It’s easy to get started with Concepts, no matter what your budget or needs.
. Access your files using Finder in Mac OS, OneDrive online or in the mobile app. Access files offline on your smartphone, Mac, or tablet. Save local space on your Mac with Files On-Demand. File sharing. Share docs, photos, videos, and albums with friends and family. Work in the same document with others in real time with. Alternatives to Contexts for Mac, Windows, Linux, Software as a Service (SaaS), Web and more. Filter by license to discover only free or Open Source alternatives. This list contains a total of 14 apps similar to Contexts. List updated: 1/2/2020 9:37:00 AM.
Windows 10, Android & Chrome OS
Concepts 2020.x
Solid Sketching for Everyone / Free
The free version of Concepts is a sketchbook on steroids. Use an infinite canvas, gorgeous brushes, 5 layers, and a whole lot of creative freedom. No account or signup required - just download the app and start sketching.
Get Just What You Need / A-La-Carte
Toodledo is a popular and powerful online productivity tool. Manage your to-do list, take notes, track habits, and organize ideas into outlines and lists. Contexts 3.7.1 for Mac can be downloaded from our website for free. Commonly, this program's installer has the following filename: contexts.zip. This Mac app is an intellectual property of Usman Khalid. The application relates to System Tools. The most popular version among Contexts for Mac users is 0.9. May 29, 2020 How to Zip Files and Folders on Mac. To get started, open the “Finder” app, and locate the files or folders that you want to compress. If you’re selecting multiple files, hold the Command key while selecting the files. Once you’ve made the selection, right-click on it to view the context menu. Here, click the “Compress” option.
For the casual creator to the true professional, upgrade your creativity with these powerful addons. Note that while we’re working towards a unified platform, there are some differences in feature availability.
The Essentials
Make Custom Brushes, Manipulate Anything w/ Advanced Transforms, use Precision Tools and Shapes, Infinite Layers, Export to both vector and high-res formats like SVG, DXF or PSD.
The Essentials
Manipulate Anything, use Infinite Layers, Import Images and Export to both vector and high-res formats like SVG, DXF or PSD. Precision features coming soon.
Brush & Object Packs
Speed up your process with our professional library of royalty-free brushes and objects.
Brush Packs
Quickly add style with our professional library of brushes.
Make Your Own Objects
Custom drag-and-drop libraries make repetitive workflows fast and reliable.
PDF For Pros
Import single or multi-page PDFs, and export vector or flattened versions.
Import single or multi-page PDFs, and export high-res flattened versions. Vector export coming soon.
Everything / Yearly or Monthly Subscription
Move faster and accomplish more with the Everything option (including 47 libraries and services), and enjoy the benefits of steady updates every 4-6 weeks that will not only make your work more enjoyable, but mobile to boot.
Learn more about our view on subscriptions. Team Sharing
Share Object Packs and Color Palettes with your team or anyone else.
Brush Packs
All Included
Pro Community
Exclusive access to learning and support from pros like you.
Contexts AppPro Community
Exclusive access to learning and support from pros like you.
*Prices may differ based on your location. Purchases are completed inside the app. Available features may differ between platforms (as we continue to iterate).
This section details the Android policy configuration file formats with worked examples.
The following files are described:
file_contexts
This file is used to associate default contexts to files for file systems that support extended file attributes. It is used by the file labeling commands such as restorecon.
The Checking File Labels section describes how changes in this file are detected.
The build process supports additional file_contexts files allowing devices to specify their entries as described in the Processing Device Policy section.
Each line within the file consists of the following:
Where:
Example entries:
These are example entries from device/asus/flo/sepolicy/file_contexts, note the 'by-name' entry. This is resolved by ueventd as explained in the following commit:
It is also worth noting that the 'by-name' (or 'by-num') entry can exist in fstab files as shown in this example taken from device/asus/flo/fstab.flo:
seapp_contexts
This file is loaded and sorted into memory using the precedence rules explained below on first use by of one of the following Android libselinux functions:
The Checking File Labels section describes how changes in this file are detected.
The build process supports additional seapp_contexts files allowing devices to specify their entries as described in the Processing Device Policy section.
