File "/home/ubuntu-user/Selinux/.repo/repo/main.py", line 385, in <module>
_Main(sys.argv[1:])
File "/home/ubuntu-user/Selinux/.repo/repo/main.py", line 365, in _Main
result = repo._Run(argv) or 0
File "/home/ubuntu-user/Selinux/.repo/repo/main.py", line 137, in _Run
result = cmd.Execute(copts, cargs)
File "/home/ubuntu-user/Selinux/.repo/repo/subcmds/sync.py", line 469, in Execute
project.Sync_LocalHalf(syncbuf)
File "/home/ubuntu-user/Selinux/.repo/repo/project.py", line 1049, in Sync_LocalHalf
lost = self._revlist(not_rev(revid), HEAD)
File "/home/ubuntu-user/Selinux/.repo/repo/project.py", line 1791, in _revlist
return self.work_git.rev_list(*a, **kw)
File "/home/ubuntu-user/Selinux/.repo/repo/project.py", line 1936, in rev_list
p.stderr))
error.GitError: dalvik rev-list ('^938208a28b56f360c6cb0fb3a5e57d6121924a93', 'HEAD', '--'): fatal: bad object HEAD
Any idea?
On Mon, Aug 13, 2012 at 8:01 PM, William Roberts <bill.c.roberts@xxxxxxxxx> wrote:
I would delete your local_manifest.xml file under .repo and then do
another sync on it.
Once you can check out aosp cleanly, then I would move back to getting
the SEAndroid add ons.. Also, the remotes for seandroid moved to
bitbucket and we have issues with non-ssh checkouts over it. I would
do an ssh checkout by:
creating a bitbucket.org account and adding an ssh key
git clone git://git.selinuxproject.org/~seandroid/manifests
cd manifests
git checkout -b master-ssh origin/master-ssh
cp local_manifest.xml to .repo directory
Then do a new repo sync...
Bill
On Mon, Aug 13, 2012 at 1:37 AM, Alexandra Test
<testalexandrainstitute@xxxxxxxxx> wrote:
> My version was a bit old so I decided to update it.
>
> Unfortunately it cannot succeed, this is the error:
> update-apt-xapian-index has closedReceiving objects: 82% (4843/5898),
> 299.71 Mifatal: The remote end hung up unexpectedly65 MiB | 411 KiB/s
> fatal: early EOF
> fatal: index-pack failed
> remote: Counting objects: 5898, done.
> remote: Compressing objects: 100% (2778/2778), done.
> ^Cerror: Cannot fetch device-samsung-tuna77 MiB | 400 KiB/s
> I am using the master version. If I look into the folder it did not write
> anything inside...
>
> Thanks for your help
>
> On Thu, Aug 9, 2012 at 8:23 PM, William Roberts <bill.c.roberts@xxxxxxxxx>
> wrote:
>>
>> I dont see any denials being cuase be gapps so thats ok.
>>
>> What version if SEAndroid are you running?
>>
>> You can pipe your denial logs (dmesg) through a tool called
>> audit2allow to get a more concise reading. It often helps to make sens
>> of things
>>
>> adb shell dmesg | audit2allow
>>
>> It looks like some things are not getting labeled properly
>> #============= mediaserver ==============
>> allow mediaserver device:chr_file { read write ioctl open };
>> allow mediaserver system_data_file:dir { read open };
>> allow mediaserver system_data_file:file open;
>>
>> We dont care about shell
>> #============= shell ==============
>> allow shell device:chr_file { read write getattr ioctl };
>>
>> We may need to allow this in the policy...need to put more thought in it.
>> #============= system ==============
>> allow system proc:file write;
>> allow system rild:unix_stream_socket connectto;
>>
>> Denials explained:
>> allow system proc:file write is from this denial:
>> <5>[ 24.782653] type=1400 audit(1344517139.820:6): avc: denied {
>> write } for pid=404 comm="LocationManager" name="mcspi1_cs3_ctrl"
>> dev=proc ino=4026532651 scontext=u:r:system:s0
>> tcontext=u:object_r:proc:s0 tclass=file
>> This should be fixed on tuna/maguro device...
>>
>> allow system rild:unix_stream_socket connectto is from this denial
>> <5>[ 25.809204] type=1400 audit(1344517140.843:7): avc: denied {
>> connectto } for pid=460 comm="GpsLocationProv"
>> path=004D756C7469636C69656E74 scontext=u:r:system:s0
>> tcontext=u:r:rild:s0 tclass=unix_stream_socket
>> This should be fixed..
