Skip to content

pasis/setools-android

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Description

This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle

Ported:

  • seinfo
  • sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

  • sepolicy-inject

This tool injects allow rules into binary SELinux kernel policies.

Building for Android

Ensure that you have installed android-ndk properly. Then run:

ndk-build

Building for Linux

setools-android can be built for *nix platform as stand-alone binaries without external dependencies. This build simplifies analysis of Android's sepolicy after dumping it from a device.

autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin  # optional

Usage

sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z type_to_make_permissive [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -z type_to_make_nonpermissive [-P <policy file>] [-o <output file>] [-l|--load]

For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):

sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

Third-party code

This repository contains other opensource code:

  • regex (from OpenBSD)
  • bzip2
  • libsepol

Based on pasis/setools-android by Dmitry Podgorny (pasis) and xmikos/setools-android by Michal Krenek (Mikos)

About

Unofficial port of setools to Android

Resources

License

Unknown and 2 other licenses found

Licenses found

Unknown
COPYING
GPL-2.0
COPYING.GPL
LGPL-2.1
COPYING.LGPL

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •