• Stars
    star
    231
  • Rank 173,434 (Top 4 %)
  • Language
    C
  • License
    Other
  • Created about 10 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Unofficial port of setools to Android with additional sepolicy-inject utility included

Description

This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle

Ported:

  • seinfo
  • sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

  • sepolicy-inject

This tool injects allow rules into binary SELinux kernel policies.

Building for Android

Ensure that you have installed android-ndk properly. Then run:

ndk-build

Building for Linux

setools-android can be built for *nix platform as stand-alone binaries without external dependencies. This build simplifies analysis of Android's sepolicy after dumping it from a device.

autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin  # optional

Usage

sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z type_to_make_permissive [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -z type_to_make_nonpermissive [-P <policy file>] [-o <output file>] [-l|--load]

For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):

sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

Third-party code

This repository contains other opensource code:

  • regex (from OpenBSD)
  • bzip2
  • libsepol

Based on pasis/setools-android by Dmitry Podgorny (pasis) and xmikos/setools-android by Michal Krenek (Mikos)