HI, I have some problem for policy updates. 1.Issue Issue 1 After select Reload Kernel Policies I check adb shell dmesg and logcat, but NOT see policy was reloaded from /data/security/current/sepolicy But /data/security directory have /current Issue 2 After select Reload Kernel Policies adb shell logcat show >>I/ConfigUpdateInstallReceiver( 593): Couldn't find current metadata, assuming first update >>I/ConfigUpdateInstallReceiver( 593): Failed to read current content, assuming first update! >>I/ConfigUpdateInstallReceiver( 593): Found new update, installing... >>I/ConfigUpdateInstallReceiver( 593): Installation successful >>I/SELinuxPolicyInstallReceiver( 593): Applying SELinux policy
2.Information AOSP: android-5.1.1_r14 SE for Android modifications: seandroid-5.1.1 Devices: ASUS Nexus7 II 3.Goal I want to modify external/sepolicy/shell.te adb shell can not access data/local/tmp directory 4.Step step 1 Delete allow >># Access /data/local/tmp. >># allow shell shell_data_file:dir create_dir_perms; >># allow shell shell_data_file:file create_file_perms; >># allow shell shell_data_file:file rx_file_perms; >># allow shell shell_data_file:lnk_file create_file_perms; step 2 >>mmm external/sepolicy or >>make sepolicy step 3 Using tool buildsebundle >>buildsebundle -k build/target/product/security/testkey.pk8 -v 2 -- out/target/product/flo/root/* out/target/product/flo/system/etc/security/mac_permissions.xml >>adb push selinux_bundle.zip /sdcard/ step 4 Run SEAdmin select Kernel and MMAC Policy under POLICY UPDATE OPTIONS, and select Reload Kernel Policies Reference website: http://seandroid.bitbucket.org/PolicyUpdates.html#policy-updates
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
