File-system is not mounting when I am enabling selinux

File-system is not mounting when I am enabling selinux

[Avijit Das]

[-- Attachment #1: Type: text/plain, Size: 2661 bytes --]

Hi,
I am trying to enable SELinux in Android platform. I am getting the following error message:
[   16.331402] init: invalid uid 'fm_radio'[   17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered data mode. Opts: barrier=1[   17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security xattr handler[   17.775651] fs_mgr: __mount(source=/dev/block/bootdevice/by-name/system,target=/system,type=ext4)=-1[   17.783817] fs_mgr: Failed to mount an un-encryptable or wiped partition on/dev/block/bootdevice/by-name/system at /system options: barrier=1 error: Operation not supported on transport endpoint[   17.802215] EXT4-fs (mmcblk0p29): Ignoring removed nomblk_io_submit option[   17.821190] EXT4-fs (mmcblk0p29): mounted filesystem with ordered data mode. Opts: nomblk_io_submit,errors=remount-ro[   17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security xattr handler[   17.840383] fs_mgr: check_fs(): mount(/dev/block/bootdevice/by-name/userdata,/data,ext4)=-1[   17.847781] fs_mgr: Not running /system/bin/e2fsck on /dev/block/bootdevice/by-name/userdata (executable not in system image)[   17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered data mode. Opts: barrier=1,noauto_da_alloc[   17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security xattr handler[   17.883072] fs_mgr: __mount(source=/dev/block/bootdevice/by-name/userdata,target=/data,type=ext4)=-1[   17.892845] fs_mgr: fs_mgr_mount_all(): possibly an encryptable blkdev /dev/block/bootdevice/by-name/userdata for mount /data type ext4 )[   17.904640] init: fs_mgr_mount_all returned an error[   17.909559] init (273) used greatest stack depth: 12824 bytes left[   17.915496] init: fs_mgr_mount_all returned unexpected error 255[   17.926673] EXT4-fs (mmcblk0p25): mounted filesystem with ordered data mode. Opts: barrier=1[   17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security xattr handler[   17.948220] EXT4-fs (mmcblk0p26): mounted filesystem with ordered data mode. Opts: barrier=1[   17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security xattr handler[   17.964734] SELinux: Could not set context for /persist:  Operation not supported on transport endpoint[   17.983614] SELinux: Could not set context for /cache:  Read-only file system

The device is booting fine to home screen, But executable files inside system/bin is not accessible. It seems system image is not getting mounted properly. And because of that we are not able to do adb shell. Is this a known issue?
I found this fix: http://permalink.gmane.org/gmane.comp.security.selinux/18999

Is this relevant?
Thanks,Avijit







 		 	   		  

[-- Attachment #2: Type: text/html, Size: 3672 bytes --]

Re: File-system is not mounting when I am enabling selinux

[dE]

[-- Attachment #1: Type: text/plain, Size: 2994 bytes --]

On 07/22/14 04:33, Avijit Das wrote:
> Hi,
>
> I am trying to enable SELinux in Android platform. I am getting the 
> following error message:
>
> [   16.331402] init: invalid uid 'fm_radio'
> [   17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered 
> data mode. Opts: barrier=1
> [   17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security 
> xattr handler
> [   17.775651] fs_mgr: 
> __mount(source=/dev/block/bootdevice/by-name/system,target=/system,type=ext4)=-1
> [   17.783817] fs_mgr: Failed to mount an un-encryptable or wiped 
> partition on/dev/block/bootdevice/by-name/system at /system options: 
> barrier=1 error: Operation not supported on transport endpoint
> [   17.802215] EXT4-fs (mmcblk0p29): Ignoring removed nomblk_io_submit 
> option
> [   17.821190] EXT4-fs (mmcblk0p29): mounted filesystem with ordered 
> data mode. Opts: nomblk_io_submit,errors=remount-ro
> [   17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security 
> xattr handler
> [   17.840383] fs_mgr: check_fs(): 
> mount(/dev/block/bootdevice/by-name/userdata,/data,ext4)=-1
> [   17.847781] fs_mgr: Not running /system/bin/e2fsck on 
> /dev/block/bootdevice/by-name/userdata (executable not in system image)
> [   17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered 
> data mode. Opts: barrier=1,noauto_da_alloc
> [   17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security 
> xattr handler
> [   17.883072] fs_mgr: 
> __mount(source=/dev/block/bootdevice/by-name/userdata,target=/data,type=ext4)=-1
> [   17.892845] fs_mgr: fs_mgr_mount_all(): possibly an encryptable 
> blkdev /dev/block/bootdevice/by-name/userdata for mount /data type ext4 )
> [   17.904640] init: fs_mgr_mount_all returned an error
> [   17.909559] init (273) used greatest stack depth: 12824 bytes left
> [   17.915496] init: fs_mgr_mount_all returned unexpected error 255
> [   17.926673] EXT4-fs (mmcblk0p25): mounted filesystem with ordered 
> data mode. Opts: barrier=1
> [   17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security 
> xattr handler
> [   17.948220] EXT4-fs (mmcblk0p26): mounted filesystem with ordered 
> data mode. Opts: barrier=1
> [   17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security 
> xattr handler
> [   17.964734] SELinux: Could not set context for /persist:  Operation 
> not supported on transport endpoint
> [   17.983614] SELinux: Could not set context for /cache:  Read-only 
> file system
>
>
> The device is booting fine to home screen, But executable files inside 
> system/bin is not accessible. It seems system image is not getting 
> mounted properly. And because of that we are not able to do adb shell. 
> Is this a known issue?
>
> I found this fix: 
> http://permalink.gmane.org/gmane.comp.security.selinux/18999
>
> Is this relevant?
>
> Thanks,
> Avijit
>

