xmikos / setools-android Goto Github PK
View Code? Open in Web Editor NEWUnofficial port of setools to Android with additional sepolicy-inject utility included
License: Other
setools-android's Issues
Neverallow rules requested but not available
When I input:
./sesearch --all
There is an error:
ERROR: Cannot get avrules: Neverallow rules requested but not available
ERROR: Operation not supported on transport endpoint
How to fix it?Thanks!
sepolicy-inject wrong function call
policydb.c line 1187: policydb_index_decls expects two arguments: sepol_handle_t* and policydb_t*
sepolicy-inject.c line 108: policydb_index_decls provides only one argument: policydb_t*
zsh: command not found: sepolicy-inject
Why am I running this command (Ubuntu 16.04 amd64)
Git clone https://github.com/xmikos/setools-android.git
Cd setools-android
Ndk-build
I still can not run sepolicy-inject
zsh: command not found: sepolicy-inject
zsh: There is no file or directory: ./sepolicy-inject
Which folder should I run this command?
Is there anything else that needs to be installed?
Android Nougat errors
Copied setools to Nexus 5X with Android Nougat (NRD90S). TWRP present, SU present.
bullhead: # seinfo
ERROR: more than one specifier
ERROR: failed on entry 24 of 10973
ERROR: Unable to open policy /sepolicy.
ERROR: Success
SEtools error
Has anyone encountered this error before?
setools-android/libs/x86_64$ . sesearch
__requires__: command not found
bash: /usr/local/bin/sesearch: line 4: syntax error near unexpected token `'pkg_resources''
bash: /usr/local/bin/sesearch: line 4: `__import__('pkg_resources').require('setools==4.0.0a3')'
[GIT PULL] Fixed compilation error for android-21
You can merge commit from https://github.com/pasis/setools-android/tree/x86-64. I can't open proper pull request, because your repository wasn't forked on github.
This patch fixes #4.
How can I make sure my sepolicy rule has been injected?
I add a elf process in init.rc,
- call "sepolicy-inject -s init_shell -t system_data_file -c file -p append -l" ,it's se context is "init"
- adb shell and call "seinfo -A -s init_shell -t system_data_file -c file -p append" it's se contex is "init_shell", it got no append allow rule I add with sepolicy-inject
which sepolicy could allow sepolicy-inject to inject a sepolicy rule?
the device is huawei HWTIT-AL00 5.1 emui3.1Lite
ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d
I receive an error inspecting /sys/fs/selinux/policy:
$ adb root
adbd is already running as root
$ adb push sesearch /data/local/tmp/
3228 KB/s (243004 bytes in 0.073s)
$ adb shell /data/local/tmp/sesearch -A /sys/fs/selinux/policy
ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d
ERROR: Unable to open policy /sys/fs/selinux/policy.
ERROR: Success
This is weird because if I copy that file on the /sdcard/ path, I can inspect it:
$ adb shell cp /sys/fs/selinux/policy /sdcard/
$ adb shell /data/local/tmp/sesearch -A -s system_app -t system_data_file -c file -p write /sdcard/policy
Found 1 semantic av rules:
allow system_app system_data_file : file { ioctl read write create getattr setattr lock append unlink link rename open } ;
The copied file has the same content as the source:
$ adb shell md5sum /sys/fs/selinux/policy /sdcard/policy
e164e15e24e861f56ce827883e11b6b4 /sys/fs/selinux/policy
e164e15e24e861f56ce827883e11b6b4 /sdcard/policy
Setting SELinux to "Permissive" does not change the behavior.
Am I missing something?
build fails with ndk-bundle version 20.0.5594570
Build fails with latest ndk-bundle
$ sdkmanager --list | grep -m1 ndk
Warning: File /home/max/.android/repositories.cfg could not be loaded.
ndk-bundle | 20.0.5594570 | NDK | ndk-bundle/
Here's the error:
$ ndk-build
Android NDK: The armeabi ABI is no longer supported. Use armeabi-v7a.
Android NDK: NDK Application 'local' targets unknown ABI(s): armeabi mips mips64
Android NDK: Please fix the APP_ABI definition in ./jni/Application.mk
/home/max/android/ndk-bundle/build/core/setup-app.mk:79: *** Android NDK: Aborting . Stop.
Removing armeabi, mips and mips64 from ./jni/Application.mk fixes the compilation error, but prevents the production of the binaries for those architectures.
Can't compile for X86_64
Hi,
I was trying to compile the project for multiple architectures following the documentation for x86_64 I found here.
It states that adding x86-64 to the APP_ABI definition in Application.mk should be sufficient, but I found that the right value seems to be x86_64.
With the following change, I receive an error anyway
diff --git a/jni/Application.mk b/jni/Application.mk
index 86c47ba..b3b0a55 100644
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,2 +1,2 @@
-#APP_ABI := all
+APP_ABI := x86_64
APP_PLATFORM := android-16
Here's the error message
[x86_64] Compile : qpol <= util.c
In file included from jni/libqpol/util.c:32:0:
jni/libqpol/glob.h:40:24: fatal error: sys/_types.h: No such file or directory
#include <sys/_types.h>
^
compilation terminated.
make: *** [obj/local/x86_64/objs/qpol/util.o] Error 1
Am I missing something?
[GIT PULL] libsepol updated to support policydb v30
Please, merge my branch libsepol-2.4 from https://github.com/pasis/setools-android/tree/libsepol-2.4. It adds support of policy version 30 which is on my android device.
Is it possible to inject a new context?
Hi,
can I also inject a new context for a file? I am trying to give permission to certain apps to access IR blaster, which is /dev/ttyHSL1. So far, I can allow system apps to read,write,ioctl,getattr to other system files. But to make it more secure, I guess, I need to separate /tty/HSL1 as a context and it's permissions.
Thanks!
sepolicy-inject => supolicy proxy
Hi,
I would like to do supolicy --live "allow kernel media_rw_data_file:file { read write };" to make DriveDroid work on OnePlus3T and OxygenOS.
How to do it with sepolicy-inject?
Thanks,
"Segmentation fault (core dumped)" when trying to create new context
STR:
- Follow the build instructions from the README to build on a Linux system:
autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin # optional
The result is successful.
Then, using a sepolicy file from unpacked Android boot.img:
- Test to inject a policy as described in the README:
$ sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security: 1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security: 87 classes, 5374 rules, 0 cond rules
Success
So, this works.
Now, I want to create a new context. For the sake of testing I name it tezzzt:
- Run this command
$ sepolicy-inject -s tezzzt -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security: 1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security: 87 classes, 5374 rules, 0 cond rules
type tezzzt does not exist, creating
Segmentation fault (core dumped)
The problem:
seplicy-inject says it is creating the non-existing source context but for some reason this ends up with a segmentation fault. I have no clue how to fix this and how to create a new context in the sepolicy.
Please advise.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.