Hmm...don't know if this is related, but even on current AOSP master, if I adb shell su 0 restorecon -Rv /sys it finds some wrongly labeled entries under /sys/devices/system/cpu/cpufreq:
SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand from u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand/powersave_bias from u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand/sampling_rate from u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. SELinux: Relabeling /sys/devices/system/cpu/cpufreq/ondemand/io_is_busy from u:object_r:sysfs:s0 to u:object_r:sysfs_devices_system_cpu:s0. ... On 07/17/2014 09:33 AM, Nick Kralevich wrote: > If the files in /sys/devices/system/cpu/interactive are created > post-boot, then the boot time labeling support isn't sufficient to label > these files. Applying the following patches *may* help: > > * https://android-review.googlesource.com/92902 > * https://android-review.googlesource.com/100249 > > The second patch, in particular, waits for any uevent messages and > properly updates the labels on dynamically created /sys files. > > -- Nick > > > > On Thu, Jul 17, 2014 at 5:53 AM, Pankaj Kushwaha > <[email protected] <mailto:[email protected]>> > wrote: > > Hi, > > I have written a new daemon which interacts with files present in > '/sys/devices/system/cpu/cpufreq/interactive/' folder. > I was trying to provide a new label to this folder, but I was unable > to do so. > > I tried adding new label in same way as it was done for > '/sys/devices/system/cpu/cpufreq/' but I wasn't able to relabel > 'interactive' folder. > I noticed that this folder is created when device is booted, while > other folders prior to this are built when boot process starts. > > I also tried to change label from genfs_context but again failed. > > I also thought of making this folder from init.rc but still it was > not relabled. > > Also as per file_context rules (/sys/devices/system/cpu(/.*)? > u:object_r:sysfs_devices_system_cpu:s0), interactive folder should > have 'sysfs_devices_system_cpu' label, but in actual it has 'sysfs' > label. > > Is there any specific reason that we are not allowed to change label > of this folder ? > > I added following lines in file.te and file_context - > file_context : > /sys/devices/system/cpu/cpufreq/interactive(/.*)? > u:object_r:sysfs_interactive:s0 > file.te : > type sysfs_interactive, fs_type, sysfs_type, mlstrustedobject; > > Thanks > Pankaj Kushwaha > > _______________________________________________ > Seandroid-list mailing list > [email protected] <mailto:[email protected]> > To unsubscribe, send email to [email protected] > <mailto:[email protected]>. > To get help, send an email containing "help" to > [email protected] > <mailto:[email protected]>. > > > > > -- > Nick Kralevich | Android Security | [email protected] > <mailto:[email protected]> | 650.214.4037 > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