The following sections will show:
Default Entries
The default Android external/sepolicy/seapp_contexts file contains the following entries:
Entry Definitions
The following has been extracted from the default file with some additional comments that describe the parameters and how they are used to compute a context:
Input selectors from seapp_contexts file:
Notes:
Precedence rules:
Outputs:
Notes:
Computing a Context
This section explains the process to compute a context using parameters supplied by the selinux_android_setcontext, selinux_android_setfilecon, selinux_android_restorecon and selinux_android_restorecon_pkgdir functions plus the precedence sorted contents of the seapp_contexts file, some examples are then shown.
The context is computed first by converting the uid parameter to a string that is used to match the user component in the seapp_contexts entry as follows:
Then cycling through each precedence sorted seapp_contexts entry, check each component as follows until a match is found or generate an error log entry:
The overall objective is that the computed levels should never be the same for different apps, users, or a combination of both. By encoding each ID as a category pair, up to 2^16 app IDs and up to 2^16 user IDs within the 1024 categories can be represented, including the levelFrom=all or mixed usage of levelFrom=app and levelFrom=user.
If a valid entry is found, then:
If a valid entry is not found an error is generated in the log currently formatted as follows:
Computing Process Context Examples
The following is an example taken as the system server is loaded:
This is the ’radio’ application that is part of the platform:
This is the 'SEAndroid Admin Manager' application that is part of the SEAndroid release, however it is treated as an untrusted app (it is installed as a privileged app):
This is a third party app (com.example.runisolatedservice) to run an isolated service that has been installed as a privileged app (com.se4android.isolatedservice):
This is the isolated service installed as a privileged app (com.se4android.isolatedservice):
Computing File Context Example
The following example is from the third party isolated app:
property_contexts
This file holds property service keys and their contexts that are matched against property names using selabel_lookup(3). The returned context will then be used as the target context as described in the example below to determine whether the property is allowed or denied (see system/core/init/property_service.c and init.c).
The build process supports additional property_contexts files allowing devices to specify their entries as described in the Processing Device Policy section.
When selabel_open(3) is called specifying this file it will be read into memory and sorted using qsort(3), subsequent calls using selabel_lookup(3) will then retrieve the appropriate context based on matching the property_key.
Example:
Use adb to reload the SELinux policy:
Sample property_contexts file entries are:
The property service will call selabel_lookup with parameters consisting of the handle passed from selabel_open, a buffer to hold the returned context, and the object name 'selinux.reload_policy' to look-up (the final parameter is not used):
The following context will be returned as the look-up process will search for a match based on the length of the property_key (and will therefore match against 'selinux.'):
The property service will then validate whether the service has permission by issuing an selinux_check_access(3) call with the following parameters:
The policy would then decide whether to allow or deny the property request. Using the sepolicy-check tool will show that this will be denied by the current policy (a dontaudit rule is in the policy, however su runs permissive anyway):
service_contexts
This file holds binder service keys and their contexts that are matched against binder object names using selabel_lookup(3). The returned context will then be used as the target context as described in the example below to determine whether the binder service is allowed or denied (see frameworks/native/cmds/servicemanager/servicemanager.c).
The build process supports additional service_contexts files allowing devices to specify their entries as described in the Building the Policy section.
![]()
When selabel_open(3) is called specifying this file it will be read into memory and sorted using qsort(3), subsequent calls using selabel_lookup(3) will then retrieve the appropriate context based on matching the service_key.
Example:
The healthd process wants to start a binder service 'batterypropreg' (see frameworks/base/services/java/com/android/server/BatteryService.java).
Sample service_contexts file entries are:
The service manager will call selabel_lookup with parameters consisting of the handle passed from selabel_open, a buffer to hold the returned context, and the object name 'batterypropreg' to look-up (the final parameter is not used):
The following context will be returned as the look-up process will search for a match based on the length of the service_key (and will therefore match against 'battery'):
The service manager will then validate whether the service has permission by issuing an selinux_check_access(3) call with the following parameters:
The policy would then decide whether to allow or deny the service. Using the sepolicy-check tool will show that this will be allowed by the current policy:
mac_permissions.xml
The mac_permissions.xml file is used to configure Run/Install-time MMAC policy and provides x.509 certificate to seinfo string mapping so that Zygote spawns an app in the correct domain. See the Computing a Context section for how this is achieved using information also contained in the seapp_contexts file (AOSP and SEAndroid).
