diff options
author | Amit Pundir <amit.pundir@linaro.org> | 2018-06-06 13:06:55 +0530 |
---|---|---|
committer | Amit Pundir <amit.pundir@linaro.org> | 2018-06-06 13:13:05 +0530 |
commit | 9bf4463c8cf54a5e43b014954606693cae806d07 (patch) | |
tree | 05d18529c7323bd14ba755d037fc5222b16d30c9 | |
parent | 4d008512934a2ecd6b9d714e4b507f64bf00c336 (diff) |
HACK: db820c: set selinux in permissive mode for now
Boot with selinux in permissive till we debug the launcher crash in
enforcing mode.
This will help boot test daily images on regular basis:
http://snapshots.linaro.org/96boards/dragonboard820c/linaro/aosp-master/
Flashback -->
----------
I noticed that couple of Robert Foss' patches:
* "egl/android: Add DRM node probing and filtering" [1], and
* "xf86drm: Add drmHandleMatch func" [2]
got pulled into external/mesa3d project of AOSP recently. They add an
extra layer of userspace filtering on drm device selection.
This aosp/external/mesa3d update introduced a handful of selinux
denials and initially display didn't come up at all on an already
functional db820. After sorting out most of the policies, I could see
bootanimation running up to finish line and AOSP launcher getting
started but it fails in between and home-screen never comes up. In the
logcat I see launcher3 app fails to find and open any drm device. Here
is the relevant logcat dump before and after toggling selinux from
enforcing to permissive https://pastebin.ubuntu.com/p/7JyMSx8WHh/. As
you can see in the log, launcher crashes with not able to find any drm
device, when in enforcing mode but works fine in permissive mode.
Complete dmesg + logcat dump https://pastebin.ubuntu.com/p/m52SssvkH9/
I further narrowed down this launcher crash to following zygote
selinux denial but it falls under AOSP's "neverallow" rules i.e.
"dac_read_search" permissions are not granted in AOSP and the only way
out is to set relevant permissions on specific device node or
sysfs/debugfs entries.
console:/ # setenforce 0
[ 163.225929] type=1400 audit(1527877459.636:10533): avc: denied {
dac_read_search } for comm="main" capability=2 scontext=u:r:zygote:s0
tcontext=u:r:zygote:s0 tclass=capability permissive=0
app=com.android.launcher3 duplicate messages suppressed
[ 163.226060] type=1404 audit(1527877460.468:10534): enforcing=0
old_enforcing=1 auid=4294967295 ses=4294967295
[ 163.685336] type=1400 audit(1527877460.928:10535): avc: denied {
dac_read_search } for comm="main" capability=2 scontext=u:r:zygote:s0
tcontext=u:r:zygote:s0 tclass=capability permissive=1
I tried changing ownership and permissions of /dev/dri, /dev/dri/* and
/sys/devices/platform/soc/900000.mdss/ and made them world accessible
but it didn't help. Also tried setting "drm.gpu.vendor_name" property
to "freedreno" but that didn't help either.
----------
Change-Id: I6d9e28bf9b15f8953a25d249b6f64df1ebedd4ff
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
-rw-r--r-- | db820c/BoardConfig.mk | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/db820c/BoardConfig.mk b/db820c/BoardConfig.mk index 3738d52..3f58615 100644 --- a/db820c/BoardConfig.mk +++ b/db820c/BoardConfig.mk @@ -12,6 +12,7 @@ BOARD_KERNEL_BASE := 0x80000000 BOARD_KERNEL_PAGESIZE := 4096 BOARD_KERNEL_CMDLINE := firmware_class.path=/vendor/firmware/ androidboot.hardware=db820c BOARD_KERNEL_CMDLINE += printk.devkmsg=on +BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive BOARD_SYSTEMIMAGE_PARTITION_SIZE := 4294967296 #4G BOARD_USERDATAIMAGE_PARTITION_SIZE := 12884901888 #12G BOARD_CACHEIMAGE_PARTITION_SIZE := 536870912 #512M |