Dear All:
On Android 6.0,
I have a file "/sys/class/leds/red/brightness" under /sys, its parent directory
is a symlink.
"u:object_r:sysfs:s0 red ->
../../devices/fff34000.pmic/pmic_led.118/leds/red"
"u:object_r:sysfs:s0 brightness"
I notice that there is a patch "restorecon: only operate on canonical paths.",
so I add some logs like "--SELINUX--:" in the function
"selinux_android_restorecon_common", then I runs some tests.
-----------test A.-----------
file_contexts:
"/sys/class/leds/red/brightness u:object_r:sysfs_led:s0"
# restorecon /sys/class/leds/red/brightness
=> "--SELINUX--: selabel_lookup failed. pathname =
/sys/devices/fff34000.pmic/pmic_led.118/leds/red/brightness"
# ls -Z /sys/class/leds/red/brightness
u:object_r:sysfs:s0 brightness unchanged
restorecon find the realpath of "brightness" has no match in file_contexts, so
it failed.
-----------test B.-----------
file_contexts:
"/sys/class/leds/red(/.*)? u:object_r:sysfs_led:s0"
# restorecon -Rv /sys/class/leds/red
=> "--SELinux--: pathname =/sys/devices/fff34000.pmic/pmic_led.118/leds/red"
# ls -Z /sys/class/leds/red
u:object_r:sysfs:s0 red -> ../../devices/fff34000.pmic/pmic_led.118/leds/red
unchanged
restorecon find the realpath of "red" has no match in file_contexts, so it
failed.
-----------test C.-----------
file_contexts:
"/sys/class/leds/red(/.*)? u:object_r:sysfs_led:s0"
# restorecon -Rv /sys/class/leds
=> "--SELINUX--:selabel_lookup failed. pathname = /sys/class/leds
SELinux: Relabeling /sys/class/leds/red from u:object_r:sysfs:s0 to
u:object_r:sysfs_led:s0."
# ls -Z /sys/class/leds
u:object_r:sysfs_led:s0 red ->
../../devices/fff34000.pmic/pmic_led.118/leds/red changed
# cd /sys/class/leds/red
# ls -Z
u:object_r:sysfs:s0 brightness unchanged
# ls -Z /sys/devices/fff34000.pmic/pmic_led.118/leds
u:object_r:sysfs:s0 red unchanged
restorecon find the realpath of "leds" has a match in file_contexts, so set
"red" successed;
BUT it failed to set files in "red". And the original file's selable is
unchanged.
-----------test D.-----------
Use "stat" on these files:
"/sys/class/leds/red" and "/sysdevices/fff34000.pmic/pmic_led.118/leds/red" are
different inodes。
"/sys/class/leds/red/brightness" and
"/sysdevices/fff34000.pmic/pmic_led.118/leds/red/brightness" are the same inode.
(Which means that any change on
realpath"/sysdevices/fff34000.pmic/pmic_led.118/leds/red/brightness" will
simultaneously reflect on the symlink file "/sys/class/leds/red/brightness" )
My problem is :
1. The realpath of "/sys/class/leds/red" is various on different devices, but
the symlink path is fixed.
If I want to set the selabel of "/sys/class/leds/red/brightness", I have to
add "[realpath]/brightness [label]" in file_contexts on every devices
differently,
because the realpath of "brightness" is different.
Can this be done with other ways that not so inconvenient?
2. Can symlink and realpath have different selables?
If they have different selables, what about the files in symlink directory,
like "brightness"?
Which selable should it follow, since it has only one inode exist.
3. If symlink and realpath can have different selables,
I think the patch "restorecon: only operate on canonical paths." is not
appropriate.
If I want to set symlink's selable, I have to run restorecon on its parent
directory,
and it will only change the directory self, not the files in the directory.
In the meanwhile, if I restorecon the symlink directory directly, it will
fail.
Is this a Bug?
4. How about enforce symlink and realpath have the same selable?
When restorecon meet a symlink,
1) find the realpath
2) call selabel_lookup with the realpath, if failed, call selabel_lookup
with the symlink.
3) use the selabel find in step 2) to set label to both symlink and
realpath.
Any help is appreciated.
Regards,
Weiyuan
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
