Hi=2C

I am trying to enable =3BSELinux =3Bin Android platform. I= am getting the following error message:

[ = =3B 16.331402] init: invalid uid 'fm_radio'

[ =3B 17.759590]= EXT4-fs (mmcblk0p24): mounted filesystem with ordered data mode. Opts: bar= rier=3D1

[ =3B 17.767028] SELinux: (dev mmcblk0p24=2C type e= xt4) has no security xattr handler

[ =3B 17.775651] fs_mgr: = __mount(source=3D/dev/block/bootdevice/by-name/system=2Ctarget=3D/system=2C= type=3Dext4)=3D-1

[ =3B 17.783817] fs_mgr: Failed to mount a= n un-encryptable or wiped partition on/dev/block/bootdevice/by-name/system = at /system options: barrier=3D1 error: Operation not supported on transport= endpoint

[ =3B 17.802215] EXT4-fs (mmcblk0p29): Ignoring re= moved nomblk_io_submit option

[ =3B 17.821190] EXT4-fs (mmcb= lk0p29): mounted filesystem with ordered data mode. Opts: nomblk_io_submit= =2Cerrors=3Dremount-ro

[ =3B 17.830819] SELinux: (dev mmcblk= 0p29=2C type ext4) has no security xattr handler

[ =3B 17.84= 0383] fs_mgr: check_fs(): mount(/dev/block/bootdevice/by-name/userdata=2C/d= ata=2Cext4)=3D-1

[ =3B 17.847781] fs_mgr: Not running /syste= m/bin/e2fsck on /dev/block/bootdevice/by-name/userdata (executable not in s= ystem image)

[ =3B 17.865028] EXT4-fs (mmcblk0p29): mounted = filesystem with ordered data mode. Opts: barrier=3D1=2Cnoauto_da_alloc

[ =3B 17.873877] SELinux: (dev mmcblk0p29=2C type ext4) has no s= ecurity xattr handler

[ =3B 17.883072] fs_mgr: __mount(sourc= e=3D/dev/block/bootdevice/by-name/userdata=2Ctarget=3D/data=2Ctype=3Dext4)= =3D-1

[ =3B 17.892845] fs_mgr: fs_mgr_mount_all(): possibly = an encryptable blkdev /dev/block/bootdevice/by-name/userdata for mount /dat= a type ext4 )

[ =3B 17.904640] init: fs_mgr_mount_all return= ed an error

[ =3B 17.909559] init (273) used greatest stack = depth: 12824 bytes left

[ =3B 17.915496] init: fs_mgr_mount_= all returned unexpected error 255

[ =3B 17.926673] EXT4-fs (= mmcblk0p25): mounted filesystem with ordered data mode. Opts: barrier=3D1

[ =3B 17.934144] SELinux: (dev mmcblk0p25=2C type ext4) has n= o security xattr handler

[ =3B 17.948220] EXT4-fs (mmcblk0p2= 6): mounted filesystem with ordered data mode. Opts: barrier=3D1

= [ =3B 17.955632] SELinux: (dev mmcblk0p26=2C type ext4) has no securit= y xattr handler

[ =3B 17.964734] SELinux: Could not set cont= ext for /persist: =3BOperation not supported on transport endpoint

[ =3B 17.983614] SELinux: Could not set context for /cache: &nb= sp=3BRead-only file system

Th= e device is booting fine to home screen=2C But executable files inside syst= em/bin is not accessible. It seems system image is not getting mounted prop= erly. And because of that we are not able to do adb shell. Is this a known = issue?

I found this fix: =3Bhttp://permalink.gmane.org/gmane.comp.security.s= elinux/18999

Is this relevant?

