On 04/19/2016 10:32 AM, YongQin Liu wrote: > Hi, ALL > > I am trying the android-n-preview with kernel4.4, and found the tracefs > is automatically mounted there by kernel, mount options like this: > tracefs on /sys/kernel/debug/tracing type tracefs (rw,relatime) > > And I found avc warnings on the console like this: > [ 6.840279] init: SELinux: Could not set context for > /sys/kernel/debug/tracing/set_event_pid: Operation not supported on > transport endpoint > > I think it's caused by the following lines in file_contexts file: > /sys/kernel/debug/tracing(/.*)? u:object_r:debugfs_tracing:s0 > /sys/kernel/debug/tracing/trace_marker u:object_r:debugfs_trace_marker:s0 > > > And seems the tracefs does not support the seclabel mount option, > > So what's the better way to support tracefs in Android? > Seems updating sepolicy rules is an easier way, but what if the kernel > still does not support tracefs yet? > Or do some changes in kernel side on tracefs? > > And tracefs would be supported in the user mode as well I guess.
Hmm...we would need to augment the logic in SELinux to support per-file labeling of tracefs via either setxattr or genfs_contexts. The quick fix would be to just add tracefs to the list of whitelisted filesystem types in selinux_is_sblabel_mnt(), but the right fix would be to generalize this logic as described in the last item on the todo list, https://bitbucket.org/seandroid/wiki/wiki/ToDo _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
