Re: init: SELinux: Could not load policy
On 04/12/2018 07:59 AM, kiran mardi wrote: > Hi Stephen, > > it is a field issue and we see only on 1 set. it is seen on android N set. > it is strange that it is seen on only 1 set. can it be hardware issue? DDR > issue since we see ebitmap is giving different data?. Yes, the fact that you are getting different values from what should be the same policy on recovery is suspect. > > On Wed, Apr 11, 2018 at 7:08 PM, Stephen Smalley <s...@tycho.nsa.gov > <mailto:s...@tycho.nsa.gov>> wrote: > > On 04/11/2018 06:12 AM, kiran mardi wrote: > > Hi All, > > > > I see in one of my device getting the selinux policy loading error > during init first stage. > > however the logs give every boot different error w.r.t selinux policy > loading. > > > > 1st bootup of set: > > > > [ 7.933699] init: SELinux: Could not load policy: Out of memory > > [ 7.938900] init: failed to load policy: Out of memory > > [ 7.943884] init: Security failure; rebooting into recovery mode... > > > > > > 2nd bootup[to recovery]: > > > > [ 7.028166] SELinux: ebitmap start bit (*400*) is not a multiple of the > map unit size (64) > > [ 7.035557] init: SELinux: Could not load policy: Invalid argument > > [ 7.041652] init: failed to load policy: Invalid argument > > [ 7.047031] init: Security failure; rebooting into recovery mode... > > > > > > 3rd bootup[to recovery]: > > > > [ 7.622606] SELinux: ebitmap: map size *1048640 *does not match my size > 64 (high bit was 0) > > [ 7.630081] init: SELinux: Could not load policy: Invalid argument > > [ 7.636214] init: failed to load policy: Invalid argument > > [ 7.641447] init: Security failure; rebooting into recovery mode... > > > > > > is it problem with my kernel allocating memory for selinux sys/fs? > > can i suspect RAM not working properly? > > Sounds like the policy is corrupted. Can you confirm that the policy > file itself is valid, e.g. on the build host, run seinfo on the policy file? > > Does your kernel match your policy? There was an incompatible change in > policy format between Android 6 Marshmallow and Android 7 Nougat; Google > provided a backward compatibility patch in their common kernels so that > Android 7 kernels could still load older policies. > > > > > -- > regards, > kiran mardi
Re: init: SELinux: Could not load policy
Hi Stephen, it is a field issue and we see only on 1 set. it is seen on android N set. it is strange that it is seen on only 1 set. can it be hardware issue? DDR issue since we see ebitmap is giving different data?. On Wed, Apr 11, 2018 at 7:08 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > On 04/11/2018 06:12 AM, kiran mardi wrote: > > Hi All, > > > > I see in one of my device getting the selinux policy loading error > during init first stage. > > however the logs give every boot different error w.r.t selinux policy > loading. > > > > 1st bootup of set: > > > > [7.933699] init: SELinux: Could not load policy: Out of memory > > [7.938900] init: failed to load policy: Out of memory > > [7.943884] init: Security failure; rebooting into recovery mode... > > > > > > 2nd bootup[to recovery]: > > > > [ 7.028166] SELinux: ebitmap start bit (*400*) is not a multiple of the > map unit size (64) > > [7.035557] init: SELinux: Could not load policy: Invalid argument > > [7.041652] init: failed to load policy: Invalid argument > > [7.047031] init: Security failure; rebooting into recovery mode... > > > > > > 3rd bootup[to recovery]: > > > > [ 7.622606] SELinux: ebitmap: map size *1048640 *does not match my size > 64 (high bit was 0) > > [7.630081] init: SELinux: Could not load policy: Invalid argument > > [7.636214] init: failed to load policy: Invalid argument > > [7.641447] init: Security failure; rebooting into recovery mode... > > > > > > is it problem with my kernel allocating memory for selinux sys/fs? > > can i suspect RAM not working properly? > > Sounds like the policy is corrupted. Can you confirm that the policy file > itself is valid, e.g. on the build host, run seinfo on the policy file? > > Does your kernel match your policy? There was an incompatible change in > policy format between Android 6 Marshmallow and Android 7 Nougat; Google > provided a backward compatibility patch in their common kernels so that > Android 7 kernels could still load older policies. > > -- regards, kiran mardi
Re: init: SELinux: Could not load policy
On 04/11/2018 06:12 AM, kiran mardi wrote: > Hi All, > > I see in one of my device getting the selinux policy loading error during > init first stage. > however the logs give every boot different error w.r.t selinux policy loading. > > 1st bootup of set: > > [ 7.933699] init: SELinux: Could not load policy: Out of memory > [7.938900] init: failed to load policy: Out of memory > [7.943884] init: Security failure; rebooting into recovery mode... > > > 2nd bootup[to recovery]: > > [ 7.028166] SELinux: ebitmap start bit (*400*) is not a multiple of the map > unit size (64) > [7.035557] init: SELinux: Could not load policy: Invalid argument > [7.041652] init: failed to load policy: Invalid argument > [7.047031] init: Security failure; rebooting into recovery mode... > > > 3rd bootup[to recovery]: > > [ 7.622606] SELinux: ebitmap: map size *1048640 *does not match my size 64 > (high bit was 0) > [7.630081] init: SELinux: Could not load policy: Invalid argument > [7.636214] init: failed to load policy: Invalid argument > [7.641447] init: Security failure; rebooting into recovery mode... > > > is it problem with my kernel allocating memory for selinux sys/fs? > can i suspect RAM not working properly? Sounds like the policy is corrupted. Can you confirm that the policy file itself is valid, e.g. on the build host, run seinfo on the policy file? Does your kernel match your policy? There was an incompatible change in policy format between Android 6 Marshmallow and Android 7 Nougat; Google provided a backward compatibility patch in their common kernels so that Android 7 kernels could still load older policies.
