Thanks for the inputs. After removing -n from restorecon, I see that file context is changed as desired. But, when I try restorecon from *.rc file, it doesn't seem to work!
On Fri, Jan 3, 2014 at 12:57 PM, William Roberts <[email protected]>wrote: > Oh sri said the ext4 is not created at build. My guess its similar to efs. > On Jan 3, 2014 12:56 PM, [email protected] wrote: > >> Ha I forgot to tell him to remove n... Doh >> On Jan 3, 2014 11:57 AM, "Stephen Smalley" <[email protected]> >> wrote: >> >>> The -n option to restorecon means "Do Not change", i.e. do not set the >>> context. When combined with the -v option (verbose), it shows what it >>> would set but does not apply the change. So it isn't surprising that >>> restorecon -nv did not change anything. Remove the -n option if you >>> want to set manually. >>> What kind of filesystem is on the partition (e.g. ext4), and how is it >>> initially created? >>> You have to pass in the right options to make_ext4fs if you want to >>> label the files based on file_contexts; the build Makefiles have been >>> modified to do this automatically for the system image when it is >>> built. Or if the partition starts empty, you can just restorecon it >>> from init.*.rc as is done for /data and /cache in the init.rc file. >>> >>> >>> On Fri, Jan 3, 2014 at 2:32 PM, sri linux <[email protected]> wrote: >>> > Adding mailing list back to the thread - In one of my reply, got >>> removed as >>> > I hit just "Reply" instead of "Reply to all"! >>> > >>> > >>> > On Fri, Jan 3, 2014 at 11:04 AM, sri linux <[email protected]> >>> wrote: >>> >> >>> >> In one of the TE file, I have defined file_type as >>> >> type <partition_name>_data_file, file_type; >>> >> >>> >> And in file_contexts, I have defined below to switch context of the >>> file >>> >> /<partition_name>/<dir_name>(/.*)? >>> >> u:object_r:<partition_name>_data_file:s0 >>> >> >>> >> When I tried restorecon from the shell, I see below log, which seem >>> to be >>> >> trying to change the context of the file, but, when I cross check >>> using "ls >>> >> -lZ" I still see default context. >>> >> restorecon -nv /<partition_name>/<dir_name>/<file_name> >>> >> Relabeling /<partition_name>/<dir_name>/<file_name> from >>> >> u:object_r:unlabeled:s0 to u:object_r:<partition_name>_data_file:s0. >>> >> >>> >> Just wondering what Am I missing here! >>> >> >>> >> >>> >> On Fri, Jan 3, 2014 at 9:25 AM, William Roberts < >>> [email protected]> >>> >> wrote: >>> >>> >>> >>> ok then a restorecon should do the trick. Depending on your version >>> >>> you may need to restorecon each file and you need to make sure the >>> >>> file_context is located either in the ramdisk or data. Data will only >>> >>> work if this filesystem is mounted AFTER data, so the safest option >>> is >>> >>> ensuring it is in /file_contexts which is located in the ramdisk. >>> >>> >>> >>> in the init.rc after the filesystem in question is mounted you will >>> >>> need restorecon entries. Based on the version you are running you may >>> >>> need to restorecon each file. I would recommend just verifying the >>> >>> file_contexts, and manually shelling into the device and >>> transitioning >>> >>> to su. You can do this by: adb shell followed by su 0. Once in as >>> >>> super user, you can issue the restorecon command. if an ls -Z file >>> >>> still shows the invalid label. I would try restorecon -nv to get some >>> >>> debugging info as to why its failing. Perhaps your expression in the >>> >>> file_contexts entry is not proper and is not matching anything. >>> >>> >>> >>> If you need to restorecon the whole filesystem, after the mount in >>> the >>> >>> init.rc you can do restorecon_recursive if your init supports it. >>> AOSP >>> >>> now has this feature. It was added here: >>> >>> https://android-review.googlesource.com/#/c/67580/ >>> >>> >>> >>> At this point, I think to get more specific help, you will need to >>> >>> provide more specifics to your problem. Can