Página Principal Explorar Ajuda
Iniciar Sessão
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 8062222ad7
Ramos Etiquetas
android_kernel_...
/
scripts
/
selinux
/
install_policy.sh

install_policy.sh 2.2 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. #!/bin/sh
    2. 

  2. # SPDX-License-Identifier: GPL-2.0
    3. 

  3. set -e
    4. 

  4. if [ `id -u` -ne 0 ]; then
    5. 

  5. 	echo "$0: must be root to install the selinux policy"
    6. 

  6. 	exit 1
    7. 

  7. fi
    8. 

  8. 

  9. SF=`which setfiles`
    10. 

  10. if [ $? -eq 1 ]; then
    11. 

  11. 	echo "Could not find setfiles"
    12. 

  12. 	echo "Do you have policycoreutils installed?"
    13. 

  13. 	exit 1
    14. 

  14. fi
    15. 

  15. 

  16. CP=`which checkpolicy`
    17. 

  17. if [ $? -eq 1 ]; then
    18. 

  18. 	echo "Could not find checkpolicy"
    19. 

  19. 	echo "Do you have checkpolicy installed?"
    20. 

  20. 	exit 1
    21. 

  21. fi
    22. 

  22. VERS=`$CP -V | awk '{print $1}'`
    23. 

  23. 

  24. ENABLED=`which selinuxenabled`
    25. 

  25. if [ $? -eq 1 ]; then
    26. 

  26. 	echo "Could not find selinuxenabled"
    27. 

  27. 	echo "Do you have libselinux-utils installed?"
    28. 

  28. 	exit 1
    29. 

  29. fi
    30. 

  30. 

  31. if selinuxenabled; then
    32. 

  32.     echo "SELinux is already enabled"
    33. 

  33.     echo "This prevents safely relabeling all files."
    34. 

  34.     echo "Boot with selinux=0 on the kernel command-line."
    35. 

  35.     exit 1
    36. 

  36. fi
    37. 

  37. 

  38. cd mdp
    39. 

  39. ./mdp -m policy.conf file_contexts
    40. 

  40. $CP -U allow -M -o policy.$VERS policy.conf
    41. 

  41. 

  42. mkdir -p /etc/selinux/dummy/policy
    43. 

  43. mkdir -p /etc/selinux/dummy/contexts/files
    44. 

  44. 

  45. echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
    46. 

  46. echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
    47. 

  47. echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
    48. 

  48. cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
    49. 

  49. client * user_u:base_r:base_t:s0
    50. 

  50. property * user_u:object_r:base_t:s0
    51. 

  51. extension * user_u:object_r:base_t:s0
    52. 

  52. selection * user_u:object_r:base_t:s0
    53. 

  53. event * user_u:object_r:base_t:s0
    54. 

  54. EOF
    55. 

  55. touch /etc/selinux/dummy/contexts/virtual_domain_context
    56. 

  56. touch /etc/selinux/dummy/contexts/virtual_image_context
    57. 

  57. 

  58. cp file_contexts /etc/selinux/dummy/contexts/files
    59. 

  59. cp dbus_contexts /etc/selinux/dummy/contexts
    60. 

  60. cp policy.$VERS /etc/selinux/dummy/policy
    61. 

  61. FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
    62. 

  62. 

  63. if [ ! -d /etc/selinux ]; then
    64. 

  64. 	mkdir -p /etc/selinux
    65. 

  65. fi
    66. 

  66. if [ -f /etc/selinux/config ]; then
    67. 

  67.     echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
    68. 

  68.     mv /etc/selinux/config /etc/selinux/config.bak
    69. 

  69. fi
    70. 

  70. echo "Creating new /etc/selinux/config for dummy policy."
    71. 

  71. cat > /etc/selinux/config << EOF
    72. 

  72. SELINUX=permissive
    73. 

  73. SELINUXTYPE=dummy
    74. 

  74. EOF
    75. 

  75. 

  76. cd /etc/selinux/dummy/contexts/files
    77. 

  77. $SF -F file_contexts /
    78. 

  78. 

  79. mounts=`cat /proc/$$/mounts | \
    80. 

  80. 	grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
    81. 

  81. 	awk '{ print $2 '}`
    82. 

  82. $SF -F file_contexts $mounts
    83. 

  83. 

  84. echo "-F" > /.autorelabel
    85.