Is this a condition of it being policy version 23? Are you uploading this to AOSP, and perhaps we could print a warning if policy vers < 26. The tool should either work or fail on this condition not segfault.
This patch seems to be for libsepol, is that correct? Thanks, Bill On Mon, Nov 24, 2014 at 6:58 AM, William Roberts <[email protected]> wrote: > Yeah I remember when those were added. > On Nov 24, 2014 6:48 AM, "Stephen Smalley" <[email protected]> wrote: > >> On 11/23/2014 02:59 PM, William Roberts wrote: >> > I am using the current master of check-seapp and I am getting a >> > segfault and valgrind is outputting this: >> > >> > >> > $ valgrind ./sepolicy-check -s system_app -t system_data_file -c file >> > -p write -P >> /home/bill/workspace/udoo/out/target/product/udoo/root/sepolicy >> > ==6300== Memcheck, a memory error detector >> > ==6300== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. >> > ==6300== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright >> info >> > ==6300== Command: ./sepolicy-check -s system_app -t system_data_file >> > -c file -p write -P >> > /home/bill/workspace/udoo/out/target/product/udoo/root/sepolicy >> > ==6300== >> > ==6300== Invalid read of size 4 >> > ==6300== at 0x804D5C8: expand_avtab_node (expand.c:3137) >> > ==6300== by 0x8049FC6: avtab_map (avtab.c:285) >> > ==6300== by 0xFEF27EF3: ??? >> > ==6300== Address 0x8 is not stack'd, malloc'd or (recently) free'd >> > ==6300== >> > ==6300== >> > ==6300== Process terminating with default action of signal 11 (SIGSEGV) >> > ==6300== Access not within mapped region at address 0x8 >> > ==6300== at 0x804D5C8: expand_avtab_node (expand.c:3137) >> > ==6300== by 0x8049FC6: avtab_map (avtab.c:285) >> > ==6300== by 0xFEF27EF3: ??? >> > ==6300== If you believe this happened as a result of a stack >> > ==6300== overflow in your program's main thread (unlikely but >> > ==6300== possible), you can try to increase the size of the >> > ==6300== main thread stack using the --main-stacksize= flag. >> > >> > >> > Attached is my binary sepolicy which is an OLD version 23 policy. I >> > didn't see the quick fix, so punting to you guys. >> >> Attached patch should fix it, but policy versions < 26 are not supported >> by AOSP anymore as they do not support name-based transitions and we use >> them in various places in external/sepolicy/*.te. grep >> 'type_transition.*"' external/sepolicy/*.te. You could perhaps >> downgrade them to regular type_transitions but then any directory/file >> created by that process in a directory with that type will be labeled >> accordingly, not just ones with that specific name. >> >> >> >> >> -- Respectfully, William C Roberts
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
