Description
This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle
Ported:
- seinfo
- sesearch
These tools allow to analyze SELinux/SEAndroid policy on an Android device.
Included:
- sepolicy-inject
This tool injects allow rules into binary SELinux kernel policies.
Building
Ensure that you have installed android-ndk properly. Then run:
git clone https://github.com/xmikos/setools-android.git
cd setools-android
ndk-build
Usage
sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z permissive_type [-P <policy file>] [-o <output file>] [-l|--load]
For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):
sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l
Third-party code
This repository contains other opensource code:
- regex (from OpenBSD)
- bzip2
- libsepol
Based on setools-android by Dmitry Podgorny (pasis)