| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 1 | <?xml version="1.0" encoding="utf-8"?> |
| 2 | <policy> |
| 3 | |
| Stephen Smalley | cc7b72e | 2014-03-12 09:40:43 -0400 | [diff] [blame] | 4 | <!-- |
| 5 | |
| 6 | * A signature is a hex encoded X.509 certificate or a tag defined in |
| Robert Craig | 008d7f1 | 2015-08-31 07:29:01 -0400 | [diff] [blame] | 7 | keys.conf and is required for each signer tag. The signature can |
| 8 | either appear as a set of attached cert child tags or as an attribute. |
| 9 | * A signer tag must contain a seinfo tag XOR multiple package stanzas. |
| 10 | * Each signer/package tag is allowed to contain one seinfo tag. This tag |
| Stephen Smalley | cc7b72e | 2014-03-12 09:40:43 -0400 | [diff] [blame] | 11 | represents additional info that each app can use in setting a SELinux security |
| Robert Craig | 008d7f1 | 2015-08-31 07:29:01 -0400 | [diff] [blame] | 12 | context on the eventual process as well as the apps data directory. |
| 13 | * seinfo assignments are made according to the following rules: |
| 14 | - Stanzas with package name refinements will be checked first. |
| 15 | - Stanzas w/o package name refinements will be checked second. |
| 16 | - The "default" seinfo label is automatically applied. |
| 17 | |
| 18 | * valid stanzas can take one of the following forms: |
| 19 | |
| 20 | // single cert protecting seinfo |
| 21 | <signer signature="@PLATFORM" > |
| 22 | <seinfo value="platform" /> |
| 23 | </signer> |
| 24 | |
| 25 | // multiple certs protecting seinfo (all contained certs must match) |
| 26 | <signer> |
| 27 | <cert signature="@PLATFORM1"/> |
| 28 | <cert signature="@PLATFORM2"/> |
| 29 | <seinfo value="platform" /> |
| 30 | </signer> |
| 31 | |
| 32 | // single cert protecting explicitly named app |
| 33 | <signer signature="@PLATFORM" > |
| 34 | <package name="com.android.foo"> |
| 35 | <seinfo value="bar" /> |
| 36 | </package> |
| 37 | </signer> |
| 38 | |
| 39 | // multiple certs protecting explicitly named app (all certs must match) |
| 40 | <signer> |
| 41 | <cert signature="@PLATFORM1"/> |
| 42 | <cert signature="@PLATFORM2"/> |
| 43 | <package name="com.android.foo"> |
| 44 | <seinfo value="bar" /> |
| 45 | </package> |
| 46 | </signer> |
| Stephen Smalley | cc7b72e | 2014-03-12 09:40:43 -0400 | [diff] [blame] | 47 | --> |
| 48 | |
| Robert Craig | 65911e8 | 2013-03-28 06:48:27 -0400 | [diff] [blame] | 49 | <!-- Platform dev key in AOSP --> |
| Geremy Condra | cd4104e | 2013-03-26 18:19:12 +0000 | [diff] [blame] | 50 | <signer signature="@PLATFORM" > |
| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 51 | <seinfo value="platform" /> |
| 52 | </signer> |
| 53 | |
| Jerry Zhang | f921dd9 | 2016-09-22 11:07:50 -0700 | [diff] [blame] | 54 | <!-- Media key in AOSP --> |
| 55 | <signer signature="@MEDIA" > |
| 56 | <seinfo value="media" /> |
| 57 | </signer> |
| 58 | |
| Remi NGUYEN VAN | 3b006d9 | 2019-02-13 00:51:25 +0900 | [diff] [blame^] | 59 | <signer signature="@NETWORK_STACK" > |
| 60 | <seinfo value="network_stack" /> |
| 61 | </signer> |
| rpcraig | b19665c | 2012-07-30 09:33:03 -0400 | [diff] [blame] | 62 | </policy> |