I want to modify sepolicy and verify it. First,
I download the android4.4.4 sepolicy, and modify file.te and file_context, add a new type sec_file. #/data/audit type sec_file, file_type, data_file_type; /data/audit(/.*)? u:object_r:sec_file:s0 -- Second,compile policy. m4 -D mls_num_sens=1 -D mls_num_cats=1024 -D target_build_variant=user -s security_classes initial_sids access_vectors global_macros mls_macros mls policy_capabilities te_macros attributes *.te roles users initial_sid_contexts fs_use genfs_contexts port_contexts > policy.conf [pengfei@pengfei seandroid-4.4.4-external-sepolicy]$ checkpolicy -M -c 26 -o sepolicy policy.conf checkpolicy: loading policy configuration from policy.conf checkpolicy: policy configuration loaded checkpolicy: writing binary representation (version 26) to sepolicy [pengfei@pengfei seandroid-4.4.4-external-sepolicy]$ file sepolicysepolicy: SE Linux policy v26 MLS 8 symbols 7 ocons -- Then, I connected with N958St, which is also android4.4.4 . I adb push sepolicy to and file_contexts to /data/security/current. root@N958St:/data/security/current # setprop sys.init_log_level 6 root@N958St:/data/security/current # setprop selinux.reload_policy 1 root@N958St:/data/security/current # dmesg | grep 'SELinux' <7>[ 3802.717538] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 3802.718476] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 3802.718497] SELinux: 1 users, 2 roles, 293 types, 1 bools, 1 sens, 1024 cats <7>[ 3802.718513] SELinux: 84 classes, 1346 rules <6>[ 3802.719963] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 3802.719978] SELinux: the above unknown classes and permissions will be denied <14>[ 3803.548149] SELinux: Loaded policy from /sepolicy <7>[ 4479.980176] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4479.981074] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4479.981095] SELinux: 1 users, 2 roles, 293 types, 1 bools, 1 sens, 1024 cats <7>[ 4479.981107] SELinux: 84 classes, 1346 rules <6>[ 4479.982588] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 4479.982603] SELinux: the above unknown classes and permissions will be denied <14>[ 4480.187929] SELinux: Loaded policy from /sepolicy <7>[ 4503.340545] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4503.341450] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4503.341467] SELinux: 1 users, 2 roles, 293 types, 1 bools, 1 sens, 1024 cats <7>[ 4503.341479] SELinux: 84 classes, 1346 rules <6>[ 4503.342907] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 4503.342921] SELinux: the above unknown classes and permissions will be denied <14>[ 4504.009018] SELinux: Loaded policy from /sepolicy <7>[ 4524.927888] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4524.928835] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 4524.928854] SELinux: 1 users, 2 roles, 293 types, 1 bools, 1 sens, 1024 cats <7>[ 4524.928865] SELinux: 84 classes, 1346 rules <6>[ 4524.930319] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 4524.930333] SELinux: the above unknown classes and permissions will be denied <14>[ 4525.218099] SELinux: Loaded policy from /sepolicy <7>[ 6609.537301] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 6609.538209] SELinux: 512 avtab hash slots, 1346 rules. <7>[ 6609.538231] SELinux: 1 users, 2 roles, 293 types, 1 bools, 1 sens, 1024 cats <7>[ 6609.538243] SELinux: 84 classes, 1346 rules <6>[ 6609.539703] SELinux: Permission attach_queue in class tun_socket not defined in policy. <6>[ 6609.539717] SELinux: the above unknown classes and permissions will be denied <14>[ 6609.828011] SELinux: Loaded policy from /sepolicy This is the result. root@N958St:/data # ls -Z drwx------ root root u:object_r:system_data_file:s0 audit --- But I want to get the drwx------ root root u:object_r:sec_file:s0 audit ---please help me . Thanks advance.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
