On 03/05/2013 10:21 AM, Stephen Smalley wrote:
On 03/05/2013 11:11 AM, Mateor wrote:
On 03/05/2013 09:57 AM, Stephen Smalley wrote:
On 03/05/2013 10:53 AM, Mateor wrote:
Have you previously run 4.2.1 successfully on the device?
Can you send a copy of your /data/misc/audit/audit.log file?
I have not been able to set enforced mode successfully for
SEAndroid at
all, but have only been building since the end of last week.
Here is the state after the latest crash (after a factory reset
/reflash
of SEAndroid rom):
$ adb shell su 0 dmesg | grep avc
<5>[ 6.960220] type=1400 audit(1362498117.050:3): avc: denied {
set_context_mgr } for pid=120 comm="servicemanager"
scontext=u:r:init:s0 tcontext=u:r:init:s0 tclass=binder
<4>[ 43.025998] avc: denied { set } for
property=persist.service.bdroid.bdaddr scontext=u:r:bluetooth:s0
tcontext=u:object_r:system_prop:s0 tclass=property_service
I made sure that command had no output on my 4.2.2 tests yesterday
(with
same results) but I neglected to check it before the logs you have
already seen.
I was able to pull the audit.log only by asking early on in the boot,
same as ADB shell.
The audit.log is [here]( http://pastebin.com/SPhNC6ei)
You seem to have no file labeling on your system image (hence many
daemons left running in :init: domain and many avc denials on
:unlabeled:). Something is wrong with your build. Did you build with
export HAVE_SELINUX=true set from the very beginning?
Did you mean to only reply to me (and not the list)?
No, sorry. I am new to mailing lists. I reproduced the conversation
above, and will try and better know the protocol next time.
I will rebuild, then. This has been consistent across several clobbered
builds, but perhaps I will nuke my source and start fresh. I don't often
do that, but I am holding 5-6 different rom sources in that tree due to
space considerations, and I did have to checkout the 4.2.2 source by
hand after having built Gingerbread earlier. So maybe there were some
residual deprecated projects swept up in the build.
After a rebuild from fresh source, I will report back. Thanks for your
time.
Should be able to just remove the .img files and rebuild them and see
if you get the Labeling output from make_ext4fs. If not, export
HAVE_SELINUX=true and mmm -B system/extras/ext4_utils.
I will try that. I did export HAVE_SELINUX=true on every build, however.
And I have now rebuilt the images from clobber several times, so I
suspect a larger probem. But I will try just building the images and
rebuilding ext4utils first, and then check that log for labeling.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
