[prev in list] [next in list] [prev in thread] [next in thread] 

List:       seandroid-list
Subject:    Re: Zygote denials
From:       Joshua Brindle <jbrindle () tresys ! com>
Date:       2012-09-26 14:47:30
Message-ID: 50631582.7040201 () tresys ! com
[Download RAW message or body]

Stephen Smalley wrote:
> On Wed, 2012-09-26 at 10:30 -0400, Joshua Brindle wrote:
>> Stephen Smalley wrote:
>>> On Wed, 2012-09-26 at 09:50 -0400, Joshua Brindle wrote:
>> <snip>
>>>> Now my fun is the category pairs, which nothing in /data/data is
>>>> properly labeled for. Any chance we could get a restoredatacon? :)
>>> That would be nice but seems a bit complicated, as you need all of the
>>> inputs to seapp_context_lookup() including seinfo.  Might be most easily
>>> implemented via an extension to installd, e.g. a new command to trigger
>>> relabeling of the /data/data directories that could be called from
>>> Installer.java, and then walk the list of packages and invoke it for
>>> each one.
>>>
>> Here is a hacktastic way to do it from the host, it blindly assumes c256
>> is the correct extra category which worked for me due to a smallish
>> number of apps:
>>
>> $ adb shell su -c ls -Z /data/data | grep :app_data_file: | awk '{
>> system ("adb shell su -c chcon " $(NF-1) ",c256 " "/data/data/" $NF) }'
>
> Oh, you were assuming that they had previously been labeled by SE
> Android, just not using the new category mapping.  I was thinking of a
> utility to let us set the labeling for /data/data on a completely
> unlabeled data partition to help with upgrading from regular Android to
> SE Android without doing a factory data reset.
>

I'd like a regular relabeling tool but at the moment my problem was the 
extra category :)

--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.

[prev in list] [next in list] [prev in thread] [next in thread]