[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux on Android



On Wed, 2011-11-16 at 19:15 +0100, Bhargava Shastry wrote:
> Hi again,
> 
> I am trying to set/get file SELinux contexts using the set/getfilecon
> programs. I added debug prints in the kernel to track code flow. I
> notice that although setfilecon succeeds on a given file, a subsequent
> call to getfilecon on the same file returns the string "kernel"
> irrespective of the context that was set using setfilecon. On any
> other file whose context is not set yet, getfilecon properly returns
> the string "unlabeled"
> 
> I suspect the inode struct in the kernel is not being updated properly
> after a setxattr call. Has anyone else faced a similar problem? I am
> working on Android's Nexus one phone.

- Do you have a policy loaded (requires patching init to load the
policy)?

- Do you have yaffs xattr support enabled in your kernel
(CONFIG_YAFFS_XATTR=y)?

- Do you have the two patches for yaffs that I posted (one of which they
did take, the other they ignored)?
http://www.aleph1.co.uk/lurker/message/20110412.193746.891b5e18.en.html
http://www.aleph1.co.uk/lurker/message/20110413.203654.65d7ee58.en.html

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux