Startsida Utforska Hjälp
Logga in
ichrin
/
kernel_samsung_msm8974
Bevaka 1
Stjärnmärk 0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Gren: 13.0
Grenar Taggar
kernel_samsu...
/
scripts
/
selinux
/
install_policy.sh

install_policy.sh 2.3 KB
Permalänk Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. #!/bin/sh
    2. 

  2. # SPDX-License-Identifier: GPL-2.0
    3. 

  3. set -e
    4. 

  4. if [ `id -u` -ne 0 ]; then
    5. 

  5. 	echo "$0: must be root to install the selinux policy"
    6. 

  6. 	exit 1
    7. 

  7. fi
    8. 

  8. 

  9. SF=`which setfiles`
    10. 

  10. if [ $? -eq 1 ]; then
    11. 

  11. 	echo "Could not find setfiles"
    12. 

  12. 	echo "Do you have policycoreutils installed?"
    13. 

  13. 	exit 1
    14. 

  14. fi
    15. 

  15. 

  16. CP=`which checkpolicy`
    17. 

  17. if [ $? -eq 1 ]; then
    18. 

  18. 	echo "Could not find checkpolicy"
    19. 

  19. 	echo "Do you have checkpolicy installed?"
    20. 

  20. 	exit 1
    21. 

  21. fi
    22. 

  22. VERS=`$CP -V | awk '{print $1}'`
    23. 

  23. 

  24. ENABLED=`which selinuxenabled`
    25. 

  25. if [ $? -eq 1 ]; then
    26. 

  26. 	echo "Could not find selinuxenabled"
    27. 

  27. 	echo "Do you have libselinux-utils installed?"
    28. 

  28. 	exit 1
    29. 

  29. fi
    30. 

  30. 

  31. if selinuxenabled; then
    32. 

  32.     echo "SELinux is already enabled"
    33. 

  33.     echo "This prevents safely relabeling all files."
    34. 

  34.     echo "Boot with selinux=0 on the kernel command-line or"
    35. 

  35.     echo "SELINUX=disabled in /etc/selinux/config."
    36. 

  36.     exit 1
    37. 

  37. fi
    38. 

  38. 

  39. cd mdp
    40. 

  40. ./mdp -m policy.conf file_contexts
    41. 

  41. $CP -U allow -M -o policy.$VERS policy.conf
    42. 

  42. 

  43. mkdir -p /etc/selinux/dummy/policy
    44. 

  44. mkdir -p /etc/selinux/dummy/contexts/files
    45. 

  45. 

  46. echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
    47. 

  47. echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
    48. 

  48. echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
    49. 

  49. cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
    50. 

  50. client * user_u:base_r:base_t:s0
    51. 

  51. property * user_u:object_r:base_t:s0
    52. 

  52. extension * user_u:object_r:base_t:s0
    53. 

  53. selection * user_u:object_r:base_t:s0
    54. 

  54. event * user_u:object_r:base_t:s0
    55. 

  55. EOF
    56. 

  56. touch /etc/selinux/dummy/contexts/virtual_domain_context
    57. 

  57. touch /etc/selinux/dummy/contexts/virtual_image_context
    58. 

  58. 

  59. cp file_contexts /etc/selinux/dummy/contexts/files
    60. 

  60. cp dbus_contexts /etc/selinux/dummy/contexts
    61. 

  61. cp policy.$VERS /etc/selinux/dummy/policy
    62. 

  62. FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
    63. 

  63. 

  64. if [ ! -d /etc/selinux ]; then
    65. 

  65. 	mkdir -p /etc/selinux
    66. 

  66. fi
    67. 

  67. if [ -f /etc/selinux/config ]; then
    68. 

  68.     echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
    69. 

  69.     mv /etc/selinux/config /etc/selinux/config.bak
    70. 

  70. fi
    71. 

  71. echo "Creating new /etc/selinux/config for dummy policy."
    72. 

  72. cat > /etc/selinux/config << EOF
    73. 

  73. SELINUX=permissive
    74. 

  74. SELINUXTYPE=dummy
    75. 

  75. EOF
    76. 

  76. 

  77. cd /etc/selinux/dummy/contexts/files
    78. 

  78. $SF -F file_contexts /
    79. 

  79. 

  80. mounts=`cat /proc/$$/mounts | \
    81. 

  81. 	egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
    82. 

  82. 	awk '{ print $2 '}`
    83. 

  83. $SF -F file_contexts $mounts
    84. 

  84. 

  85. echo "-F" > /.autorelabel
    86. 

  86.