On Mon, 2011-11-21 at 16:45 +0100, Bhargava Shastry wrote: > Hello, > > On loading an SELinux policy, I see that SELinux recognises the YAFFS > blocks on Android as FS where labeling is not supported. Here is a > sample dmesg print: > "SELinux: initialized (dev mtdblock3, type yaffs2), not configured for > labeling" > > On looking into the SELinux code, I see that such a print is spat out > on a check for a file-system superblock security attribute called > "behavior". Could I possibly correct this by changing something in the > YAFFS file-system code. I tried mounting the yaffs partition by > appening the context= option in Android's init.rc but the mount fails. > I should add that I am able to execute getfilecon on YAFFS (extended > attributes have been ported to YAFFS) successfully but setfilecon > fails possibly due to the above debug print. And as previously > mentioned, I attempt set/getfilecon only after a load_policy. Also, > all other filesystems (rootfs, procfs, tmpfs etc. are correctly > initialised on policy load) You need to add a fs_use_xattr statement to your policy configuration for yaffs2. Similar to the existing statements for ext[234]. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
