On 06/20/2013 11:16 AM, Ronan TROTIN wrote:
Hi,
i'm curently adding seandroid to a board running Android 4.2 following
the wiki
i'm stuck with a socket file in /dev which is not properly labeled even
with the entry in file_contexts
i don't understand because everything is fine with others entries
# cat file_contexts
#line 1 "external/sepolicy/file_contexts"
###########################################
# Root
/ u:object_r:rootfs:s0
[......lot a your stuff and a bit of mine...... ]
/dev/i2c-(.*)? u:object_r:i2c_device:s0
/dev/cg2900_bt(.*)? u:object_r:cg2900_bt_device:s0
/dev/ste_gnss_socket u:object_r:gps_socket:s0
# ls -Z /dev/ste_gnss_socket
s---rw---- root radio u:object_r:device:s0 ste_gnss_socket
# ls -Z /dev/cg2900_bt*
crw-rw---- bluetooth bluetooth u:object_r:cg2900_bt_device:s0 cg2900_bt_acl
crw-rw---- bluetooth bluetooth u:object_r:cg2900_bt_device:s0 cg2900_bt_cmd
crw-rw---- bluetooth bluetooth u:object_r:cg2900_bt_device:s0 cg2900_bt_evt
at first i tried to label it gps_device because it's dev_type and it in /dev
when it failed i thought it was because it's a socket so i tried with
gps_socket. No better result.
when i try restorecon it fails if i do not give the absolute path
else it's ok. Is it normal?
# cd dev
# restorecon ste_gnss_socket
Could not lookup context for ste_gnss_socket: No such file or directory
# restorecon /dev/ste_gnss_socket
# ls -Z /dev/ste_gnss_socket
s---rw---- root radio u:object_r:gps_socket:s0
ste_gnss_socket
any clues anyone?
Typically this happens when the socket is created directly by a daemon
rather than by init. Sockets specified in the init*.rc files are
labeled by init based on file_contexts, but if the socket is created
directly by the daemon, then you need to set up a type transition in
policy to label it. See the type_transition rule in
external/sepolicy/gpsd.te for an example; you specify the domain of the
creating process, the type of the parent directory, the class of file
(in this case, sock_file), and the type you want to be assigned to the file.
Yes, the toolbox restorecon command doesn't try to determine an absolute
pathname for you, so you have to give it the absolute pathname or run it
recursively on / to properly match against file_contexts.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
