This link may be useful: http://securityblog.org/2006/07/05/selinux-policy-module-primer
Also the libsepol file include/sepol/policydb/policydb.h has lots of useful stuff and with the likes of constraint.h, conditional.h you can get an idea. Also src/policydb.c has the init process. These are what I used when I did some constraint stuff awhile back. Richard --- On Thu, 23/5/13, William Roberts <[email protected]> wrote: From: William Roberts <[email protected]> Subject: Re: SELinux kernel policy format To: "Radzykewycz, T (Radzy)" <[email protected]> Cc: "[email protected]" <[email protected]> Date: Thursday, 23 May, 2013, 6:15 i am sure if I had 10 minutes I could mod the code... just looking for the right file :-p On Wed, May 22, 2013 at 9:16 PM, Radzykewycz, T (Radzy) <[email protected]> wrote: I looked for something like that a while ago, but couldn't find anything. My search was for both SE Linux and SE Android. ________________________________________ From: [email protected] [[email protected]] on behalf of William Roberts [[email protected]] Sent: Wednesday, May 22, 2013 7:00 PM To: [email protected] Subject: SELinux kernel policy format Is their a struct or docs somewhere that defines the format of the SELinux binary policy? A cursory 2 minute glance at the kernel and checkpolicy didn't reveal much. -- Respectfully, William C Roberts -- Respectfully, William C Roberts
