Do you means that the device must be able to mount the rootfs before we can see those SELinux log messages because the policy in in the rootfs?
Our kernel version is 3.0.31 Uncompressing Linux... done, booting the kernel. [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Linux version 3.0.31-00003-OMAP-Android (tainguye@tainguye-zydeco) (gcc version 4.4.1 (Sourcery G++ Lite 2010q1-202) ) #1 SMP PREEMPT Fri Mar 21 15:48:52 EDT 2014 [ 0.000000] CPU: ARMv7 Processor [412fc09a] revision 10 (ARMv7), cr=10c5387d Tai On 3/24/14, 1:17 PM, "Stephen Smalley" <[email protected]> wrote: >On 03/24/2014 12:39 PM, Tai Nguyen (tainguye) wrote: >> In a successful log, I see SELinux initialization at the error point >> >> [ 7.077972] twl_rtc twl_rtc: setting system clock to 2014-03-24 >> 13:35:28 UTC (1395668128) >> >> [ 7.087524] Freeing init memory: 276K >> >> [ 7.093444] sr_class1p5_calib_work: mpu: Calibration complete: >> Voltage Nominal=1317000Calib=1100000 margin=0 >> >> [ 7.108917] SELinux: 1024 avtab hash slots, 2382 rules. >> >> [ 7.115875] SELinux: 1024 avtab hash slots, 2382 rules. >> >> [ 7.121582] SELinux: 1 users, 2 roles, 389 types, 9 bools, 1 sens, >> 1024 cats >> >> [ 7.129425] SELinux: 84 classes, 2382 rules >> >> [ 7.135284] SELinux: Completing initialization. >> >> [ 7.140319] SELinux: Setting up existing superblocks. >> >> [ 7.145843] SELinux: initialized (dev sysfs, type sysfs), uses >> genfs_contexts >> >> [ 7.153564] SELinux: initialized (dev rootfs, type rootfs), uses >> genfs_contexts >> >> [ 7.161468] SELinux: initialized (dev bdev, type bdev), not >> configured for labeling >> >> [ 7.169738] SELinux: initialized (dev proc, type proc), uses >> genfs_contexts >> >> [ 7.177276] SELinux: initialized (dev tmpfs, type tmpfs), uses >> transition SIDs >> >> [ 7.185058] SELinux: initialized (dev debugfs, type debugfs), uses >> genfs_contexts >> >> [ 7.196258] SELinux: initialized (dev sockfs, type sockfs), uses task >> SIDs >> >> [ 7.204162] SELinux: initialized (dev pipefs, type pipefs), uses task >> SIDs >> >> [ 7.211547] SELinux: initialized (dev anon_inodefs, type >> anon_inodefs), not configured for labeling >> >> [ 7.221374] SELinux: initialized (dev devpts, type devpts), uses >> transition SIDs >> >> [ 7.229431] SELinux: initialized (dev selinuxfs, type selinuxfs), >> uses genfs_contexts >> >> [ 7.237976] SELinux: initialized (dev mtd_inodefs, type mtd_inodefs), >> not configured for labeling >> >> [ 7.247558] SELinux: initialized (dev usbfs, type usbfs), not >> configured for labeling >> >> [ 7.256378] SELinux: initialized (dev tmpfs, type tmpfs), uses >> transition SIDs >> >> [ 7.264190] SELinux: initialized (dev sysfs, type sysfs), uses >> genfs_contexts >> >> [ 7.312164] cyttsp_i2c_reset: gpio_set_value(step3)=1 r=0 >> >> [ 7.318176] cyttsp-i2c 3-0067: cyttsp_pr_state: ACTIVE >> >> [ 7.327819] sr_class1p5_calib_work: mpu: Calibration complete: >> Voltage Nominal=1380000Calib=1220000 margin=0 >> >> [ 7.388763] type=1403 audit(1395668128.796:2): policy loaded >> auid=4294967295 ses=4294967295 >> >> [ 7.397918] SELinux: Loaded policy from /sepolicy >> >> >>>From this log, it seems that the SELinux initialization is done before >> the kernel mounting rootfs. If that is true, the error case seems to be >> from SELinux initialization error with ftrace configuration. >> What do you think? > >The policy file is loaded from the rootfs, which is populated from the >initramfs image. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
