andreacavalli/Magisk
1
0
Fork 0
forked from MarcoBuster/Magisk
Code Issues Pull Requests Projects Releases Wiki Activity
30 Commits 1 Branch 0 Tags 61 MiB
C++ 41.6%
Kotlin 40.9%
Java 11.7%
Shell 4.1%
Python 1.3%
Other 0.4%
0f4c0b95e2
Go to file
Pierre-Hugues Husson 0f4c0b95e2 Stop commiting the executable. Commit libs instead, see #4
2015-11-11 21:09:51 +01:00
libs Stop commiting the executable. Commit libs instead, see #4 2015-11-11 21:09:51 +01:00
Makefile Update build options. See #2 2015-11-09 21:33:32 +01:00
README.txt Update readme with -z option 2015-06-07 23:00:43 +02:00
sepolicy-inject.c We can now have a list of permissions instead of just one permission, coma separated 2015-11-11 14:02:15 +01:00

README.txt 

Injects allow rules into binary SELinux kernel policies

Injecting a rule:
$ ./sepolicy-inject -s shell -t system -c file -p read -P sepolicy -o sepolicy2                                   
libsepol.policydb_index_others: security:  1 users, 2 roles, 518 types, 14 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  84 classes, 4539 rules, 162 cond rules

$ sesearch -A -s shell -t system -c file sepolicy
Found 1 semantic av rules:
   allow appdomain domain : file { ioctl read getattr lock open } ; 

$ sesearch -A -s shell -t system -c file sepolicy2
Found 2 semantic av rules:
   allow shell system : file read ; 
   allow appdomain domain : file { ioctl read getattr lock open } ; 

Injecting a permissive domain:
$ ./sepolicy-inject -Z shell -P sepolicy -o sepolicy2

$ seinfo sepolicy | grep Permissive
   Permissives:         0    Polcap:              2

$ seinfo sepolicy2 | grep Permissive
   Permissives:         1    Polcap:              2

Change a permissive domain to non-permissive:
$ ./sepolicy-inject -z shell -P sepolicy -o sepolicy2


TODO:

Insert multiple rules at the same time
Remove rules
Use attributes