Sounds to me like you never loaded a policy. I'd bet you are getting
inside the if (!ss_initialized) section of
security_sid_to_context_core. You have to load a policy before you
can properly set and retrieve labels.
Thanks, loading policy fixed the problem although I wonder why one shouldn't be able to set xattr in the absence of a policy.
On Wed, Nov 16, 2011 at 1:15 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
> Hi again,
>
> I am trying to set/get file SELinux contexts using the set/getfilecon
> programs. I added debug prints in the kernel to track code flow. I notice
> that although setfilecon succeeds on a given file, a subsequent call to
> getfilecon on the same file returns the string "kernel" irrespective of the
> context that was set using setfilecon. On any other file whose context is
> not set yet, getfilecon properly returns the string "unlabeled"
>
> I suspect the inode struct in the kernel is not being updated properly after
> a setxattr call. Has anyone else faced a similar problem? I am working on
> Android's Nexus one phone.
>
> Thanks,
> Bhargava
>
> On Fri, Nov 11, 2011 at 12:33 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
>>>
>>> Don't set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX, and then you
>>> don't need to set a value at all. The only purpose of the option is to
>>> force the kernel to report an older version than it truly supports, and
>>> that was only to deal with a compatibility issue in Fedora 2/3.
>>
>> This somehow slipped my mind. Thanks, problem solved.
>>
>> Regards,
>> Bhargava Shastry
>
>
>
> --
> Bhargava Shastry
>
--
Bhargava Shastry
