| c3c9052bc7bf7f55e66a7560a28800066a6e044b |
|
25-Oct-2013 |
Nick Kralevich <nnk@google.com> |
Make DEFAULT_SYSTEM_DEV_CERTIFICATE available in keys.conf
In 9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3, the -d option
was dropped from insertkeys.py. This was done to allow an
Android distribution to replace the default version of
keys.conf distributed in external/sepolicy/keys.conf. keys.conf
was modified to reference the publicly known test keys in
build/target/product/security.
Unfortunately, this broke Google's build of Android. Instead
of incorporating our keys directory, we were using the
default AOSP keys. As a result, apps were getting assigned
to the wrong SELinux domain. (see "Steps to reproduce" below)
This change continues to allow others to replace keys.conf,
but makes DEFAULT_SYSTEM_DEV_CERTIFICATE available as an
environment variable in case the customized version wants to
make reference to it. This change also modifies the stock
version of keys.conf to use DEFAULT_SYSTEM_DEV_CERTIFICATE,
which should be appropriate for most Android distributions.
It doesn't make any sense to force each OEM to have a copy of
this file.
Steps to reproduce.
1) Compile and boot Android.
2) Run the following command: "adb shell ps -Z | grep process.media"
Expected:
$ adb shell ps -Z | grep process.media
u:r:media_app:s0 u0_a5 1332 202 android.process.media
Actual:
$ adb shell ps -Z | grep process.media
u:r:untrusted_app:s0 u0_a5 3617 187 android.process.media
Bug: 11327304
Change-Id: Ica24fb25c5f9c0e2f4d181718c757cf372467822
/external/sepolicy/keys.conf
|
| 9af6f1bd59ee2fb0622db8ff25c4806c5527a0b3 |
|
22-Aug-2013 |
William Roberts <wroberts@tresys.com> |
Drop -d option on insertkeys.py in Android.mk
This breaks the ability for users to have certs in many
directories. Currently the design is to allow keys.conf
to specify arbitrary locations for pem files, relative to
the root of the Android tree. If users want to have a
common prefix on all the keys, then they can export
DEFAULT_SYSTEM_DEV_CERTIFICATE, and make that an environment
variable in their keys.conf file.
Signed-off-by: William Roberts <wroberts@tresys.com>
Change-Id: I23455b891206cab6eca7db08ff3c28283f87c640
Signed-off-by: William Roberts <wroberts@tresys.com>
/external/sepolicy/keys.conf
|
| 51dd0339e311e4bdf81c89ebb62e4ac6685a5c50 |
|
28-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Add a key directory argument to insertkeys.py
This allows us to better integrate key selection with our existing
build process.
Change-Id: I6e3eb5fbbfffb8e31c5edcf16f74df7c38abe537
/external/sepolicy/keys.conf
|
| 52fc95d1b7e29a61d315eb7378c3b47985f4fd74 |
|
26-Mar-2013 |
William Roberts <w.roberts@sta.samsung.com> |
Fix makefile error with ANDROID_BUILD_TOP
Use TOP instead of ANDROID_BUILD_TOP
Fix spelling issues in keys.conf
Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d
/external/sepolicy/keys.conf
|
| cd4104e84b438827fddd6a7fe6cb86e91392152d |
|
26-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Revert "Dynamic insertion of pubkey to mac_permissions.xml""
This reverts commit 1446e714af0b0c358b5ecf37c5d704c96c72cf7c
Hidden dependency has been resolved.
Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae
/external/sepolicy/keys.conf
|
| 1446e714af0b0c358b5ecf37c5d704c96c72cf7c |
|
19-Mar-2013 |
Geremy Condra <gcondra@google.com> |
Revert "Dynamic insertion of pubkey to mac_permissions.xml"
This reverts commit 22fc04103b70dd5a1cb1b5a8309ef20461e06289
Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee
/external/sepolicy/keys.conf
|
| 22fc04103b70dd5a1cb1b5a8309ef20461e06289 |
|
05-Dec-2012 |
William Roberts <w.roberts@sta.samsung.com> |
Dynamic insertion of pubkey to mac_permissions.xml
Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.
Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a
/external/sepolicy/keys.conf
|