| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 1 | <?xml version="1.0" encoding="utf-8"?> |
| 2 | <policy> |
| 3 | |
| Stephen Smalley | cc7b72e | 2014-03-12 09:40:43 -0400 | [diff] [blame] | 4 | <!-- |
| 5 | |
| 6 | * A signature is a hex encoded X.509 certificate or a tag defined in |
| 7 | keys.conf and is required for each signer tag. |
| 8 | * A signer tag may contain a seinfo tag and multiple package stanzas. |
| 9 | * A default tag is allowed that can contain policy for all apps not signed with a |
| 10 | previously listed cert. It may not contain any inner package stanzas. |
| 11 | * Each signer/default/package tag is allowed to contain one seinfo tag. This tag |
| 12 | represents additional info that each app can use in setting a SELinux security |
| 13 | context on the eventual process. |
| 14 | * When a package is installed the following logic is used to determine what seinfo |
| 15 | value, if any, is assigned. |
| 16 | - All signatures used to sign the app are checked first. |
| 17 | - If a signer stanza has inner package stanzas, those stanza will be checked |
| 18 | to try and match the package name of the app. If the package name matches |
| 19 | then that seinfo tag is used. If no inner package matches then the outer |
| 20 | seinfo tag is assigned. |
| 21 | - The default tag is consulted last if needed. |
| 22 | --> |
| 23 | |
| Robert Craig | 65911e8 | 2013-03-28 06:48:27 -0400 | [diff] [blame] | 24 | <!-- Platform dev key in AOSP --> |
| Geremy Condra | cd4104e | 2013-03-26 18:19:12 +0000 | [diff] [blame] | 25 | <signer signature="@PLATFORM" > |
| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 26 | <seinfo value="platform" /> |
| 27 | </signer> |
| 28 | |
| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 29 | <!-- All other keys --> |
| 30 | <default> |
| 31 | <seinfo value="default" /> |
| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 32 | </default> |
| 33 | |
| 34 | </policy> |