xmikos / setools-android Goto Github PK

View Code? Open in Web Editor NEW

242.0 26.0 98.0 877 KB

Unofficial port of setools to Android with additional sepolicy-inject utility included

License: Other

Makefile 0.42% C 98.01% C++ 0.27% Yacc 0.93% Lex 0.24% M4 0.01% Objective-C 0.13%

setools-android's People

Contributors

Stargazers

Watchers

Forkers

wynney m0narx14 idl3r melbshark anestisb almightymegadeth00 linmaogithub sub77-bkp cnroms oleavr luchachen thomasking2014 shenyuanv draekko wubainian hitmoon junejuly sammaple coffeevapple zaphodatreides xiaolu zzgambol surge1223 flankersky milandev shuxin 0xd34d testwhat jluysf astrofimov dazhix scyclzy 0xr0ot sigma-random danieljiang0415 hexiaoshuai robcore huntpig netstu iamtag umerov1999 xiaomingbiezheyang inarcissuss hazmad lishuai1225 zhouat cofface-devices zhuotong whb224117 zasxcdfva ascii2unicode pharaoh1 difcareer yuknight crackercat skinzor qqzwc m8599399 imsngn morristech adro07 bleachangel aplus123 evilpan cade335 phymanwow maxchinni mxiier habibzadeh sts-sadr hotelzululima genxster1998 3v1lw1th1n eagle518 hnyaoqingping hanzolabs yazdandeli adam-zetier ntvvvv shenzhigang wenxin0405 excloudx6 abhijitch smile-ttxp huyu0415 ckandroidproject cxslucyfer yrz pinkperfect

setools-android's Issues

SEtools error

Has anyone encountered this error before?

setools-android/libs/x86_64$ . sesearch                      
__requires__: command not found                                                                           
bash: /usr/local/bin/sesearch: line 4: syntax error near unexpected token `'pkg_resources''               
bash: /usr/local/bin/sesearch: line 4: `__import__('pkg_resources').require('setools==4.0.0a3')'

[GIT PULL] libsepol updated to support policydb v30

Please, merge my branch libsepol-2.4 from https://github.com/pasis/setools-android/tree/libsepol-2.4. It adds support of policy version 30 which is on my android device.

build fails with ndk-bundle version 20.0.5594570

Build fails with latest ndk-bundle

$ sdkmanager --list | grep -m1 ndk
Warning: File /home/max/.android/repositories.cfg could not be loaded.
  ndk-bundle           | 20.0.5594570 | NDK                            | ndk-bundle/

Here's the error:

$ ndk-build 
Android NDK: The armeabi ABI is no longer supported. Use armeabi-v7a.    
Android NDK: NDK Application 'local' targets unknown ABI(s): armeabi mips mips64    
Android NDK: Please fix the APP_ABI definition in ./jni/Application.mk    
/home/max/android/ndk-bundle/build/core/setup-app.mk:79: *** Android NDK: Aborting    .  Stop.

Removing armeabi, mips and mips64 from ./jni/Application.mk fixes the compilation error, but prevents the production of the binaries for those architectures.

How can I make sure my sepolicy rule has been injected?

I add a elf process in init.rc,

call "sepolicy-inject -s init_shell -t system_data_file -c file -p append -l" ,it's se context is "init"
adb shell and call "seinfo -A -s init_shell -t system_data_file -c file -p append" it's se contex is "init_shell", it got no append allow rule I add with sepolicy-inject

which sepolicy could allow sepolicy-inject to inject a sepolicy rule?
the device is huawei HWTIT-AL00 5.1 emui3.1Lite

Is it possible to inject a new context?

Hi,

can I also inject a new context for a file? I am trying to give permission to certain apps to access IR blaster, which is /dev/ttyHSL1. So far, I can allow system apps to read,write,ioctl,getattr to other system files. But to make it more secure, I guess, I need to separate /tty/HSL1 as a context and it's permissions.

Thanks!

ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d

I receive an error inspecting /sys/fs/selinux/policy:

$ adb root
adbd is already running as root
$ adb push sesearch /data/local/tmp/
3228 KB/s (243004 bytes in 0.073s)
$ adb shell /data/local/tmp/sesearch -A /sys/fs/selinux/policy
ERROR: policydb magic number 0x000008 does not match expected magic number 0xf97cff8c or 0xf97cff8d
ERROR: Unable to open policy /sys/fs/selinux/policy.
ERROR: Success

This is weird because if I copy that file on the /sdcard/ path, I can inspect it:

$ adb shell cp /sys/fs/selinux/policy /sdcard/
$ adb shell /data/local/tmp/sesearch -A -s system_app -t system_data_file -c file -p write /sdcard/policy
Found 1 semantic av rules:
   allow system_app system_data_file : file { ioctl read write create getattr setattr lock append unlink link rename open } ;

The copied file has the same content as the source:

$ adb shell md5sum /sys/fs/selinux/policy /sdcard/policy
e164e15e24e861f56ce827883e11b6b4  /sys/fs/selinux/policy
e164e15e24e861f56ce827883e11b6b4  /sdcard/policy

Setting SELinux to "Permissive" does not change the behavior.

Am I missing something?

Can't compile for X86_64

Hi,
I was trying to compile the project for multiple architectures following the documentation for x86_64 I found here.
It states that adding x86-64 to the APP_ABI definition in Application.mk should be sufficient, but I found that the right value seems to be x86_64.

With the following change, I receive an error anyway

diff --git a/jni/Application.mk b/jni/Application.mk
index 86c47ba..b3b0a55 100644
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,2 +1,2 @@
-#APP_ABI := all
+APP_ABI := x86_64
 APP_PLATFORM := android-16

Here's the error message

[x86_64] Compile        : qpol <= util.c
In file included from jni/libqpol/util.c:32:0:
jni/libqpol/glob.h:40:24: fatal error: sys/_types.h: No such file or directory
 #include <sys/_types.h>
                        ^
compilation terminated.
make: *** [obj/local/x86_64/objs/qpol/util.o] Error 1

Am I missing something?

Neverallow rules requested but not available

When I input:

./sesearch --all

There is an error:

ERROR: Cannot get avrules: Neverallow rules requested but not available
ERROR: Operation not supported on transport endpoint

How to fix it?Thanks!

[GIT PULL] Fixed compilation error for android-21

You can merge commit from https://github.com/pasis/setools-android/tree/x86-64. I can't open proper pull request, because your repository wasn't forked on github.
This patch fixes #4.

"Segmentation fault (core dumped)" when trying to create new context

STR:

Follow the build instructions from the README to build on a Linux system:

autoreconf -i
./configure
make
sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin  # optional

The result is successful.
Then, using a sepolicy file from unpacked Android boot.img:

Test to inject a policy as described in the README:

$ sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security:  1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  87 classes, 5374 rules, 0 cond rules
Success

So, this works.

Now, I want to create a new context. For the sake of testing I name it tezzzt:

Run this command

$ sepolicy-inject -s tezzzt -t devpts -c chr_file -p read,write -P sepolicy -o sepolicy2
(Android M policy compatibility mode)
libsepol.policydb_index_others: security:  1 users, 2 roles, 577 types, 0 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  87 classes, 5374 rules, 0 cond rules
type tezzzt does not exist, creating
Segmentation fault (core dumped)

The problem:

seplicy-inject says it is creating the non-existing source context but for some reason this ends up with a segmentation fault. I have no clue how to fix this and how to create a new context in the sepolicy.

Please advise.

sepolicy-inject => supolicy proxy

Hi,

I would like to do supolicy --live "allow kernel media_rw_data_file:file { read write };" to make DriveDroid work on OnePlus3T and OxygenOS.

How to do it with sepolicy-inject?

Thanks,

zsh: command not found: sepolicy-inject

Why am I running this command (Ubuntu 16.04 amd64)

Git clone https://github.com/xmikos/setools-android.git
Cd setools-android
Ndk-build

I still can not run sepolicy-inject

zsh: command not found: sepolicy-inject
zsh: There is no file or directory: ./sepolicy-inject

Which folder should I run this command?

Is there anything else that needs to be installed?

Android Nougat errors

Copied setools to Nexus 5X with Android Nougat (NRD90S). TWRP present, SU present.
bullhead: # seinfo
ERROR: more than one specifier
ERROR: failed on entry 24 of 10973
ERROR: Unable to open policy /sepolicy.
ERROR: Success

sepolicy-inject wrong function call

policydb.c line 1187: policydb_index_decls expects two arguments: sepol_handle_t* and policydb_t*

sepolicy-inject.c line 108: policydb_index_decls provides only one argument: policydb_t*