On 06/10/2013 08:57 AM, Stephen Smalley wrote:
On 06/08/2013 04:57 PM, Sava Mikalački wrote:
Now, im using only libselinux and sepolicy from bitbucket seandroid, all
other stuff is from CM repos. Could this be a problem? I mean, me not
using
bitbucket seandroid repos for all other parts of source tree, except for
libselinux and sepolicy?
Yes, it is unlikely to work without all of the projects specified by the
local_manifest.xml file for whatever your base version is. Use the
seandroid-4.2 local_manifest.xml file for 4.2.2 or the seandroid-4.1.2
local_manifest.xml file for 4.1.2. If you are worried about losing
changes in the CM repos, then extract the patches from our repos and
apply them to your copy of the CM repos.
It is possible to build AOSP master without any mods at all (aside from
enabling SELinux in your kernel) and have a basic, working SE for
Android system with respect to the SELinux functionality (but not the
install-time MAC functionality), but that is not true of 4.2 or 4.1.
Those versions of Android were forked from master before the full set of
functionality was merged into AOSP master, although the delta shrank
with each version.
bootable/recovery and the build/tools/releasetools have changes to
support labeling of files created from the recovery console. Without
those changes, files extracted from an update.zip will not be labeled on
the device. Installing via update.zip requires first reflashing
recovery with the SE for Android recovery.img via fastboot. However,
directly flashing system.img via fastboot should have worked correctly.
Also, the fact that system apps were running in untrusted_app likely
means that you don't have our frameworks/base changes. Those are
necessary to set the seinfo string based on mac_permissions.xml file,
and the seinfo string is later used in looking up the app domain in
seapp_contexts. You also need the frameworks/base changes to correctly
label the app data directories when created by installd.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
