[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux on Android



On Mon, 2011-11-21 at 16:45 +0100, Bhargava Shastry wrote:
> Hello,
> 
> On loading an SELinux policy, I see that SELinux recognises the YAFFS
> blocks on Android as FS where labeling is not supported. Here is a
> sample dmesg print:
> "SELinux: initialized (dev mtdblock3, type yaffs2), not configured for
> labeling"
> 
> On looking into the SELinux code, I see that such a print is spat out
> on a check for a file-system superblock security attribute called
> "behavior". Could I possibly correct this by changing something in the
> YAFFS file-system code. I tried mounting the yaffs partition by
> appening the context= option in Android's init.rc but the mount fails.
> I should add that I am able to execute getfilecon on YAFFS (extended
> attributes have been ported to YAFFS) successfully but setfilecon
> fails possibly due to the above debug print. And as previously
> mentioned, I attempt set/getfilecon only after a load_policy. Also,
> all other filesystems (rootfs, procfs, tmpfs etc. are correctly
> initialised on policy load)

You need to add a fs_use_xattr statement to your policy configuration
for yaffs2.  Similar to the existing statements for ext[234].

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux