Hi Jeff, Can you please help answer the question from Milan below?
Regards, Sameer Joshi On Tue, Aug 16, 2016 at 7:58 PM, Aksic, Milan <[email protected]> wrote: > Hello everyone, > > > We have applied all the suggested patches mentioned below but as Sameer > already mentioned we are still getting error messages while booting, after > which system automatically restarts. We have tried debugging the kernel > itself and found the following: > > > it starts reading file /sepolicy in > external/libselinux/src/android.c in function selinux_android_load_policy_ > helper in > device/avaya/brio-kernel/security/selinux/ss/services.c calls > security_load_policy which in > device/avaya/brio-kernel/security/selinux/ss/policydb.c calls > policydb_read which in > the same file with function pointer calls class_read which finally in > the same file calls read_cons_helper in which it goes through the default > switch clause which returns -EINVAL because e->expr_type is 64 which is > defined in > device/avaya/brio-kernel/security/selinux/ss/constraint.h as > #define CEXPR_L1H2 64 /* low level 1 vs. high level 2 */ > > We are using Linux 3.10.65 . > > Can anyone please help us with this error? > > > Regards, > Milan. > > ------------------------------ > *From:* Sameer Joshi <[email protected]> > *Sent:* Thursday, August 4, 2016 4:12 PM > *To:* Jeffrey Vander Stoep > *Cc:* William Roberts; [email protected]; Aksic, Milan > *Subject:* Re: Regarding enabling selinux on Android > > Hi , > > After adding these commits , the selinux still fails to initialize with a > new error: > > init: init started! > > init: SELinux: Could not load policy: Invalid argument > > init: failed to load policy: Invalid argument > > init: Security failure; rebooting into recovery mode... > > > Please let me know if there is some additional change needed to support > this. > > > Regards, > > > Sameer Joshi > > > > > On Tue, Aug 2, 2016 at 8:10 PM, Jeffrey Vander Stoep <[email protected]> > wrote: > >> Confirmed that those are the correct patches. >> >> On Mon, Aug 1, 2016 at 10:25 PM Sameer Joshi <[email protected]> >> wrote: >> >>> Thanks Bill. >>> >>> We are working on Marshmallow , so we need the old version 30 patches >>> for kernel it seems. >>> >>> From the email chain that was shared by Sharif , it seems following are >>> the patches required to be merged for Kernel version 3.10: >>> >>> c8c3cd48e44fe12a41cd20e46d36fcfe5a759fd7 security: lsm_audit: add >>> ioctl specific auditing >>> 8daca972e410f42a4fc1fe2de804c50013b24a28 SELinux: per-command >>> whitelisting of ioctls >>> c9a8571249fa3a55a0490bd571eaf0cea097fab0 SELinux: use deletion-safe >>> iterator to free list >>> 8cdfb356b51e29494ca0b9e4e86727d6f841a52d SELinux: ss: Fix policy write >>> for ioctl operations >>> >>> Can anyone confirm if these are the final patches needed for Kernel 3.10? >>> >>> Regards, >>> >>> Sameer Joshi >>> >>> >>> On Tue, Aug 2, 2016 at 9:50 AM, William Roberts < >>> [email protected]> wrote: >>> >>>> >>>> On Aug 1, 2016 04:17, "Sameer Joshi" <[email protected]> wrote: >>>> > >>>> > Hi All, >>>> > >>>> > We are trying to enable SELinux in kernel and have defined following >>>> options in the config file. >>>> > >>>> > CONFIG_SECURITY_SELINUX=y >>>> > CONFIG_SECURITY_SELINUX_BOOTPARAM=y >>>> > >>>> > Command line options for kernel have "selinux=1 security=selinux" >>>> set. >>>> > >>>> > However during boot time, we get following error: >>>> > >>>> > [ 5.549941] SELinux: policydb version 30 does not match my >>>> version range 15-28 >>>> > >>>> > [ 5.557486] init: SELinux: Could not load policy: Invalid >>>> argument >>>> > >>>> > [ 5.563990] init: failed to load policy: Invalid argument >>>> > >>>> > [ 5.569413] init: Security failure; rebooting into recovery mode... >>>> > >>>> > >>>> > Can someone help us what this error means? Any help in fixing this >>>> would be appreciated. >>>> > >>>> >>>> You're kernel is not up to date. You need the patches from Androids >>>> kernel common tree. Bear in mind that their are two version 30s, and you'll >>>> need to have the right one. Marshmallow uses the old version 30. Newer >>>> releases use the new and upstream merged version 30. >>>> >>>> I don't have the patch links handy but I'm pretty sure jeffv or nnk at >>>> Google posted them, check the mail archives. >>>> >>>> > >>>> > Regards, >>>> > >>>> > Sameer Joshi >>>> > >>>> > >>>> > _______________________________________________ >>>> > Seandroid-list mailing list >>>> > [email protected] >>>> > To unsubscribe, send email to [email protected]. >>>> > To get help, send an email containing "help" to >>>> [email protected]. >>>> >>> >>> _______________________________________________ >>> Seandroid-list mailing list >>> [email protected] >>> To unsubscribe, send email to [email protected]. >>> To get help, send an email containing "help" to >>> [email protected]. >> >> >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
