On 06/05/2014 07:50 AM, "François GILBERT" wrote: > > Hi, > > > I'm working on a SEAndroid policy comparator tools which allow to > visualize the components of SEAndroid policies with graphs. I would like > to generate some sort of "label" to enclose types of different policies. > Compare different policies means that I should manage the different types > and attributes associated with each policy but using just the rules and > the file contexts it's a bit tough. > So, does a kind of convention about the name of attributes/types and their > meanings exist? > I mean, are some attributes/types, like "domain", "netdomain", "netd", > ..., present in all (or almost all) SEAndroid policies? >
All SE (for) Android aka Android SELinux policies that you will find in AOSP or in Samsung devices were originally forked from the external/sepolicy that we originally released as part of our reference implementation and therefore share many of the same attributes and types. However, attributes and types that are of more recent origin in our policy or in AOSP may not appear in the Samsung policies (at least until they rebase to AOSP) and Samsung has added many new attributes and types to their own policies. "domain" and "file_type" should be fairly safe to use across all policies; they even exist in the SELinux reference policy for Linux distributions. "netdomain" is unfortunately different in AOSP 4.3 and 4.4 because the net.te rules were stripped from AOSP when they made all domains unconfined/permissive in 4.3 so even though "netdomain" is defined in the AOSP 4.3 and 4.4 policies, it is not used in any rules and therefore does not allow any permissions. This differs from our policy and the Samsung policies. AOSP master however has restored the net.te rules and therefore has the same meaning for netdomain as in our policy. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