An example AOSP mac_permissions.xml file that shows the <default> entry is:
The <signer signature= entry may have the public base16 signing key present in the string or it may have an entry starting with @, then a keyword as shown that allows the key to be extracted from a pem file as discussed in the insertkeys.py section. If a base16 key is required, it can be extracted from a package using the post_process_mac_perms and setool utilities.
The build process supports additional mac_permissions.xml files allowing devices to specify their entries as described in the Processing Device Policy section. An example SEAndroid test device mac_permissions.xml file is:
Policy Rules
The following rules have been extracted from the AOSP mac_permissions.xml file with the one SEAndroid addition noted:
eops.xml
The following text has been taken from the SEAndroid /external/sepolicy/eops.xml file (so check if any changes) with a few minor additions (there is also a simple example in the EOps Example section section).
EOps (enterprise operations) is a security extension to the App Operations (AppOps) feature already present on Android 4.3+ devices. AppOps lets users fine tune certain functionality requested by apps by allowing the user to toggle these access rights.
EOps seeks to provide an extension whereby a hard coded set of rules explicitly denies certain access rights to groups of installed apps. This feature will allow an enterprise like control over certain operations. EOps is not a front-end for SELinux which somehow ties app permissions to SELinux contexts. Rather, it is an extension of the middleware MAC (MMAC) controls that currently exist on Android 4.3+ devices. EOps uses the seinfo labels that are already assigned to apps upon install.
The list of viable op tag names can be found in frameworks/base/core/java/android/app/AppOpsManager.java. Just use the string version of each op without the OP_ prefix in your policy tags. These are the current 48 entries (March '15):
All operations listed in the policy will have a mode of ignored. This means that empty data sets are returned to the caller when an operation is requested. This shadow data will then allow certain apps to presumably still operate. However, AOSP currently is not constructed to return these empty data sets and therefore acts as if ignored operations are completely denied (blocked). Because of this some apps might crash or behave oddly if you apply certain eops policy. In addition, while AOSP seems to have hooked the proper places to check operations against policy some of those hooks fail to follow through with the denial and still allow the operation to occur. Because of this, EOps will also fail to make those distinctions and likewise fail to enforce certain operations. Once the AOSP pieces are in place to return legitimate fake data and enforce all operations then of course eops, by its design, will also do the same.
So, as long as AppOps is beta so too will EOps.
A debug tag is also allowed which flips on the global debugging log functionality inside AppOps.
Each stanza is grouped according to the seinfo tag that is assigned during install and thus creates a dependency with the mac_permissions.xml file. Each seinfo tag can then include any number of op tags. By including the op(s) you are simply removing that operation from working for all apps that have been installed with the listed seinfo label. These operations are restricted regardless of what any user controlled app ops policy may say. Any op not listed is therefore still subject to user control as normal.
Lastly, there is no permissive mode for EOps. Once a policy is in place all ops listed are enforced.
The following is an example eops.xml policy file that will stop the camera being used by any system or default app. The file installation is shown in the Build Bundle Tools - buildeopbundle section:
ifw.xml
The example external/sepolicy/ifw.xml file has some comments regarding the tags, there is also an overview at http://www.cis.syr.edu/~wedu/android/IntentFirewall/.
The following is an example ifw.xml policy file that will stop the DemoIsolatedService being used by any app other than system apps or apps with the same signature. The file installation is shown in the Build Bundle Tools - buildifwbundle section:
The events will be in the event log under the 'ifw_intent_matched' tag, for example:
This section covers the policy build tools located at external/sepolicy/tools. They are checkfc, checkseapp and insertkeys.py. There is also setool that is not used as part of the build process but generates mac_permissions.xml entries from packages.
checkfc
The checkfc utility is used during the build process to validate the file_contexts, property_contexts and service_contexts files against policy. If validation fails checkfc will exit with an error.
Usage:
Example validating file_contexts file (note: no -p parameter):
Example validating property_contexts file:
checkseapp
The checkseapp utility is used during the build process to validate the seapp_contexts file against policy. If validation fails checkseapp will exit with an error. checkseapp also consolidates matching entries and outputs the valid file stripped of comments.
Usage:
An example command with output to stdout is:
insertkeys.py
The insertkeys.py utility is used during the build process to insert signing keys into the mac_permissions.xml file. The keys are obtained from pem files and the entries to be replaced start with an @ followed by a keyword. The external/sepolicy/keys.conf file contains corresponding entries that allow mapping of pem files to signatures as discussed in the keys.conf File section.
insertkeys.py generates base16 encodings from the base64 pem files as this is required by the Android Package Manager Service. The resulting mac_permissions.xml file will also be stripped of comments and whitespace.