No. ext4 is not implemented as FUSE.

You need to mount th FS with xattr option to get SELinux support, after 
that you should do a relabel of the entire FS.

[-- Attachment #2: Type: text/html, Size: 4914 bytes --]

Re: File-system is not mounting when I am enabling selinux

[Christopher J. PeBenito]

On 7/21/2014 7:03 PM, Avijit Das wrote:
> Hi,
> 
> I am trying to enable SELinux in Android platform. I am getting the
> following error message:

> [   17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security
> xattr handler
> [   17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security
> xattr handler
> [   17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered
> data mode. Opts: barrier=1,noauto_da_alloc
> [   17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security
> xattr handler
> [   17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security
> xattr handler
> [   17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security
> xattr handler

Your ext4 is missing security labels (note no security xattr handler
error), you need to turn on CONFIG_EXT4_FS_SECURITY.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

Re: File-system is not mounting when I am enabling selinux

[Stephen Smalley]

On 07/21/2014 07:03 PM, Avijit Das wrote:
> Hi,
> 
> I am trying to enable SELinux in Android platform. I am getting the
> following error message:
> 
> [   16.331402] init: invalid uid 'fm_radio'
> [   17.759590] EXT4-fs (mmcblk0p24): mounted filesystem with ordered
> data mode. Opts: barrier=1
> [   17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security
> xattr handler

As Chris said, this indicates that your kernel configuration is missing
an option required for SELinux, CONFIG_EXT4_FS_SECURITY=y, and therefore
does not include the security xattr handlers.

Also, questions regarding the Android SELinux support are best directed
to the seandroid-list, subscribe by sending email to
seandroid-list-join@tycho.nsa.gov.

RE: File-system is not mounting when I am enabling selinux

[Avijit Das]

[-- Attachment #1: Type: text/plain, Size: 1240 bytes --]

Thanks a lot !!
It resolved my purpose.
Thanks,Avijit

> Date: Tue, 22 Jul 2014 08:12:33 -0400
> From: cpebenito@tresys.com
> To: avijitnsec@live.com; selinux@tycho.nsa.gov
> Subject: Re: File-system is not mounting when I am enabling selinux
> 
> On 7/21/2014 7:03 PM, Avijit Das wrote:
> > Hi,
> > 
> > I am trying to enable SELinux in Android platform. I am getting the
> > following error message:
> 
> > [   17.767028] SELinux: (dev mmcblk0p24, type ext4) has no security
> > xattr handler
> > [   17.830819] SELinux: (dev mmcblk0p29, type ext4) has no security
> > xattr handler
> > [   17.865028] EXT4-fs (mmcblk0p29): mounted filesystem with ordered
> > data mode. Opts: barrier=1,noauto_da_alloc
> > [   17.873877] SELinux: (dev mmcblk0p29, type ext4) has no security
> > xattr handler
> > [   17.934144] SELinux: (dev mmcblk0p25, type ext4) has no security
> > xattr handler
> > [   17.955632] SELinux: (dev mmcblk0p26, type ext4) has no security
> > xattr handler
> 
> Your ext4 is missing security labels (note no security xattr handler
> error), you need to turn on CONFIG_EXT4_FS_SECURITY.
> 
> 
> -- 
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com
 		 	   		  

[-- Attachment #2: Type: text/html, Size: 1739 bytes --]