cryptfs-password-manager icon indicating copy to clipboard operation
cryptfs-password-manager copied to clipboard

Published 20 hours ago verified publisher icon nelenkov

Use opensource sepolicy-inject instead of closedsource supolicy

Open xmikos opened this issue 9 years ago • 4 comments

Hello,

you can get rid of dependency on Chainfire's closedsource supolicy by using sepolicy-inject instead of it.

I have fixed and extended Joshua Brindle's sepolicy-inject and made it buildable with Android NDK (by combining it with setools-android). You can find my repository here: https://github.com/xmikos/setools-android

Btw. I am working on Android device admin app which would monitor unlock attempts and after 3 failed attemts (or other number set by user) would reboot device. I want to include your app in it (with only some design changes) and ask user to change encryption password again if he changes unlock password/pin/gesture. It will be opensource and published on GitHub. Are you OK with it?

xmikos avatar Dec 22 '14 12:12 xmikos

You can use the app/source any way you want, if you follow the license.

setools looks good, but since the device needs to be rooted to use the app (=SuperSU), it won't make much of a difference. Could be useful for custom ROMs, which are already rooted, but may lack supolicy. I'll look into it, when I get a chance.

nelenkov avatar Dec 22 '14 13:12 nelenkov

I hope that koush's Superuser (https://github.com/koush/Superuser) would be updated soon to support Android 5.0. According to some issues at GitHub page SELinux policies has been the problem. I have already written him about sepolicy-inject, but if it would take too long, I am ready to make needed changes myself and send him pull request (but I don't have time for this now, so it would have to wait till january).

xmikos avatar Dec 22 '14 14:12 xmikos

Would you consider this again? I am building and including sepolicy-inject binary in my SnooperStopper app and it works great. You don't have to include sepolicy-inject binary like that, but you can at least add support for it instead of only proprietary supolicy.

There is already actively developed (and much more secure) opensource Superuser fork by Pierre-Hugues HUSSON which does include sepolicy-inject: https://github.com/seSuperuser/Superuser

xmikos avatar Mar 21 '16 10:03 xmikos

I am in fact using this su successfully, so there's that. No more "root=SuperSU"

xenithorb avatar Jul 02 '16 10:07 xenithorb