• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

tools/22-Nov-2023-3,2112,372

.gitD01-Jan-19700

Android.mkD22-Nov-202310.3 KiB329226

NOTICED22-Nov-20231 KiB2219

READMED22-Nov-20234.2 KiB8166

access_vectorsD22-Nov-20239.3 KiB929815

adbd.teD22-Nov-20232.9 KiB9270

app.teD22-Nov-202313.8 KiB370299

attributesD22-Nov-20231.7 KiB7652

binderservicedomain.teD22-Nov-2023790 1913

blkid.teD22-Nov-2023694 2116

blkid_untrusted.teD22-Nov-20231.1 KiB3730

bluetooth.teD22-Nov-20232.7 KiB7458

bootanim.teD22-Nov-2023485 2013

clatd.teD22-Nov-20231.3 KiB3226

debuggerd.teD22-Nov-20231.7 KiB4337

device.teD22-Nov-20232.9 KiB9684

dex2oat.teD22-Nov-2023541 1714

dhcp.teD22-Nov-20231 KiB2923

dnsmasq.teD22-Nov-2023917 2519

domain.teD22-Nov-202316.9 KiB476395

drmserver.teD22-Nov-20231.8 KiB5642

dumpstate.teD22-Nov-20233.8 KiB11487

file.teD22-Nov-20238 KiB206197

file_contextsD22-Nov-202313.6 KiB319301

fingerprintd.teD22-Nov-2023739 2417

fs_useD22-Nov-2023865 2420

fsck.teD22-Nov-20231.2 KiB4435

fsck_untrusted.teD22-Nov-20231.1 KiB3730

gatekeeperd.teD22-Nov-2023879 2821

genfs_contextsD22-Nov-20232 KiB4038

global_macrosD22-Nov-20232.5 KiB4739

gpsd.teD22-Nov-2023855 2923

hci_attach.teD22-Nov-2023313 107

healthd.teD22-Nov-20231.3 KiB4435

hostapd.teD22-Nov-20231.1 KiB2723

init.teD22-Nov-202310.3 KiB287219

initial_sid_contextsD22-Nov-2023973 2827

initial_sidsD22-Nov-2023416 3632

inputflinger.teD22-Nov-2023422 1611

install_recovery.teD22-Nov-2023944 2719

installd.teD22-Nov-20234.3 KiB9678

ioctl_macrosD22-Nov-2023338 1211

isolated_app.teD22-Nov-20231.2 KiB4233

kernel.teD22-Nov-20233 KiB7963

keys.confD22-Nov-2023851 2610

keystore.teD22-Nov-20231 KiB3325

lmkd.teD22-Nov-20231,022 3827

logd.teD22-Nov-20231.2 KiB4533

mac_permissions.xmlD22-Nov-20231.3 KiB359

mdnsd.teD22-Nov-2023137 75

mediaserver.teD22-Nov-20233.7 KiB10884

mlsD22-Nov-20234.3 KiB11388

mls_macrosD22-Nov-20231.2 KiB5546

mtp.teD22-Nov-2023288 1310

net.teD22-Nov-2023852 2621

netd.teD22-Nov-20232.8 KiB8666

neverallow_macrosD22-Nov-2023369 76

nfc.teD22-Nov-2023965 3225

perfprofd.teD22-Nov-20231.9 KiB5740

platform_app.teD22-Nov-20231.7 KiB4438

policy_capabilitiesD22-Nov-2023122 64

port_contextsD22-Nov-202377 42

ppp.teD22-Nov-2023493 1714

procrank.teD22-Nov-2023650 1815

property.teD22-Nov-20231.1 KiB3231

property_contextsD22-Nov-20233.1 KiB7766

racoon.teD22-Nov-2023874 3324

radio.teD22-Nov-20231.1 KiB3628

recovery.teD22-Nov-20234.3 KiB11993

rild.teD22-Nov-20231.6 KiB4739

rolesD22-Nov-202329 32

runas.teD22-Nov-20231.1 KiB3628

sdcardd.teD22-Nov-20231.3 KiB4030

seapp_contextsD22-Nov-20232.2 KiB5150

security_classesD22-Nov-20232.7 KiB150116

service.teD22-Nov-20238.2 KiB105103

service_contextsD22-Nov-20239.5 KiB132131

servicemanager.teD22-Nov-2023661 1814

sgdisk.teD22-Nov-2023745 2317

shared_relro.teD22-Nov-2023569 1410

shell.teD22-Nov-20232.9 KiB8770

slideshow.teD22-Nov-2023549 1512

su.teD22-Nov-20231.8 KiB5447

surfaceflinger.teD22-Nov-20232.3 KiB7355

system_app.teD22-Nov-20232.3 KiB7765

system_server.teD22-Nov-202316.9 KiB460363

te_macrosD22-Nov-202310.8 KiB358324

tee.teD22-Nov-2023434 1513

toolbox.teD22-Nov-20231 KiB2721

tzdatacheck.teD22-Nov-2023253 96

ueventd.teD22-Nov-20231.8 KiB4236

uncrypt.teD22-Nov-2023975 3425

untrusted_app.teD22-Nov-20236.3 KiB157128

usersD22-Nov-202355 21

vdc.teD22-Nov-2023622 2417

vold.teD22-Nov-20236.4 KiB171134

watchdogd.teD22-Nov-2023185 54

wpa.teD22-Nov-20231.2 KiB4837

zygote.teD22-Nov-20233.3 KiB8072

README

1This directory contains the core Android SELinux policy configuration.
2It defines the domains and types for the AOSP services and apps common to
3all devices.  Device-specific policy should be placed under a
4separate device/<vendor>/<board>/sepolicy subdirectory and linked
5into the policy build as described below.
6
7Policy Generation:
8
9Additional, per device, policy files can be added into the
10policy build.
11
12They can be configured through the use of the BOARD_SEPOLICY_DIRS
