Trying to build any one project outside of the Android source typically
causes premature baldness, but you could try the following. You might be
able to use both checkpolicy and libsepol from your local box. After all,
the SEAndroid projects simply build host versions anyway. So, I'm assuming
that your host version are good enough. I would then checkout the sepolicy
source.
git clone https://bitbucket.org/seandroid/external-sepolicy.git -b
seandroid
>From here you'll have to compile certain pieces without the help of the
Android.mk file. We have too much hooked into other Android projects and
source for it to be used without downloading more projects. I guess you
could try the following. Note, we use different su policies if we are
building a production or debug build of the policy so keep that in mind.
The command below will use the su_user.te (production) one.
m4 -D mls_num_sens=1 -D mls_num_cats=1024 -s security_classes initial_sids
access_vectors global_macros mls_macros mls policy_capabilities te_macros
attributes bools `ls *.te | grep -v su.te` roles users initial_sid_contexts
fs_use genfs_contexts port_contexts > policy.conf
checkpolicy -M -c 26 -o sepolicy policy.conf
Do note however that we also include various policy files from device
specific directories. The external-sepolicy will compile fine without these
extra pieces but you'll be missing the true picture of what the policy
looks like for a specific device. For instance, device/lge/mako/sepolicy
contains the extra policy for the Nexus 4 device. Presently, we have device
policy for most of the Nexus devices and the emulator and maintain those
projects on the bitbucket site.
Hope this helps.
On Fri, Nov 8, 2013 at 4:38 PM, JeeHyun Hwang <[email protected]> wrote:
> Hello, all.
> I am new to look at seandorid security policies. I have few questions.
>
> (1) Is there any way that we can compile only security policies to make
> binaries without downloading and installing all of seandroid sources?
>
> If possible, I would like to download only several Git folders (e.g.,
> external-policy, libselinux, libsepol,) which necessary to compile only
> security policies. For me, downloading all seandroid src seems to be a
> burden.
>
> (2) If I can use only some of Git folders, it seems that I need to create
> new make file. When I look at external-policy mk file, the file seems to be
> interacted with other mk files. So, I cannot compile. How to make such mk
> file?
>
> (3) I would like to use sediff and apol to analyze these policies. Will it
> work?
>
> Thank you in advance.
> Roy
>
