Re: reload sepolicy

Fri, 23 Dec 2016 21:43:49 -0800 

On Dec 23, 2016 19:34, "peng fei" <fionapeng...@gmail.com> wrote:

Can I modify external/libselinux/src/android.c to force the policy just
load from /data/security/current/sepolicy?
-------------------------------
This is the original file external/libselinux/src/android.c

> static char const * const seapp_contexts_file[] = {
>     "/seapp_contexts",
>     "/data/security/current/seapp_contexts",
>     NULL };
>
> static const struct selinux_opt seopts[] = {
>     { SELABEL_OPT_PATH, "/file_contexts" },
>     { SELABEL_OPT_PATH, "/data/security/current/file_contexts" },
>     { 0, NULL } };
>
> static const char *const sepolicy_file[] = {
>     "/data/security/current/sepolicy",
>     NULL };
>
> static const struct selinux_opt seopts_service[] = {
>     { SELABEL_OPT_PATH, "/data/security/current/service_contexts" },
>     { 0, NULL }
> };
>
-------------------------------
I want to modify android.c as follows:

> static char const * const seapp_contexts_file[] = {
>     "/data/security/current/seapp_contexts",
>     NULL };
>
> static const struct selinux_opt seopts[] = {
>     { SELABEL_OPT_PATH, "/data/security/current/file_contexts" },
>     { 0, NULL } };
>
> static const char *const sepolicy_file[] = {
>     "/data/security/current/sepolicy",
>     NULL };
>
> static const struct selinux_opt seopts_service[] = {
>     { SELABEL_OPT_PATH, "/data/security/current/seapp_contexts" },
>     { SELABEL_OPT_PATH, "/data/security/current/service_contexts" },
>     { 0, NULL }
> };
>
------------------------------
I think building the whole system and rebooting the device to  modify the
sepolicy is complex.


You only need to repackage the boot image for sepolicy changes. If you need
a system relabel, then flash system. Reloading off of data only occurs late
in boot so it's usefulness is limited. Almost everything can be
accomplished via pushing the policy, use load_policy command, restorecon,
start/stop services etc.

Pushing the sepolicy and related file to the /data/security/current/ always
doesn't work.
So , I want a simple way for loading and testing the policy I modified.

If I modify the android.c, could  It  work as I expected or not?


I don't think anyone on the list here is going to help you write code for
this. Also, if you try and ship rules for this you could face CTS/CDD
issues.


Please help me.
Thanks advance.


_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.

_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Reply via email to