How to Identify SELinux rules using audit2allow in Android ?

Once you have installed audit2allow by following steps from “How to install audit2allow SELinux tool on Ubuntu ?” , now we can use this tool to identify the SELinux permission denied errors and use it for writing the SELinux rules.

In Android this can be done as,

$ adb pull /sys/fs/selinux/policy
$ adb logcat -b events -d | audit2allow -p policy

OR in a single command as,

$ adb pull /sys/fs/selinux/policy && adb logcat -b events -d | audit2allow -p policy

Leave a Comment