1<?xml version="1.0" encoding="utf-8"?> 2<policy> 3 4<!-- 5 6 * A signature is a hex encoded X.509 certificate or a tag defined in 7 keys.conf and is required for each signer tag. 8 * A signer tag may contain a seinfo tag and multiple package stanzas. 9 * A default tag is allowed that can contain policy for all apps not signed with a 10 previously listed cert. It may not contain any inner package stanzas. 11 * Each signer/default/package tag is allowed to contain one seinfo tag. This tag 12 represents additional info that each app can use in setting a SELinux security 13 context on the eventual process. 14 * When a package is installed the following logic is used to determine what seinfo 15 value, if any, is assigned. 16 - All signatures used to sign the app are checked first. 17 - If a signer stanza has inner package stanzas, those stanza will be checked 18 to try and match the package name of the app. If the package name matches 19 then that seinfo tag is used. If no inner package matches then the outer 20 seinfo tag is assigned. 21 - The default tag is consulted last if needed. 22--> 23 24 <!-- Platform dev key in AOSP --> 25 <signer signature="@PLATFORM" > 26 <seinfo value="platform" /> 27 </signer> 28 29 <!-- All other keys --> 30 <default> 31 <seinfo value="default" /> 32 </default> 33 34</policy> 35