I am porting Android 7.1 to our IMX53 product. I ran into a problem with
SELinux that doesn't seem to make sense. The boot log looks like this:
.
.
.
[ 3.506650] Freeing unused kernel memory: 1024K
[ 3.528875] init: init first stage started!
[ 3.553382] SELinux: Permission validate_trans in class security not
defined in policy.
[ 3.562534] SELinux: Class cap_userns not defined in policy.
[ 3.568418] SELinux: Class cap2_userns not defined in policy.
[ 3.574269] SELinux: Class bpf not defined in policy.[ 3.579623] SELinux:
the above unknown classes and permissions will be denied
[ 3.701006] audit: type=1403 audit(3.689:2): policy loaded auid=4294967295
ses=4294967295
[ 3.712563] audit: type=1404 audit(3.699:3): enforcing=1 old_enforcing=0
auid=4294967295 ses=4294967295
[ 3.745760] init: (Initializing SELinux enforcing took 0.21s.)
[ 3.766315] init: init second stage started!
[ 3.792985] init: Running restorecon...
[ 3.880962] init: waitpid failed: No child processes
[ 3.887834] init: (Loading properties from /default.prop took 0.00s.)
[ 3.903302] init: (Parsing /init.environ.rc took 0.00s.)
[ 3.910929] init: (Parsing /init.usb.rc took 0.00s.)
[ 3.918296] init: (Parsing init.rti.usb.rc took 0.00s.)
[ 3.923605] init: (Parsing /init.rti.rc took 0.01s.)
[ 3.931310] init: (Parsing /init.usb.configfs.rc took 0.00s.)
[ 3.937856] init: (Parsing /init.zygote32.rc took 0.00s.)
[ 3.962443] ueventd: ueventd started!
[ 4.942899] ueventd: Coldboot took 0.97s.
[ 5.078709] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode.
Opts: (null)
[ 5.139472] EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode.
Opts: errors=panic
[ 5.182104] EXT4-fs (mmcblk0p4): mounted filesystem with ordered data mode.
Opts: errors=panic
[ 5.493959] audit: type=1400 audit(5.479:4): avc: denied { execute } for
pid=110 comm="init" name="vdc" dev="mmcblk0p2" ino=654340
scontext=u:r:init:s0 tcontext=u:object_r:unlabeled:s0 tclass=file
permissive=0
[ 5.593161] binder: 111:111 transaction failed 29189/-22, size 0-0 line 3004
[ 5.607788] audit: type=1400 audit(5.599:5): avc: denied { execute } for
pid=112 comm="init" name="sh" dev="mmcblk0p2" ino=654293
scontext=u:r:init:s0 tcontext=u:object_r:unlabeled:s0 tclass=file
permissive=0
[ 6.663334] binder: 111:111 transaction failed 29189/-22, size 0-0 line 3004
[ 7.670798] binder: 111:111 transaction failed 29189/-22, size 0-0 line 3004
[ 8.678255] binder: 111:111 transaction failed 29189/-22, size 0-0 line 3004
[ 9.685626] binder: 111:111 transaction failed 29189/-22, size 0-0 line 3004
.
.
.
As you can see "vdc", and "sh" seem to be missing a label for SELinux.
However, I clearly see the label being set in android source under
/system/sepolicy/file_contexts:
/system/bin/sh -- u:object_r:shell_exec:s0
/system/bin/vdc u:object_r:vdc_exec:s0
Further, if I try to provide my own label for these same files in
/device/rti/kx10/sepolicy/file_contexts, I get a compile errors:
out/target/product/kx10/obj/ETC/file_contexts.bin_intermediates/file_contexts.concat.tmp:
Multiple same specifications for /system/bin/sh.
out/target/product/kx10/obj/ETC/file_contexts.bin_intermediates/file_contexts.concat.tmp:
Multiple same specifications for /system/bin/vdc.
So if sh & vdc have a label defined, why does the SELinux audit indicate
these files are "unlabeled"???
Because of this error I cannot get a shell started to allow me to use other
debug tools (ex. logcat). Does anyone have any ideas, thoughts, or
suggestions that might help me proceed??
Thanks in advance,
--
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
