From: Joman Chu <jcchu@tycho.ncsc.mil>
To: Cesar Maiorino <cesar.maiorino@gmail.com>
Cc: William Roberts <bill.c.roberts@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: Problem with SEManager app on Seandroid 4.0.4
Date: Wed, 12 Sep 2012 11:37:13 -0400 [thread overview]
Message-ID: <5050AC29.30400@tycho.ncsc.mil> (raw)
In-Reply-To: <CAN93RkJ24TMdj7J-yWRE14HhPaGdAYoOMcvLyyA_r0D_eGXzzA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2057 bytes --]
On 09/12/2012 11:01 AM, Cesar Maiorino wrote:
> I did have these in my init.rc, but my build was not copying init.rc
> to to the out directory.
> I copied it over manually and rebuilt the boot.img and it now I can
> change the values.
> So that is progress.
> Now, however, when I toggle on SELinux, my device locks up. On reboot
> it is stuck at the
> lock screen.
> Thanks for the help.
>
> On Tue, Sep 11, 2012 at 4:37 PM, William Roberts
> <bill.c.roberts@gmail.com <mailto:bill.c.roberts@gmail.com>> wrote:
>
> My guess is you need to change the permissions of /selinux/*
> (/selinux/booleans for the booleans) to system system.
>
> the init.rc needs to have chown system system for all of the booleans,
> setenforce etc
>
> chown system system /selinux/enforce
> chown -R system system /selinux/booleans
> chown system system /selinux/commit_pending_bools
>
> You'll need to patch in the recursive support or enumerate all the
> bools. The patch for recursive support can be found:
> https://android-review.googlesource.com/#/c/32220/
>
> Hope this helps.
>
>
> On Tue, Sep 11, 2012 at 1:23 PM, Cesar Maiorino
> <cesar.maiorino@gmail.com <mailto:cesar.maiorino@gmail.com>> wrote:
> > I finally got a version of seandroid (4.0.4) running on my
> Qualcomm MSM8960
> > Mobile Development Platform. This required some manual
> intervention as the
> > patch files did not all apply cleanly, so it's possible that
> I've messed
> > something up in the process.
> >
> > That being said, the SEManager app does not let me change any
> settings aside
> > from toggling "MAC Mode" on and off. So I can't change '"SELinux
> Mode"
> > (stuck in permissive), and I can't change any of the Booleans.
> >
> > AVC and MAC logging seem to be working.
> >
> > Any ideas?
> >
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
Perhaps you're running into AVC denials. Can you post the kernel logs
from /proc/kmsg?
[-- Attachment #2: Type: text/html, Size: 3724 bytes --]
next prev parent reply other threads:[~2012-09-12 15:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAN93RkJ63JnR-ajfVtKx772+NsFT=-P2_L7Cv3cr4rEAJxMYDg@mail.gmail.com>
2012-09-11 20:23 ` Problem with SEManager app on Seandroid 4.0.4 Cesar Maiorino
2012-09-11 20:37 ` William Roberts
2012-09-12 15:01 ` Cesar Maiorino
2012-09-12 15:37 ` Joman Chu [this message]
2012-09-12 15:49 ` Cesar Maiorino
2012-09-12 18:48 ` Cesar Maiorino
2012-09-12 20:29 ` William Roberts
2012-09-12 20:50 ` Cesar Maiorino
2012-09-12 21:08 ` William Roberts
2012-09-14 15:41 ` Joshua Brindle
2012-09-12 22:02 ` William Roberts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5050AC29.30400@tycho.ncsc.mil \
--to=jcchu@tycho.ncsc.mil \
--cc=bill.c.roberts@gmail.com \
--cc=cesar.maiorino@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.