Context option on mount can be used...or via genfscon statements if applicable
On Apr 12, 2014 7:53 PM, "ge" <geshifei@xxxxxxx> wrote:
hi,everyone.I meet with a problem(seandroid 4.4):As we know,/data was mountedas ext4 partition in original version. Additional I mount /data as apsuedo filesystme.the sepolicy of external/sepolicy/fs_use is changed as follow:...fs_use_xattr ext4 u:object_r:labeledfs:s0;...fs_use_trans psuedosystem u:object_r: psuedosystem :s0I found that after power on mobile phone,every app is running ok,andsecontext of files in /data(psuedo filesystem layer) is"u:object_r: psuedosystem :s0" , and secontext of filesin /data(ext4 layer) is correct with sepolicy,such as"u:object_r:app_data_file:s0".
but when I install a new app,the secontext of app's dirs and files in ext4partition is inherited from app installed dir /data/data,sosecontext is"u:object_r:system_data_file:s0",the right should be "u:object_r:app_data_file:s0".I think this problem maybe caused by :when mount /data on psuedo filesystem,the/data represent ext4 filesystem is hide.So set selinux xattr,kernel only can operatepsuedo filesystem file.could someone tell me when install a new package ,how seandroid label package dirand files with external/sepolicy/fs_use above? If seandroid call systemcall "setxattr" to setselinux context, i will modify the psuedo file system not operate psuedo filesystem filebut lower ext4 file in /data.thanks for your help.
