On 03/09/2018 08:13 AM, Stephen Smalley wrote:
> On 03/09/2018 02:55 AM, kiran mardi wrote:
>> >>>>>>>>sh-3.2# toybox restorecon -nv /data/misc/dhcp
>>
>> [ 158.754324] type=1400 audit(946742542.500:16): avc: denied { search } for
>> pid=983 comm="toybox" name="security" dev="mmcblk0p7" ino=186945
>> scontext=u:r:shell:s0 tcontext=u:object_r:security_file:s0 tclass=dir
>> permissive=1
>>
>> SELinux: Loaded file_contexts contexts from /file_contexts.bin.[
>> 158.776446] type=1400 audit(946742542.520:17): avc: denied { getattr } for
>> pid=983 comm="toybox" path="/data/misc/dhcp" dev="mmcblk0p7" ino=406419
>> scontext=u:r:shell:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
>> permissive=1
>>
>>
>>
>> SELinux: Relabeling /data/misc/dhcp from u:object_r:unlabeled:s0 to
>> u:object_r:dhcp_data_file:s0.
>
> Ok, so you have a valid context for /data/misc/dhcp in your file_contexts,
> which should have been used if the restorecon_recursive /data executed.
>
> Did your file_contexts configuration change between the old and new versions?
> restorecon_recursive /data will skip the tree walk if file_contexts has not
> changed since the last time it was run; this is based on a separate
> security.restorecon_last xattr set on the /data directory with the SHA1 hash
> of the /file_contexts.bin file.
>
> Also, what was the context on /data/misc/dhcp in the prior version from which
> you are upgrading? Was it the same or different? If different, what was it?
Also, were there any interesting log messages on the first boot after the
upgrade (i.e. when we would expect the restorecon_recursive to execute)? Look
for any logcat or dmesg messages with SELinux: or avc: prefixes.
