It seems I have old code of SEAndroid which does not implement look_common,
selabel_lookup_partitial_match(). It seems lookup() functionality is moved
to lookup_common(). Last commit in my workspace is following:
commit 8b4760949bbafdee6f7825f39423f3db745f4115
Author: Stephen Smalley <s...@tycho.nsa.gov>
Date: Mon Dec 23 13:51:15 2013 -0500
DO NOT MERGE: Fix a bug in the userspace AVC that broke per-domain
permissive mode.
Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the
SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for
userspace
permission checks.
Also ensure that we clear the entire structure.
Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
On Tue, Jun 17, 2014 at 11:51 AM, Dinesh Garg <dinesh.g...@gmail.com> wrote:
> I am still facing setup issues. I will update the list as soon as I am
> able to test the patch.
>
> > On Jun 17, 2014, at 11:47 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> >
> > Did this address your issue?
> >
> >> On 06/13/2014 02:09 AM, Dinesh Garg wrote:
> >> Thanks a lot for the patches. I had trouble setting up my workspace. I
> >> will update the result on Monday.
> >>
> >>
> >> On Thu, Jun 12, 2014 at 11:27 AM, Stephen Smalley <s...@tycho.nsa.gov
> >> <mailto:s...@tycho.nsa.gov>> wrote:
> >>
> >>> On 06/12/2014 08:41 AM, Stephen Smalley wrote:
> >>> On 06/12/2014 03:08 AM, Dinesh Garg wrote:
> >>>>>> Is that good enough or do you need this to be done for all device
> >>>> nodes automatically when
> >>>> created by ueventd?
> >>>> I am not sure about the need to do it for all device. While
> >> setting the
> >>>> symlink, i get the corresponding device and then label from
> >> policy and
> >>>> use setfilecon to apply it. Is my understanding correct ?
> >>>
> >>> If we create a patch for system/core/init, can you test it with your
> >>> setup to see if it resolves your issue?
> >>
> >> The code changes for external/libselinux and system/core are:
> >> https://android-review.googlesource.com/#/c/97701/
> >> and
> >> https://android-review.googlesource.com/#/c/97721/
> >> and a change to test the support on hammerhead is:
> >> https://android-review.googlesource.com/#/c/97750/
> >>
> >> The latter rewrites the file_contexts entries for hammerhead to use
> the
> >> /dev/block/platform/msm_sdcc.1/by-name/<name> symlink pathnames
> rather
> >> than the /dev/block/mmcblk* real pathnames, thereby demonstrating
> that
> >> the label-by-symlink support works correctly. This allows you to
> label
> >> based on the partition name rather than the partition number. Does
> that
> >> address your issue?
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Seandroid-list mailing list
> >> Seandroid-list@tycho.nsa.gov
> >> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> >> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.
> >
>
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
