SE Linux file system relabel

All of lore.kernel.org
 help / color / mirror / Atom feed

* SE Linux file system relabel
@ 2012-03-17 21:45 William Roberts
  2012-03-19 12:14 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: William Roberts @ 2012-03-17 21:45 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 818 bytes --]

I just stood SE Android up on a Maguro device. I have reviewed the patches
submitted to the mailing list, but I would like to understand how to do
some of this myself. I am trying to label the /factory files, currently
the factory files are labeled as:

drwxrwxr-x radio    radio             u:object_r:unlabeled:s0 factory

I modified sepolicy/attributes and included this line:

#All types used for /factory files.
attribute factory_type;

I then created sepolicy/factory.te file that is this:
type factory, factory_type;

I then modified sepolicy/file_contexts to include
# factory files
/factory(/.*)?  u:object_r:factory:s0

I am trying to figure out how to label that part of the filesystem from
scratch so I can understand the process a little better. Thanks for any
help!

-- 
Respectfully,

William C Roberts

[-- Attachment #2: Type: text/html, Size: 1105 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: SE Linux file system relabel
  2012-03-17 21:45 SE Linux file system relabel William Roberts
@ 2012-03-19 12:14 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2012-03-19 12:14 UTC (permalink / raw)
  To: William Roberts; +Cc: selinux

On Sat, 2012-03-17 at 14:45 -0700, William Roberts wrote:
> I just stood SE Android up on a Maguro device. I have reviewed the
> patches submitted to the mailing list, but I would like to understand
> how to do some of this myself. I am trying to label the /factory
> files, currently the factory files are labeled as:
> 
> drwxrwxr-x radio    radio             u:object_r:unlabeled:s0 factory
> 
> 
> I modified sepolicy/attributes and included this line:
> 
> 
> #All types used for /factory files.
> attribute factory_type;
>  
> I then created sepolicy/factory.te file that is this:
> type factory, factory_type;
> 
> 
> 
> I then modified sepolicy/file_contexts to include
> # factory files
> /factory(/.*)?  u:object_r:factory:s0
> 
> 
> I am trying to figure out how to label that part of the filesystem
> from scratch so I can understand the process a little better. Thanks
> for any help!

Note that Bryan Hinton's patch for init.tuna.rc added restorecon
commands for /factory and its files.  Or you can run the same commands
from an adb shell.  restorecon is a new toolbox command and a new init
built-in command.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-03-19 12:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-17 21:45 SE Linux file system relabel William Roberts
2012-03-19 12:14 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.