>>
>> Media server denies
>> <5>[ 26.586181] type=1400 audit(1344517141.625:8): avc: denied {
>> read } for pid=175 comm=42696E646572205468726561642023
>> name="rproc_user" dev=tmpfs ino=2868 scontext=u:r:mediaserver:s0
>> tcontext=u:object_r:device:s0 tclass=chr_file
>> <5>[ 26.586364] type=1400 audit(1344517141.625:9): avc: denied {
>> open } for pid=175 comm=42696E646572205468726561642023
>> name="rproc_user" dev=tmpfs ino=2868 scontext=u:r:mediaserver:s0
>> tcontext=u:object_r:device:s0 tclass=chr_file
>> <5>[ 26.602386] type=1400 audit(1344517141.640:10): avc: denied {
>> write } for pid=175 comm=42696E646572205468726561642023
>> name="rpmsg-omx1" dev=tmpfs ino=3045 scontext=u:r:mediaserver:s0
>> tcontext=u:object_r:device:s0 tclass=chr_file
>> <5>[ 26.602783] type=1400 audit(1344517141.640:11): avc: denied {
>> ioctl } for pid=175 comm=42696E646572205468726561642023
>> path="/dev/rpmsg-omx1" dev=tmpfs ino=3045 scontext=u:r:mediaserver:s0
>> tcontext=u:object_r:device:s0 tclass=chr_file
>>
>> The problem here comes from labeling:
>> /dev/rpmsg-omx1 is not labeled properly but should be, it was fixed in
>> external/sepolicy commit ee5f4005
>>
>> Make sure your seandroid is up to date, I have a feeling you need to
>> update your local_manifest.xml file and do a new repo sync..
>>
>> I am also forwarding this to the public mailing list, so others can
>> learn from this and answer problems before they arise. I hope this
>> helps, and for now on direct these types of questions back to the
>> mailing list to help others out.
>>
>> Bill
>>
>> On Thu, Aug 9, 2012 at 6:15 AM, Alexandra Test
>> <testalexandrainstitute@xxxxxxxxx> wrote:
>> > Hi William,
>> > I tried again and it did not work again.
>> > The reason why I installed from a gapp*.zip files is because it has all
>> > the
>> > dependencies verified; I tried before to install from the apk, extracted
>> > from the phone bu it did not work.
>> > I did the restorecon simply with this command:
>> > adb shell
>> > su
>> > mount -o rw,remount /dev/block/platform/omap/omap /system
>> > restorecon -R /system
>> > It does not work! how is it possible? the phone is still in permissive
>> > mode,
>> > I cannot change in enforcing mode
>> > The list of my denials:
>> > <5>[ 5.459838] type=1400 audit(1344517120.492:3): avc: denied {
>> > read
>> > write } for pid=129 comm="sh" name="ttyFIQ0" dev=tmpfs ino=2914
>> > scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
>> > <5>[ 5.537353] type=1400 audit(1344517120.570:4): avc: denied {
>> > getattr
>> > } for pid=129 comm="sh" path="/dev/ttyFIQ0" dev=tmpfs ino=2914
>> > scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
>> > <5>[ 5.538055] type=1400 audit(1344517120.570:5): avc: denied {
>> > ioctl }
>> > for pid=129 comm="sh" path="/dev/ttyFIQ0" dev=tmpfs ino=2914
>> > scontext=u:r:shell:s0 tcontext=u:object_r:device:s0 tclass=chr_file
>> > <5>[ 24.782653] type=1400 audit(1344517139.820:6): avc: denied {
>> > write }
>> > for pid=404 comm="LocationManager" name="mcspi1_cs3_ctrl" dev=proc
>> > ino=4026532651 scontext=u:r:system:s0 tcontext=u:object_r:proc:s0
>> > tclass=file
>> > <5>[ 25.809204] type=1400 audit(1344517140.843:7): avc: denied {
>> > connectto } for pid=460 comm="GpsLocationProv"
>> > path=004D756C7469636C69656E74 scontext=u:r:system:s0
>> > tcontext=u:r:rild:s0
>> > tclass=unix_stream_socket
>> > <5>[ 26.586181] type=1400 audit(1344517141.625:8): avc: denied {
>> > read }
>> > for pid=175 comm=42696E646572205468726561642023 name="rproc_user"
>> > dev=tmpfs
>> > ino=2868 scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>> > tclass=chr_file