<= br>

Thanks=2C

Avijit

= --_3f7709a0-9a72-4d78-8ccc-9702a92888fb_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s6M4qKF9004419 for ; Tue, 22 Jul 2014 00:52:20 -0400 Received: by mail-pa0-f54.google.com with SMTP id fa1so11076619pad.13 for ; Mon, 21 Jul 2014 21:52:04 -0700 (PDT) Received: from [192.168.1.2] ([59.89.21.65]) by mx.google.com with ESMTPSA id pv2sm9733312pbb.13.2014.07.21.21.52.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 21 Jul 2014 21:52:03 -0700 (PDT) Message-ID: <53CDEDED.1020302@gmail.com> Date: Tue, 22 Jul 2014 10:21:57 +0530 From: dE MIME-Version: 1.0 To: selinux@tycho.nsa.gov Subject: Re: File-system is not mounting when I am enabling selinux References: In-Reply-To: Content-Type: multipart/alternative; boundary="------------070100090306070603070607" List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: This is a multi-part message in MIME format. --------------070100090306070603070607 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 07/22/14 04:33, Avijit Das wrote: > Hi, > > I am trying to enable SELinux in Android platform. I am getting the > following error message: > > [ 16.331402] init: invalid uid 'fm_radio' > [ 17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered > data mode. Opts: barrier=1 > [ 17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security > xattr handler > [ 17.775651] fs_mgr: > __mount(source=/dev/block/bootdevice/by-name/system,target=/system,type=ext4)=-1 > [ 17.783817] fs_mgr: Failed to mount an un-encryptable or wiped > partition on/dev/block/bootdevice/by-name/system at /system options: > barrier=1 error: Operation not supported on transport endpoint > [ 17.802215] EXT4-fs (mmcblk0p29): Ignoring removed nomblk_io_submit > option > [ 17.821190] EXT4-fs (mmcblk0p29): mounted filesystem with ordered > data mode. Opts: nomblk_io_submit,errors=remount-ro > [ 17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security > xattr handler > [ 17.840383] fs_mgr: check_fs(): > mount(/dev/block/bootdevice/by-name/userdata,/data,ext4)=-1 > [ 17.847781] fs_mgr: Not running /system/bin/e2fsck on > /dev/block/bootdevice/by-name/userdata (executable not in system image) > [ 17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered > data mode. Opts: barrier=1,noauto_da_alloc > [ 17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security > xattr handler > [ 17.883072] fs_mgr: > __mount(source=/dev/block/bootdevice/by-name/userdata,target=/data,type=ext4)=-1 > [ 17.892845] fs_mgr: fs_mgr_mount_all(): possibly an encryptable > blkdev /dev/block/bootdevice/by-name/userdata for mount /data type ext4 ) > [ 17.904640] init: fs_mgr_mount_all returned an error > [ 17.909559] init (273) used greatest stack depth: 12824 bytes left > [ 17.915496] init: fs_mgr_mount_all returned unexpected error 255 > [ 17.926673] EXT4-fs (mmcblk0p25): mounted filesystem with ordered > data mode. Opts: barrier=1 > [ 17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security > xattr handler > [ 17.948220] EXT4-fs (mmcblk0p26): mounted filesystem with ordered > data mode. Opts: barrier=1 > [ 17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security > xattr handler > [ 17.964734] SELinux: Could not set context for /persist: Operation > not supported on transport endpoint > [ 17.983614] SELinux: Could not set context for /cache: Read-only > file system > > > The device is booting fine to home screen, But executable files inside > system/bin is not accessible. It seems system image is not getting > mounted properly. And because of that we are not able to do adb shell. > Is this a known issue? > > I found this fix: > http://permalink.gmane.org/gmane.comp.security.selinux/18999 > > Is this relevant? > > Thanks, > Avijit > No. ext4 is not implemented as FUSE. You need to mount th FS with xattr option to get SELinux support, after that you should do a relabel of the entire FS. --------------070100090306070603070607 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit

On 07/22/14 04:33, Avijit Das wrote:

Hi,

I am trying to enable SELinux in Android platform. I am getting the following error message:

[ 16.331402] init: invalid uid 'fm_radio'

[ 17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered data mode. Opts: barrier=1

[ 17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security xattr handler

[ 17.775651] fs_mgr: __mount(source=/dev/block/bootdevice/by-name/system,target=/system,type=ext4)=-1

[ 17.783817] fs_mgr: Failed to mount an un-encryptable or wiped partition on/dev/block/bootdevice/by-name/system at /system options: barrier=1 error: Operation not supported on transport endpoint

[ 17.802215] EXT4-fs (mmcblk0p29): Ignoring removed nomblk_io_submit option

[ 17.821190] EXT4-fs (mmcblk0p29): mounted filesystem with ordered data mode. Opts: nomblk_io_submit,errors=remount-ro

[ 17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security xattr handler

[ 17.840383] fs_mgr: check_fs(): mount(/dev/block/bootdevice/by-name/userdata,/data,ext4)=-1

[ 17.847781] fs_mgr: Not running /system/bin/e2fsck on /dev/block/bootdevice/by-name/userdata (executable not in system image)

[ 17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered data mode. Opts: barrier=1,noauto_da_alloc

[ 17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security xattr handler

[ 17.883072] fs_mgr: __mount(source=/dev/block/bootdevice/by-name/userdata,target=/data,type=ext4)=-1

[ 17.892845] fs_mgr: fs_mgr_mount_all(): possibly an encryptable blkdev /dev/block/bootdevice/by-name/userdata for mount /data type ext4 )

[ 17.904640] init: fs_mgr_mount_all returned an error

[ 17.909559] init (273) used greatest stack depth: 12824 bytes left

[ 17.915496] init: fs_mgr_mount_all returned unexpected error 255

[ 17.926673] EXT4-fs (mmcblk0p25): mounted filesystem with ordered data mode. Opts: barrier=1

[ 17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security xattr handler

[ 17.948220] EXT4-fs (mmcblk0p26): mounted filesystem with ordered data mode. Opts: barrier=1

[ 17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security xattr handler

[ 17.964734] SELinux: Could not set context for /persist: Operation not supported on transport endpoint

[ 17.983614] SELinux: Could not set context for /cache: Read-only file system

The device is booting fine to home screen, But executable files inside system/bin is not accessible. It seems system image is not getting mounted properly. And because of that we are not able to do adb shell. Is this a known issue?

I found this fix: http://permalink.gmane.org/gmane.comp.security.selinux/18999

Is this relevant?

Thanks,

Avijit

No. ext4 is not implemented as FUSE.

You need to mount th FS with xattr option to get SELinux support, after that you should do a relabel of the entire FS.
--------------070100090306070603070607-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s6MCChG8027063 for ; Tue, 22 Jul 2014 08:12:43 -0400 Message-ID: <53CE5531.4020306@tresys.com> Date: Tue, 22 Jul 2014 08:12:33 -0400 From: "Christopher J. PeBenito" MIME-Version: 1.0 To: Avijit Das , "selinux@tycho.nsa.gov" Subject: Re: File-system is not mounting when I am enabling selinux References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1" List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 7/21/2014 7:03 PM, Avijit Das wrote: > Hi, > > I am trying to enable SELinux in Android platform. I am getting the > following error message: > [ 17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security > xattr handler > [ 17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security > xattr handler > [ 17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered > data mode. Opts: barrier=1,noauto_da_alloc > [ 17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security > xattr handler > [ 17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security > xattr handler > [ 17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security > xattr handler Your ext4 is missing security labels (note no security xattr handler error), you need to turn on CONFIG_EXT4_FS_SECURITY. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <53CE586C.5080403@tycho.nsa.gov> Date: Tue, 22 Jul 2014 08:26:20 -0400 From: Stephen Smalley MIME-Version: 1.0 To: Avijit Das , "selinux@tycho.nsa.gov" Subject: Re: File-system is not mounting when I am enabling selinux References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 07/21/2014 07:03 PM, Avijit Das wrote: > Hi, > > I am trying to enable SELinux in Android platform. I am getting the > following error message: > > [ 16.331402] init: invalid uid 'fm_radio' > [ 17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered > data mode. Opts: barrier=1 > [ 17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security > xattr handler As Chris said, this indicates that your kernel configuration is missing an option required for SELinux, CONFIG_EXT4_FS_SECURITY=y, and therefore does not include the security xattr handlers. Also, questions regarding the Android SELinux support are best directed to the seandroid-list, subscribe by sending email to seandroid-list-join@tycho.nsa.gov. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s6N1e0dW012971 for ; Tue, 22 Jul 2014 21:40:00 -0400 Message-ID: Content-Type: multipart/alternative; boundary="_1aa00442-8794-49bf-bea3-0733aa9e254d_" From: Avijit Das To: "Christopher J. PeBenito" , "selinux@tycho.nsa.gov" Subject: RE: File-system is not mounting when I am enabling selinux Date: Tue, 22 Jul 2014 18:40:03 -0700 In-Reply-To: <53CE5531.4020306@tresys.com> References: , <53CE5531.4020306@tresys.com> MIME-Version: 1.0 List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: --_1aa00442-8794-49bf-bea3-0733aa9e254d_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Thanks a lot !! It resolved my purpose. Thanks=2CAvijit > Date: Tue=2C 22 Jul 2014 08:12:33 -0400 > From: cpebenito@tresys.com > To: avijitnsec@live.com=3B selinux@tycho.nsa.gov > Subject: Re: File-system is not mounting when I am enabling selinux >=20 > On 7/21/2014 7:03 PM=2C Avijit Das wrote: > > Hi=2C > >=20 > > I am trying to enable SELinux in Android platform. I am getting the > > following error message: >=20 > > [ 17.767028] SELinux: (dev mmcblk0p24=2C type ext4) has no security > > xattr handler > > [ 17.830819] SELinux: (dev mmcblk0p29=2C type ext4) has no security > > xattr handler > > [ 17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered > > data mode. Opts: barrier=3D1=2Cnoauto_da_alloc > > [ 17.873877] SELinux: (dev mmcblk0p29=2C type ext4) has no security > > xattr handler > > [ 17.934144] SELinux: (dev mmcblk0p25=2C type ext4) has no security > > xattr handler > > [ 17.955632] SELinux: (dev mmcblk0p26=2C type ext4) has no security > > xattr handler >=20 > Your ext4 is missing security labels (note no security xattr handler > error)=2C you need to turn on CONFIG_EXT4_FS_SECURITY. >=20 >=20 > --=20 > Chris PeBenito > Tresys Technology=2C LLC > www.tresys.com | oss.tresys.com = --_1aa00442-8794-49bf-bea3-0733aa9e254d_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Thanks a lot !!

