On 04/23/2013 12:37 PM, E. Paul Ratazzi wrote:
Following the instructions at http://selinuxproject.org/page/SEAndroid, I have
been able to successfully build and run SEAndroid for the emulator (release
version, android-4.1.2_r1/seandroid-4.1.2). However, something is not right.
To start with, once booted, getenforce reports 'Disabled' while setenforce 1
results in 'SELinux is disabled'. When I examine the kernel messages (from
--show_kernel), I see 'SELinux: Initializing.' early on, but then 'SELinux:
policydb version 26 does not match my version range 15-24' and 'SELinux: Could
not load policy: Invalid argument' later.
From inside the emulator, 'About phone -> SELinux status' shows 'Disabled', as
do SEAdmin and SEManager.
SEManager appears to crash when I click on the 'SELinux Disabled' menu item,
and 'binder: 199:327 transaction failed 29189, size56-0' appears in the kernel
messages.
The logcat shows a bunch of messages from SELinuxMMAC that seem normal (e.g.,
'package...installed with seinfo=...'). The only thing that looks like maybe an
error is 'Couldn't find install policy /data/system/mac_permissions.xml'.
I'd be grateful for any suggestions on how to get this working.
I would recommend moving forward to either 4.2.2 or master rather than
using 4.1.2, unless you are trying to build for a device for which 4.2.2
is not supported.
The problem in this case is that the 4.1.2 local_manifest.xml file still
refers to the goldfish 2.6.29 kernel, which is too old to support policy
version 26. So, your options are:
1) Force it to policy version 24 as Joshua suggested,
-or-
2) Switch to the seandroid-goldfish-3.4 branch of kernel/goldfish and
use that kernel instead. Linux 3.4 does support policy version 26,
which is now the default in order to make use of newer policy features
in the manta policy.
The latter is what has been done in the 4.2 and master
local_manifest.xml files.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
