Hi Stephen, Please correct me if I am wrong. 1. restorecon_recurssive /data in system/core/rootdir/init.rc will not run/apply on every bootup? expectation is it should be running on every bootup(unlabeled issue should be solved).
2. Looks like the issue is reproduce when we upgrade from M to N. I see the change of restorecon_recurssive is already part of M as well. can this issue occur if the upgrade is partial or something? On Fri, Mar 9, 2018 at 9:38 PM, kiran mardi <mardiki...@gmail.com> wrote: > Hi Stephen, > > The issue I am mentioning is not 100% reproducible. We are seeing this > very rarely. So don't know how to get this reproduce. Anyway will try to > get more details on the issue and get back to u. > > Was also thinking what else can be added to address this. > > Thanks for your help. > > On 09-Mar-2018 6:41 PM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: > >> On 03/09/2018 02:55 AM, kiran mardi wrote: >> > >>>>>>>>sh-3.2# toybox restorecon -nv /data/misc/dhcp >> > >> > [ 158.754324] type=1400 audit(946742542.500:16): avc: denied { search >> } for pid=983 comm="toybox" name="security" dev="mmcblk0p7" ino=186945 >> scontext=u:r:shell:s0 tcontext=u:object_r:security_file:s0 tclass=dir >> permissive=1 >> > >> > SELinux: Loaded file_contexts contexts from /file_contexts.bin.[ >> 158.776446] type=1400 audit(946742542.520:17): avc: denied { getattr } for >> pid=983 comm="toybox" path="/data/misc/dhcp" dev="mmcblk0p7" ino=406419 >> scontext=u:r:shell:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir >> permissive=1 >> > >> > >> > >> > SELinux: Relabeling /data/misc/dhcp from u:object_r:unlabeled:s0 to >> u:object_r:dhcp_data_file:s0. >> >> Ok, so you have a valid context for /data/misc/dhcp in your >> file_contexts, which should have been used if the restorecon_recursive >> /data executed. >> >> Did your file_contexts configuration change between the old and new >> versions? restorecon_recursive /data will skip the tree walk if >> file_contexts has not changed since the last time it was run; this is based >> on a separate security.restorecon_last xattr set on the /data directory >> with the SHA1 hash of the /file_contexts.bin file. >> >> Also, what was the context on /data/misc/dhcp in the prior version from >> which you are upgrading? Was it the same or different? If different, what >> was it? >> >> -- regards, kiran mardi