hi,everyone.
I meet with a problem(seandroid 4.4):As we know,/data was mounted
as ext4 partition in original version. Additional I mount /data as a
psuedo filesystme.
the sepolicy of external/sepolicy/fs_use is changed as follow:
...
fs_use_xattr ext4 u:object_r:labeledfs:s0;
...
fs_use_trans psuedosystem u:object_r:
psuedosystem :s0
I found that after power on mobile phone,every app is running ok,and
secontext of files in /data(psuedo filesystem layer) is
"u:object_r: psuedosystem :s0" , and secontext of files
in /data(ext4 layer) is correct with sepolicy,such as
"u:object_r:app_data_file:s0".
but when I install a new app,the secontext of app's dirs and files in ext4
partition is inherited from app installed dir /data/data,sosecontext is
"u:object_r:system_data_file:s0",the right should be "u:object_r:app_data_file:s0".
I think this problem maybe caused by :when mount /data on psuedo filesystem,the
/data represent ext4 filesystem is hide.So set selinux xattr,kernel only can operate
psuedo filesystem file.
could someone tell me when install a new package ,how seandroid label package dir
and files with external/sepolicy/fs_use above? If seandroid call systemcall "setxattr" to set
selinux context, i will modify the psuedo file system not operate psuedo filesystem file
but lower ext4 file in /data.
thanks for your help.
