I want to model the security protection ability of SEAndroid. I suppose to establish the model by extracting subjects which perform action on the same object. OR extracting object which can be performed action by the same subject. For example, /data/anr(/.*)? u:object_r:anr_data_file:s0
allow system_server anr_data_file:dir create_dir_perms; allow shell anr_data_file:dir r_dir_perms; allow dumpstate anr_data_file:dir { rw_dir_perms relabelto }; toward the anr_data_file:, the subject perform action on it is shell, system_server, dumpstate and so on. Is it a good method to model SEAndroid security capability? If I use the method to extract the subject and object, I also confuse how to analyse the extracting result. Please give me some suggesstion about how to model the security capability, and If I use the method above, how to analyse the extracting result. Thanks advance.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.