You should already have the proper functionality in 3.18. See if you have: commit b43e725d8d386bf2092473953b525aaae71b6c28
Author: Eric Paris <epa...@redhat.com> Date: Wed Oct 10 14:27:35 2012 -0400 SELinux: use a helper function to determine seclabel On Tue, Oct 20, 2015 at 6:58 PM YongQin Liu <yongqin....@linaro.org> wrote: > Hi, Stephen, Jeffrey > > On 21 October 2015 at 05:05, Stephen Smalley <stephen.smal...@gmail.com> > wrote: > >> Are you using the initramfs contents as your rootfs, > > We are using the initramfs as rootfs. > > And our kernel is based on the 3.18 version, and does not applied the > patch here: > https://android-review.googlesource.com/#/c/58360/ > > Should we apply this patch to our kernel? > > Thanks, > Yongqin Liu > > >> or pivoting to an >> ext4 root filesystem image that you built? >> >> On Tue, Oct 20, 2015 at 10:59 AM, YongQin Liu <yongqin....@linaro.org> >> wrote: >> > Hi, All >> > >> > When I tried the Marshmallow version on our platforms, I got following >> > warnings: >> > avc: denied { mounton } for pid=1 comm="init" path="/cache" dev="rootfs" >> > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:cache_file:s0 tclass=dir >> > permissive=1 >> > avc: denied { mounton } for pid=1 comm="init" path="/storage" >> dev="rootfs" >> > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:storage_file:s0 >> tclass=dir >> > permissive=1 >> > >> > To remove this warnings, I need to add following rules into the init.te >> > file: >> > allow init cache_file:dir mounton; >> > allow init storage_file:dir mounton; >> > >> > but I did not see similar rules added into the init.te file for Nexus9 >> > build(device/htc/flounder/sepolicy/), >> > and there is no such warnings on the Nexus9 build too. >> > >> > I am confused on why Nexus9 does not need the mounton rules for init >> domain, >> > and does not have the warnings. >> > >> > Anyone here can help to explain for me or point me where I should check? >> > >> > Thanks in advance! >> > -- >> > Best Regards, >> > Yongqin Liu >> > --------------------------------------------------------------- >> > #mailing list >> > linaro-andr...@lists.linaro.org >> > http://lists.linaro.org/mailman/listinfo/linaro-android >> > >> > _______________________________________________ >> > Seandroid-list mailing list >> > Seandroid-list@tycho.nsa.gov >> > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. >> > To get help, send an email containing "help" to >> > seandroid-list-requ...@tycho.nsa.gov. >> > > > > -- > Best Regards, > Yongqin Liu > --------------------------------------------------------------- > #mailing list > linaro-andr...@lists.linaro.org <linaro-...@lists.linaro.org> > http://lists.linaro.org/mailman/listinfo/linaro-android >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
