On Mon, 2011-11-21 at 19:18 +0100, Bhargava Shastry wrote: > You need to add a fs_use_xattr statement to your policy > configuration > for yaffs2. Similar to the existing statements for ext[234]. > > Thanks. I have the sources for a reference SELinux policy from the > tresys website. Unfortunately, with default policy build options, the > resulting monolithic policy is huge. I am using an Ubuntu machine; any > hints as to where to start for a minimal policy for Android. I tried > selectively building only basic modules but there are intricate > dependencies (checkpolicy throws up unresolved symbols error) between > modules that is hard to disentangle. It doesn't make much sense to use the reference policy for Android, because the Android userspace is completely different from a typical Linux distribution. I created a policy from scratch for my work. You can generate a minimal policy from the kernel tree (see scripts/selinux/mdp). However, that generated policy will only take you so far since it lacks any of the macro definitions/build infrastructure and since it places everything in a single type/domain. So you can start there, but you'll likely want to split it out into multiple files, add some of the macros from refpolicy or the original example policy, and start defining individual domains and types. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
