Interact with SELinux on GenyMotion Virtual Device

Question

I read a lot about SELinux, and I would have liked to try and get my hands on a case study for the university. I have installed various virtual devices on GenyMotion, from Android 6 to Android 9, but nobody owns SElinux: when I do "sestatus" it answers "disabled". I do not think it's enough to enable it, it seems that the modules must be installed in the kernel, can someone tell me how to do it? I tried but I did not find anything, I'm having a lot of difficulties, it's the first time I do these things. Thanks to everyone in advance.

Answer 1

Finally I managed to make everything work: I was able to access Selinux information via a terminal in the GenyMotion virtual device. Selinux is already active on devices after version 4.3, there is no need to install it as it said @Martin Zeitler. I explain the solution to the problem (on Linux it works).

1. The first thing to do is to install a terminal in the virtual device: I have installed Termux. To do this, just download the apk from a site and drag it to the virtual device, the installation will start. Subsequently, it is necessary to provide the SuperUser permissions to the Termux terminal: banally, by opening the terminal, provide the SU command, and the device will ask you if you want to provide SuperUser permissions to the Termux application. When you enter the SU command, it will allow you to browse the folders on your device. With the "ls" command, providing the "-Z" option, you can see the SElinux context of the files. From the terminal, using the "getenforce" command, you can see how Selinux is running. Here you will see other useful commands: https://www.all-things-android.com/content/se-android-commands
2. Now, you will need to download the tool that allows us to interact with Selinux: setools. https://github.com/pasis/setools-android These tools are written in C, the native language of Android, so you need to download the NDK library to compile them: https://developer.android.com/ndk/downloads/
3. The first thing to do to compile, is to specify the project path: export NDK_PROJECT_PATH=/my/project/path . The second step is to specify the makefile: ndk-build NDK_APPLICATION_MK=/my/project/Makefile.am (for a complete guide: https://software.intel.com/en-us/articles/building-an-android-command-line-application-using-the-ndk-build-tools )
4. When you have finished compiling, you can send the Setools folder to the virtual device, using the adb program. ./adb push /setool/local/folder /remote/device/folder (example: ./adb /setool /tmp) Now that you have Setool on your device, you can run the tools in the "/setool/obj/local/x86" folder. Thanks to "sepolicy-inject" you can also add rules to the policies.

Finally, thanks to this guide I realized that Selinux policies are stored in binary format, so it is not possible to interact with them without tools. https://ge0n0sis.github.io/posts/2015/12/exploring-androids-selinux-kernel-policy/

Answer 2

one cannot "install SE Linux" on Android; because it's already installed and enabled by default since API level 21. you'd need to become user root , in order to access these management commands. this would only be possible on a rooted hardware device - or a rooted emulator image.

... just install CentOS or whatever else security enabled Linux distribution, for a test.