On 04/12/2018 07:59 AM, kiran mardi wrote: > Hi Stephen, > > it is a field issue and we see only on 1 set. it is seen on android N set. > it is strange that it is seen on only 1 set. can it be hardware issue? DDR > issue since we see ebitmap is giving different data?.
Yes, the fact that you are getting different values from what should be the same policy on recovery is suspect. > > On Wed, Apr 11, 2018 at 7:08 PM, Stephen Smalley <s...@tycho.nsa.gov > <mailto:s...@tycho.nsa.gov>> wrote: > > On 04/11/2018 06:12 AM, kiran mardi wrote: > > Hi All, > > > > I see in one of my device getting the selinux policy loading error > during init first stage. > > however the logs give every boot different error w.r.t selinux policy > loading. > > > > 1st bootup of set: > > > > [ 7.933699] init: SELinux: Could not load policy: Out of memory > > [ 7.938900] init: failed to load policy: Out of memory > > [ 7.943884] init: Security failure; rebooting into recovery mode... > > > > > > 2nd bootup[to recovery]: > > > > [ 7.028166] SELinux: ebitmap start bit (*400*) is not a multiple of the > map unit size (64) > > [ 7.035557] init: SELinux: Could not load policy: Invalid argument > > [ 7.041652] init: failed to load policy: Invalid argument > > [ 7.047031] init: Security failure; rebooting into recovery mode... > > > > > > 3rd bootup[to recovery]: > > > > [ 7.622606] SELinux: ebitmap: map size *1048640 *does not match my size > 64 (high bit was 0) > > [ 7.630081] init: SELinux: Could not load policy: Invalid argument > > [ 7.636214] init: failed to load policy: Invalid argument > > [ 7.641447] init: Security failure; rebooting into recovery mode... > > > > > > is it problem with my kernel allocating memory for selinux sys/fs? > > can i suspect RAM not working properly? > > Sounds like the policy is corrupted. Can you confirm that the policy > file itself is valid, e.g. on the build host, run seinfo on the policy file? > > Does your kernel match your policy? There was an incompatible change in > policy format between Android 6 Marshmallow and Android 7 Nougat; Google > provided a backward compatibility patch in their common kernels so that > Android 7 kernels could still load older policies. > > > > > -- > regards, > kiran mardi