[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux on Android



Sounds to me like you never loaded a policy.  I'd bet you are getting
inside the if (!ss_initialized) section of
security_sid_to_context_core.  You have to load a policy before you
can properly set and retrieve labels.

Thanks, loading policy fixed the problem although I wonder why one shouldn't be able to set xattr in the absence of a policy.
 

On Wed, Nov 16, 2011 at 1:15 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
> Hi again,
>
> I am trying to set/get file SELinux contexts using the set/getfilecon
> programs. I added debug prints in the kernel to track code flow. I notice
> that although setfilecon succeeds on a given file, a subsequent call to
> getfilecon on the same file returns the string "kernel" irrespective of the
> context that was set using setfilecon. On any other file whose context is
> not set yet, getfilecon properly returns the string "unlabeled"
>
> I suspect the inode struct in the kernel is not being updated properly after
> a setxattr call. Has anyone else faced a similar problem? I am working on
> Android's Nexus one phone.
>
> Thanks,
> Bhargava
>
> On Fri, Nov 11, 2011 at 12:33 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
>>>
>>> Don't set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX, and then you
>>> don't need to set a value at all.  The only purpose of the option is to
>>> force the kernel to report an older version than it truly supports, and
>>> that was only to deal with a compatibility issue in Fedora 2/3.
>>
>> This somehow slipped my mind. Thanks, problem solved.
>>
>> Regards,
>> Bhargava Shastry
>
>
>
> --
> Bhargava Shastry
>



--
Bhargava Shastry

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux