GalaticStryder
commented
7 years ago It looks like needed even though the there's no problem running the new changes on marshmallow, it might be causing watchdog bites...
Closed GalaticStryder closed 7 years ago
GalaticStryder
commented
7 years ago It looks like needed even though the there's no problem running the new changes on marshmallow, it might be causing watchdog bites...
GalaticStryder
commented
7 years ago The result of adb shell dmesg | grep SELinux command without the old APIs:
[ 0.000222 / 01-01 00:00:00.000] SELinux: Initializing.
[ 0.000276 / 01-01 00:00:00.000] SELinux: Starting in permissive mode
[ 0.426582 / 01-01 00:00:00.419] SELinux: Registering netfilter hooks
[ 1.624745 / 01-02 07:39:30.510] SELinux: 2048 avtab hash slots, 11121 rules.
[ 1.627859 / 01-02 07:39:30.513] SELinux: 2048 avtab hash slots, 11121 rules.
[ 1.627881 / 01-02 07:39:30.513] SELinux: 1 users, 2 roles, 982 types, 0 bools, 1 sens, 1024 cats
[ 1.627894 / 01-02 07:39:30.513] SELinux: 87 classes, 11121 rules
[ 1.628847 / 01-02 07:39:30.513] SELinux: Completing initialization.
[ 1.628855 / 01-02 07:39:30.513] SELinux: Setting up existing superblocks.
[ 1.628873 / 01-02 07:39:30.513] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
[ 1.628891 / 01-02 07:39:30.513] SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
[ 1.629167 / 01-02 07:39:30.513] SELinux: initialized (dev bdev, type bdev), not configured for labeling
[ 1.629185 / 01-02 07:39:30.513] SELinux: initialized (dev proc, type proc), uses genfs_contexts
[ 1.629208 / 01-02 07:39:30.513] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 1.629231 / 01-02 07:39:30.513] SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
[ 1.641020 / 01-02 07:39:30.526] SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
[ 1.641042 / 01-02 07:39:30.526] SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
[ 1.641057 / 01-02 07:39:30.526] SELinux: initialized (dev anon_inodefs, type anon_inodefs), not configured for labeling
[ 1.641073 / 01-02 07:39:30.526] SELinux: initialized (dev devpts, type devpts), uses transition SIDs
[ 1.641102 / 01-02 07:39:30.526] SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
[ 1.641208 / 01-02 07:39:30.526] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 1.641241 / 01-02 07:39:30.526] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
[ 1.649122 / 01-02 07:39:30.533] init: (Initializing SELinux non-enforcing took 0.03s.)
[ 1.938040 / 01-02 07:39:30.823] init: SELinux: Could not get canonical path /adb_keys restorecon: No such file or directory.
[ 2.547399 / 01-02 07:39:31.433] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.547694 / 01-02 07:39:31.433] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 2.548994 / 01-02 07:39:31.433] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 2.572978 / 01-02 07:39:31.456] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.577765 / 01-02 07:39:31.460] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.696592 / 01-02 07:39:31.580] SELinux: initialized (dev mmcblk0p30, type ext4), uses xattr
[ 2.703223 / 01-02 07:39:31.586] SELinux: initialized (dev mmcblk0p35, type ext4), uses xattr
[ 2.763048 / 01-02 07:39:31.646] SELinux: initialized (dev mmcblk0p35, type ext4), uses xattr
[ 2.765414 / 01-02 07:39:31.646] SELinux: initialized (dev mmcblk0p31, type ext4), uses xattr
[ 2.767806 / 01-02 07:39:31.650] SELinux: initialized (dev mmcblk0p14, type ext4), uses xattr
[ 2.774801 / 01-02 07:39:31.656] SELinux: initialized (dev mmcblk0p1, type vfat), uses mountpoint labeling
[ 2.777016 / 01-02 07:39:31.660] SELinux: initialized (dev mmcblk0p22, type ext4), uses xattr
[ 2.779569 / 01-02 07:39:31.663] SELinux: initialized (dev mmcblk0p21, type ext4), uses xattr
[ 2.781990 / 01-02 07:39:31.663] SELinux: initialized (dev mmcblk0p25, type ext4), uses xattr
[ 2.782011 / 01-02 07:39:31.663] SELinux: Context u:object_r:mpt_file:s0 is not valid (left unmapped).
[ 3.929670 / 01-02 07:39:32.813] init: SELinux: Could not get canonical path /sys/block/sda/queue/scheduler restorecon: No such file or directory.
[ 3.929795 / 01-02 07:39:32.813] init: SELinux: Could not get canonical path /sys/block/sde/queue/scheduler restorecon: No such file or directory.
[ 3.929915 / 01-02 07:39:32.813] init: SELinux: Could not get canonical path /sys/block/dm-0/queue/scheduler restorecon: No such file or directory.
[ 19.440005 / 10-01 15:51:28.263] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 19.445237 / 10-01 15:51:28.266] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 19.446113 / 10-01 15:51:28.266] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 27.275669 / 10-01 15:51:36.096] [Lambda] Making SELinux more friendlyNeeds more testing to figure out the watchdog bites, though.
GalaticStryder
commented
7 years ago The result of adb shell dmesg | grep SELinux command without the new APIs:
[ 0.000220 / 01-01 00:00:00.000] SELinux: Initializing.
