3ffd6b3f01
Some vendor apps are using platform key for signing.
This moves them to untrusted_app domain when the system partition is
switched to a Generic System Image (GSI), because the value of
platform's seinfo in /system/etc/selinux/plat_mac_permissions.xml
has been changed.
Duplicating the device-specific platform seinfo into
/vendor/etc/selinux/vendor_mac_permissions.xml to make it
self-contained within the vendor partition.
Bug: 157141777
Test: boot the device with a GSI, then `adb shell ps -eZ | grep qtidata`
Test: ./build/make/tools/releasetools/sign_target_files_apks \
--default_key_mappings path/to/keydir \
-o out/dist/<lunch>-target_files-*.zip \
signed-tardis-target_files.zip and checks the platform seinfo in
/vendor/etc/selinux/vendor_mac_permissions.xml is replaced.
Change-Id: Ic9a79780e30f456138e4de67210cc60ac2e490d6
Merged-In: Ic9a79780e30f456138e4de67210cc60ac2e490d6
(cherry picked from commit 8a86424e34)
20 lines
926 B
Plaintext
20 lines
926 B
Plaintext
#
|
|
# Maps an arbitrary tag [TAGNAME] with the string contents found in
|
|
# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and
|
|
# name it after the base file name of the pem file.
|
|
#
|
|
# Each tag (section) then allows one to specify any string found in
|
|
# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another
|
|
# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string.
|
|
#
|
|
|
|
# Some vendor apps are using platform key for signing.
|
|
# This moves them to untrusted_app domain when the system partition is
|
|
# switched to a Generic System Image (GSI), because the value of platform's
|
|
# seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed.
|
|
# Duplicating the device-specific platform seinfo into
|
|
# /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained
|
|
# within the vendor partition.
|
|
[@PLATFORM]
|
|
ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem
|