This is unofficial port of setools to Android with additional sepolicy-inject utility by Joshua Brindle

Ported:

• seinfo
• sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

• sepolicy-inject

This tool injects allow rules into binary SELinux kernel policies.

Ensure that you have installed android-ndk properly. Then run:

git clone https://github.com/xmikos/setools-android.git
cd setools-android
ndk-build

sepolicy-inject -s <source type> -t <target type> -c <class> -p <perm>[,<perm2>,<perm3>,...] [-P <policy file>] [-o <output file>] [-l|--load]
sepolicy-inject -Z permissive_type [-P <policy file>] [-o <output file>] [-l|--load]

For example if you want to allow vdc to write to pseudo-terminal (so you can see replies from vdc command):

sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

This repository contains other opensource code:

• regex (from OpenBSD)
• bzip2
• libsepol

Based on setools-android by Dmitry Podgorny (pasis)