Dear Stephen & Nick I always thanks to you.
I found another issue about when running pcre_exec. At every booting time, I know that PackageManagerService do restorecon to data/app/pakagename. about restorecon name in turn /data/app/com.lge.artui-1/lib /data/app/com.lge.art-1/lib /data/app/com.lge.art-1/lib/arm --> maybe this file isn't operate restorecon at pcre lib. But in case of these names's restorecon, less frequently occure fatal error during label_file.c to pcre_exec. 06-11 06:47:28.608 1993 2307 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x61642f65 in tid 2307 (pool-5-thread-2) 06-11 06:47:28.708 304 304 I DEBUG : [2015-06-11 06:47:28.724] 06-11 06:47:28.708 304 304 I DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 06-11 06:47:28.708 304 304 I DEBUG : Build fingerprint: 'lge/g3_vzw/g3:5.1.1/LMY47V/151621639dfce:userdebug/test-keys' 06-11 06:47:28.708 304 304 I DEBUG : Revision: '10' 06-11 06:47:28.708 304 304 I DEBUG : ABI: 'arm' 06-11 06:47:28.708 304 304 I DEBUG : pid: 1993, tid: 2307, name: pool-5-thread-2 >>> system_server <<< 06-11 06:47:28.708 304 304 I DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x61642f65 06-11 06:47:28.728 304 304 I DEBUG : r0 00000014 r1 00000280 r2 00000014 r3 00000000 06-11 06:47:28.728 304 304 I DEBUG : r4 a641dec0 r5 959420a0 r6 aecf1d30 r7 00000014 06-11 06:47:28.728 304 304 I DEBUG : r8 61642f61 r9 00000000 sl 00000000 fp a641dee2 06-11 06:47:28.728 304 304 I DEBUG : ip 00000000 sp 9b636368 lr b61c3849 pc b5bc5e02 cpsr 200f0030 06-11 06:47:28.728 304 304 I DEBUG : 06-11 06:47:28.728 304 304 I DEBUG : backtrace: 06-11 06:47:28.728 304 304 I DEBUG : #00 pc 0000be02 /system/lib/libpcre.so (pcre_exec+1337) 06-11 06:47:28.728 304 304 I DEBUG : #01 pc 00007845 /system/lib/libselinux.so 06-11 06:47:28.728 304 304 I DEBUG : #02 pc 00007103 /system/lib/libselinux.so (selabel_lookup+10) 06-11 06:47:28.728 304 304 I DEBUG : #03 pc 000092a9 /system/lib/libselinux.so 06-11 06:47:28.728 304 304 I DEBUG : #04 pc 00009563 /system/lib/libselinux.so 06-11 06:47:28.728 304 304 I DEBUG : #05 pc 00080a89 /system/lib/libandroid_runtime.so 06-11 06:47:28.728 304 304 I DEBUG : #06 pc 0008276d /data/dalvik-cache/arm/system@framew...@boot.oat *I think that the special character "-" in the restorecon does not seem to work.* Please let me know how to fix this issue. Thanks. 2015-02-24 23:25 GMT+09:00 Stephen Smalley <s...@tycho.nsa.gov>: > Agreed. For other people following the discussion and for the archives, > a link to your change fixing the bug and follow up discussion can be > found at: > https://android-review.googlesource.com/#/c/134790/ > > > On 02/23/2015 11:14 PM, Nick Kralevich wrote: > > IMHO, this feels like a bug. Perhaps it makes sense to add PCRE_DOTALL > > to the pcre_compile call in external/libselinux/src/label_file.c ? > > > > -- Nick > > > > > > > > On Mon, Feb 23, 2015 at 5:52 PM, Stephen Smalley > > <stephen.smal...@gmail.com <mailto:stephen.smal...@gmail.com>> wrote: > > > > The easiest fix would be to add a file_contexts entry (which you can > > do as part of your device policy without modifying > > external/sepolicy/file_contexts directly) that will match even files > > with embedded newlines. The current entries do not match because by > > default, the dot (.) character does not match newline so even the > > entries that end in (/.*)? won't match. > > > > On Mon, Feb 23, 2015 at 6:54 PM, 심현용 <jonesn5...@gmail.com > > <mailto:jonesn5...@gmail.com>> wrote: > > > Dear Stephen. > > > > > > I have some question restorecon api. > > > > > > When I create file like that > > > $ touch "test<space enter> > > > newline" > > > > > > that file doesn't work restorecon.. > > > > > > For example, Google docs app (com.google.android.apps.docs) create > > these > > > files(thumbnail file) like bellows. > > > > > > > > > > /data/data/com.google.android.apps.docs/cache/diskCache/fetching/accountCache_1$ > > > ls > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Mw== > > > _1404878698133 > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6NA== > > > _1402378046571 > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Ng== > > > _1324189493087 > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Nw== > > > _1320481847143 > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6OA== > > > _1320481776981 > > > > > > thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6OQ== > > > _1314508429262 > > > > > > (new line involve) > > > > > > Before SELinux enable(Android JB version), these files would be > > unlabeled. > > > That files doesn't change when upgrade (JB -> KK(SELinux Enable) > > -> L OS) > > > because restorecon doesn't work these files(involve newline). > > > > > > > > > Restorecon api doesn't work because of lookup_common() method (ret > > will > > > return null!) > > > > > > external/libselinux/src/android.c > > > > > > static int restorecon_sb() > > > .. > > > if (selabel_lookup(sehandle, &secontext, pathname, sb->st_mode) < > 0) > > > return 0 > > > > > > .. > > > > > > > > > // if input file name include "new line", i will be -1 because rc > > would be > > > PCRE_ERROR_NOMATCH! > > > > > > external/libselinux/src/label_file.c > > > static spec_t *lookup_common() > > > .. > > > if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) { > > > /* No matching specification. */ > > > errno = ENOENT; > > > goto finish; > > > } > > > .. > > > > > > > > > What should I do? > > > Please help this issue. > > > > > > Thanks. > > > > > > _______________________________________________ > > > Seandroid-list mailing list > > > Seandroid-list@tycho.nsa.gov <mailto:Seandroid-list@tycho.nsa.gov> > > > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov > > <mailto:seandroid-list-le...@tycho.nsa.gov>. > > > To get help, send an email containing "help" to > > > seandroid-list-requ...@tycho.nsa.gov > > <mailto:seandroid-list-requ...@tycho.nsa.gov>. > > > > _______________________________________________ > > Seandroid-list mailing list > > Seandroid-list@tycho.nsa.gov <mailto:Seandroid-list@tycho.nsa.gov> > > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov > > <mailto:seandroid-list-le...@tycho.nsa.gov>. > > To get help, send an email containing "help" to > > seandroid-list-requ...@tycho.nsa.gov > > <mailto:seandroid-list-requ...@tycho.nsa.gov>. > > > > > > > > > > -- > > Nick Kralevich | Android Security | n...@google.com > > <mailto:n...@google.com> | 650.214.4037 > > > > > > _______________________________________________ > > Seandroid-list mailing list > > Seandroid-list@tycho.nsa.gov > > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. > > > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
