On 06/16/2014 07:06 PM, William Roberts wrote: > If you want to read the policy that kernel has loaded (which is either > /sepolicy or /data/system/sepolicy (something like that path) then you > can do: > > $ adb shell su 0 cat /sys/fs/selinux/policy > policy
Just to clarify on this point: /sys/fs/selinux/policy is a pseudo file that you can read to obtain a copy of the policy that is currently loaded into the kernel. However: 1) It likely won't be byte-for-byte equivalent to /sepolicy even if that was the policy file that was loaded due to some ordering issues and differences in ebitmap representation in the kernel, so you can only compare it to the /sepolicy file via sediff from the setools packages. 2) When I try to extract it as you showed above with cat, I get an invalid binary policy file that isn't recognized by any of the tools, so it is corrupted in some manner. However, I can extract it as follows: adb root adb pull /sys/fs/selinux/policy and then if I perform a semantic diff of it against the /sepolicy file extracted via adb pull /sepolicy, I get no differences: sediff policy \; sepolicy _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
