On 06/16/2014 01:59 PM, Dinesh Garg wrote: > Hi, > > Is it possible to extract SEPolicy from one device and push on another > device to take effect?
On AOSP master? On a particular Android version (if so, which one?)? You can pull policy files via adb pull, e.g. adb pull /sepolicy and likewise for any other policy files you want (e.g. /file_contexts, /property_contexts, /seapp_contexts). On 4.3 through 4.4.2, you could push them to /data/security/current, e.g. adb push sepolicy /data/security/current/sepolicy And then trigger a reload via setprop selinux.reload_policy 1 or reboot the device. 4.4.3 disabled this capability due to a problem with handling of policies after an OTA. AOSP master has revived the support but with an additional file, selinux_version, which is compared between /selinux_version and /data/security/current/selinux_version to see if the policy was built for the same target build as the OS before loading any of the files from /data/security. If you want to push policy updates via an app, that mechanism is described here: http://selinuxproject.org/page/SEforAndroid#Policy_Updates _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
