On 06/18/2014 02:58 AM, Dinesh Garg wrote: > It seems I have old code of SEAndroid which does not implement > look_common, selabel_lookup_partitial_match(). It seems lookup() > functionality is moved to lookup_common(). Last commit in my workspace > is following: > > commit 8b4760949bbafdee6f7825f39423f3db745f4115 > Author: Stephen Smalley <s...@tycho.nsa.gov <mailto:s...@tycho.nsa.gov>> > Date: Mon Dec 23 13:51:15 2013 -0500 > > DO NOT MERGE: Fix a bug in the userspace AVC that broke per-domain > permissive mode. > > Failure to copy the entire av_decision structure, including the > flags field, would prevent preservation of the > SELINUX_AVD_FLAGS_PERMISSIVE > flag and thus cause per-domain permissive to not be honored for > userspace > permission checks. > > Also ensure that we clear the entire structure. > > Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov > <mailto:s...@tycho.nsa.gov>>
I take it you are using 4.4.3? Use our seandroid-4.4.3 branches or cherry-pick all of the relevant changes from AOSP master (our seandroid-4.4.3 branches already do this for all SE-related code and policy changes). http://seandroid.bitbucket.org/Usingareleaseversion.html _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
