On 10/12/2016 11:51 AM, Roberts, William C wrote:
> If Bin is using our N tree, then all the stuff for debugfs are exact
> matches:
>
>
>
> /sys/kernel/debug/sync u:object_r:debugfs_graphics_sync:s0
>
> /sys/kernel/debug/dri/0/i915_frequency_info u:object_r:debugfs_graphics:s0
>
>
If Bin is using our N tree, then all the stuff for debugfs are exact matches:
/sys/kernel/debug/sync u:object_r:debugfs_graphics_sync:s0
/sys/kernel/debug/dri/0/i915_frequency_info u:object_r:debugfs_graphics:s0
/sys/kernel/debug/pstate_snb/setpoint u:object_r:debugfs_pstate:s0
Bin, can you
> -Original Message-
> From: Stephen Smalley [mailto:s...@tycho.nsa.gov]
> Sent: Wednesday, October 12, 2016 9:37 AM
> To: Roberts, William C ; 'seandroid-
> l...@tycho.nsa.gov'
> Cc: Yang, Bin Y
>
On 10/12/2016 09:36 AM, Stephen Smalley wrote:
> On 10/12/2016 09:24 AM, Roberts, William C wrote:
>> It’s been reported that labelling via restorecon_recursive
>> /sys/kernel/debug is taking 0.25s on a device. I wanted to verify a
>> thought:
>>
>>
>>
>> It looks like genfscon per file
On 10/12/2016 09:24 AM, Roberts, William C wrote:
> It’s been reported that labelling via restorecon_recursive
> /sys/kernel/debug is taking 0.25s on a device. I wanted to verify a
> thought:
>
>
>
> It looks like genfscon per file labeling is supported by selinux (like
> procfs), on linux
It's been reported that labelling via restorecon_recursive /sys/kernel/debug
is taking 0.25s on a device. I wanted to verify a thought:
It looks like genfscon per file labeling is supported by selinux (like procfs),
on linux master branch, I see:
selinux_set_mnt_opts():
815 if
On 10/12/2016 05:57 AM, peng fei wrote:
> I want to modify sepolicy and verify it.
>
> First,
>
> I download the android4.4.4 sepolicy, and modify file.te and
> file_context, add a new type sec_file.
> #/data/audit
> type sec_file, file_type, data_file_type;
> /data/audit(/.*)?
I want to modify sepolicy and verify it.
First,
I download the android4.4.4 sepolicy, and modify file.te and file_context,
add a new type sec_file.
#/data/audit
type sec_file, file_type, data_file_type;
/data/audit(/.*)? u:object_r:sec_file:s0
--
Second,compile policy.
m4 -D