OK, now we know your fc is valid. is the device in enforcing or permissive mode? You can run adb shell su 0 getenforce to find out. I still wonder if your type will need attribute fs_type on your type for filesystem associate.
Make sure when your init.rc runs the command that the file exits. You can try cranking up the loglevel in init and looking at dmesg for any errors as well. Bill On Jan 3, 2014 5:13 PM, "sri linux" <[email protected]> wrote: > Thanks for the inputs. After removing -n from restorecon, I see that file > context is changed as desired. But, when I try restorecon from *.rc file, > it doesn't seem to work! > > > On Fri, Jan 3, 2014 at 12:57 PM, William Roberts <[email protected] > > wrote: > >> Oh sri said the ext4 is not created at build. My guess its similar to efs. >> On Jan 3, 2014 12:56 PM, [email protected] wrote: >> >>> Ha I forgot to tell him to remove n... Doh >>> On Jan 3, 2014 11:57 AM, "Stephen Smalley" <[email protected]> >>> wrote: >>> >>>> The -n option to restorecon means "Do Not change", i.e. do not set the >>>> context. When combined with the -v option (verbose), it shows what it >>>> would set but does not apply the change. So it isn't surprising that >>>> restorecon -nv did not change anything. Remove the -n option if you >>>> want to set manually. >>>> What kind of filesystem is on the partition (e.g. ext4), and how is it >>>> initially created? >>>> You have to pass in the right options to make_ext4fs if you want to >>>> label the files based on file_contexts; the build Makefiles have been >>>> modified to do this automatically for the system image when it is >>>> built. Or if the partition starts empty, you can just restorecon it >>>> from init.*.rc as is done for /data and /cache in the init.rc file. >>>> >>>> >>>> On Fri, Jan 3, 2014 at 2:32 PM, sri linux <[email protected]> wrote: >>>> > Adding mailing list back to the thread - In one of my reply, got >>>> removed as >>>> > I hit just "Reply" instead of "Reply to all"! >>>> > >>>> > >>>> > On Fri, Jan 3, 2014 at 11:04 AM, sri linux <[email protected]> >>>> wrote: >>>> >> >>>> >> In one of the TE file, I have defined file_type as >>>> >> type <partition_name>_data_file, file_type; >>>> >> >>>> >> And in file_contexts, I have defined below to switch context of the >>>> file >>>> >> /<partition_name>/<dir_name>(/.*)? >>>> >> u:object_r:<partition_name>_data_file:s0 >>>> >> >>>> >> When I tried restorecon from the shell, I see below log, which seem >>>> to be >>>> >> trying to change the context of the file, but, when I cross check >>>> using "ls >>>> >> -lZ" I still see default context. >>>> >> restorecon -nv /<partition_name>/<dir_name>/<file_name> >>>> >> Relabeling /<partition_name>/<dir_name>/<file_name> from >>>> >> u:object_r:unlabeled:s0 to u:object_r:<partition_name>_data_file:s0. >>>> >> >>>> >> Just wondering what Am I missing here! >>>> >> >>>> >> >>>> >> On Fri, Jan 3, 2014 at 9:25 AM, William Roberts < >>>> [email protected]> >>>> >> wrote: >>>> >>> >>>> >>> ok then a restorecon should do the trick. Depending on your version >>>> >>> you may need to restorecon each file and you need to make sure the >>>> >>> file_context is located either in the ramdisk or data. Data will >>>> only >>>> >>> work if this filesystem is mounted AFTER data, so the safest option >>>> is >>>> >>> ensuring it is in /file_contexts which is located in the ramdisk. >>>> >>> >>>> >>> in the init.rc after the filesystem in question is mounted you will >>>> >>> need restorecon entries. Based on the version you are running you >>>> may >>>> >>> need to restorecon each file. I would recommend just verifying the >>>> >>> file_contexts, and manually shelling into the device and >>>> transitioning >>>> >>> to su. You can do this by: adb shell followed by su 0. Once in as >>>> >>> super user, you can issue the restorecon command. if an ls -Z file >>>> >>> still shows the invalid label. I would try restorecon -nv to get >>>> some >>>> >>> debugging info as to why its failing. Perhaps your expression in the >>>> >>> file_contexts entry is not proper and is not matching anything. >>>> >>> >>>> >>> If you need to restorecon the whole filesystem, after the mount in >>>> the >>>> >>> init.rc you can do restorecon_recursive if your init supports it. >>>> AOSP >>>> >>> now has this feature. It