private/mac_permissions.xml - platform/system/sepolicy - Git at Google

 <?xml version="1.0" encoding="utf-8"?>
 <policy>

 <!--

     * A signature is a hex encoded X.509 certificate or a tag defined in
       keys.conf and is required for each signer tag. The signature can
       either appear as a set of attached cert child tags or as an attribute.
     * A signer tag must contain a seinfo tag XOR multiple package stanzas.
     * Each signer/package tag is allowed to contain one seinfo tag. This tag
       represents additional info that each app can use in setting a SELinux security
       context on the eventual process as well as the apps data directory.
     * seinfo assignments are made according to the following rules:
       - Stanzas with package name refinements will be checked first.
       - Stanzas w/o package name refinements will be checked second.
       - The "default" seinfo label is automatically applied.

     * valid stanzas can take one of the following forms:

      // single cert protecting seinfo
      <signer signature="@PLATFORM" >
        <seinfo value="platform" />
      </signer>

      // multiple certs protecting seinfo (all contained certs must match)
      <signer>
        <cert signature="@PLATFORM1"/>
        <cert signature="@PLATFORM2"/>
        <seinfo value="platform" />
      </signer>

      // single cert protecting explicitly named app
      <signer signature="@PLATFORM" >
        <package name="com.android.foo">
          <seinfo value="bar" />
        </package>
      </signer>

      // multiple certs protecting explicitly named app (all certs must match)
      <signer>
        <cert signature="@PLATFORM1"/>
        <cert signature="@PLATFORM2"/>
        <package name="com.android.foo">
          <seinfo value="bar" />
        </package>
      </signer>
 -->

     <!-- Platform dev key in AOSP -->
     <signer signature="@PLATFORM" >
       <seinfo value="platform" />
     </signer>

     <!-- Media key in AOSP -->
     <signer signature="@MEDIA" >
       <seinfo value="media" />
     </signer>

     <signer signature="@NETWORK_STACK" >
       <seinfo value="network_stack" />
     </signer>
 </policy>
	<?xml version="1.0" encoding="utf-8"?>
	<policy>

	<!--

	* A signature is a hex encoded X.509 certificate or a tag defined in
	keys.conf and is required for each signer tag. The signature can
	either appear as a set of attached cert child tags or as an attribute.
	* A signer tag must contain a seinfo tag XOR multiple package stanzas.
	* Each signer/package tag is allowed to contain one seinfo tag. This tag
	represents additional info that each app can use in setting a SELinux security
	context on the eventual process as well as the apps data directory.
	* seinfo assignments are made according to the following rules:
	- Stanzas with package name refinements will be checked first.
	- Stanzas w/o package name refinements will be checked second.
	- The "default" seinfo label is automatically applied.

	* valid stanzas can take one of the following forms:

	// single cert protecting seinfo
	<signer signature="@PLATFORM" >
	<seinfo value="platform" />
	</signer>

	// multiple certs protecting seinfo (all contained certs must match)
	<signer>
	<cert signature="@PLATFORM1"/>
	<cert signature="@PLATFORM2"/>
	<seinfo value="platform" />
	</signer>

	// single cert protecting explicitly named app
	<signer signature="@PLATFORM" >
	<package name="com.android.foo">
	<seinfo value="bar" />
	</package>
	</signer>

	// multiple certs protecting explicitly named app (all certs must match)
	<signer>
	<cert signature="@PLATFORM1"/>
	<cert signature="@PLATFORM2"/>
	<package name="com.android.foo">
	<seinfo value="bar" />
	</package>
	</signer>
	-->

	<!-- Platform dev key in AOSP -->
	<signer signature="@PLATFORM" >
	<seinfo value="platform" />
	</signer>

	<!-- Media key in AOSP -->
	<signer signature="@MEDIA" >
	<seinfo value="media" />
	</signer>

	<signer signature="@NETWORK_STACK" >
	<seinfo value="network_stack" />
	</signer>
	</policy>