It resolved my purpose.

Thanks=2C

Avi= jit

>=3B Date: Tue=2C 22 Jul 2014 08:12:33 -0400
>=3B Fr= om: cpebenito@tresys.com
>=3B To: avijitnsec@live.com=3B selinux@tycho= .nsa.gov
>=3B Subject: Re: File-system is not mounting when I am enabl= ing selinux
>=3B
>=3B On 7/21/2014 7:03 PM=2C Avijit Das wrote:<= br>>=3B >=3B Hi=2C
>=3B >=3B
>=3B >=3B I am trying to en= able SELinux in Android platform. I am getting the
>=3B >=3B followi= ng error message:
>=3B
>=3B >=3B [ 17.767028] SELinux: (dev = mmcblk0p24=2C type ext4) has no security
>=3B >=3B xattr handler
= >=3B >=3B [ 17.830819] SELinux: (dev mmcblk0p29=2C type ext4) has no = security
>=3B >=3B xattr handler
>=3B >=3B [ 17.865028] EXT= 4-fs (mmcblk0p29): mounted filesystem with ordered
>=3B >=3B data mo= de. Opts: barrier=3D1=2Cnoauto_da_alloc
>=3B >=3B [ 17.873877] SEL= inux: (dev mmcblk0p29=2C type ext4) has no security
>=3B >=3B xattr = handler
>=3B >=3B [ 17.934144] SELinux: (dev mmcblk0p25=2C type ex= t4) has no security
>=3B >=3B xattr handler
>=3B >=3B [ 17.= 955632] SELinux: (dev mmcblk0p26=2C type ext4) has no security
>=3B &g= t=3B xattr handler
>=3B
>=3B Your ext4 is missing security label= s (note no security xattr handler
>=3B error)=2C you need to turn on C= ONFIG_EXT4_FS_SECURITY.
>=3B
>=3B
>=3B --
>=3B Chris= PeBenito
>=3B Tresys Technology=2C LLC
>=3B www.tresys.com | oss= .tresys.com

= --_1aa00442-8794-49bf-bea3-0733aa9e254d_--