Android 6.0+ Support (policydb version 30)

[jakev]

Thanks for the great tool and your commitment to keeping it updated! Do you have any plans to support parsing sepolicy files extracted from Android devices running Marshmallow or newer? I believe it is policy version 30.

If this is something you'd like to support, I can gladly provide sepolicy examples or help contribute.

[pebenito]

v30 polices are already supported; you can open the Android sepolicy files. However, the sepolicy from Android M is not supported, as its v30 policy format diverged from the upstream SELinux.

[C457]

Could you explain exactly how to support this format?

[pebenito]

I'm not sure that I understand this question, but I'll try to answer. The Android M v30 policy variant is only supported by that branch of AOSP. Upstream SETools won't be supporting that v30 policy variant, so you'd have to use the policy analysis tools available in the Android platform tools for M. If you wanted to add Android M v30 policy variant support to SETools for your use, you'd have to change the qpol C code. I don't know the specific details of how the Android M v30 policy varies from the official SELinux v30 policy, so I can't provide more specific guidance.