Usage:
keys.conf File
The keys.conf file is used by insertkeys.py for mapping the '@...' tags in mac_permissions.xml, mmac_types.xml and content_provider.xml signature entries with public keys found in pem files. The configuration file can be used in the BOARD_SEPOLICY_UNION variable and is processed via m4 macros.
insertkeys.py allows for mapping any string contained in TARGET_BUILD_VARIANT with a specific path to a pem file. Typically TARGET_BUILD_VARIANT is either user, eng or userdebug. Additionally 'ALL' may be specified to map a path to any string specified in TARGET_BUILD_VARIANT. All tags are matched verbatim and all options are matched lowercase. The options are 'tolowered' automatically for the user, it is convention to specify tags and options in all uppercase and tags start with @.
An example keys.conf file is as follows:
The following is an example entry that will use a device specific key during the build process:
Build Bundle Tools
The following tools will produce an Android 'bundle' for updating MAC/MMAC policy within a zip file suitable for installation by the SEAdmin app. SEAdmin is currently hard-coded to look for these zip files in the SD Card device (/sdcard/).
Mac Context Menu Key
The buildsebundle section also shows how a policy can be updated by broadcasting an intent instead of using SEAdmin.
buildsebundle
The buildsebundle tool will produce an Android 'bundle' for updating the core SE for Android policy within an selinux_bundle.zip file, suitable for installation by the SEAdmin app, although it is possible to update using an intent as described in the Using an Intent Example section.
To be able to build the bundle the following mandatory files are required:
Usage:
The following is an example where a new policy has been built with all required files. The wildcard can be used as buildsebundle will always use the mandatory list:
Once built, the bundle is pushed to the SD card and SEAdmin is used to update the policy (note that SEAdmin only reads the bundle from /sdcard).
Using an Intent Example
This example shows how to update a policy by broadcasting an intent in the same way as SEAdmin.
Extract the selinux_bundle files from the selinux_bundle.zip file:
The two files contain:
Push the update_bundle to the device:
Build an intent to broadcast via adb by including the bundle location, with the hash, signature and version from the update_bundle_metadata as follows:
When the intent has been broadcast there will be a response, however that does not indicate that the policy was updated, just that the intent was broadcast:
logcat should show whether it was successful:
If the update failed because of versioning then an error is given (however if signature incorrect fails silently).
The following show various policy information after the third update:
The loaded policy can be extracted from the device if required by:
buildeopbundle
The buildeopbundle tool will produce an Android 'bundle' for updating the Enterprise Operations policy within an eops_bundle.zip file suitable for installation by the SEAdmin app, although it is possible to update using an intent as described in the Using an Intent Example section.
To be able to build the bundle an eops.xml file is required.
Usage:
Eops Example
The following is an example where a new eops.xml file has been produced, bundled, then pushed to the SD card. SEAdmin is then used to update the policy (note that SEAdmin only reads the bundle from /sdcard):
logcat should show if it was successful:
The new file and its supporting metadata are:
The version number after the update is:
Because the Eops policy specified an seinfo of system and the operation CAMERA, if the Camera app is now started it will load however, it will not be possible to take pictures as logcat will show:
buildifwbundle
The buildifwbundle tool will produce an Android 'bundle' for updating the Intent Firewall policy within an ifw_bundle.zip file suitable for installation by the SEAdmin app, although it is possible to update using an intent as described in the Using an Intent Example section.
To be able to build the bundle an ifw.xml file is required, although note that the Intent Firewall service will read any file so long as it has the .xml extension.
Usage:
IFW Example
The following is an example where a new ifw.xml file has been produced, bundled, and then pushed to the SD card. SEAdmin is then used to update the policy (note that SEAdmin only reads the bundle from /sdcard):
logcat should show whether it was successful:
The new file and its supporting metadata are:
The version number after the update is:
post_process_mac_perms
This tool will modify an existing mac_permissions.xml with additional app certs not already found in that policy. This becomes useful when a directory containing apps is searched and the certs from those apps are added to the policy not already explicitly listed.
There is no make target for this tool (python script), so either move to HOST_EXECUTABLE or execute directly (e.g. $PREFIX/external/sepolicy/tools/post_process_mac_perms).
