Sounds to me like you never loaded a policy. I'd bet you are getting inside the if (!ss_initialized) section of security_sid_to_context_core. You have to load a policy before you can properly set and retrieve labels. -Eric On Wed, Nov 16, 2011 at 1:15 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote: > Hi again, > > I am trying to set/get file SELinux contexts using the set/getfilecon > programs. I added debug prints in the kernel to track code flow. I notice > that although setfilecon succeeds on a given file, a subsequent call to > getfilecon on the same file returns the string "kernel" irrespective of the > context that was set using setfilecon. On any other file whose context is > not set yet, getfilecon properly returns the string "unlabeled" > > I suspect the inode struct in the kernel is not being updated properly after > a setxattr call. Has anyone else faced a similar problem? I am working on > Android's Nexus one phone. > > Thanks, > Bhargava > > On Fri, Nov 11, 2011 at 12:33 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote: >>> >>> Don't set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX, and then you >>> don't need to set a value at all. The only purpose of the option is to >>> force the kernel to report an older version than it truly supports, and >>> that was only to deal with a compatibility issue in Fedora 2/3. >> >> This somehow slipped my mind. Thanks, problem solved. >> >> Regards, >> Bhargava Shastry > > > > -- > Bhargava Shastry > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
