* signature clause in mac_permisions @ 2012-09-17 18:34 William Roberts 2012-09-17 23:22 ` Robert Craig 0 siblings, 1 reply; 5+ messages in thread From: William Roberts @ 2012-09-17 18:34 UTC (permalink / raw) To: selinux; +Cc: Stephen Smalley [-- Attachment #1: Type: text/plain, Size: 332 bytes --] How did you guys generate the hex encoded x509 string for a signature clause in mac_permissions.xml? Did you use the Android "dumpkey.jar"? I have the signed apk's, the keystore used to sign them, .pem files which have all the pub keys in them and a p12 and p8 file. Which one should I use? -- Respectfully, William C Roberts [-- Attachment #2: Type: text/html, Size: 471 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions 2012-09-17 18:34 signature clause in mac_permisions William Roberts @ 2012-09-17 23:22 ` Robert Craig 2012-09-17 23:59 ` William Roberts 0 siblings, 1 reply; 5+ messages in thread From: Robert Craig @ 2012-09-17 23:22 UTC (permalink / raw) To: William Roberts; +Cc: selinux, Stephen Smalley [-- Attachment #1: Type: text/plain, Size: 575 bytes --] Just run the setool host tool. To build just 'make setool' and then to run just 'setool'. The help usage statement will guide you. On Mon, Sep 17, 2012 at 2:34 PM, William Roberts <bill.c.roberts@gmail.com>wrote: > How did you guys generate the hex encoded x509 string for a > signature clause in mac_permissions.xml? > > Did you use the Android "dumpkey.jar"? > > I have the signed apk's, the keystore used to sign them, .pem files which > have all the pub keys in them and a p12 and p8 file. > > Which one should I use? > > -- > Respectfully, > > William C Roberts > > > [-- Attachment #2: Type: text/html, Size: 1017 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions 2012-09-17 23:22 ` Robert Craig @ 2012-09-17 23:59 ` William Roberts 2012-09-18 17:01 ` Joshua Brindle 0 siblings, 1 reply; 5+ messages in thread From: William Roberts @ 2012-09-17 23:59 UTC (permalink / raw) To: Robert Craig; +Cc: selinux, Stephen Smalley [-- Attachment #1: Type: text/plain, Size: 836 bytes --] I should have RTFM, it is right on the wiki under install time mac http://selinuxproject.org/page/SEAndroid On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com>wrote: > Just run the setool host tool. To build just 'make setool' and then to run > just 'setool'. The help usage statement will guide you. > > > On Mon, Sep 17, 2012 at 2:34 PM, William Roberts <bill.c.roberts@gmail.com > > wrote: > >> How did you guys generate the hex encoded x509 string for a >> signature clause in mac_permissions.xml? >> >> Did you use the Android "dumpkey.jar"? >> >> I have the signed apk's, the keystore used to sign them, .pem files which >> have all the pub keys in them and a p12 and p8 file. >> >> Which one should I use? >> >> -- >> Respectfully, >> >> William C Roberts >> >> >> > -- Respectfully, William C Roberts [-- Attachment #2: Type: text/html, Size: 1678 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions 2012-09-17 23:59 ` William Roberts @ 2012-09-18 17:01 ` Joshua Brindle 2012-09-18 17:48 ` William Roberts 0 siblings, 1 reply; 5+ messages in thread From: Joshua Brindle @ 2012-09-18 17:01 UTC (permalink / raw) To: William Roberts; +Cc: Robert Craig, selinux, Stephen Smalley If you want to go straight from cert to hex encoding without having to sign an app (i.e., you are generating certs and policies at the same time) you can use this: $openssl x509 -inform PEM -in <certname>.x509.pem -outform DER Script to encode: #!/usr/bin/env python import sys content = sys.stdin.read().strip() foo = content.encode("hex") sys.stdout.write(foo) The script to encode has to be very careful about padding or null terminating, hence why I couldn't just use some random command line tool. William Roberts wrote: > I should have RTFM, it is right on the wiki under install time mac > http://selinuxproject.org/page/SEAndroid > > > > On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com > <mailto:robertpcraig@gmail.com>> wrote: > > Just run the setool host tool. To build just 'make setool' and then > to run just 'setool'. The help usage statement will guide you. > > > On Mon, Sep 17, 2012 at 2:34 PM, William Roberts > <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote: > > How did you guys generate the hex encoded x509 string for a > signature clause in mac_permissions.xml? > > Did you use the Android "dumpkey.jar"? > > I have the signed apk's, the keystore used to sign them, .pem > files which have all the pub keys in them and a p12 and p8 file. > > Which one should I use? > > -- > Respectfully, > > William C Roberts > > > > > > > -- > Respectfully, > > William C Roberts > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: signature clause in mac_permisions 2012-09-18 17:01 ` Joshua Brindle @ 2012-09-18 17:48 ` William Roberts 0 siblings, 0 replies; 5+ messages in thread From: William Roberts @ 2012-09-18 17:48 UTC (permalink / raw) To: Joshua Brindle; +Cc: Robert Craig, selinux, Stephen Smalley [-- Attachment #1: Type: text/plain, Size: 1915 bytes --] Thanks, I was playing with opensll myself but couldn't come up with he correct commandline foo for it. Bill On Tue, Sep 18, 2012 at 10:01 AM, Joshua Brindle <method@manicmethod.com>wrote: > If you want to go straight from cert to hex encoding without having to > sign an app (i.e., you are generating certs and policies at the same time) > you can use this: > > $openssl x509 -inform PEM -in <certname>.x509.pem -outform DER > > Script to encode: > > #!/usr/bin/env python > > import sys > content = sys.stdin.read().strip() > foo = content.encode("hex") > sys.stdout.write(foo) > > > The script to encode has to be very careful about padding or null > terminating, hence why I couldn't just use some random command line tool. > > William Roberts wrote: > >> I should have RTFM, it is right on the wiki under install time mac >> http://selinuxproject.org/**page/SEAndroid<http://selinuxproject.org/page/SEAndroid> >> >> >> >> On Mon, Sep 17, 2012 at 4:22 PM, Robert Craig <robertpcraig@gmail.com >> <mailto:robertpcraig@gmail.com**>> wrote: >> >> Just run the setool host tool. To build just 'make setool' and then >> to run just 'setool'. The help usage statement will guide you. >> >> >> On Mon, Sep 17, 2012 at 2:34 PM, William Roberts >> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.**com<bill.c.roberts@gmail.com>>> >> wrote: >> >> How did you guys generate the hex encoded x509 string for a >> signature clause in mac_permissions.xml? >> >> Did you use the Android "dumpkey.jar"? >> >> I have the signed apk's, the keystore used to sign them, .pem >> files which have all the pub keys in them and a p12 and p8 file. >> >> Which one should I use? >> >> -- >> Respectfully, >> >> William C Roberts >> >> >> >> >> >> >> -- >> Respectfully, >> >> William C Roberts >> >> >> -- Respectfully, William C Roberts [-- Attachment #2: Type: text/html, Size: 2912 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-09-18 17:48 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-09-17 18:34 signature clause in mac_permisions William Roberts 2012-09-17 23:22 ` Robert Craig 2012-09-17 23:59 ` William Roberts 2012-09-18 17:01 ` Joshua Brindle 2012-09-18 17:48 ` William Roberts
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.