| <?xml version="1.0" encoding="utf-8"?> |
| <policy> |
| |
| <!-- |
| |
| * A signature is a hex encoded X.509 certificate or a tag defined in |
| keys.conf and is required for each signer tag. The signature can |
| either appear as a set of attached cert child tags or as an attribute. |
| * A signer tag must contain a seinfo tag XOR multiple package stanzas. |
| * Each signer/package tag is allowed to contain one seinfo tag. This tag |
| represents additional info that each app can use in setting a SELinux security |
| context on the eventual process as well as the apps data directory. |
| * seinfo assignments are made according to the following rules: |
| - Stanzas with package name refinements will be checked first. |
| - Stanzas w/o package name refinements will be checked second. |
| - The "default" seinfo label is automatically applied. |
| |
| * valid stanzas can take one of the following forms: |
| |
| // single cert protecting seinfo |
| <signer signature="@PLATFORM" > |
| <seinfo value="platform" /> |
| </signer> |
| |
| // multiple certs protecting seinfo (all contained certs must match) |
| <signer> |
| <cert signature="@PLATFORM1"/> |
| <cert signature="@PLATFORM2"/> |
| <seinfo value="platform" /> |
| </signer> |
| |
| // single cert protecting explicitly named app |
| <signer signature="@PLATFORM" > |
| <package name="com.android.foo"> |
| <seinfo value="bar" /> |
| </package> |
| </signer> |
| |
| // multiple certs protecting explicitly named app (all certs must match) |
| <signer> |
| <cert signature="@PLATFORM1"/> |
| <cert signature="@PLATFORM2"/> |
| <package name="com.android.foo"> |
| <seinfo value="bar" /> |
| </package> |
| </signer> |
| --> |
| |
| <!-- Platform dev key in AOSP --> |
| <signer signature="@PLATFORM" > |
| <seinfo value="platform" /> |
| </signer> |
| |
| <!-- Media key in AOSP --> |
| <signer signature="@MEDIA" > |
| <seinfo value="media" /> |
| </signer> |
| |
| </policy> |