Hi Stephen,
Please find my response inline.
Regards,
Kiran Mardi
On Thu, Mar 8, 2018 at 8:56 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> Is this on AOSP master or a particular release branch?
> [Kiran]: it is particular release branch Android N.
> Is this occurring on a clean install or on an upgrade from a previous
> version?
>
[Kiran]: It is upgrade from previous version.
>
> There should be a recursive restorecon by init.rc of /data already from
> post-fs-data which should label everything.
> [Kiran]: yes, from my archive the restorecon is part of init.rc but it is
> not recursive. is this the root cause?
>
349
<http://2k16-xref.tpvision.com:8080/source/xref/MTK_N_NEWSTRUCT/android/n-base/system/core/rootdir/init.rc#349>
# We restorecon /data in case the userdata partition has been
reset.350
<http://2k16-xref.tpvision.com:8080/source/xref/MTK_N_NEWSTRUCT/android/n-base/system/core/rootdir/init.rc#350>
restorecon /data
> Is there perhaps an invalid context in your file_contexts configuration
> for these directories?
> Does it pass checkfc validation against your policy file?
> [Kiran]: no there are no invalid file_contexts and never got any
> compilation error.
>
> What does a restorecon -nv /data/misc/dhcp report from an adb shell?
> [Kiran]: will get back on the result.
>
> On 03/08/2018 10:14 AM, kiran mardi wrote:
> > some more data to the below issue. below are the folders which have
> become unlabeled dont know the relation though.
> >
> > drwxrwxr-x 2 dhcp dhcp u:object_r:unlabeled:s0
> 24576 2013-03-30 16:44 dhcp
> > drwxrwx--- 2 system system u:object_r:unlabeled:s0
> 24576 1995-09-25 03:39 ethernet
> > drwx------ 2 media media u:object_r:unlabeled:s0
> 24576 1995-09-25 03:39 media
> > drwxrwxr-x 2 system cache u:object_r:unlabeled:s0
> 24576 2013-10-19 10:47 onehelp
> > drwxrwxr-x 2 root root u:object_r:unlabeled:s0
> 24576 1995-09-25 03:39 perfprofd
> > drwxrwx--x 3 root root u:object_r:unlabeled:s0
> 24576 2000-01-01 16:05 user
> > drwx------ 2 root root u:object_r:unlabeled:s0
> 24576 1995-09-25 03:39 vold
> >
> >
> > On Thu, Mar 8, 2018 at 7:13 PM, kiran mardi <mardiki...@gmail.com
> <mailto:mardiki...@gmail.com>> wrote:
> >
> > Hi All,
> >
> > In one of our set we are seeing /data/misc/netd, keystore, user as
> unlabeled (dont know why it has become unlabeled). Since it is google AOSP
> module I am expecting restorecon should be part of AOSP code on these
> folder.
> >
> > ===========
> > [Wed Mar 07 20:20:23.103 2018] [ 19.018081] type=1400
> audit(946742413.155:43): avc: denied { unlink } for pid=1146 comm="netd"
> name="netd_pid" dev="mmcblk0p7" ino=406433 scontext=u:r:netd:s0
> tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
> >
> > [Wed Mar 07 20:20:23.103 2018] [ 19.034844] type=1400
> audit(946742413.160:44): avc: denied { setattr } for pid=1161
> comm="installd" name="0" dev="mmcblk0p7" ino=407130
> scontext=u:r:installd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
> permissive=0
> >
> > [Wed Mar 07 20:20:29.397 2018] [ 25.229311] type=1400
> audit(946742419.495:47): avc: denied { write } for pid=1146 comm="netd"
> name="*rt_tables*" dev="mmcblk0p7" ino=406432 scontext=u:r:netd:s0
> tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
> >
> > [Wed Mar 07 20:20:29.425 2018] [ 25.256023] type=1400
> audit(946742419.520:48): avc: denied { write } for pid=1146
> comm="Binder:1146_2" name="*netd_pid*" dev="mmcblk0p7" ino=406433
> scontext=u:r:*netd*:s0 tcontext=u:object_r:unlabeled:s0 tclass=file
> permissive=0
> > =========
> > below folders are getting unlabeled.
> >
> > /data/misc/keystore
> > data/misc/netd
> > data/misc/user
> >
> > what may be the reason for this unlabeled?
> >
> > Is restorecon -R in init.rc file for these folder is the solution?
> want to know the real reason.
> >
> > Please help
> >
> > --
> > regards,
> > kiran mardi
> >
> >
> >
> >
> > --
> > regards,
> > kiran mardi
>
>
--
regards,
kiran mardi
