This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle
Ported:
- seinfo
- sesearch
These tools allow to analyze SELinux/SEAndroid policy on an Android device.
Included:
- sepolicy-inject
This tool injects allow rules into binary SELinux kernel policies.
Ensure that you have installed android-ndk properly. Then run:
ndk-build
setools-android can be built for *nix platform as stand-alone binaries without external dependencies. This build simplifies analysis of Android's sepolicy after dumping it from a device.
autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin # optional
sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z type_to_make_permissive [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -z type_to_make_nonpermissive [-P <policy file>] [-o <output file>] [-l|--load]
For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):
sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l
This repository contains other opensource code:
- regex (from OpenBSD)
- bzip2
- libsepol
Based on pasis/setools-android by Dmitry Podgorny (pasis) and xmikos/setools-android by Michal Krenek (Mikos)