>> > <5>[ 26.586364] type=1400 audit(1344517141.625:9): avc: denied {
>> > open }
>> > for pid=175 comm=42696E646572205468726561642023 name="rproc_user"
>> > dev=tmpfs
>> > ino=2868 scontext=u:r:mediaserver:s0 tcontext=u:object_r:device:s0
>> > tclass=chr_file
>> > <5>[ 26.602386] type=1400 audit(1344517141.640:10): avc: denied {
>> > write
>> > } for pid=175 comm=42696E646572205468726561642023 name="rpmsg-omx1"
>> > dev=tmpfs ino=3045 scontext=u:r:mediaserver:s0
>> > tcontext=u:object_r:device:s0
>> > tclass=chr_file
>> > <5>[ 26.602783] type=1400 audit(1344517141.640:11): avc: denied {
>> > ioctl
>> > } for pid=175 comm=42696E646572205468726561642023
>> > path="/dev/rpmsg-omx1"
>> > dev=tmpfs ino=3045 scontext=u:r:mediaserver:s0
>> > tcontext=u:object_r:device:s0
>> > tclass=chr_file
>> > <5>[ 26.775054] type=1400 audit(1344517141.812:12): avc: denied {
>> > read }
>> > for pid=175 comm=42696E646572205468726561642023
>> > name="R5_MVEN003_LD2_ND0_IR0_SH0_FL1_SVEN003_DCCID1044" dev=mmcblk0p12
>> > ino=138460 scontext=u:r:mediaserver:s0
>> > tcontext=u:object_r:system_data_file:s0 tclass=dir
>> > <5>[ 26.775268] type=1400 audit(1344517141.812:13): avc: denied {
>> > open }
>> > for pid=175 comm=42696E646572205468726561642023
>> > name="R5_MVEN003_LD2_ND0_IR0_SH0_FL1_SVEN003_DCCID1044" dev=mmcblk0p12
>> > ino=138460 scontext=u:r:mediaserver:s0
>> > tcontext=u:object_r:system_data_file:s0 tclass=dir
>> > <5>[ 26.775695] type=1400 audit(1344517141.812:14): avc: denied {
>> > open }
>> > for pid=175 comm=42696E646572205468726561642023 name="calib.bin"
>> > dev=mmcblk0p12 ino=138461 scontext=u:r:mediaserver:s0
>> > tcontext=u:object_r:system_data_file:s0 tclass=file
>> >
>> >
>> > Thanks for your help
>> >
>> >
>> >
>> > On Tue, Aug 7, 2012 at 7:06 PM, William Roberts
>> > <bill.c.roberts@xxxxxxxxx>
>> > wrote:
>> >>
>> >> 1. The seapp_contexts, file_contexts, sepolicy.24 and
>> >> property_contexts are in the ramdisk for the rootfs, which is in
>> >> boot.img. When a device is running, you will find these files in '/'.
>> >> (ls / will show them)
>> >>
>> >> 2. You can push any of those files, or all to /system/data and then
>> >> setprop selinux.reload_policy 1. See the info here:
>> >> http://selinuxproject.org/page/SEAndroid#SE_Android_Policy
>> >>
>> >> 3. You can extract apk's in many ways, this blog has a few:
>> >>
>> >>
>> >> http://mauweb.net/3.0/en/technology/17-android/100-icon-androidextracting-apk-files-from-your-android.html
>> >>
>> >> Bill
>> >>
>> >> On Tue, Aug 7, 2012 at 1:01 AM, Alexandra Test
>> >> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> > I installed the gapp (downloaded here
>> >> > https://faramir.eriador.org/r/gapps-ics-20120317-signed.zip) as an
>> >> > indipendent package and then I used restorecon.
>> >> >
>> >> > About the policy, I have two files in external/sepolicy/seapp_context
>> >> > and
>> >> > property_context
>> >> > Where can I find these files in the phone memory? do I need every
>> >> > time
>> >> > to
>> >> > modify the source files and then provide the system building?
>> >> > If I want to extract the gapp from the original build how can I do
>> >> > that?
>> >> >
>> >> > Thanks for your help
>> >> >
>> >> >
>> >> >
>> >> > On Mon, Aug 6, 2012 at 7:44 PM, William Roberts
>> >> > <bill.c.roberts@xxxxxxxxx>
>> >> > wrote:
>> >> >>
>> >> >> It should be working, as we wrote alot of the policy for that device
>> >> >> and didn't experience any denials. If your installing apps from
>> >> >> recovery (Like gapps), make sure you use the recovery.img that gets
>> >> >> built and not clock-work mod.
