Stephen Smalley wrote:
On 05/10/2016 03:57 PM, Joshua Brindle wrote:
Jeffrey Vander Stoep wrote:
The policy binary format changed to make xperms more extensible, but
unfortunately (and irritatingly) not backwards compatible with Android M
which was already under lock down when Paul gave the final OK for
upstream
submission. This isn't the first time this issue has been raised:
http://marc.info/?l=seandroid-list&m=143446867511331&w=2
This issue is the reason why policy analysis tools were added to the
source
tree. The recommendation is to use tools from the same version of Android
as the policy you're analyzing. Sorry, wish I had a more satisfactory
answer.
*sigh* which are linux only...
Thank you, I totally forgot that M had a forked policy format.
FWIW, chainfire ported the compatibility patch from AOSP to a copy of
libsepol so that one can build upstream libsepol and still be able to
read M policies,
https://github.com/Chainfire/selinux/commit/9741246f4812da6998e99adb21de5b059c7bf386
We could apply that upstream if necessary but not sure how supportable
that would be going forward.
Awesome, thank you.
Applied that patch to external/selinux in master and rebuild libsepol.a
to link in with setools 4 and it now reads an M policy and even outputs
the xperms...
I'm doing a full master build now to see if it will read that policy but
this seems to solve my immediate problems.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
