On 01/23/2014 04:53 AM, Edvard Holst wrote: > Hi, > > I am fully aware that the policy booleans that the SEAdmin app provided are > not removed as those API's were not accepted into AOSP. However, I am > wondering what those toggles actually did and where to control them now? > How would I easily disable audio capture from microphone, etc now? > > Thank you!
You can override them at build time by changing the defaults in external/sepolicy/bools or providing your own bools file in a vendor/ or device/ sepolicy directory and using BOARD_SEPOLICY_REPLACE += bools in your BoardConfig.mk file. For runtime toggling of booleans, you can run setsebool or call the SELinux.setBooleanValue API from a system UID app, although you will need to add selinux_setbool(system_app) to your policy for that to be allowed by SELinux. If you want runtime changes of booleans by such an app to be persistent across reboot, you will either need to apply the patches previously posted to the list under the topic of "permanent sebooleans" or have the app itself save and restore the settings on boot. We have been awaiting an updated version of the patches for the former approach, which has the advantage that booleans are applied immediately after policy load. The latter approach is what the old SEAndroidManager app did, so you can look at its code for an example, but note that it cannot take effect until the app is run, so you still want the external/sepolicy/bools defaults to be the most secure settings. AOSP does not want conditional policy so this support is not relevant for AOSP. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
