thanks sooraj.
I have added androidboot."selinux=permissive" in targets Boardconfig
makefile
and when i parsed avc denials log messages using audit2allow tool it gives
unlabeled permission still i have added parsed permissions into
device/AM438/sepolicy/*.te files.
but unfortunately some unlabeled permissions are neverallow from
externel/sepolicy/kernel.te and demen.te files.
so i thinks modify generic *.te files from externel/sepolicy/ it is not
proper a way please correct me if i am wrong.
#device/AM438/sepolicy/init.te
#============= kernel ==============
allow kernel unlabeled:file { relabelfrom execute read open getattr
execute_no_trans }; // but actually execute_no_trans permission is
neverallow from externel/sepolicy/kernel.te
allow kernel unlabeled:lnk_file { read execute };
#device/AM438/sepolicy/kernel.te
#============= init ==============
allow init unlabeled:dir mounton;
allow init unlabeled:file execute;
allow init storage_file:dir mounton;
allow init unlabeled:file execute_no_trans;
allow init logd_socket:sock_file write;
allow init self:capability sys_nice;
allow init self:netlink_audit_socket create;
allow init self:netlink_kobject_uevent_socket create;
allow init self:rawip_socket create;
allow init storage_file:dir mounton;
allow init unlabeled:file execute_no_trans;
After doing this whole process i got following logs.
i don't understand why it gives me unlabeled permission when i parsed avc
denial logs.
[ 4.741588] init: init started!
[ 4.779383] SELinux: Android master kernel running Android M policy in
compatibility mode.
[ 4.797773] SELinux: Permission module_load in class system not defined
in policy.
[ 4.806367] SELinux: Class netlink_iscsi_socket not defined in policy.
[ 4.813431] SELinux: Class netlink_fib_lookup_socket not defined in
policy.
[ 4.820868] SELinux: Class netlink_connector_socket not defined in
policy.
[ 4.828241] SELinux: Class netlink_netfilter_socket not defined in
policy.
[ 4.835614] SELinux: Class netlink_generic_socket not defined in policy.
[ 4.842786] SELinux: Class netlink_scsitransport_socket not defined in
policy.
[ 4.850493] SELinux: Class netlink_rdma_socket not defined in policy.
[ 4.857390] SELinux: Class netlink_crypto_socket not defined in policy.
[ 4.864786] SELinux: Permission audit_read in class capability2 not
defined in policy.
[ 4.873314] SELinux: the above unknown classes and permissions will be
denied
[ 5.008416] audit: type=1403 audit(5.000:2): policy loaded
auid=4294967295 ses=4294967295
[ 5.018893] audit: type=1404 audit(5.010:3): enforcing=1 old_enforcing=0
auid=4294967295 ses=4294967295
[ 5.053062] init: (Initializing SELinux enforcing took 0.31s.)
[ 5.083123] init: init second stage started!
[ 5.155902] init: waitpid failed: No child processes
[ 5.167600] init: (Loading properties from /default.prop took 0.01s.)
[ 5.190003] init: (Parsing /init.environ.rc took 0.00s.)
[ 5.201329] init: (Parsing /init.usb.rc took 0.01s.)
[ 5.207105] init: could not import file '/init.unknown.rc' from
'/init.rc'
[ 5.219968] init: (Parsing /init.zygote32.rc took 0.01s.)
[ 5.231446] init: (Parsing /init.trace.rc took 0.01s.)
[ 5.237207] init: (Parsing /init.rc took 0.06s.)
[ 8.208686] init: Starting service 'zygote'...
[ 8.408365] healthd: No charger supplies found
[ 8.415518] healthd: No battery devices found
[ 10.667422] init: Service 'zygote' (pid 145) killed by signal 6
[ 10.674246] init: Service 'zygote' (pid 145) killing any children in
process group
[ 10.683851] init: write_file: Unable to open
'/sys/android_power/request_state': No such file or directory
[ 10.696174] init: write_file: Unable to write to '/sys/power/state':
Invalid argument
[ 10.706458] init: Warning! Service media needs a SELinux domain
defined; please fix!
[ 10.715459] init: Starting service 'media'...
[ 10.724635] init: Warning! Service netd needs a SELinux domain defined;
please fix!
[ 10.735428] init: Starting service 'netd'...
[ 12.752365] init: Warning! Service surfaceflinger needs a SELinux
domain defined; please fix!
[ 12.761482] init: Starting service 'surfaceflinger'...
[ 13.092734] init: Service 'surfaceflinger' (pid 177) killed by signal 6
[ 13.099774] init: Service 'surfaceflinger' (pid 177) killing any
children in process group
[ 13.126197] init: Warning! Service zygote needs a SELinux domain
defined; please fix!
[ 13.152597] init: Starting service 'zygote'...
shell@sitara:/ $
shell@sitara:/ $
shell@sitara:/ $ su
su: setgid failed: Operation not permitted
1|shell@sitara:/ $
1|shell@sitara:/ $
1|shell@sitara:/ $
1|shell@sitara:/ $
1|shell@sitara:/ $ su
su: setgid failed: Operation not permitted
1|shell@sitara:/ $ [ 16.240644] init: Service 'zygote' (pid 185) killed
by signal 6
[ 16.252381] init: Service 'zygote' (pid 185) killing any children in
process group
[ 16.260774] init: write_file: Unable to open
'/sys/android_power/request_state': No such file or directory
[ 16.304716] init: write_file: Unable to write to '/sys/power/state':
Invalid argument
[ 16.316857] init: Service 'media' is being killed...
[ 16.340089] init: Service 'netd' is being killed...
[ 16.356396] init: Service 'media' (pid 147) killed by signal 9
Thanks,
Mantesh
--
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
