Hi Stephen,
Please correct me if I am wrong.
1. restorecon_recurssive /data in system/core/rootdir/init.rc will not
run/apply on every bootup?
expectation is it should be running on every bootup(unlabeled issue
should be solved).
2. Looks like the issue is reproduce when we upgrade from M to N. I see the
change of restorecon_recurssive is already part of M as well.
can this issue occur if the upgrade is partial or something?
On Fri, Mar 9, 2018 at 9:38 PM, kiran mardi <mardiki...@gmail.com> wrote:
> Hi Stephen,
>
> The issue I am mentioning is not 100% reproducible. We are seeing this
> very rarely. So don't know how to get this reproduce. Anyway will try to
> get more details on the issue and get back to u.
>
> Was also thinking what else can be added to address this.
>
> Thanks for your help.
>
> On 09-Mar-2018 6:41 PM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
>> On 03/09/2018 02:55 AM, kiran mardi wrote:
>> > >>>>>>>>sh-3.2# toybox restorecon -nv /data/misc/dhcp
>> >
>> > [ 158.754324] type=1400 audit(946742542.500:16): avc: denied { search
>> } for pid=983 comm="toybox" name="security" dev="mmcblk0p7" ino=186945
>> scontext=u:r:shell:s0 tcontext=u:object_r:security_file:s0 tclass=dir
>> permissive=1
>> >
>> > SELinux: Loaded file_contexts contexts from /file_contexts.bin.[
>> 158.776446] type=1400 audit(946742542.520:17): avc: denied { getattr } for
>> pid=983 comm="toybox" path="/data/misc/dhcp" dev="mmcblk0p7" ino=406419
>> scontext=u:r:shell:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
>> permissive=1
>> >
>> >
>> >
>> > SELinux: Relabeling /data/misc/dhcp from u:object_r:unlabeled:s0 to
>> u:object_r:dhcp_data_file:s0.
>>
>> Ok, so you have a valid context for /data/misc/dhcp in your
>> file_contexts, which should have been used if the restorecon_recursive
>> /data executed.
>>
>> Did your file_contexts configuration change between the old and new
>> versions? restorecon_recursive /data will skip the tree walk if
>> file_contexts has not changed since the last time it was run; this is based
>> on a separate security.restorecon_last xattr set on the /data directory
>> with the SHA1 hash of the /file_contexts.bin file.
>>
>> Also, what was the context on /data/misc/dhcp in the prior version from
>> which you are upgrading? Was it the same or different? If different, what
>> was it?
>>
>>
--
regards,
kiran mardi
