* signature clause in mac_permisions
@ 2012-09-17 18:34 William Roberts
2012-09-17 23:22 ` Robert Craig
0 siblings, 1 reply; 5+ messages in thread
From: William Roberts @ 2012-09-17 18:34 UTC (permalink / raw)
To: selinux; +Cc: Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 332 bytes --]
How did you guys generate the hex encoded x509 string for a
signature clause in mac_permissions.xml?
Did you use the Android "dumpkey.jar"?
I have the signed apk's, the keystore used to sign them, .pem files which
have all the pub keys in them and a p12 and p8 file.
Which one should I use?
--
Respectfully,
William C Roberts
[-- Attachment #2: Type: text/html, Size: 471 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions
2012-09-17 18:34 signature clause in mac_permisions William Roberts
@ 2012-09-17 23:22 ` Robert Craig
2012-09-17 23:59 ` William Roberts
0 siblings, 1 reply; 5+ messages in thread
From: Robert Craig @ 2012-09-17 23:22 UTC (permalink / raw)
To: William Roberts; +Cc: selinux, Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 575 bytes --]
Just run the setool host tool. To build just 'make setool' and then to run
just 'setool'. The help usage statement will guide you.
On Mon, Sep 17, 2012 at 2:34 PM, William Roberts
<bill.c.roberts@gmail.com>wrote:
> How did you guys generate the hex encoded x509 string for a
> signature clause in mac_permissions.xml?
>
> Did you use the Android "dumpkey.jar"?
>
> I have the signed apk's, the keystore used to sign them, .pem files which
> have all the pub keys in them and a p12 and p8 file.
>
> Which one should I use?
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
[-- Attachment #2: Type: text/html, Size: 1017 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions
2012-09-17 23:22 ` Robert Craig
@ 2012-09-17 23:59 ` William Roberts
2012-09-18 17:01 ` Joshua Brindle
0 siblings, 1 reply; 5+ messages in thread
From: William Roberts @ 2012-09-17 23:59 UTC (permalink / raw)
To: Robert Craig; +Cc: selinux, Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 836 bytes --]
I should have RTFM, it is right on the wiki under install time mac
http://selinuxproject.org/page/SEAndroid
On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com>wrote:
> Just run the setool host tool. To build just 'make setool' and then to run
> just 'setool'. The help usage statement will guide you.
>
>
> On Mon, Sep 17, 2012 at 2:34 PM, William Roberts <bill.c.roberts@gmail.com
> > wrote:
>
>> How did you guys generate the hex encoded x509 string for a
>> signature clause in mac_permissions.xml?
>>
>> Did you use the Android "dumpkey.jar"?
>>
>> I have the signed apk's, the keystore used to sign them, .pem files which
>> have all the pub keys in them and a p12 and p8 file.
>>
>> Which one should I use?
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>>
>>
>>
>
--
Respectfully,
William C Roberts
[-- Attachment #2: Type: text/html, Size: 1678 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions
2012-09-17 23:59 ` William Roberts
@ 2012-09-18 17:01 ` Joshua Brindle
2012-09-18 17:48 ` William Roberts
0 siblings, 1 reply; 5+ messages in thread
From: Joshua Brindle @ 2012-09-18 17:01 UTC (permalink / raw)
To: William Roberts; +Cc: Robert Craig, selinux, Stephen Smalley
If you want to go straight from cert to hex encoding without having to
sign an app (i.e., you are generating certs and policies at the same
time) you can use this:
$openssl x509 -inform PEM -in <certname>.x509.pem -outform DER
Script to encode:
#!/usr/bin/env python
import sys
content = sys.stdin.read().strip()
foo = content.encode("hex")
sys.stdout.write(foo)
The script to encode has to be very careful about padding or null
terminating, hence why I couldn't just use some random command line tool.
William Roberts wrote:
> I should have RTFM, it is right on the wiki under install time mac
> http://selinuxproject.org/page/SEAndroid
>
>
>
> On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com
> <mailto:robertpcraig@gmail.com>> wrote:
>
> Just run the setool host tool. To build just 'make setool' and then
> to run just 'setool'. The help usage statement will guide you.
>
>
> On Mon, Sep 17, 2012 at 2:34 PM, William Roberts
> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote:
>
> How did you guys generate the hex encoded x509 string for a
> signature clause in mac_permissions.xml?
>
> Did you use the Android "dumpkey.jar"?
>
> I have the signed apk's, the keystore used to sign them, .pem
> files which have all the pub keys in them and a p12 and p8 file.
>
> Which one should I use?
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions
2012-09-18 17:01 ` Joshua Brindle
@ 2012-09-18 17:48 ` William Roberts
0 siblings, 0 replies; 5+ messages in thread
From: William Roberts @ 2012-09-18 17:48 UTC (permalink / raw)
To: Joshua Brindle; +Cc: Robert Craig, selinux, Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 1915 bytes --]
Thanks,
I was playing with opensll myself but couldn't come up with he correct
commandline foo for it.
Bill
On Tue, Sep 18, 2012 at 10:01 AM, Joshua Brindle <method@manicmethod.com>wrote:
> If you want to go straight from cert to hex encoding without having to
> sign an app (i.e., you are generating certs and policies at the same time)
> you can use this:
>
> $openssl x509 -inform PEM -in <certname>.x509.pem -outform DER
>
> Script to encode:
>
> #!/usr/bin/env python
>
> import sys
> content = sys.stdin.read().strip()
> foo = content.encode("hex")
> sys.stdout.write(foo)
>
>
> The script to encode has to be very careful about padding or null
> terminating, hence why I couldn't just use some random command line tool.
>
> William Roberts wrote:
>
>> I should have RTFM, it is right on the wiki under install time mac
>> http://selinuxproject.org/**page/SEAndroid<http://selinuxproject.org/page/SEAndroid>
>>
>>
>>
>> On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com
>> <mailto:robertpcraig@gmail.com**>> wrote:
>>
>> Just run the setool host tool. To build just 'make setool' and then
>> to run just 'setool'. The help usage statement will guide you.
>>
>>
>> On Mon, Sep 17, 2012 at 2:34 PM, William Roberts
>> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.**com<bill.c.roberts@gmail.com>>>
>> wrote:
>>
>> How did you guys generate the hex encoded x509 string for a
>> signature clause in mac_permissions.xml?
>>
>> Did you use the Android "dumpkey.jar"?
>>
>> I have the signed apk's, the keystore used to sign them, .pem
>> files which have all the pub keys in them and a p12 and p8 file.
>>
>> Which one should I use?
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>>
>>
>>
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>>
>>
>>
--
Respectfully,
William C Roberts
[-- Attachment #2: Type: text/html, Size: 2912 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-09-18 17:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-17 18:34 signature clause in mac_permisions William Roberts
2012-09-17 23:22 ` Robert Craig
2012-09-17 23:59 ` William Roberts
2012-09-18 17:01 ` Joshua Brindle
2012-09-18 17:48 ` William Roberts
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.