On 12/06/2012 11:14 PM, Joshua Brindle wrote:
I've started working through the policy on mako.
One stumbling block I've hit is that there is a vfat filesystem mounted
on /firmware. Since vfat is labeled as sdcard by default that causes
many denials related to sdcard.
I don't see a mount option for context but that would be 1 way to solve
the problem. Another way is to remove the genfscon for sdcard in the
main policy and only add it to phones with an actual vfat sdcard, which
I don't think are any current Nexus devices.
Thoughts?
As Bill said, the context= mount option should work (the string just
gets passed through to the kernel and the kernel passes it to SELinux to
interpret). Nexus S used a vfat filesystem for the sdcard, which is
where that genfscon entry originated. We could move it to the
crespo/crespo4g project I suppose. Likely should audit all of
external/sepolicy for anything else specific to crespo/crespo4g and move
it over as well. We didn't have the per-device policy support at the time.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
