On Dec 23, 2016 19:34, "peng fei" <fionapeng...@gmail.com> wrote:
Can I modify external/libselinux/src/android.c to force the policy just load from /data/security/current/sepolicy? ------------------------------- This is the original file external/libselinux/src/android.c > static char const * const seapp_contexts_file[] = { > "/seapp_contexts", > "/data/security/current/seapp_contexts", > NULL }; > > static const struct selinux_opt seopts[] = { > { SELABEL_OPT_PATH, "/file_contexts" }, > { SELABEL_OPT_PATH, "/data/security/current/file_contexts" }, > { 0, NULL } }; > > static const char *const sepolicy_file[] = { > "/data/security/current/sepolicy", > NULL }; > > static const struct selinux_opt seopts_service[] = { > { SELABEL_OPT_PATH, "/data/security/current/service_contexts" }, > { 0, NULL } > }; > ------------------------------- I want to modify android.c as follows: > static char const * const seapp_contexts_file[] = { > "/data/security/current/seapp_contexts", > NULL }; > > static const struct selinux_opt seopts[] = { > { SELABEL_OPT_PATH, "/data/security/current/file_contexts" }, > { 0, NULL } }; > > static const char *const sepolicy_file[] = { > "/data/security/current/sepolicy", > NULL }; > > static const struct selinux_opt seopts_service[] = { > { SELABEL_OPT_PATH, "/data/security/current/seapp_contexts" }, > { SELABEL_OPT_PATH, "/data/security/current/service_contexts" }, > { 0, NULL } > }; > ------------------------------ I think building the whole system and rebooting the device to modify the sepolicy is complex. You only need to repackage the boot image for sepolicy changes. If you need a system relabel, then flash system. Reloading off of data only occurs late in boot so it's usefulness is limited. Almost everything can be accomplished via pushing the policy, use load_policy command, restorecon, start/stop services etc. Pushing the sepolicy and related file to the /data/security/current/ always doesn't work. So , I want a simple way for loading and testing the policy I modified. If I modify the android.c, could It work as I expected or not? I don't think anyone on the list here is going to help you write code for this. Also, if you try and ship rules for this you could face CTS/CDD issues. Please help me. Thanks advance. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.