On 07/22/2014 05:16 AM, kuangjiou wrote: > Hello,everyone! > I am learnig SELinux recently and trying to enable the SELinux in > Embedded Linux. As we know, the refpolicy has too much rules to use in > the embedded devices and i also do not need so much rules in my policy. > I just want to control the accesses to some targeted files and allow the > accesses to the rest files. So is that possible to(and how can i) built > my own simpolified policy to achieve this goal? > Could anybody give me some suggestions to resolve this problem? I am > looking forward to your replies! Thank you very much! In addition to Chris' suggestion of how you can in fact build a minimal refpolicy, another alternative is to create a policy from scratch for your embedded Linux. This is what we did for Android, see our NDSS'13 paper and the policy in the AOSP tree. http://internetsociety.org/doc/security-enhanced-se-android-bringing-flexible-mac-android https://android.googlesource.com/platform/external/sepolicy _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
