Ok so I have the boolean stuff in place using the sepol_ family of functions. You can check out this work of the "dev" branch of this repo.... https://bitbucket.org/billcroberts/check_seapp After using that interface, checking the seboolean's was pretty straightforward, Ill have to look into those other projects for examples on how to check on the other output selectors: domain type level Are domain and type just going to be checked using the same function that searches types, does anyone know offhand what this function is before I start searching the examples Stephen provided me with? Also on the level, currently we reformat the level on setcontext in android.c snprintf(level, sizeof level, "%s:c%lu", context_range_get(ctx), id); in the sepolicy lib their is sepol_mls_check that I am using, but I need to convert the mls to a similar format and don't know what the corresponding sepol call is for context_rage_get... I looked in context.h and didn't see anything giving me back some data I could use to recreate this, can someone (again) point me in the right direction? Thanks, Bill On Fri, Aug 24, 2012 at 2:22 PM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > I'm with you there, ill look into these new interfaces. > > On Fri, Aug 24, 2012 at 5:10 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On Thu, 2012-08-23 at 21:41 -0700, William Roberts wrote: >>> You got me with the cannot link as shared object....I was looking at >>> the text section going why wont it link, and then I tried static and >>> it worked. I should have paid more attention to that detail in your >>> email. So for all those make sure you link sepol statically. >>> Otherwise, thanks again. >> >> I'd prefer it if you could use the shared library instead, using its >> interfaces. Otherwise we have to rebuild your tool anytime the library >> changes. >> >> -- >> Stephen Smalley >> National Security Agency >> > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