13variable. This variable should be set in the BoardConfig.mk file in
14the device or vendor directories.
15
16BOARD_SEPOLICY_DIRS contains a list of directories to search
17for additional policy files. Order matters in this list.
18For example, if you have 2 instances of widget.te files in the
19BOARD_SEPOLICY_DIRS search path, then the first one found (at the
20first search dir containing the file) will be concatenated first.
21Reviewing out/target/product/<device>/etc/sepolicy_intermediates/policy.conf
22will help sort out ordering issues.
23
24Example BoardConfig.mk Usage:
25From the Tuna device BoardConfig.mk, device/samsung/tuna/BoardConfig.mk
26
27BOARD_SEPOLICY_DIRS += device/samsung/tuna/sepolicy
28
29SPECIFIC POLICY FILE INFORMATION
30
31mac_permissions.xml:
32  ABOUT:
33    The mac_permissions.xml file is used for controlling the mmac solutions
34    as well as mapping a public base16 signing key with an arbitrary seinfo
35    string. Details of the files contents can be found in a comment at the
36    top of that file. The seinfo string, previously mentioned, is the same string
37    that is referenced in seapp_contexts.
38
39    It is important to note the final processed version of this file
40    is stripped of comments and whitespace. This is to preserve space on the
41    system.img. If one wishes to view it in a more human friendly format,
42    the "tidy" or "xmllint" command will assist you.
43
44  TOOLING:
45    insertkeys.py
46      Is a helper script for mapping arbitrary tags in the signature stanzas of
47      mac_permissions.xml to public keys found in pem files. This script takes
48      a mac_permissions.xml file(s) and configuration file in order to operate.
49      Details of the configuration file (keys.conf) can be found in the subsection
50      keys.conf. This tool is also responsible for stripping the comments and
51      whitespace during processing.
52
53      keys.conf
54        The keys.conf file is used for controlling the mapping of "tags" found in
55        the mac_permissions.xml signature stanzas with actual public keys found in
56        pem files. The configuration file is processed via m4.
57
58        The script allows for mapping any string contained in TARGET_BUILD_VARIANT
59        with specific path to a pem file. Typically TARGET_BUILD_VARIANT is either
60        user, eng or userdebug. Additionally, one can specify "ALL" to map a path to
61        any string specified in TARGET_BUILD_VARIANT. All tags are matched verbatim
62        and all options are matched lowercase. The options are "tolowered" automatically
63        for the user, it is convention to specify tags and options in all uppercase
64        and tags start with @. The option arguments can also use environment variables
65        via the familiar $VARIABLE syntax. This is often useful for setting a location
66        to ones release keys.
67
68        Often times, one will need to integrate an application that was signed by a separate
69        organization and may need to extract the pem file for the insertkeys/keys.conf tools.
70        Extraction of the public key in the pem format is possible via openssl. First you need
71        to unzip the apk, once it is unzipped, cd into the META_INF directory and then execute
72        openssl pkcs7 -inform DER -in CERT.RSA -out CERT.pem -outform PEM  -print_certs
73        On some occasions CERT.RSA has a different name, and you will need to adjust for that.
74        After extracting the pem, you can rename it, and configure keys.conf and
75        mac_permissions.xml to pick up the change. You MUST open the generated pem file in a text
76        editor and strip out anything outside the opening and closing scissor lines. Failure to do
77        so WILL cause a compile time issue thrown by insertkeys.py
78
79        NOTE: The pem files are base64 encoded and PackageManagerService, mac_permissions.xml
80              and setool all use base16 encodings.
81