you give us the snippet >>> of >>> >>> your file_contexts, and other commands, etc. Diffs are really helpful >>> >>> here. You can change the data to keep it anonymous if needed. >>> >>> >>> >>> Keep in mind that adb root; adb shell; will result in a root terminal >>> >>> running in the shell domain which may not have any permissions to do >>> >>> what you need. It is very important that you invoke su to transition >>> >>> into the su domain, which is unconfined. >>> >>> >>> >>> Bill >>> >>> >>> >>> On Fri, Jan 3, 2014 at 8:01 AM, sri linux <[email protected]> >>> wrote: >>> >>> > Yes, filesystem is mounted as read & write. >>> >>> > >>> >>> > >>> >>> > On Thu, Jan 2, 2014 at 6:52 PM, William Roberts >>> >>> > <[email protected]> >>> >>> > wrote: >>> >>> >> >>> >>> >> Ok is the filesystem mounted writable? If not, then a restorecon >>> would >>> >>> >> fail. >>> >>> >> >>> >>> >> On Thu, Jan 2, 2014 at 4:18 PM, sri linux <[email protected]> >>> wrote: >>> >>> >> > As mentioned already, I tried restorecon, which doesn't have any >>> >>> >> > affect. >>> >>> >> > File is created at build time in one of the partition >>> >>> >> > (separate/different >>> >>> >> > partition and not boot/system/data) and filesystem is ext4 type. >>> >>> >> > Filesystem >>> >>> >> > is mounted as read & write. >>> >>> >> > >>> >>> >> > >>> >>> >> > On Mon, Dec 30, 2013 at 12:14 PM, William Roberts >>> >>> >> > <[email protected]> >>> >>> >>> >>> >> > wrote: >>> >>> >> >> >>> >>> >> >> And what type of filesystem is it? >>> >>> >> >> >>> >>> >> >> On Mon, Dec 30, 2013 at 11:28 AM, Stephen Smalley >>> >>> >> >> <[email protected]> wrote: >>> >>> >> >> > Which partition? And how is the file created? >>> >>> >> >> > >>> >>> >> >> > On Fri, Dec 27, 2013 at 7:05 PM, sri linux < >>> [email protected]> >>> >>> >> >> > wrote: >>> >>> >> >> >> Dear Experts, >>> >>> >> >> >> >>> >>> >> >> >> I have a file in one of the partition, for which, I see >>> below as >>> >>> >> >> >> a >>> >>> >> >> >> default >>> >>> >> >> >> context: >>> >>> >> >> >> -rw-rw-r-- system root >>> u:object_r:unlabeled:s0 >>> >>> >> >> >> file_xyz >>> >>> >> >> >> >>> >>> >> >> >> I tried to change the context using type_transition, which >>> >>> >> >> >> doesn't >>> >>> >> >> >> seem >>> >>> >> >> >> to >>> >>> >> >> >> be working - I still see unlabeled in the context. >>> >>> >> >> >> >>> >>> >> >> >> Can someone suggest the best way to change the context of >>> the >>> >>> >> >> >> file >>> >>> >> >> >> which is >>> >>> >> >> >> unlabeled? >>> >>> >> >> >> >>> >>> >> >> >> >>> >>> >> >> >> >>> >>> >> >> >> _______________________________________________ >>> >>> >> >> >> Seandroid-list mailing list >>> >>> >> >> >> [email protected] >>> >>> >> >> >> To unsubscribe, send email to >>> >>> >> >> >> [email protected]. >>> >>> >> >> >> To get help, send an email containing "help" to >>> >>> >> >> >> [email protected]. >>> >>> >> >> >> >>> >>> >> >> > _______________________________________________ >>> >>> >> >> > Seandroid-list mailing list >>> >>> >> >> > [email protected] >>> >>> >> >> > To unsubscribe, send email to >>> [email protected]. >>> >>> >> >> > To get help, send an email containing "help" to >>> >>> >> >> > [email protected]. >>> >>> >> >> >>> >>> >> >> >>> >>> >> >> >>> >>> >> >> -- >>> >>> >> >> Respectfully, >>> >>> >> >> >>> >>> >> >> William C Roberts >>> >>> >> > >>> >>> >> > >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> -- >>> >>> >> Respectfully, >>> >>> >> >>> >>> >> William C Roberts >>> >>> > >>> >>> > >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> Respectfully, >>> >>> >>> >>> William C Roberts >>> >> >>> >> >>> > >>> > >>> > _______________________________________________ >>> > Seandroid-list mailing list >>> > [email protected] >>> > To unsubscribe, send email to [email protected]. >>> > To get help, send an email containing "help" to >>> > [email protected]. >>> > >>> >>
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