[ 0.000273 / 01-01 00:00:00.000] SELinux: Starting in permissive mode
[ 0.427432 / 01-01 00:00:00.419] SELinux: Registering netfilter hooks
[ 1.628255 / 01-03 03:08:42.510] SELinux: 2048 avtab hash slots, 11121 rules.
[ 1.628325 / 01-03 03:08:42.510] SELinux: Android master kernel running Android M policy in compatibility mode.
[ 1.631270 / 01-03 03:08:42.513] SELinux: 2048 avtab hash slots, 11121 rules.
[ 1.631291 / 01-03 03:08:42.513] SELinux: 1 users, 2 roles, 982 types, 0 bools, 1 sens, 1024 cats
[ 1.631304 / 01-03 03:08:42.513] SELinux: 87 classes, 11121 rules
[ 1.632245 / 01-03 03:08:42.513] SELinux: Completing initialization.
[ 1.632253 / 01-03 03:08:42.513] SELinux: Setting up existing superblocks.
[ 1.632273 / 01-03 03:08:42.513] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
[ 1.632290 / 01-03 03:08:42.513] SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
[ 1.632565 / 01-03 03:08:42.513] SELinux: initialized (dev bdev, type bdev), not configured for labeling
[ 1.632583 / 01-03 03:08:42.513] SELinux: initialized (dev proc, type proc), uses genfs_contexts
[ 1.632606 / 01-03 03:08:42.513] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 1.632629 / 01-03 03:08:42.513] SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
[ 1.644482 / 01-03 03:08:42.526] SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
[ 1.644503 / 01-03 03:08:42.526] SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
[ 1.644519 / 01-03 03:08:42.526] SELinux: initialized (dev anon_inodefs, type anon_inodefs), not configured for labeling
[ 1.644535 / 01-03 03:08:42.526] SELinux: initialized (dev devpts, type devpts), uses transition SIDs
[ 1.644563 / 01-03 03:08:42.526] SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
[ 1.644667 / 01-03 03:08:42.526] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 1.644698 / 01-03 03:08:42.526] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
[ 1.652523 / 01-03 03:08:42.533] init: (Initializing SELinux non-enforcing took 0.03s.)
[ 1.935627 / 01-03 03:08:42.816] init: SELinux: Could not get canonical path /adb_keys restorecon: No such file or directory.
[ 2.534196 / 01-03 03:08:43.416] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.534479 / 01-03 03:08:43.416] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 2.535774 / 01-03 03:08:43.416] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 2.559753 / 01-03 03:08:43.440] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.564517 / 01-03 03:08:43.443] SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
[ 2.701200 / 01-03 03:08:43.580] SELinux: initialized (dev mmcblk0p30, type ext4), uses xattr
[ 2.707845 / 01-03 03:08:43.586] SELinux: initialized (dev mmcblk0p35, type ext4), uses xattr
[ 2.767704 / 01-03 03:08:43.646] SELinux: initialized (dev mmcblk0p35, type ext4), uses xattr
[ 2.770265 / 01-03 03:08:43.650] SELinux: initialized (dev mmcblk0p31, type ext4), uses xattr
[ 2.772688 / 01-03 03:08:43.650] SELinux: initialized (dev mmcblk0p14, type ext4), uses xattr
[ 2.779675 / 01-03 03:08:43.660] SELinux: initialized (dev mmcblk0p1, type vfat), uses mountpoint labeling
[ 2.781935 / 01-03 03:08:43.660] SELinux: initialized (dev mmcblk0p22, type ext4), uses xattr
[ 2.784548 / 01-03 03:08:43.663] SELinux: initialized (dev mmcblk0p21, type ext4), uses xattr
[ 2.786983 / 01-03 03:08:43.666] SELinux: initialized (dev mmcblk0p25, type ext4), uses xattr
[ 2.787004 / 01-03 03:08:43.666] SELinux: Context u:object_r:mpt_file:s0 is not valid (left unmapped).
[ 3.959150 / 01-03 03:08:44.836] init: SELinux: Could not get canonical path /sys/block/sda/queue/scheduler restorecon: No such file or directory.
[ 3.959261 / 01-03 03:08:44.836] init: SELinux: Could not get canonical path /sys/block/sde/queue/scheduler restorecon: No such file or directory.
[ 3.959380 / 01-03 03:08:44.836] init: SELinux: Could not get canonical path /sys/block/dm-0/queue/scheduler restorecon: No such file or directory.
[ 19.441842 / 10-02 11:20:39.203] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 19.443145 / 10-02 11:20:39.206] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 19.444209 / 10-02 11:20:39.206] SELinux: initialized (dev fuse, type fuse), uses genfs_contexts
[ 27.245241 / 10-02 11:20:47.006] [Lambda] Making SELinux more friendlyRunning in compatibility mode on enforcing seems fine, all entries and types are preserved. There's no need to re-do or to implement the config.
Create a config called CONFIG_SECURITY_SELINUX_ANDROID_NOUGAT to make the new SELinux code disabled for marshmallow configuration files if - in case - it doesn't work. We can use diff recursively between the lambda-devel and lambda branches to find out where to put the new config #ifdef.