I don't know if this is the best solution, but it seems to solve the similar problem for /sys/devices/system/cpu/cpufreq/ondemand on hammerhead: https://android-review.googlesource.com/#/c/101800/ https://android-review.googlesource.com/#/c/101741/
On 07/17/2014 10:04 AM, Stephen Smalley wrote: > Hmm...don't know if this is related, but even on current AOSP master, if > I adb shell su 0 restorecon -Rv /sys it finds some wrongly labeled > entries under /sys/devices/system/cpu/cpufreq: > > SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand from > u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. > > SELinux: Relabeling > /sys/devices/system/cpu/cpufreq/ondemand/powersave_bias from > u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. > > SELinux: Relabeling > /sys/devices/system/cpu/cpufreq/ondemand/sampling_rate from > u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. > > SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand/io_is_busy > from u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. > ... > > On 07/17/2014 09:33 AM, Nick Kralevich wrote: >> If the files in /sys/devices/system/cpu/interactive are created >> post-boot, then the boot time labeling support isn't sufficient to label >> these files. Applying the following patches *may* help: >> >> * https://android-review.googlesource.com/92902 >> * https://android-review.googlesource.com/100249 >> >> The second patch, in particular, waits for any uevent messages and >> properly updates the labels on dynamically created /sys files. >> >> -- Nick >> >> >> >> On Thu, Jul 17, 2014 at 5:53 AM, Pankaj Kushwaha >> <[email protected] <mailto:[email protected]>> >> wrote: >> >> Hi, >> >> I have written a new daemon which interacts with files present in >> '/sys/devices/system/cpu/cpufreq/interactive/' folder. >> I was trying to provide a new label to this folder, but I was unable >> to do so. >> >> I tried adding new label in same way as it was done for >> '/sys/devices/system/cpu/cpufreq/' but I wasn't able to relabel >> 'interactive' folder. >> I noticed that this folder is created when device is booted, while >> other folders prior to this are built when boot process starts. >> >> I also tried to change label from genfs_context but again failed. >> >> I also thought of making this folder from init.rc but still it was >> not relabled. >> >> Also as per file_context rules (/sys/devices/system/cpu(/.*)? >> u:object_r:sysfs_devices_system_cpu:s0), interactive folder should >> have 'sysfs_devices_system_cpu' label, but in actual it has 'sysfs' >> label. >> >> Is there any specific reason that we are not allowed to change label >> of this folder ? >> >> I added following lines in file.te and file_context - >> file_context : >> /sys/devices/system/cpu/cpufreq/interactive(/.*)? >> u:object_r:sysfs_interactive:s0 >> file.te : >> type sysfs_interactive, fs_type, sysfs_type, mlstrustedobject; >> >> Thanks >> Pankaj Kushwaha >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] <mailto:[email protected]> >> To unsubscribe, send email to [email protected] >> <mailto:[email protected]>. >> To get help, send an email containing "help" to >> [email protected] >> <mailto:[email protected]>. >> >> >> >> >> -- >> Nick Kralevich | Android Security | [email protected] >> <mailto:[email protected]> | 650.214.4037 >> >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. >> > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
