I have some question about unlabeled issue.

Wed, 07 Jan 2015 15:36:45 -0800 

Dear Stephen.

Hi , I'm a developer in Korea.
I have some question bellow issue.

- This is kernel log
<6>[   65.302303 / 01-03 23:57:09.194] SELinux:  Context *u:ob* is not
valid *(left unmapped).*
<14>[   65.303044 / 01-03 23:57:09.194] type=1400 audit(1420297029.194:18):
avc: denied { write } for pid=2511 comm="uicksetsdk.lite"
name="librctransport.so" dev="dm-0" ino=577578 scontext=u:r:platform_app:s0
tcontext=u:object_r:*unlabeled*:s0 tclass=file permissive=0
<14>[   65.603044 / 01-03 23:57:09.494] type=1400 audit(1420297029.494:19):
avc: denied { read } for pid=2511 comm="uicksetsdk.lite"
name="librctransport.so" dev="dm-0" ino=577578 scontext=u:r:platform_app:s0
tcontext=u:object_r:*unlabeled*:s0 tclass=file permissive=0

It is reason that *left unmmaped* is occurred *unlabeled *issue.

I think it is parsing error.
Originally, Context It has to display like u:object_r:contexts:s0 but it
split like that Context u:ob!

I think this is related kernel source.

kernel/security/selinux/ss/sidtab.c

int sidtab_context_to_sid(struct sidtab *s,
              struct context *context,
              u32 *out_sid)
{
    u32 sid;
    int ret = 0;
    unsigned long flags;

    *out_sid = SECSID_NULL;

    sid  = sidtab_search_cache(s, context);
    if (!sid)
        sid = sidtab_search_context(s, context);
    if (!sid) {
        spin_lock_irqsave(&s->lock, flags);
        /* Rescan now that we hold the lock. */
        sid = sidtab_search_context(s, context);
        if (sid)
            goto unlock_out;
        /* No SID exists for the context.  Allocate a new one. */
        if (s->next_sid == UINT_MAX || s->shutdown) {
            ret = -ENOMEM;
            goto unlock_out;
        }
        sid = s->next_sid++;
        if (context->len)
            printk(KERN_INFO
              * "SELinux:  Context %s is not valid (left unmapped).\n",*
                   context->str);
        ret = sidtab_insert(s, sid, context);

Do you know why this problem occurring?
And, how to solve this issue?

Please, give me a hand.

Thanks.

_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Reply via email to