Usage:
Example:
Before:
After:
sepolicy_check
A tool for auditing a sepolicy file for any allow rule that grants a given permission.
Usage:
The output will be 'Match found!' or silent if not. sepolicy_check will return 0 for found, 1 for not found and -1 for an error.
Examples:
sepolicy-analyze
This is the text from the external/sepolicy/tools/README that describes the tool for performing various kinds of analysis on a sepolicy file. The analysis currently supported includes:
Type Equivalence
Display all type pairs that are 'equivalent', i.e. they are identical with respect to allow rules, including indirect allow rules via attributes and default-enabled conditional rules (i.e. default boolean values yield a true conditional expression).
Equivalent types are candidates for being coalesced into a single type. However, there may be legitimate reasons for them to remain separate, for example: - the types may differ in a respect not included in the current analysis, such as default-disabled conditional rules, audit-related rules (auditallow or dontaudit), default type transitions, or constraints (e.g. mls), or - the current policy may be overly permissive with respect to one or the other of the types and thus the correct action may be to tighten access to one or the other rather than coalescing them together, or - the domains that would in fact have different accesses to the types may not yet be defined or may be unconfined in the policy you are analyzing.
Example output:
Type Difference
Display type pairs that differ and the first difference found between the two types. This may be used in looking for similar types that are not equivalent but may be candidates for coalescing.
Example output:
Duplicate Allow Rules
Displays duplicate allow rules, i.e. pairs of allow rules that grant the same permissions where one allow rule is written directly in terms of individual types and the other is written in terms of attributes associated with those same types. The rule with individual types is a candidate for removal. The rule with individual types may be directly represented in the source policy or may be a result of expansion of a type negation (e.g. domain -foo -bar is expanded to individual allow rules by the policycompiler). Domains with unconfineddomain (this was removed in 5.1) will typically have such duplicate rules as a natural side effect and can be ignored.
Example output:
Permissive Domains
Displays domains in the policy that are permissive, i.e. avc denials are logged but not enforced for these domains. While permissive domains can be helpful during development, they should not be present in a final -user build.
Example output on an ENG policy:
Booleans
Displays the boolean names in the policy (if any).Policy booleans are forbidden in Android policy, so if there is any output, the policy will fail CTS.
Attribute
Displays the types associated with the specified attribute name.
Example output:
Neverallow Checking
Check whether the sepolicy file violates any of the neverallow rules from the neverallows.conf file or a given string, which contain neverallow statements in the same format as the SELinux policy.conf file, i.e. after m4 macro expansion of the rules from a .te file. You can use an entire policy.conf file as the neverallows.conf file and sepolicy-analyze will ignore everything except for the neverallows within it. You can also specify this as a command-line string argument, which could be useful for quickly checking an individual expanded rule or group of rules. If there are no violations, sepolicy-analyze will exit successfully with no output. Otherwise, sepolicy-analyze will report all violations and exit with a non-zero exit status.
The -w or --warn option may be used to warn on any types, attributes, classes, or permissions from a neverallow rule that could not be resolvedwithin the sepolicy file. This can be normal due to differences between the policy from which the neverallow rules were taken and the policybeing checked. Such values are ignored for the purposes of neverallow checking.
The -d or --debug option may be used to cause sepolicy-analyze to emit the neverallow rules as it parses them. This is principally a debugging facility for the parser but could also be used to extract neverallow rules from a full policy.conf file and output them in a more easily parsed format.
These neverallow rules are also used by the Andriod CTS to check for policy conformance, see cts/tools/selinux/SELinuxNeverallowTestGen.py that generates Java methods.
Example output using the -d option:
setoolContexts App For Mac Download
The setool utility is not used during the build process and is intended only to produce entries for the mac_permissions.xml file and verify a correctly formated file. It is not supplied in AOSP.
Usage:
The following examples show the generation and verification process:
The output will be:
Note that for verification via setool requires the segment to be included within a correctly formatted mac_permissions.xml file (i.e. have the <policy></policy> tags present:
Context Software For Mac
This utility will take an Android uid and convert it to a username. The code is a modified version from bionic/libc/bionic/stubbs.cpp that converts an Android uid to username.
To compile this utility:
Android Get App Context
Contexts App Mac
Retrieved from 'https://selinuxproject.org/w/?title=NB_SEforAndroid_2&oldid=1765'
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |