*requirement:* system/bin/setest is a execuble program to read and write /data/hello.txt <https://mail.google.com/data/hello.txt> . I excepted just setest can read or wirte the file /data/hello.txt. root@generic:/system/bin # ./setest Hello, Software Weekly ---------------------------------------------- the details are as follows: *1*.add setest.te in /device/asus/flo/sepolicy :
type setest, domain, mlstrustedsubject; #setest is also permissive to permit setenforce. type setest_exec, exec_type, file_type; init_daemon_domain(setest) permissive setest; allow setest mysec_file:file rw_file_perms; *2*.add setest.te in the file device/asus/flo/BoardConfigCommon.mk as follows: BOARD_SEPOLICY_UNION += \ bluetooth_loader.te \ bridge.te \ setest.te \ *3*.add context in /device/asus/flo/sepolicyfile_contexts as follows: /system/bin/setest u:object_r:setest_exec:s0 *4.*I modify file.te in /external/sepoicy add # /data/hello.txt type mysec_file, file_type, data_file_type; I modify file_contexts in /external/sepoicy add /data/hello.txt u:object_r:mysec_file:s0 ----------------------------------------------------------------------------- the results are as follows: I use the android5.1.1_r9 , ## I recompile the whole system to make the change effective.### [pengfei@pengfei asop]$ source build/envsetup.sh [pengfei@pengfei asop]$ lunch aosp_arm-eng [pengfei@pengfei asop]$ make [pengfei@pengfei asop]$ emulator adb shell root@generic:/system/bin # ls -Z -rwxr-xr-x root shell u:object_r:setest_exec:s0 setest root@generic:/system/bin # ./setest Hello, Software Weekly #####setest is a execuble program to read and write /data/hello.txt .# But when I use dmesg to have a look at the policy which I have made, it does not work. details are as follows: root@generic:/system/bin # dmesg | grep 'avc' 1|root@generic:/system/bin # dmesg | grep 'setest' 1|root@generic:/system/bin # just get 1. What's wrong with my policy change method? I think the setest.te does not work as I expeced. I cd /data/ and cat hello.txt . It works. I excepted just setest can read or wirte the file hello.txt root@generic:/data # cat hello.txt Hello, Software Weeklyroot@generic:/data # Please help me. Thanks advance.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
