On Feb 25, 2015 5:39 AM, "William Roberts" <bill.c.robe...@gmail.com> wrote: > > > On Feb 24, 2015 6:05 PM, "심현용" <jonesn5...@gmail.com> wrote: > > > > Dear Stephen > > > > I always thanks to your kindly help. > > I have some question about labeling of symbolic-link. > > > > I know that commit you applied labeling about symbolic link of devices/block/platform/. > > > > https://android.googlesource.com/platform/system/core/+/b0ab94b7d5a888f0b6920b156e5c6a075fa0741a%5E%21/ > > > > this commit re-factoring method lookup_best_match like that. > > https://android.googlesource.com/platform/external/libselinux/+/be7f5e8814c4954aca51d3f95455c5d9d527658c%5E%21/ > > > > So I can use in file_contexts. > > /dev/block/platform/.*/my-name > > > > But, I hope also use other file path likes /sys/class/led/*/ ... (leds is symbolic-link) > > My devices are different path leds per device. > > > > When I use labeling /sys/class/leds/*/name , restorecon_recursive was stopped at leds! > > No more continue until name. > > > > So I can only use file's full path at file_contexts each devices like that. > > ex) > > -one device > > /sys/class/leds/blue/brightness > > -the other device > > /sys/class/leds/B/brightness > > > > I hope using that .. (but restorecon_recursive will be stop at leds..) > > /sys/class/leds/*/brightness > > > > Cloud you please improve lookup_best_match method? > > If i don't understand this method, please teach me using this method. > > IIRC the recourse version stores the hash or checks the hash of the file contexts in the root of the path argument. I believe if that fails its fatal. > > At a glance, It looks like setxattr is ignored on fail but do you see this failing > Src/android.c > > if (setrestoreconlast) { size = getxattr(pathname, RESTORECON_LAST, xattr_value, sizeof fc_digest); if (!force && size == sizeof fc_digest && memcmp(fc_digest, xattr_value, sizeof fc_digest) == 0) { selinux_log(SELINUX_INFO, "SELinux: Skipping restorecon_recursive(%s)\n", pathname); return 0; } } >
It should skip over this check on a -1 ret as size 1= sizeof fcdigest. Although an explicit error check here would be cleaner. Outside of that, what mode is the file label in the fc entry? > > > > Thanks. > > May all your wishes come true this year. > > > > _______________________________________________ > > Seandroid-list mailing list > > Seandroid-list@tycho.nsa.gov > > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > > To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
