c3c9052bc7bf7f55e66a7560a28800066a6e044b |
|
25-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf In 9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3, the -d option was dropped from insertkeys.py. This was done to allow an Android distribution to replace the default version of keys.conf distributed in external/sepolicy/keys.conf. keys.conf was modified to reference the publicly known test keys in build/target/product/security. Unfortunately, this broke Google's build of Android. Instead of incorporating our keys directory, we were using the default AOSP keys. As a result, apps were getting assigned to the wrong SELinux domain. (see "Steps to reproduce" below) This change continues to allow others to replace keys.conf, but makes DEFAULT_SYSTEM_DEV_CERTIFICATE available as an environment variable in case the customized version wants to make reference to it. This change also modifies the stock version of keys.conf to use DEFAULT_SYSTEM_DEV_CERTIFICATE, which should be appropriate for most Android distributions. It doesn't make any sense to force each OEM to have a copy of this file. Steps to reproduce. 1) Compile and boot Android. 2) Run the following command: "adb shell ps -Z | grep process.media" Expected: $ adb shell ps -Z | grep process.media u:r:media_app:s0 u0_a5 1332 202 android.process.media Actual: $ adb shell ps -Z | grep process.media u:r:untrusted_app:s0 u0_a5 3617 187 android.process.media Bug: 11327304 Change-Id: Ica24fb25c5f9c0e2f4d181718c757cf372467822
/external/sepolicy/keys.conf
|
9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3 |
|
22-Aug-2013 |
William Roberts <wroberts@tresys.com> |
Drop -d option on insertkeys.py in Android.mk This breaks the ability for users to have certs in many directories. Currently the design is to allow keys.conf to specify arbitrary locations for pem files, relative to the root of the Android tree. If users want to have a common prefix on all the keys, then they can export DEFAULT_SYSTEM_DEV_CERTIFICATE, and make that an environment variable in their keys.conf file. Signed-off-by: William Roberts <wroberts@tresys.com> Change-Id: I23455b891206cab6eca7db08ff3c28283f87c640 Signed-off-by: William Roberts <wroberts@tresys.com>
/external/sepolicy/keys.conf
|
51dd0339e311e4bdf81c89ebb62e4ac6685a5c50 |
|
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add a key directory argument to insertkeys.py This allows us to better integrate key selection with our existing build process. Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
/external/sepolicy/keys.conf
|
52fc95d1b7e29a61d315eb7378c3b47985f4fd74 |
|
26-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Fix makefile error with ANDROID_BUILD_TOP Use TOP instead of ANDROID_BUILD_TOP Fix spelling issues in keys.conf Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
/external/sepolicy/keys.conf
|
cd4104e84b438827fddd6a7fe6cb86e91392152d |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml"" This reverts commit 1446e714af0b0c358b5ecf37c5d704c96c72cf7c Hidden dependency has been resolved. Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
/external/sepolicy/keys.conf
|
1446e714af0b0c358b5ecf37c5d704c96c72cf7c |
|
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Dynamic insertion of pubkey to mac_permissions.xml" This reverts commit 22fc04103b70dd5a1cb1b5a8309ef20461e06289 Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
/external/sepolicy/keys.conf
|
22fc04103b70dd5a1cb1b5a8309ef20461e06289 |
|
05-Dec-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Dynamic insertion of pubkey to mac_permissions.xml Support the inseretion of the public key from pem files into the mac_permissions.xml file at build time. Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
/external/sepolicy/keys.conf
|