Thanks for the comments, I've now updated the pages. Richard
--- On Fri, 10/5/13, Stephen Smalley <s...@tycho.nsa.gov> wrote: > From: Stephen Smalley <s...@tycho.nsa.gov> > Subject: Re: SELinux Notebook updates for SE Android > To: "Richard Haines" <richard_c_hai...@btinternet.com> > Cc: seandroid-list@tycho.nsa.gov > Date: Friday, 10 May, 2013, 18:46 > On 04/15/2013 12:18 PM, Richard > Haines wrote: > > I've now updated the work I did on SE for Android and > put it on the SELinux wiki (http://selinuxproject.org/page/NB_SEforAndroid_1). > > > > I've included the comments I received when I first > published in September and tried not to repeat what is on > the maintainer page (http://selinuxproject.org/page/SEforAndroid). > > > > Hope it's useful - If you find any problems let me > know. > > Thanks, I've put a link from the main SE for Android wiki > page to your page under a new External Documentation > section. > > The binder receive permission was removed and the meaning of > the transfer permission changed a while back (from "owned by > B" to "to B"). > > chcon usage is the same as the first form of chcon(1); you > don't need to specify pairs AFAIK. > > id takes no options but will always display the context= > value if SELinux is enabled. > > Binder.getCallingSecctx() was something we did early on but > was discarded so I guess we ought to stop mentioning it in > SELinux.java. > > setenforce and/or setsebool can be made permanent by putting > them in the init.rc or init.<board>.rc files rather > than running them from an adb shell. That in > particular is the only way to set them permanently on > vanilla AOSP builds where neither SEAdmin nor SEManager are > supported. > > There are several references to a Policy Generation section > but it does not exist under that name. Maybe a > reference to the Building the Policy section. > > device/<vendor>/<device>/sepolicy is where the > device-specific policy files live these days. > > In our branches, we have auditd added to > build/target/product/core.mk so that it is included by > default. In AOSP, if/when auditd is merged, you are > correct that it may not be included by default. > > > > > > > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
