diff options
author | Geremy Condra <gcondra@google.com> | 2013-03-26 18:19:12 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2013-03-26 18:19:34 +0000 |
commit | cd4104e84b438827fddd6a7fe6cb86e91392152d (patch) | |
tree | 98ffe35b680120d02d9c0837ccd2fd86a9d48f4e /README | |
parent | c3295802d7fb22213c073705480d1c1314d71d27 (diff) | |
download | android_external_sepolicy-cd4104e84b438827fddd6a7fe6cb86e91392152d.tar.gz android_external_sepolicy-cd4104e84b438827fddd6a7fe6cb86e91392152d.tar.bz2 android_external_sepolicy-cd4104e84b438827fddd6a7fe6cb86e91392152d.zip |
Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
This reverts commit 1446e714af0b0c358b5ecf37c5d704c96c72cf7c
Hidden dependency has been resolved.
Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
Diffstat (limited to 'README')
-rw-r--r-- | README | 44 |
1 files changed, 44 insertions, 0 deletions
@@ -75,3 +75,47 @@ BOARD_SEPOLICY_UNION := \ genfs_contexts \ file_contexts \ sepolicy.te + +SPECIFIC POLICY FILE INFORMATION + +mac_permissions.xml: + ABOUT: + The mac_permissions.xml file is used for controlling the mmac solutions + as well as mapping a public base16 signing key with an arbitrary seinfo + string. Details of the files contents can be found in a comment at the + top of that file. The seinfo string, previously mentioned, is the same string + that is referenced in seapp_contexts. + + This file can be replaced through BOARD_SEPOLICY_REPLACE containing the + value "mac_permissions.xml", however, appending (UNION) does NOT exist + and will cause a build time failure. It is important to note the final + processed version of this file is stripped of comments and whitespace. + This is to preserve space on the system.img. If one wishes to view it in + a more human friendly format, the "tidy" or "xmllint" command will assist + you. + + TOOLING: + insertkeys.py + Is a helper script for mapping arbitrary tags in the signature stanzas of + mac_permissions.xml to public keys found in pem files. This script takes + a mac_permissions.xml file and configuration file in order to operate. + Details of the configuration file (keys.conf) can be found in the subsection + keys.conf. This script is also responsible for stipping the comments and + whitespace from the xml file. + + keys.conf + The keys.conf file is used for controlling the mapping of "tags" found in + the mac_permissions.xml signature stanzas with actual public keys found in + pem files. The configuration file can be used in BOARD_SEPOLICY_UNION and + BOARD_SEPOLICY_REPLACE variables and is processed via m4. + + The script allows for mapping any string contained in TARGET_BUILD_VARIANT + with specific path to a pem file. Typically TARGET_BUILD_VARIANT is either + user, eng or userdebug. Additionally, one can specify "ALL" to map a path to + any string specified in TARGET_BUILD_VARIANT. All tags are matched verbatim + and all options are matched lowercase. The options are "tolowered" automatically + for the user, it is convention to specify tags and options in all uppercase + and tags start with @. + + NOTE: The pem files are base64 encoded and PackageManagerService, mac_permissions.xml + and setool all use base16 encodings. |