If you want to read the policy that kernel has loaded (which is either /sepolicy or /data/system/sepolicy (something like that path) then you can do:
$ adb shell su 0 cat /sys/fs/selinux/policy > policy On Mon, Jun 16, 2014 at 1:31 PM, Dinesh Garg <[email protected]> wrote: >>>On AOSP master? On a particular Android version (if so, which one?)? > I have couple of devices: one is 4.4.2 based and another is 4.3. > > > On Mon, Jun 16, 2014 at 11:23 AM, Stephen Smalley <[email protected]> wrote: >> >> On 06/16/2014 01:59 PM, Dinesh Garg wrote: >> > Hi, >> > >> > Is it possible to extract SEPolicy from one device and push on another >> > device to take effect? >> >> On AOSP master? On a particular Android version (if so, which one?)? >> >> You can pull policy files via adb pull, e.g. >> adb pull /sepolicy >> and likewise for any other policy files you want (e.g. /file_contexts, >> /property_contexts, /seapp_contexts). >> >> On 4.3 through 4.4.2, you could push them to /data/security/current, e.g. >> adb push sepolicy /data/security/current/sepolicy >> >> And then trigger a reload via setprop selinux.reload_policy 1 or reboot >> the device. >> >> 4.4.3 disabled this capability due to a problem with handling of >> policies after an OTA. AOSP master has revived the support but with an >> additional file, selinux_version, which is compared between >> /selinux_version and /data/security/current/selinux_version to see if >> the policy was built for the same target build as the OS before loading >> any of the files from /data/security. >> >> If you want to push policy updates via an app, that mechanism is >> described here: >> http://selinuxproject.org/page/SEforAndroid#Policy_Updates >> >> >> >> >> > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. -- Respectfully, William C Roberts _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
