From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: SELinux on Android From: Stephen Smalley To: Bhargava Shastry Cc: Eric Paris , SELinux@tycho.nsa.gov, James Morris In-Reply-To: References: <1320409924.1015.7.camel@moss-pluto> <1320425998.1015.31.camel@moss-pluto> <1320930750.13691.5.camel@moss-pluto> <1320942368.13691.7.camel@moss-pluto> <1321537184.4836.9.camel@moss-pluto> Content-Type: text/plain; charset="UTF-8" Date: Mon, 21 Nov 2011 10:51:37 -0500 Message-ID: <1321890697.9385.20.camel@moss-pluto> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Mon, 2011-11-21 at 16:45 +0100, Bhargava Shastry wrote: > Hello, > > On loading an SELinux policy, I see that SELinux recognises the YAFFS > blocks on Android as FS where labeling is not supported. Here is a > sample dmesg print: > "SELinux: initialized (dev mtdblock3, type yaffs2), not configured for > labeling" > > On looking into the SELinux code, I see that such a print is spat out > on a check for a file-system superblock security attribute called > "behavior". Could I possibly correct this by changing something in the > YAFFS file-system code. I tried mounting the yaffs partition by > appening the context= option in Android's init.rc but the mount fails. > I should add that I am able to execute getfilecon on YAFFS (extended > attributes have been ported to YAFFS) successfully but setfilecon > fails possibly due to the above debug print. And as previously > mentioned, I attempt set/getfilecon only after a load_policy. Also, > all other filesystems (rootfs, procfs, tmpfs etc. are correctly > initialised on policy load) You need to add a fs_use_xattr statement to your policy configuration for yaffs2. Similar to the existing statements for ext[234]. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.