On 09/11/2015 08:14 AM, Stephen Smalley wrote:
> On 09/10/2015 11:26 PM, weiyuan wrote:
>> On 2015/9/11 5:13, Stephen Smalley wrote:
>>> On 09/08/2015 05:34 AM, weiyuan wrote:
>>>> Dear All:
>>>>
>>>> On Android 6.0,
>>>>
>>>> I have a file "/sys/class/leds/red/brightness" under /sys, its parent
>>>> directory is a symlink.
>>>>
>>>> "u:object_r:sysfs:s0 red ->
>>>> ../../devices/fff34000.pmic/pmic_led.118/leds/red"
>>>> "u:object_r:sysfs:s0 brightness"
>>>>
>>>> I notice that there is a patch "restorecon: only operate on canonical
>>>> paths.",
>>>> so I add some logs like "--SELINUX--:" in the function
>>>> "selinux_android_restorecon_common", then I runs some tests.
>>>>
>>>> -----------test A.-----------
>>>>
>>>> file_contexts:
>>>> "/sys/class/leds/red/brightness u:object_r:sysfs_led:s0"
>>>
>>> Could you just replace this entry with one like this:
>>>
>>> /sys/devices/.*/leds/red/brightness u:object_r:sysfs_led:s0
>>>
>>> Then the existing restorecon_recursive("/sys") by init would label it
>>> correctly and you wouldn't need to restorecon it from your
>>> init.<board>.rc file.
>>>
>>>
>>>
>>
>> This approach is worked.
>
> Only caveat is that this approach will force the
> restorecon_recursive("/sys") to walk the entire /sys/devices tree, so it
> might have an effect on boot time.
Might help to tighten the regex, ala:
/sys/devices/[^/]+/[^/]+/leds/red/brightness u:object_r:sysfs_led:s0
That assumes though that leds will be at that level in the hierarchy,
which may not be true of all your devices, so you might need to adjust
accordingly.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
