Dear SEAndroid developer
I downloaded the recent aosp source and download boot.img and system.img
into my device.
But the init domain is not translated to init domain, it is still in the
kernel domain.
I found some error logs in the kernel log.
-----------------------------------------------------------------------------------------------------------
[ 3.937742 / 01-01 00:48:26.729][5] init: (Initializing SELinux
non-enforcing took 0.15s.)
[ 3.940387 / 01-01 00:48:26.729][5] init: SELinux: Could not set context
for /init: Operation not supported on transport endpoint
[ 3.940404 / 01-01 00:48:26.729][5] init: restorecon failed: Operation
not supported on transport endpoint
[ 3.940473 / 01-01 00:48:26.729][5] type=1400 audit(1420073306.729:3):
avc: denied { execute } for pid=1 comm="init" name="init" dev="rootfs"
ino=9528 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file
permissive=1
[ 3.940598 / 01-01 00:48:26.729][5] type=1400 audit(1420073306.729:4):
avc: denied { execute_no_trans } for pid=1 comm="init" path="/init"
dev="rootfs" ino=9528 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0
tclass=file permissive=1
[ 3.942118 / 01-01 00:48:26.729][5] type=1400 audit(1420073306.729:5):
avc: denied { write } for pid=1 comm="init" name="/" dev="tmpfs"
(... lots of avc denial logs caused by init process in the kernel domain
-----------------------------------------------------------------------------------------------------------
The /init file is not translated to init_exec.
root@device:/ # ls -Z | grep init
ls -Z | grep init
-rwxr-x--- root root u:object_r:rootfs:s0 init
Moreover, I could not translate the init file into init_exec using
restorecon command on the shell.
root@device:/ # restorecon /init
restorecon /init
SELinux: Loaded file_contexts contexts from /file_contexts.
SELinux: Could not set context for /init: Read-only file system
restorecon: restorecon failed: /init: Read-only file system
1|root@device:/ #
The "Could not set context for" error log was printed in the
external/libselinux/src/android.c file.
-----------------------------------------------------------------------------------------------------------
if (strcmp(oldsecontext, secontext) != 0) {
if (verbose)
selinux_log(SELINUX_INFO,
"SELinux: Relabeling %s from %s to %s.\n",
pathname, oldsecontext, secontext);
if (!nochange) {
if (lsetfilecon(pathname, secontext) < 0)
goto err; // Error happened at here. lsetfilecon was failed
}
}
rc = 0;
out:
freecon(oldsecontext);
freecon(secontext);
return rc;
err:
selinux_log(SELINUX_ERROR,
"SELinux: Could not set context for %s: %s\n",
pathname, strerror(errno));
rc = -1;
goto out;
-----------------------------------------------------------------------------------------------------------
Is there any solution to translate the init process from kernel domain to
init domain in the init.cpp (not using the setcon script in the init.rc)?
Thank you
Best regards
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
