Since this is a bring up i think you should try with selinux permissive at
this stage you can add policies for the denials in the later stage .
in the targets Boardconfig makefile find kernel command line and add to the
end
androidboot.selinux=permissive
On Tuesday, August 29, 2017 at 11:15:03 PM UTC+5:30, Mantesh Eksambe wrote:
>
>
> I have added device in android M for AM438x and I'm using 4.4 kernel.
> I have used attached create-sdcard.sh script to create rootfs and also
> attached the screen shots of boot and rootfs partation.
>
> uEnv.txt file -
> kloadaddr=0x81000010
> dtbaddr=0x87000010
> load_kernel=fatload mmc 0 ${kloadaddr} zImage
> load_dtb=fatload mmc 0 ${dtbaddr} am43x-epos-evm.dtb
> set_bootargs=setenv bootargs console=ttyO0,115200n8
> androidboot.console=ttyO0 mem=256M root=/dev/mmcblk0p2 rw rootwait ro
> enforcing=0 androidboot.selinux=permissive
>
> but I'm facing issue related to selinux,
> i think selinux is not allowing to init process to read "mmcblk0p2" and
> "file_contexts". it shows the files are "unlabele0".
> please someone help me to solve this issue.
>
> 1.869693] Creating 10 MTD partitions on "8000000.nand":
> [ 1.875398] 0x000000000000-0x000000040000 : "NAND.SPL"
> [ 1.888116] 0x000000040000-0x000000080000 : "NAND.SPL.backup1"
> [ 1.898361] 0x000000080000-0x0000000c0000 : "NAND.SPL.backup2"
> [ 1.909208] 0x0000000c0000-0x000000100000 : "NAND.SPL.backup3"
> [ 1.920761] 0x000000100000-0x000000180000 : "NAND.u-boot-spl-os"
> [ 1.930615] mmc0: host does not support reading read-only switch,
> assuming write-enable
> [ 1.940006] 0x000000180000-0x000000280000 : "NAND.u-boot"
> [ 1.947788] mmc0: new high speed SDHC card at address 0007
> [ 1.957652] 0x000000280000-0x0000002c0000 : "NAND.u-boot-env"
> [ 1.966909] mmcblk0: mmc0:0007 SS08G 7.21 GiB
> [ 1.975629] 0x0000002c0000-0x000000300000 : "NAND.u-boot-env.backup1"
> [ 1.986038] mmcblk0: p1 p2
> [ 1.996293] 0x000000300000-0x000000a00000 : "NAND.kernel"
> [ 2.006651] 0x000000a00000-0x000020000000 : "NAND.file-system"
> [ 2.119007] omap_i2c 44e0b000.i2c: bus 0 rev0.12 at 100 kHz
> [ 2.128429] omap_i2c 4819c000.i2c: bus 2 rev0.12 at 100 kHz
> [ 2.136651] hctosys: unable to open rtc device (rtc0)
> [ 2.142093] sr_init: No PMIC hook to init smartreflex
> [ 2.147676] sr_init: platform driver register failed for SR
> [ 2.178213] vbat: disabling
> [ 2.181427] v1_0bat: disabling
> [ 2.185679] v1_8bat: disabling
> [ 2.235844] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data
> mode. Opts: (null)
> [ 2.244745] VFS: Mounted root (ext4 filesystem) on device 179:2.
> [ 2.255998] devtmpfs: mounted
> [ 2.260344] Freeing unused kernel memory: 480K (c096a000 - c09e2000)
> [ 2.267039] This architecture does not have kernel memory protection.
> [ 2.327045] init: init started!
> [ 2.359565] SELinux: Android master kernel running Android M policy in
> compatibility mode.
> [ 2.460124] audit: type=1403 audit(2.450:2): policy loaded
> auid=4294967295 ses=4294967295
> [ 2.470869] audit: type=1404 audit(2.460:3): enforcing=1
> old_enforcing=0 auid=4294967295 ses=4294967295
> [ 2.482958] init: (Initializing SELinux enforcing took 0.15s.)
> [ 2.489408] audit: type=1400 audit(2.470:4): avc: denied { read }
> for pid=1 comm="init" name="selinux_version" dev="mmcblk0p2" ino=27
> scontext=u:r:kernel:s0 tcontext=u:object_r:unlabele0
> [ 2.514619] audit: type=1400 audit(2.500:5): avc: denied { read }
> for pid=1 comm="init" name="file_contexts" dev="mmcblk0p2" ino=1475
> scontext=u:r:kernel:s0 tcontext=u:object_r:unlabele0
> [ 2.535412] init: selinux_android_file_context_handle: Error getting
> file context handle (Permission denied)
> [ 2.546252] audit: type=1400 audit(2.530:6): avc: denied { execute }
> for pid=1 comm="init" name="init" dev="mmcblk0p2" ino=15
> scontext=u:r:kernel:s0 tcontext=u:object_r:unlabeled:s0 tcl0
> [ 2.566012] init: execv("/init") failed: Permission denied
> [ 2.571955] init: Security failure; rebooting into recovery mode...
> [ 4.285521] sysrq: SysRq : Emergency Remount R/O
> [ 4.301170] reboot: Restarting system with command 'recovery'
>
>
> Thanks,
> Mantesh
>
>
>
>
--
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
