All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Gunnerson <andrewgunnerson@gmail.com>
To: selinux@tycho.nsa.gov
Subject: "SELinux: ebitmap: truncated map" after editing with libsepol
Date: Wed, 17 Dec 2014 04:30:09 -0500	[thread overview]
Message-ID: <54914D21.9030800@gmail.com> (raw)

Hello all,

I have a very simple test program to help with debugging my Android
dual booting project. It reads the current policy from 
/sys/fs/selinux/policy,
changes a single type to be permissive, and then loads the new policy
by writing it to /sys/fs/selinux/load. The problem is, after editing the
policy with sepol, it fails to load and the kernel prints the following
message in dmesg: "SELinux: ebitmap: truncated map".

The program reads and writes the policy file using the standard fopen
and policydb_read/policydb_write calls. I then set a few types to be
permissive using the following loop:

     ...
     char *name;
     int is_permissive;
     char **types = (null terminated char* array)
     char **type;
     ...
     for (unsigned int i = 0; i < pdb->p_types.nprim - 1; i++) {
         name = pdb->p_type_val_to_name[i];
         is_permissive = ebitmap_get_bit(&pdb->permissive_map, i + 1);

         if (!is_permissive) {
             for (type = types; *type; type++) {
                 if (strcmp(*type, name) == 0) {
                     ebitmap_set_bit(&pdb->permissive_map, i + 1, 1);
                     break;
                 }
             }
         }
     }
     ...

I've been trying to debug this for many hours, but I can't seem to figure
out why this is happening. Is there a simple mistake I'm overlooking or
am I approaching this in a completely wrong way?

Thanks in advance! Any help is greatly appreciated!

Andrew Gunnerson


PS: This is running on Android 5.0 with libsepol 2.4-rc4 and kernel
3.4.0-g88fbc66.

             reply	other threads:[~2014-12-17  9:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-17  9:30 Andrew Gunnerson [this message]
2014-12-17 14:02 ` "SELinux: ebitmap: truncated map" after editing with libsepol Stephen Smalley
2014-12-17 14:04   ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54914D21.9030800@gmail.com \
    --to=andrewgunnerson@gmail.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.