final - processed version of this file is stripped of comments and whitespace. - This is to preserve space on the system.img. If one wishes to view it in - a more human friendly format, the "tidy" or "xmllint" command will assist - you. - - TOOLING: - insertkeys.py - Is a helper script for mapping arbitrary tags in the signature stanzas of - mac_permissions.xml to public keys found in pem files. This script takes - a mac_permissions.xml file and configuration file in order to operate. - Details of the configuration file (keys.conf) can be found in the subsection - keys.conf. This script is also responsible for stipping the comments and - whitespace from the xml file. - - keys.conf - The keys.conf file is used for controlling the mapping of "tags" found in - the mac_permissions.xml signature stanzas with actual public keys found in - pem files. The configuration file can be used in BOARD_SEPOLICY_UNION and - BOARD_SEPOLICY_REPLACE variables and is processed via m4. - - The script allows for mapping any string contained in TARGET_BUILD_VARIANT - with specific path to a pem file. Typically TARGET_BUILD_VARIANT is either - user, eng or userdebug. Additionally, one can specify "ALL" to map a path to - any string specified in TARGET_BUILD_VARIANT. All tags are matched verbatim - and all options are matched lowercase. The options are "tolowered" automatically - for the user, it is convention to specify tags and options in all uppercase - and tags start with @. - - NOTE: The pem files are base64 encoded and PackageManagerService, mac_permissions.xml - and setool all use base16 encodings. |