On 01/13/2016 10:03 AM, Stephen Smalley wrote:
On 01/13/2016 09:48 AM, Stephen Smalley wrote:
On 01/13/2016 09:27 AM, Federico Colangelo wrote:
Hi
I am using 5.0 (lollipop), the system is a custom build but no
parameters have been changed.
How are you testing? For example, if you do this:
adb shell
su
mkdir /data/security/current
cp /sepolicy /*_contexts /selinux_version
/system/etc/security/mac_permissions.xml /data/security/current
setprop selinux.reload_policy 1
You should get output in dmesg.
On 6.0, I get the following output because the default policy no longer
allows reloading policy, even from init:
[3052229.843161] init: SELinux: Could not load policy: Permission
denied
[3052229.843255] type=1400 audit(13981262.321:6): avc: denied {
load_policy } for pid=1 comm="init" scontext=u:r:init:s0
tcontext=u:object_r:kernel:s0 tclass=security permissive=0
[3052229.843290] init: Failed to reload policy
On 5.1.1, I get the following output from the kernel in dmesg, showing
that the reload occurred:
<7>[ 140.808129] SELinux: 2048 avtab hash slots, 4630 rules.
<7>[ 140.809228] SELinux: 2048 avtab hash slots, 4630 rules.
<7>[ 140.809243] SELinux: 1 users, 2 roles, 454 types, 0 bools, 1
sens, 1024 cats
<7>[ 140.809251] SELinux: 87 classes, 4630 rules
<38>[ 140.833085] type=1403 audit(66596379.100:5): policy loaded
auid=4294967295 ses=4294967295
AFAIK, 5.0 does not differ from 5.1.1 in this regard, but I don't have a
5.0 build readily available to test.
You might also want to increase your init loglevel so that you get
further log messages.
For example, if you run:
adb shell
su
setprop sys.init_log_level 6
and then re-execute the above command sequence (particularly the setprop
selinux.reload_policy 1 if you already have the policy files under
/data/security/current), then the logging to dmesg is more informative:
<6>[ 423.316558] init: SELinux: Attempting to reload policy files
<7>[ 423.331926] SELinux: 2048 avtab hash slots, 4630 rules.
<7>[ 423.339100] SELinux: 2048 avtab hash slots, 4630 rules.
<7>[ 423.339207] SELinux: 1 users, 2 roles, 454 types, 0 bools, 1
sens, 1024 cats
<7>[ 423.339257] SELinux: 87 classes, 4630 rules
<38>[ 423.383131] type=1403 audit(66597503.160:6): policy loaded
auid=4294967295 ses=4294967295
<4>[ 423.383381] SELinux: Loaded policy from
/data/security/current/sepolicy
<4>[ 423.386519] SELinux: Loaded file_contexts contexts from
/data/security/current/file_contexts.
<4>[ 423.386861] SELinux: Loaded property_contexts from
/data/security/current/property_contexts.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
