Hi Guys,
I am getting the following denials and kernel panic while enabling SELinux on
k4.4
<snip>
[ 4.402909] init: init started!
[ 4.413108] SELinux: Android master kernel running Android M policy in
compatibility mode.
[ 4.426907] SELinux: Permission module_load in class system not defined in
policy.
[ 4.434937] SELinux: Class netlink_iscsi_socket not defined in policy.
[ 4.441594] SELinux: Class netlink_fib_lookup_socket not defined in policy.
[ 4.448697] SELinux: Class netlink_connector_socket not defined in policy.
[ 4.455667] SELinux: Class netlink_netfilter_socket not defined in policy.
[ 4.462666] SELinux: Class netlink_generic_socket not defined in policy.
[ 4.469468] SELinux: Class netlink_scsitransport_socket not defined in
policy.
[ 4.476813] SELinux: Class netlink_rdma_socket not defined in policy.
[ 4.483343] SELinux: Class netlink_crypto_socket not defined in policy.
[ 4.490120] SELinux: the above unknown classes and permissions will be denied
[ 4.545590] audit: type=1403 audit(1464177814.780:2): policy loaded
auid=4294967295 ses=4294967295
[ 4.555021] audit: type=1404 audit(1464177814.792:3): enforcing=1
old_enforcing=0 auid=4294967295 ses=4294967295
[ 4.584035] audit: type=1400 audit(1464177814.820:4): avc: denied { write
} for pid=1 comm="init" path=2F6465762F5F5F6B6D73675F5F202864656C6574656429
dev="rootfs" ino=9275 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0
tclass=chr_file permissive=0
[ 4.616270] audit: type=1400 audit(1464177814.852:5): avc: denied { read
write } for pid=1 comm="init"
path=2F6465762F5F5F6E756C6C5F5F202864656C6574656429 dev="rootfs" ino=9274
scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=0
[ 4.639288] audit: type=1400 audit(1464177814.872:6): avc: denied { read
write } for pid=1 comm="init"
path=2F6465762F5F5F6E756C6C5F5F202864656C6574656429 dev="rootfs" ino=9274
scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=0
[ 4.662281] audit: type=1400 audit(1464177814.900:7): avc: denied { read
write } for pid=1 comm="init"
path=2F6465762F5F5F6E756C6C5F5F202864656C6574656429 dev="rootfs" ino=9274
scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=0
[ 4.686902] audit: type=1400 audit(1464177814.920:8): avc: denied { create
} for pid=1 comm="init" name="__kmsg__" scontext=u:r:init:s0
tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=0
[ 4.704615] audit: type=1400 audit(1464177814.940:9): avc: denied { create
} for pid=1 comm="init" name="__kmsg__" scontext=u:r:init:s0
tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=0
[ 4.722262] audit: type=1400 audit(1464177814.960:10): avc: denied {
create } for pid=1 comm="init" name=".booting" scontext=u:r:init:s0
tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
[ 4.739943] Kernel panic - not syncing: Attempted to kill init!
exitcode=0x00000100
</snip>
I am using the AOSP kernel 4.4
https://android.googlesource.com/kernel/common/+/android-4.4
Also one more issue which I am facing that I am not able to change the mode to
permissive mode.
I tried adding "BOARD_KERNEL_CMDLINE := androidboot.selinux=permissive" but no
effect.
Am I missing any kernel changes which can solve this issue??
Please help.
Thanks.
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may
contain
confidential information. Any unauthorized review, use, disclosure or
distribution
is prohibited. If you are not the intended recipient, please contact the
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
