/setools-android

Unofficial port of setools to Android with additional sepolicy-inject utility included

Primary LanguageCOtherNOASSERTION

Description

This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle

Ported:

  • seinfo
  • sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

  • sepolicy-inject

This tool injects allow rules into binary SELinux kernel policies.

Building

Ensure that you have installed android-ndk properly. Then run:

git clone https://github.com/xmikos/setools-android.git
cd setools-android
ndk-build

Usage

sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z permissive_type [-P <policy file>] [-o <output file>] [-l|--load]

For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):

sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

Third-party code

This repository contains other opensource code:

  • regex (from OpenBSD)
  • bzip2
  • libsepol

Based on setools-android by Dmitry Podgorny (pasis)