For now I am only trying to get the core SELinux features running. As they are merged to AOSP, I expected the core functionality to be in the CyanogenMod master branch as well.
When I create a kernel with SELinux enabled, I get a behaviour, that is not conclusive for me: Running getenforce, I get the answer: # getenforce getenforce: no such tool ls gives its usual output: # ls -Z drwxr-xr-x root root - acct drwxrwx--x system cache - cache ... ps shows, that there is some SELinux labeling # ps -Z LABEL USER PID PPID NAME kernel root 1 0 /init kernel root 2 0 kthreadd ... Any hint, what I am missing and why ps shows some labeling, and ls does not. Am 19.06.2013 17:07, schrieb Joshua Brindle: > On Wed, Jun 19, 2013 at 10:43 AM, Janosch Maier <jma...@zertisa.com> wrote: >> Is it currently possible to include SEAndroid in other Android Systems >> than AOSP. I would like to create a CyanogenMod ROM with SEAndroid. >> > > There is no reason it isn't possible. Try this: > > cd cyanogenmod/frameworks/base > git remote add seandroid https://bitbucket.org/seandroid/frameworks-base > git fetch seandroid > repo start cm-merged-seandroid . > git merge seandroid/seandroid-4.2.2 > > You'd need to do that for every repo in the seandroid > local_manifests.xml file. However, just because you have all the > seandroid code merged in *does not* mean you'll be able to run in > enforcing on every device. Further modifications are necessary to the > init scripts for each device you want to support and policy > modifications will need to be made for device differences (mostly > labeling, rules for stuff in /dev and device specific daemons). > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
