On 05/25/2016 08:38 AM, Inamdar Sharif wrote:
>>> [ 4.584035] audit: type=1400 audit(1464177814.820:4): avc: denied {
>>> write } for pid=1 comm="init"
>>> path=2F6465762F5F5F6B6D73675F5F202864656C6574656429 dev="rootfs"
>>> ino=9275 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0
>>> tclass=chr_file permissive=0
>>
>> The path above decodes to /dev/__kmsg__ (deleted). The fact that it has the
>> rootfs type means you didn't have a /dev mounted before it was created?
>>
>
> I am just changing the kernel. Rest all is same. SELinux works fine with 3.18
> . Is this some issue in init??
system/core/init/init.cpp does this:
if (is_first_stage) {
mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
before it does:
open_devnull_stdio();
klog_init();
and system/core/libcutils/klog.c:klog_init() does the /dev/__kmsg__ node
creation.
So you should have a tmpfs mount on /dev, and thus /dev/__kmsg__ should
be labeled tmpfs, and init.te has:
allow init tmpfs:chr_file create_file_perms;
So, unless your kernel config doesn't enable TMPFS, I'm not sure why you
would end up with a rootfs /dev/__kmsg__.
I guess that's an interesting question - how does your .config differ
between 4.4 and 3.18?
>>> Also one more issue which I am facing that I am not able to change the
>>> mode to permissive mode.
>>>
>>> I tried adding “BOARD_KERNEL_CMDLINE := androidboot.selinux=permissive”
>>> but no effect.
>>
>> Where did you add the variable? Is it being overridden elsewhere in another
>> .mk file?
>>
>
> I have added this variable in BoardConfig.mk. Is there any other way to do
> it??
I'd expect there to already be a BOARD_KERNEL_CMDLINE definition
somewhere in your BoardConfig.mk file (or BoardConfigCommon.mk, or
another .mk file that gets included). So I would check to see if there
are any such definitions in your device or vendor trees and make sure
that the definition you added isn't just being overridden by another.
Usually you would append androidboot.selinux=permissive to an existing
BOARD_KERNEL_CMDLINE definition.
>
>> Is this a -userdebug or -eng build?
>>
> It’s a -eng build.
>
>> Are you using AOSP master or a particular release?
>>
>
> I am using AOSP master/android-4.4
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
