'Re: Extracting list of domains from binary sepolicy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       seandroid-list
Subject:    Re: Extracting list of domains from binary sepolicy
From:       Elena Reshetova <elena.reshetova () gmail ! com>
Date:       2015-03-03 18:02:36
Message-ID: CALrft98HMD+e=TpAcFOSPR_gPOgpZaVyOMwUo70_6vTkGf4hBQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


>By convention all domains are in the domain attribute so this:

>$ seinfo -x -adomain sepolicy
>   domain


Oh, indeed, thank you very much!

On Tue, Mar 3, 2015 at 9:52 AM, Joshua Brindle <brindle@quarksecurity.com>
wrote:

> Elena Reshetova wrote:
>
>> Hi everyone,
>>
>> I have a bit of usual question for this forum.
>>
>> If one is analyzing a binary sepolicy (no access to sources), is there
>> an easy way to find out what types are actually domains?
>>
>> Of course there are many heuristics, like checking subjects of allow
>> rules, dropping all rules that involve attributes, then dropping also
>> rules that would involve only types (like "filesystem associate"), and
>> etc. But if there any easier way?
>>
>> Best Regards,
>> Elena.
>>
>
> By convention all domains are in the domain attribute so this:
>
> $ seinfo -x -adomain sepolicy
>    domain
> ...
>
>
> Should do it for you.
>

[Attachment #5 (text/html)]

<div dir="ltr">&gt;By convention all domains are in the domain attribute so this:<br>
<br>
&gt;$ seinfo -x -adomain sepolicy<br>
&gt;     domain<br><br><br>Oh, indeed, thank you very much!<br></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 3, 2015 at 9:52 AM, \
Joshua Brindle <span dir="ltr">&lt;<a href="mailto:brindle@quarksecurity.com" \
target="_blank">brindle@quarksecurity.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Elena Reshetova \
wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"> Hi everyone,<br>
<br>
I have a bit of usual question for this forum.<br>
<br>
If one is analyzing a binary sepolicy (no access to sources), is there<br>
an easy way to find out what types are actually domains?<br>
<br>
Of course there are many heuristics, like checking subjects of allow<br>
rules, dropping all rules that involve attributes, then dropping also<br>
rules that would involve only types (like &quot;filesystem associate&quot;), and<br>
etc. But if there any easier way?<br>
<br>
Best Regards,<br>
Elena.<br>
</blockquote>
<br></div></div>
By convention all domains are in the domain attribute so this:<br>
<br>
$ seinfo -x -adomain sepolicy<br>
     domain<br>
...<br>
<br>
<br>
Should do it for you.<br>
</blockquote></div><br></div>



_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to Seandroid-list-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Seandroid-list-request@tycho.nsa.gov.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic