On Fri, 2011-11-04 at 17:25 +0100, Bhargava Shastry wrote: > Dear Mr. Smalley, > > Thanks for your inputs. I did go through the slides of your recent > presentation on a case for SELinux enhanced Android phone. You have > done a great job re-engineering Android to retrofit SELinux. > > I was wondering how much effort it is to actually port a subset of > SELinux's userspace (e.g., loadpolicy, chcon and a few others) tools > to Android? Does it entail major changes to Android's existing > toolchain including modifications to its bionic libc? Also, I was > wondering if you also undertook a port of coreutils as well (to enable > the -Z option for utils like ps and ls)? I did need to make some changes to bionic, e.g. adding the xattr system calls to SYSCALLS.TXT and re-generating the syscall wrapper functions via gensyscalls.py, adding support for the AT_SECURE auxv flag. Then I could port a subset of libselinux. To support the SELinux commands and -Z option, I modified the Android toolbox with support for ps -Z and ls -Z and added new commands to it for various SELinux tools. To date, I have added chcon, [gs]etenforce, [gs]etsebool, load_policy, restorecon, and runcon. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