>> >> >>
>> >> >> On Mon, Aug 6, 2012 at 3:35 AM, Alexandra Test
>> >> >> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> >> > Hi Williams,
>> >> >> > sorry for the late reply, I was on vacation.
>> >> >> > I am using a Samsung Galaxy Nexus with the tuna master branch.
>> >> >> >
>> >> >> > Thanks for your help!
>> >> >> > Anna
>> >> >> >
>> >> >> >
>> >> >> > On Wed, Jul 18, 2012 at 7:31 PM, William Roberts
>> >> >> > <bill.c.roberts@xxxxxxxxx>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> You have a lot of denials. What device and branch of code are you
>> >> >> >> using?
>> >> >> >>
>> >> >> >> I might be able to help you get these fixed.
>> >> >> >>
>> >> >> >> On Wed, Jul 18, 2012 at 12:24 AM, Alexandra Test
>> >> >> >> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> >> >>>
>> >> >> >>> Yes, in the attached files you can see the denials.
>> >> >> >>>
>> >> >> >>> In permissive mode I can install everything.
>> >> >> >>>
>> >> >> >>> Any ideas?
>> >> >> >>>
>> >> >> >>> Il giorno 16/lug/2012 18:13, "William Roberts"
>> >> >> >>> <bill.c.roberts@xxxxxxxxx>
>> >> >> >>> ha scritto:
>> >> >> >>>
>> >> >> >>>> do have any denials? does installation work in permissive mode?
>> >> >> >>>>
>> >> >> >>>> On Jul 16, 2012 5:44 AM, "Alexandra Test"
>> >> >> >>>> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> >> >>>>>
>> >> >> >>>>> My phone is now is in enforcing mode but I can not install
>> >> >> >>>>> anything.
>> >> >> >>>>> I tried from google play but after the download, when it tries
>> >> >> >>>>> to
>> >> >> >>>>> install says:
>> >> >> >>>>> "the download url is not valid"
>> >> >> >>>>>
>> >> >> >>>>> Do I have to change the policies? I saw the app.te files in
>> >> >> >>>>> external/sepolicy in the build directory, but where can I fine
>> >> >> >>>>> the
>> >> >> >>>>> same file
>> >> >> >>>>> on the phone?
>> >> >> >>>>> Do I need to rebuild and reflash every time I change the
>> >> >> >>>>> policies?
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>>
>> >> >> >>>>> On Mon, Jul 16, 2012 at 12:47 PM, Alexandra Test
>> >> >> >>>>> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> >> >>>>>>
>> >> >> >>>>>> it works, thank you! :-)
>> >> >> >>>>>>
>> >> >> >>>>>>
>> >> >> >>>>>> On Sun, Jul 15, 2012 at 6:25 AM, Robert Craig
>> >> >> >>>>>> <robertpcraig@xxxxxxxxx>
>> >> >> >>>>>> wrote:
>> >> >> >>>>>>>
>> >> >> >>>>>>> On Fri, Jul 13, 2012 at 8:50 AM, Alexandra Test
>> >> >> >>>>>>> <testalexandrainstitute@xxxxxxxxx> wrote:
>> >> >> >>>>>>>
>> >> >> >>>>>>>>
>> >> >> >>>>>>>> I tried to investigate without success, so I decided to try
>> >> >> >>>>>>>> to
>> >> >> >>>>>>>> use
>> >> >> >>>>>>>> the restorecon. is it needed to be root?
>> >> >> >>>>>>>> on which files do I need to use restorecon? how?
>> >> >> >>>>>>>>
>> >> >> >>>>>>>
>> >> >> >>>>>>> You'll not only have to be root, but you'll also need to
>> >> >> >>>>>>> remount
>> >> >> >>>>>>> your
>> >> >> >>>>>>> system partition (android mounts it read only).
>> >> >> >>>>>>> I would try:
>> >> >> >>>>>>> adb shell
>> >> >> >>>>>>> su
>> >> >> >>>>>>> mount -o rw,remount </dev/block path for your device>
>> >> >> >>>>>>> /system
>> >> >> >>>>>>> restorecon -R /system
>> >> >> >>>>>>
>> >> >> >>>>>>
>> >> >> >>>>>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Respectfully,
>> >> >> >>
>> >> >> >> William C Roberts
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Respectfully,
>> >> >>
>> >> >> William C Roberts
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Respectfully,
>> >>
>> >> William C Roberts
>> >
>> >
>>
>>
>>
>> --
>> Respectfully,
>>
>> William C Roberts
>
>
--
Respectfully,
William C Roberts
