On Wed, 2011-11-16 at 19:15 +0100, Bhargava Shastry wrote:
> Hi again,
> I am trying to set/get file SELinux contexts using the set/getfilecon
> programs. I added debug prints in the kernel to track code flow. I
> notice that although setfilecon succeeds on a given file, a subsequent
> call to getfilecon on the same file returns the string "kernel"
> irrespective of the context that was set using setfilecon. On any
> other file whose context is not set yet, getfilecon properly returns
> the string "unlabeled"
> I suspect the inode struct in the kernel is not being updated properly
> after a setxattr call. Has anyone else faced a similar problem? I am
> working on Android's Nexus one phone.

- Do you have a policy loaded (requires patching init to load the

- Do you have yaffs xattr support enabled in your kernel

- Do you have the two patches for yaffs that I posted (one of which they
did take, the other they ignored)?

Stephen Smalley
National Security Agency

