On 03/25/2013 10:03 PM, Thomas COUDRAY wrote:
Hi,
I followed the procedure [1]. But I don't understand how this could work.
1 - It's say you have to get the config goldfish_armv7_defconfig from
/arch/arm/configs/goldfish_armv7_defconfig.
But in this config you don't have option CONFIG_AUDIT_GENERIC,
CONFIG_SECURITY_SELINUX_* enabled.
So I enabled theses options.
2- It's don't tell anything about yaffs xattr support, and
goldfish-2.6.29 seems to doesn't support it.
I see upstream yaffs2 has xattr support, so I have to back port
the new yaffs2 version in my android kernel [2] ?
3- When I compile aosp, I see in the ramdisk.img generated, sepolicy
is version 24. (set by default in external/sepolicy/Android.mk and
with POLICYVERS environ variable)
But the kernel only handle 15-19 version by default. According
to security/selinux/Kconfig:118 the maximum is 23, not 24.
I think I have to recompile policy in version 19 instead of
modifying SECURITY_SELINUX_POLICYDB_VERSION_MAX, right ?
policydb version 24 does not match my version range 15-19
from qemu with -show-kernel option.
[1] http://selinuxproject.org/page/SEAndroid#Building_for_the_Emulator
[2] http://permalink.gmane.org/gmane.comp.security.selinux/16415
It doesn't sound like you are building from our repositories.
Our kernel/goldfish tree has the necessary changes already in place,
including the right kernel configuration options, xattr support, etc.
Also, CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX should not be set at
all; it only exists for ancient versions of Fedora as described in the
help text.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
