xmikos / setools-android Goto Github PK
View Code? Open in Web Editor NEWUnofficial port of setools to Android with additional sepolicy-inject utility included
License: Other
Unofficial port of setools to Android with additional sepolicy-inject utility included
License: Other
policydb.c line 1187: policydb_index_decls expects two arguments: sepol_handle_t* and policydb_t*
sepolicy-inject.c line 108: policydb_index_decls provides only one argument: policydb_t*
Why am I running this command (Ubuntu 16.04 amd64)
Git clone https://github.com/xmikos/setools-android.git
Cd setools-android
Ndk-build
I still can not run sepolicy-inject
zsh: command not found: sepolicy-inject
zsh: There is no file or directory: ./sepolicy-inject
Which folder should I run this command?
Is there anything else that needs to be installed?
When I input:
./sesearch --all
There is an error:
ERROR: Cannot get avrules: Neverallow rules requested but not available
ERROR: Operation not supported on transport endpoint
How to fix it?Thanks!
I add a elf process in init.rc,
which sepolicy could allow sepolicy-inject to inject a sepolicy rule?
the device is huawei HWTIT-AL00 5.1 emui3.1Lite
You can merge commit from https://github.com/pasis/setools-android/tree/x86-64. I can't open proper pull request, because your repository wasn't forked on github.
This patch fixes #4.
Hi,
I would like to do supolicy --live "allow kernel media_rw_data_file:file { read write };"
to make DriveDroid work on OnePlus3T and OxygenOS.
How to do it with sepolicy-inject
?
Thanks,
STR:
autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin # optional
The result is successful.
Then, using a sepolicy
file from unpacked Android boot.img:
$ sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security: 1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security: 87 classes, 5374 rules, 0 cond rules
Success
So, this works.
Now, I want to create a new context. For the sake of testing I name it tezzzt
:
$ sepolicy-inject -s tezzzt -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security: 1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security: 87 classes, 5374 rules, 0 cond rules
type tezzzt does not exist, creating
Segmentation fault (core dumped)
seplicy-inject
says it is creating the non-existing source context but for some reason this ends up with a segmentation fault. I have no clue how to fix this and how to create a new context in the sepolicy
.
Please advise.
Has anyone encountered this error before?
setools-android/libs/x86_64$ . sesearch
__requires__: command not found
bash: /usr/local/bin/sesearch: line 4: syntax error near unexpected token `'pkg_resources''
bash: /usr/local/bin/sesearch: line 4: `__import__('pkg_resources').require('setools==4.0.0a3')'
Hi,
I was trying to compile the project for multiple architectures following the documentation for x86_64 I found here.
It states that adding x86-64
to the APP_ABI
definition in Application.mk
should be sufficient, but I found that the right value seems to be x86_64
.
With the following change, I receive an error anyway
diff --git a/jni/Application.mk b/jni/Application.mk
index 86c47ba..b3b0a55 100644
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,2 +1,2 @@
-#APP_ABI := all
+APP_ABI := x86_64
APP_PLATFORM := android-16
Here's the error message
[x86_64] Compile : qpol <= util.c
In file included from jni/libqpol/util.c:32:0:
jni/libqpol/glob.h:40:24: fatal error: sys/_types.h: No such file or directory
#include <sys/_types.h>
^
compilation terminated.
make: *** [obj/local/x86_64/objs/qpol/util.o] Error 1
Am I missing something?
Hi,
can I also inject a new context for a file? I am trying to give permission to certain apps to access IR blaster, which is /dev/ttyHSL1. So far, I can allow system apps to read,write,ioctl,getattr to other system files. But to make it more secure, I guess, I need to separate /tty/HSL1 as a context and it's permissions.
Thanks!
I receive an error inspecting /sys/fs/selinux/policy
:
$ adb root
adbd is already running as root
$ adb push sesearch /data/local/tmp/
3228 KB/s (243004 bytes in 0.073s)
$ adb shell /data/local/tmp/sesearch -A /sys/fs/selinux/policy
ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d
ERROR: Unable to open policy /sys/fs/selinux/policy.
ERROR: Success
This is weird because if I copy that file on the /sdcard/
path, I can inspect it:
$ adb shell cp /sys/fs/selinux/policy /sdcard/
$ adb shell /data/local/tmp/sesearch -A -s system_app -t system_data_file -c file -p write /sdcard/policy
Found 1 semantic av rules:
allow system_app system_data_file : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
The copied file has the same content as the source:
$ adb shell md5sum /sys/fs/selinux/policy /sdcard/policy
e164e15e24e861f56ce827883e11b6b4 /sys/fs/selinux/policy
e164e15e24e861f56ce827883e11b6b4 /sdcard/policy
Setting SELinux to "Permissive" does not change the behavior.
Am I missing something?
Build fails with latest ndk-bundle
$ sdkmanager --list | grep -m1 ndk
Warning: File /home/max/.android/repositories.cfg could not be loaded.
ndk-bundle | 20.0.5594570 | NDK | ndk-bundle/
Here's the error:
$ ndk-build
Android NDK: The armeabi ABI is no longer supported. Use armeabi-v7a.
Android NDK: NDK Application 'local' targets unknown ABI(s): armeabi mips mips64
Android NDK: Please fix the APP_ABI definition in ./jni/Application.mk
/home/max/android/ndk-bundle/build/core/setup-app.mk:79: *** Android NDK: Aborting . Stop.
Removing armeabi
, mips
and mips64
from ./jni/Application.mk
fixes the compilation error, but prevents the production of the binaries for those architectures.
Please, merge my branch libsepol-2.4 from https://github.com/pasis/setools-android/tree/libsepol-2.4. It adds support of policy version 30 which is on my android device.
Copied setools to Nexus 5X with Android Nougat (NRD90S). TWRP present, SU present.
bullhead: # seinfo
ERROR: more than one specifier
ERROR: failed on entry 24 of 10973
ERROR: Unable to open policy /sepolicy.
ERROR: Success
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.