Could you give us your dmesg output on boot and run 'ls -Z /'. That would certainly give us a bit more info.
On Sat, Jun 8, 2013 at 3:46 PM, William Roberts <bill.c.robe...@gmail.com>wrote: > Oh one last thing, how are you flashing, via update.zip? > > > On Sat, Jun 8, 2013 at 3:46 PM, William Roberts > <bill.c.robe...@gmail.com>wrote: > >> Well your dissection of those denials is correct, you have >> an unlabeled file that needs to be labeled. Is that file in the system.img >> during build? You can modify the make_ext4 command and pass it -v during >> the build to get all the labels of the system image as well, sometimes >> useful when debugging. >> >> https://android-review.googlesource.com/#/c/49992 >> >> You can hack in the -v in: >> system/extras/ext4_utils/mkuserimg.sh >> >> diff --git a/ext4_utils/mkuserimg.sh b/ext4_utils/mkuserimg.sh >> index 1136a9e..ec516b2 100755 >> --- a/ext4_utils/mkuserimg.sh >> +++ b/ext4_utils/mkuserimg.sh >> @@ -52,7 +52,7 @@ if [ -n "$FC" ]; then >> FCOPT="-S $FC" >> fi >> >> -MAKE_EXT4FS_CMD="make_ext4fs $ENABLE_SPARSE_IMAGE $FCOPT -l $SIZE -a >> $MOUNT_POINT $OUTPUT_FILE $SRC_DIR" >> +MAKE_EXT4FS_CMD="make_ext4fs $ENABLE_SPARSE_IMAGE $FCOPT -v -l $SIZE -a >> $MOUNT_POINT $OUTPUT_FILE $SRC_DIR" >> echo $MAKE_EXT4FS_CMD >> $MAKE_EXT4FS_CMD >> if [ $? -ne 0 ]; then >> >> >> Onto the untrsued_app, that sounds right. Any apk that does not have a >> known signing key is treated as untrusted. >> >> See the readme in external/sepoliocy for config options, if you have >> questions, hit us back up. >> >> Bill >> >> >> On Sat, Jun 8, 2013 at 1:40 PM, Sava Mikalački <mikalac...@gmail.com>wrote: >> >>> Hello! >>> >>> I am relatively new to Android building and especially SEAndroid, so >>> sorry if im missing something, I tried to provide as much usefull info as I >>> can. What I am trying to do is to build SEAndroid with CyanogenMod 10 for >>> my Desire Z. After downloading the sources, i replaced external/libselinux >>> and external/sepolicy with the ones from seandroid bitbucket, >>> revision=seandroid. Also, im using HTC kernel 3.0 for msm7x30 with SELinux >>> enabled. I managed to compile the system, it boots properly and SEAndroid >>> is running in permissive mode. But, as soon as I setenforce 1 my device >>> blocks. I get tons of AVC denials, but I guess its ok since this is a >>> custom build for a device thats is not supported by CM nor SEAndroid. One >>> thing I dont understand is this: when my system builds, I get a lot of >>> Labeling outputs, and one of them looks like this: >>> Labeling /system/lib/libandroid_servers.so as u:object_r:system_file:s0 >>> >>> Now, when I boot the device, I exported /proc/kmsg and I get this avc >>> denied: >>> <5>[ 32.514526] type=1400 audit(1370711031.613:7): avc: denied { >>> search } for pid=1827 comm="system_server" name="/" dev=mmcblk0p25 ino=2 >>> scontext=u:r:system:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir >>> <5>[ 32.515380] type=1400 audit(1370711031.613:8): avc: denied { >>> getattr } for pid=1827 comm="system_server" >>> path="/system/lib/libandroid_servers.so" dev=mmcblk0p25 ino=113 >>> scontext=u:r:system:s0 tcontext=u:object_r:unlabeled:s0 tclass=file >>> <5>[ 32.515747] type=1400 audit(1370711031.613:9): avc: denied { >>> read } for pid=1827 comm="system_server" name="libandroid_servers.so" >>> dev=mmcblk0p25 ino=113 scontext=u:r:system:s0 >>> tcontext=u:object_r:unlabeled:s0 tclass=file >>> <5>[ 32.516082] type=1400 audit(1370711031.613:10): avc: denied { >>> open } for pid=1827 comm="system_server" name="libandroid_servers.so" >>> dev=mmcblk0p25 ino=113 scontext=u:r:system:s0 >>> tcontext=u:object_r:unlabeled:s0 tclass=file >>> <5>[ 32.521057] type=1400 audit(1370711031.613:11): avc: denied { >>> execute } for pid=1827 comm="system_server" >>> path="/system/lib/libandroid_servers.so" dev=mmcblk0p25 ino=113 >>> scontext=u:r:system:s0 tcontext=u:object_r:unlabeled:s0 tclass=file >>> <5>[ 32.586761] type=1400 audit(1370711031.683:12): avc: denied { >>> read } for pid=1827 comm="system_server" >>> path=2F6465762F6173686D656D2F64616C76696B2D4C696E656172416C6C6F63202864656C6574656429 >>> dev=tmpfs ino=1576 scontext=u:r:system:s0 tcontext=u:object_r:init_tmpfs:s0 >>> tclass=file >>> >>> If I understand this correctly, it looks like >>> system/lib/libandroid_servers is unlabeled even though build log showed it >>> as being labeled. What could I be doing wrong? I tried several clober >>> builds, flashing via zip or fastboot but still everytime i get this and a >>> lot of other denials stating unlabeled output. I know the setup is not >>> standard as per SEAndroid wiki, im just trying to understand why is this >>> causing denials. Also, all of my apk are treated as untrusted apps. Do you >>> have maybe any advice for me? What could I be missing in my setup? >>> >>> Thank you very much in advance! >>> >>> -- >>> I have only two questions: How much and give it to me. >>> >> >> >> >> -- >> Respectfully, >> >> William C Roberts >> >> > > > -- > Respectfully, > > William C Roberts > >