was added here: >>>> >>> https://android-review.googlesource.com/#/c/67580/ >>>> >>> >>>> >>> At this point, I think to get more specific help, you will need to >>>> >>> provide more specifics to your problem. Can you give us the snippet >>>> of >>>> >>> your file_contexts, and other commands, etc. Diffs are really >>>> helpful >>>> >>> here. You can change the data to keep it anonymous if needed. >>>> >>> >>>> >>> Keep in mind that adb root; adb shell; will result in a root >>>> terminal >>>> >>> running in the shell domain which may not have any permissions to do >>>> >>> what you need. It is very important that you invoke su to transition >>>> >>> into the su domain, which is unconfined. >>>> >>> >>>> >>> Bill >>>> >>> >>>> >>> On Fri, Jan 3, 2014 at 8:01 AM, sri linux <[email protected]> >>>> wrote: >>>> >>> > Yes, filesystem is mounted as read & write. >>>> >>> > >>>> >>> > >>>> >>> > On Thu, Jan 2, 2014 at 6:52 PM, William Roberts >>>> >>> > <[email protected]> >>>> >>> > wrote: >>>> >>> >> >>>> >>> >> Ok is the filesystem mounted writable? If not, then a restorecon >>>> would >>>> >>> >> fail. >>>> >>> >> >>>> >>> >> On Thu, Jan 2, 2014 at 4:18 PM, sri linux <[email protected]> >>>> wrote: >>>> >>> >> > As mentioned already, I tried restorecon, which doesn't have >>>> any >>>> >>> >> > affect. >>>> >>> >> > File is created at build time in one of the partition >>>> >>> >> > (separate/different >>>> >>> >> > partition and not boot/system/data) and filesystem is ext4 >>>> type. >>>> >>> >> > Filesystem >>>> >>> >> > is mounted as read & write. >>>> >>> >> > >>>> >>> >> > >>>> >>> >> > On Mon, Dec 30, 2013 at 12:14 PM, William Roberts >>>> >>> >> > <[email protected]> >>>> >>> >>>> >>> >> > wrote: >>>> >>> >> >> >>>> >>> >> >> And what type of filesystem is it? >>>> >>> >> >> >>>> >>> >> >> On Mon, Dec 30, 2013 at 11:28 AM, Stephen Smalley >>>> >>> >> >> <[email protected]> wrote: >>>> >>> >> >> > Which partition? And how is the file created? >>>> >>> >> >> > >>>> >>> >> >> > On Fri, Dec 27, 2013 at 7:05 PM, sri linux < >>>> [email protected]> >>>> >>> >> >> > wrote: >>>> >>> >> >> >> Dear Experts, >>>> >>> >> >> >> >>>> >>> >> >> >> I have a file in one of the partition, for which, I see >>>> below as >>>> >>> >> >> >> a >>>> >>> >> >> >> default >>>> >>> >> >> >> context: >>>> >>> >> >> >> -rw-rw-r-- system root >>>> u:object_r:unlabeled:s0 >>>> >>> >> >> >> file_xyz >>>> >>> >> >> >> >>>> >>> >> >> >> I tried to change the context using type_transition, which >>>> >>> >> >> >> doesn't >>>> >>> >> >> >> seem >>>> >>> >> >> >> to >>>> >>> >> >> >> be working - I still see unlabeled in the context. >>>> >>> >> >> >> >>>> >>> >> >> >> Can someone suggest the best way to change the context of >>>> the >>>> >>> >> >> >> file >>>> >>> >> >> >> which is >>>> >>> >> >> >> unlabeled? >>>> >>> >> >> >> >>>> >>> >> >> >> >>>> >>> >> >> >> >>>> >>> >> >> >> _______________________________________________ >>>> >>> >> >> >> Seandroid-list mailing list >>>> >>> >> >> >> [email protected] >>>> >>> >> >> >> To unsubscribe, send email to >>>> >>> >> >> >> [email protected]. >>>> >>> >> >> >> To get help, send an email containing "help" to >>>> >>> >> >> >> [email protected]. >>>> >>> >> >> >> >>>> >>> >> >> > _______________________________________________ >>>> >>> >> >> > Seandroid-list mailing list >>>> >>> >> >> > [email protected] >>>> >>> >> >> > To unsubscribe, send email to >>>> [email protected]. >>>> >>> >> >> > To get help, send an email containing "help" to >>>> >>> >> >> > [email protected]. >>>> >>> >> >> >>>> >>> >> >> >>>> >>> >> >> >>>> >>> >> >> -- >>>> >>> >> >> Respectfully, >>>> >>> >> >> >>>> >>> >> >> William C Roberts >>>> >>> >> > >>>> >>> >> > >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> -- >>>> >>> >> Respectfully, >>>> >>> >> >>>> >>> >> William C Roberts >>>> >>> > >>>> >>> > >>>> >>> >>>> >>> >>>> >>> >>>> >>> -- >>>> >>> Respectfully, >>>> >>> >>>> >>> William C Roberts >>>> >> >>>> >> >>>> > >>>> > >>>> > _______________________________________________ >>>> > Seandroid-list mailing list >>>> > [email protected] >>>> > To unsubscribe, send email to [email protected]. >>>> > To get help, send an email containing "help" to >>>> > [email protected]. >>>> > >>>> >>> >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
