On 04/19/2016 10:47 AM, Stephen Smalley wrote: > On 04/19/2016 10:32 AM, YongQin Liu wrote: >> Hi, ALL >> >> I am trying the android-n-preview with kernel4.4, and found the tracefs >> is automatically mounted there by kernel, mount options like this: >> tracefs on /sys/kernel/debug/tracing type tracefs (rw,relatime) >> >> And I found avc warnings on the console like this: >> [ 6.840279] init: SELinux: Could not set context for >> /sys/kernel/debug/tracing/set_event_pid: Operation not supported on >> transport endpoint >> >> I think it's caused by the following lines in file_contexts file: >> /sys/kernel/debug/tracing(/.*)? u:object_r:debugfs_tracing:s0 >> /sys/kernel/debug/tracing/trace_marker u:object_r:debugfs_trace_marker:s0 >> >> >> And seems the tracefs does not support the seclabel mount option, >> >> So what's the better way to support tracefs in Android? >> Seems updating sepolicy rules is an easier way, but what if the kernel >> still does not support tracefs yet? >> Or do some changes in kernel side on tracefs? >> >> And tracefs would be supported in the user mode as well I guess. > > Hmm...we would need to augment the logic in SELinux to support per-file > labeling of tracefs via either setxattr or genfs_contexts. The quick > fix would be to just add tracefs to the list of whitelisted filesystem > types in selinux_is_sblabel_mnt(), but the right fix would be to > generalize this logic as described in the last item on the todo list, > https://bitbucket.org/seandroid/wiki/wiki/ToDo
Also, you'd need to add an entry to genfs_contexts in the policy to define a default label for tracefs files. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
