Might I add to my previous post by listing some changes that I have made to
adapt Tomoyo 2.2 to Android [Please correct me where appropriate]:
1. There is a small change in the file *tomoyo/common.c *[- indicates
removal of line that follows;+ indicates addition of line that follows]
- if (strcmp(filename, "/sbin/init") &&
- strcmp(filename, "/sbin/tomoyo-start")){
+ if (strcmp(filename, "/sbin/adbd"))
The reason is the following: on Android, the *Init* call is /init and NOT
/sbin/init. Furthermore, if tomoyo-init [Also the designated policy loader]
is called before /init, there is a kernel panic generated from *
tomoyo_load_policy()* complaining that Profile x [x=0-3] used by <kernel>
domain is not defined. I presumed that the policy files were not accessible
at the time of /init call and thus delayed the call of policy loader to a
time when the /system partition is mounted on Android; /sbin/adbd seems to
be a call which achieves this goal. After this change, it is seen that the
profile defined by <kernel> domain is defined.
2. The location of policy files has been moved to /usr/tomoyo from
/etc/tomoyo
The reason follows: /usr is a directory I have created in the rootfs and is
part of the boot image loaded onto the phone. On the other hand, /etc is a
sym link to /system/etc which in turn is part of the system image. Since I
am working at the kernel level, I thought it appropriate to not modify the
system image. Moreover, I feel that moving tomoyo policy files to a
different location is a mere cosmetic change. Of course, this change entails
a change in the directory location pointed to in tomoyo_init_policy.c which
has been done. Would you agree?
In conclusion, the biggest problem to get Tomoyo 2.2 running on 2.6.32
Android kernel seems to be that initialisation of the tomoyo interface at
/sys/kernel/security is not getting done. This could mean that although
Tomoyo is initialised, its operation is not possible since its interface
doesn't exist. Your thoughts are deeply appreciated.
Best Regards,
Bhargava
On Thu, Jun 23, 2011 at 1:38 PM, Bhargava Shastry <[email protected]> wrote:
> That's not a bug. It is correct and expected behavior.
>> There is no need for securityfs to be mounted when securityfs_create_dir()
>> is
>> called. You will see /sys/kernel/security/tomoyo/ after securityfs is
>> mounted.
>> If not, that will be the case TOMOYO was not selected. Please check that
>> dmesg
>> has a "TOMOYO Linux initialized" line.
>>
>
> Ok. I do see tht TOMOYO Linux initialized. In fact, even MAC is activated,
> going by dmesg.
>
>
>>
>> _______________________________________________
>> tomoyo-users-en mailing list
>> [email protected]
>> http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
>>
>
>
>
> --
> Bhargava Shastry
>
--
Bhargava Shastry
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
