It doesn't make much sense to use the reference policy for Android,
because the Android userspace is completely different from a typical
Linux distribution. I created a policy from scratch for my work.
You can generate a minimal policy from the kernel tree (see
scripts/selinux/mdp). However, that generated policy will only take you
so far since it lacks any of the macro definitions/build infrastructure
and since it places everything in a single type/domain. So you can
start there, but you'll likely want to split it out into multiple files,
add some of the macros from refpolicy or the original example policy,
and start defining individual domains and types.
Thanks for pointing out. I am getting myself acquainted with SELinux policy semantics to be able to start from scratch. I have one question though and the answer to this would make my task of creating an Android specific policy much smoother.
I had previously loaded an Ubuntu SELinux policy on Android and it seemed to label all the filesystems correctly (except yaffs). I would like to diff a very basic policy (i.e., mdp output) with the default ubuntu policy so that I would get an idea of how filesystems are being labeled and how transitions are handled among other things; basically to learn from a delta between the two files. To do this, I need sources for Ubuntu-SELinux policy (in order to compile a policy.conf) . I have somehow not been able to locate the source for the policy binary that ubuntu uses (I looked in the /etc/selinux dir to no avail). Any ideas as to where I can find them? Alternatively, is there a tool to reverse engineer policy.conf from the policy binary (e.g. policy.24)?
Kind Regards,
Bhargava Shastry
