How was this librctransport.so file installed? What set its security context?
Unless there was kernel memory corruption (which could be from any
source, not just SELinux), the message indicates that the
security.selinux attribute on that file was set to u:ob (e.g. when the
filesystem image was created or by the recovery console) and therefore
is invalid. SELinux then treats it as if it had the unlabeled
context. So no bug in SELinux here, but rather in whatever set that
security context on that file.
On Wed, Jan 7, 2015 at 6:33 PM, 심현용 <jonesn5...@gmail.com> wrote:
> Dear Stephen.
>
> Hi , I'm a developer in Korea.
> I have some question bellow issue.
>
> - This is kernel log
> <6>[ 65.302303 / 01-03 23:57:09.194] SELinux: Context u:ob is not valid
> (left unmapped).
> <14>[ 65.303044 / 01-03 23:57:09.194] type=1400 audit(1420297029.194:18):
> avc: denied { write } for pid=2511 comm="uicksetsdk.lite"
> name="librctransport.so" dev="dm-0" ino=577578 scontext=u:r:platform_app:s0
> tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
> <14>[ 65.603044 / 01-03 23:57:09.494] type=1400 audit(1420297029.494:19):
> avc: denied { read } for pid=2511 comm="uicksetsdk.lite"
> name="librctransport.so" dev="dm-0" ino=577578 scontext=u:r:platform_app:s0
> tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
>
> It is reason that left unmmaped is occurred unlabeled issue.
>
> I think it is parsing error.
> Originally, Context It has to display like u:object_r:contexts:s0 but it
> split like that Context u:ob!
>
> I think this is related kernel source.
>
> kernel/security/selinux/ss/sidtab.c
>
> int sidtab_context_to_sid(struct sidtab *s,
> struct context *context,
> u32 *out_sid)
> {
> u32 sid;
> int ret = 0;
> unsigned long flags;
>
> *out_sid = SECSID_NULL;
>
> sid = sidtab_search_cache(s, context);
> if (!sid)
> sid = sidtab_search_context(s, context);
> if (!sid) {
> spin_lock_irqsave(&s->lock, flags);
> /* Rescan now that we hold the lock. */
> sid = sidtab_search_context(s, context);
> if (sid)
> goto unlock_out;
> /* No SID exists for the context. Allocate a new one. */
> if (s->next_sid == UINT_MAX || s->shutdown) {
> ret = -ENOMEM;
> goto unlock_out;
> }
> sid = s->next_sid++;
> if (context->len)
> printk(KERN_INFO
> "SELinux: Context %s is not valid (left unmapped).\n",
> context->str);
> ret = sidtab_insert(s, sid, context);
>
> Do you know why this problem occurring?
> And, how to solve this issue?
>
> Please, give me a hand.
>
> Thanks.
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
