Linux 2.6.32 supported policy.24, unless you forced it to an older
version via CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE (which
you shouldn't set in your kernel config at all; it only exists to
address a backward compatibility problem for Fedora Core 3/4). Maybe we
should get rid of that option altogether.
I've been using policy.24 policies for Android on the emulator (2.6.29)
and on the Nexus S phones (2.6.35).
The default value for CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE was 19 on my msm 2.6.32 kernel. I wonder why. Besides, like I mentioned before, I tried to change it to 24 (on seeing the policy mismatch print) but I can only set it to 23 (max value menuconfig allows me to enter).
> As regards Mr.Russell's comment, I'm afraid I won't be able to makeYou don't need an xattr patch anymore; upstream yaffs2 has xattr
> the binaries public at the moment. However, in order to get SELinux
> enabled on the Android kernel one could simply do a menuconfig and
> enable NSA SELinux support. Personally, I referred to this:
> http://www.linuxtopia.org/online_books/linux_kernel/kernel_configuration/ch09s06.html . As for the Xattr patch for Android's yaffs FS, it is available publicly here: http://www.enck.org/tools/yaffs_xattr.patch
support. You might need to back port newer upstream yaffs2 into your
Android kernel if your Android kernel's yaffs2 lacks such support. You
also need a patch that I posted to the yaffs2 mailing list to ensure
labeling of new files at creation time, as that isn't provided by
default by the xattr support.
Thanks for the info. I shall apply the labeling patch as well.
--
Stephen Smalley
National Security Agency
--
Bhargava Shastry
