SELINUX 017

• libsepol is the binary policy manipulation library. Libsepol은 바이너리 정책 조작 라이브러리며,
• It doesn't depend upon or use any of the other components. 다른 컴포넌트에 종속적이지 않다.
• checkpolicy is the policy compiler. It uses libsepol to generate the binary policy. checkpolicy uses the static libsepol since it deals with low level details of the policy that have not been encapsulated/abstracted by a proper shared library interface. Checkpolicy는 정책 컴파일러다. Libsepol을 이용하여 바이너리 policy를 만든다. 정적인 libsepol 을 사용한다. 알맞은 공용 라이브러리에 의해 캡슐화/추상화되지 않은 정책의 하부 상세와 결합된다.
• -> 해석은 애매하다. 소스를 보니 걍 둘다 생성한다고 이해하면 되겠다.
•  libsepol의 Android.mk 를 보면 libsepol 정적 라이브러리 생성과 동적라이브러리 생성이 함께 있다.
##
# libsepol.so
#
include $(CLEAR_VARS)


LOCAL_MODULE := libsepol
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUDES := $(common_includes)
LOCAL_CFLAGS := $(common_cflags)
LOCAL_SRC_FILES := $(common_src_files)
LOCAL_MODULE_CLASS := SHARED_LIBRARIES


include $(BUILD_HOST_SHARED_LIBRARY)


##
# libsepol.a
#
include $(CLEAR_VARS)


LOCAL_MODULE := libsepol
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUDES := $(common_includes)
LOCAL_CFLAGS := $(common_cflags)
LOCAL_SRC_FILES := $(common_src_files)
LOCAL_MODULE_CLASS := STATIC_LIBRARIES


include $(BUILD_HOST_STATIC_LIBRARY)




• libselinux is the runtime SELinux library that provides interfaces (e.g. library functions for the SELinux kernel APIs like getcon(), other support functions like getseuserbyname()) to SELinux-aware applications. libselinux may use the shared libsepol to manipulate the binary policy if necessary (e.g. to downgrade the policy format to an older version supported by the kernel) when loading policy. 걍 의역 Libselinux는 런타임 SELinux 라이브러리이다. SELinux의 커널 API사용이나 libsepol을 이용한 policy 조작 같은.
• libsemanage is the policy management library. It uses libsepol for binary policy manipulation and libselinux for interacting with the SELinux system. It also exec's helper programs for loading policy and for checking whether the file_contexts configuration is valid (load_policy and setfiles from policycoreutils) presently, although this may change at least for the bootstrapping case (for rpm).
• Libsemanager는 정책 관리 라이브러리이다. Libsepol, libselinux 둘다 이용한다. Policy 로딩이나 체킹들을 한다. Semanage라는 유틸이 있는데 libsemanage를 이용하는 것 같다.
emanage(8)                                                                                                                                      semanage(8)


NAME
       semanage - SELinux Policy Management tool


SYNOPSIS
       semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n] [-S store]
       semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
       semanage login -{a|d|m} [-sr] login_name | %groupname
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p proto] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
       semanage fcontext -{a|d|m} [-frst] file_spec
       semanage permissive -{a|d} type
       semanage dontaudit [ on | off ]




• sepolgen is a python module/library that forms the core of the modern audit2allow (a rewrite).
• Sepolgen은 파이썬 모듈/라이브러리고 현재 audit2allow의 핵심을 구성한다.
• policycoreutils is a collection of policy utilities (originally the "core" set of utilities needed to use SELinux, although it has grown a bit over time), which have different dependencies. sestatus, secon, run_init, and newrole only use libselinux. load_policy and setfiles only use libselinux and libsepol. semodule and semanage use libsemanage (and thus bring in dependencies on libsepol and libselinux as well). setsebool uses libselinux to make non-persistent boolean changes (via the kernel interface) and uses libsemanage to make persistent boolean changes.
• Policycoreutils는 policy유틸들의 집합.
• Apt-get install policycoreutils하면 깔린다.


From <http://userspace.selinuxproject.org/trac/wiki/Userland>