Re: SE Android on Galaxy Nexus

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: Subramani Venkatesh <selinuxv31@gmail.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: SE Android on Galaxy Nexus
Date: Fri, 02 Mar 2012 10:39:36 -0500	[thread overview]
Message-ID: <1330702776.2616.43.camel@moss-pluto> (raw)
In-Reply-To: <CAD8iFzx70mZyFbqTju=oVm1uLRx=Nic6Y8drsbiM-Vxqw3F8cw@mail.gmail.com>

On Fri, 2012-03-02 at 10:29 -0500, Subramani Venkatesh wrote:
> Hi,
> I got SE Android working on Galaxy Nexus, followed instructions from
> http://selinuxproject.org/page/SEAndroid
> After executing "setenforce 1", launching applications works as
> expected, but it is only short period of time, later it reboots. Would
> like to debug the issues, Is their any guide to debug SE on Android?

Did you try the policy changes posted by Bryan Hinton for the Galaxy
Nexus?  See:
http://marc.info/?l=selinux&m=132752617008734&w=2

Before running setenforce 1, you should check for any avc messages in
your dmesg output, e.g.
adb shell dmesg | grep avc

Such denials need to be addressed through policy changes or labeling
changes before you go to enforcing mode.

You might want to start a process capturing dmesg output just before you
go to enforcing mode, e.g.
adb shell su 0 cat /proc/kmsg

adb logcat *:E can also be helpful.

-- 
Stephen Smalley
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2012-03-02 15:39 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-02 15:29 SE Android on Galaxy Nexus Subramani Venkatesh
2012-03-02 15:39 ` Stephen Smalley [this message]
2012-03-02 16:03   ` Subramani Venkatesh
2012-03-02 17:51     ` Bryan Hinton
2012-03-02 19:31       ` Stephen Smalley
2012-03-02 22:13         ` Bryan Hinton
2012-03-06 19:16           ` Stephen Smalley
2012-03-06 19:26             ` Bryan Hinton
2012-03-02 20:26       ` Stephen Smalley
2012-03-02 22:16         ` Bryan Hinton
2012-03-02 23:02           ` Subramani Venkatesh
2012-03-06  2:42           ` Subramani Venkatesh
2012-03-06 16:18             ` Bryan Hinton
2012-03-06 19:01           ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1330702776.2616.43.camel@moss-pluto \
    --to=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=selinuxv31@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.