Unofficial port of setools to Android with additional sepolicy-inject utility included
Clone or download
xmikos Merge pull request #14 from xmikos/pasis
Merge changes from pasis/setools-android
Latest commit e38bff2 Aug 22, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
jni Fix -l option (don't require argument) Aug 22, 2017
.gitignore gitignore: add autotools and ctags files Jul 1, 2017
AUTHORS initial commit Oct 4, 2013
COPYING initial commit Oct 4, 2013
COPYING.GPL initial commit Oct 4, 2013
COPYING.LGPL initial commit Oct 4, 2013
ChangeLog initial commit Oct 4, 2013
Makefile.am libsepol: add compatibility with Android M Jul 1, 2017
README.md Update README.md Aug 22, 2017
VERSION initial commit Oct 4, 2013
configure.ac Add autotools support May 31, 2017

README.md

Description

This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle

Ported:

  • seinfo
  • sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

  • sepolicy-inject

This tool injects allow rules into binary SELinux kernel policies.

Building for Android

Ensure that you have installed android-ndk properly. Then run:

ndk-build

Building for Linux

setools-android can be built for *nix platform as stand-alone binaries without external dependencies. This build simplifies analysis of Android's sepolicy after dumping it from a device.

autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin  # optional

Usage

sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z type_to_make_permissive [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -z type_to_make_nonpermissive [-P <policy file>] [-o <output file>] [-l|--load]

For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):

sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

Third-party code

This repository contains other opensource code:

  • regex (from OpenBSD)
  • bzip2
  • libsepol

Based on pasis/setools-android by Dmitry Podgorny (pasis) and xmikos/setools-android by Michal Krenek (Mikos)