On 04/15/2013 12:18 PM, Richard Haines wrote:
I've now updated the work I did on SE for Android and put it on the SELinux
wiki (http://selinuxproject.org/page/NB_SEforAndroid_1).
I've included the comments I received when I first published in September and
tried not to repeat what is on the maintainer page
(http://selinuxproject.org/page/SEforAndroid).
Hope it's useful - If you find any problems let me know.
Thanks, I've put a link from the main SE for Android wiki page to your
page under a new External Documentation section.
The binder receive permission was removed and the meaning of the
transfer permission changed a while back (from "owned by B" to "to B").
chcon usage is the same as the first form of chcon(1); you don't need to
specify pairs AFAIK.
id takes no options but will always display the context= value if
SELinux is enabled.
Binder.getCallingSecctx() was something we did early on but was
discarded so I guess we ought to stop mentioning it in SELinux.java.
setenforce and/or setsebool can be made permanent by putting them in the
init.rc or init.<board>.rc files rather than running them from an adb
shell. That in particular is the only way to set them permanently on
vanilla AOSP builds where neither SEAdmin nor SEManager are supported.
There are several references to a Policy Generation section but it does
not exist under that name. Maybe a reference to the Building the Policy
section.
device/<vendor>/<device>/sepolicy is where the device-specific policy
files live these days.
In our branches, we have auditd added to build/target/product/core.mk so
that it is included by default. In AOSP, if/when auditd is merged, you
are correct that it may not be included by default.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
