>>On AOSP master? On a particular Android version (if so, which one?)? I have couple of devices: one is 4.4.2 based and another is 4.3.
On Mon, Jun 16, 2014 at 11:23 AM, Stephen Smalley <[email protected]> wrote: > On 06/16/2014 01:59 PM, Dinesh Garg wrote: > > Hi, > > > > Is it possible to extract SEPolicy from one device and push on another > > device to take effect? > > On AOSP master? On a particular Android version (if so, which one?)? > > You can pull policy files via adb pull, e.g. > adb pull /sepolicy > and likewise for any other policy files you want (e.g. /file_contexts, > /property_contexts, /seapp_contexts). > > On 4.3 through 4.4.2, you could push them to /data/security/current, e.g. > adb push sepolicy /data/security/current/sepolicy > > And then trigger a reload via setprop selinux.reload_policy 1 or reboot > the device. > > 4.4.3 disabled this capability due to a problem with handling of > policies after an OTA. AOSP master has revived the support but with an > additional file, selinux_version, which is compared between > /selinux_version and /data/security/current/selinux_version to see if > the policy was built for the same target build as the OS before loading > any of the files from /data/security. > > If you want to push policy updates via an app, that mechanism is > described here: > http://selinuxproject.org/page/SEforAndroid#Policy_Updates > > > > > >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
