On 10/22/2015 10:43 AM, Jeffrey Vander Stoep wrote:
Probably using ramfs for the rootfs with older kernels and using tmpfs
with the newer kernels? That would explain it.
Yes, the 3.18 device that I saw this behavior on used tmpfs.
Ok, so at least we understand the problem.
Options for resolving:
1. Change init to somehow distinguish creation of these empty mount
point directories from other directories, and do not set the SELinux
context based on file_contexts for those mount points. Then you only
need mounton permission to rootfs and you don't have to allow init to
over-mount an already mounted filesystem (since that is what you are
doing by allowing mounton to cache_file and other types associated with
the actual mounted filesystem).
2. Accept this labeling, allow it in policy, and possibly add calls to
security_inode_init_security() to ramfs_mknod and ramfs_symlink so that
ramfs exhibits the same behavior as tmpfs and we get consistent behavior
and policy on the current Nexus devices.
I think #1 is better. You might still want to fix ramfs for consistency
regardless.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
