Hi All, Thanks for all the help. I am able to set the context now based on the hammerhead example. It was a missing comma before the context= option.
Thanks, Biswajit -----Original Message----- From: Stephen Smalley [mailto:[email protected]] Sent: Tuesday, August 19, 2014 2:02 PM To: Biswajit Paul Cc: William Roberts; rpcraig; [email protected] Subject: Re: Need help in labelling vfat filesystem This implies that the context= option was not passed to the kernel. On hammerhead, for example, we see: <7>[ 2.425839] SELinux: initialized (dev mmcblk0p1, type vfat), uses mountpoint labeling I noticed in your example that you had the context value quoted? Did you try passing it unquoted? On Tue, Aug 19, 2014 at 4:43 PM, Biswajit Paul <[email protected]> wrote: > Hi , > I only see the below SELinux message for VFAT. > > <7>[ 13.135660] SELinux: initialized (dev mmcblk0p1, type vfat), uses > genfs_contexts > > Thanks, > Biswajit > > -----Original Message----- > From: Stephen Smalley [mailto:[email protected]] > Sent: Tuesday, August 19, 2014 11:10 AM > To: Biswajit Paul > Cc: William Roberts; rpcraig; [email protected] > Subject: Re: Need help in labelling vfat filesystem > > What SELinux and avc messages appear in your dmesg output on the device? > > On Tue, Aug 19, 2014 at 1:29 PM, Biswajit Paul <[email protected]> > wrote: >> Hi All, >> >> Type of the context is defined in file.te and I can see the policy >> getting built and compiled into binary. Verified the same on >> policy.conf and the type does exist. Also the partition is mounted only once >> during the bootup. >> >> >> >> Thanks, >> >> Biswajit >> >> >> >> From: William Roberts [mailto:[email protected]] >> Sent: Tuesday, August 19, 2014 7:48 AM >> To: rpcraig >> Cc: [email protected]; Biswajit Paul >> Subject: Re: Need help in labelling vfat filesystem >> >> >> >> You should see an error in dmsg iirc if the type doesn't exist during mount. >> >> On Aug 19, 2014 4:32 AM, "Robert Craig" <[email protected]> wrote: >> >> As long as you're including the file.te you mention with the compiled >> policy then your approach seems correct. I would assume that if you >> had a missing xyz_type definition in your policy (missing file.te >> entry) but included the context= option then the mount would outright >> fail (dmesg would probably show SELinux: >> security_context_to_sid(u:object_r:xyz_type:s0) failed for...). The >> context= mount option should work as the string just gets passed >> through to the kernel and the kernel passes it to SELinux to >> interpret. It's probably a long shot, but is it possible that your partition >> is being mounted elsewhere first? >> >> On 08/18/2014 10:53 PM, Biswajit Paul wrote: >> >> Dear Experts, >> >> I am trying to set the context for a vfat mounted partition. My >> current context shows as “vfat” which is the default one. >> >> >> >> I tried defining a new context while mounting using >> context=”u:object_r:xyz_type:s0” option in my fstab.<board> files and >> I am defining xyz_type as below in file.te >> >> >> >> type xyz_type, fs_type, contextmount_type; >> >> >> >> I still see the old context. Any input on how to set the new context >> for VFAT is highly appreciated. >> >> >> >> Regards, >> >> Biswajit >> >> >> >> _______________________________________________ >> >> Seandroid-list mailing list >> >> [email protected] >> >> To unsubscribe, send email to [email protected]. >> >> To get help, send an email containing "help" to >> [email protected]. >> >> >> >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. >> >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
