Closed Bug 1224131 Opened 9 years ago Closed 9 years ago

Update sepolicy on sony platforms for sony-aosp-l

Categories

(Firefox OS Graveyard :: GonkIntegration, defect)

Product:
Firefox OS Graveyard
Component:
GonkIntegration
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: tedd, Assigned: tedd)

References

Details

Attachments

(3 files, 1 obsolete file)

Yukon PR
56 bytes, text/x-github-pull-request
gerard-majax
: review+
Details | Review
Rhine PR
55 bytes, text/x-github-pull-request
gerard-majax
: review+
Details | Review
Shinano PR
58 bytes, text/x-github-pull-request
gerard-majax
: review+
Details | Review 
On my Z3C device, I get the following Warnings from SELinux about missing domains:

> <11>[   12.845298] init: Warning!  Service rmt_storage needs a SELinux domain defined; please fix!
> <11>[   14.690408] init: Warning!  Service qmuxd needs a SELinux domain defined; please fix!
> <11>[   14.697628] init: Warning!  Service netmgrd needs a SELinux domain defined; please fix!
> <11>[   14.732708] init: Warning!  Service irsc_util needs a SELinux domain defined; please fix!
> <11>[   14.744937] init: Warning!  Service sensors needs a SELinux domain defined; please fix!

The services actually do have domains, but due to a path mismatch when labeling those services with their domains (inside file_contexts), they are not being labeled correctly.

Upstream fixed these labeling issues a couple of days ago [1].
I would like to merge those upstream changes onto our fork, as far as I can tell, this should be possible with a fast-forward.

[1] https://github.com/sonyxperiadev/device-qcom-sepolicy/commits/l-mr1
My Z3C build was successful, flashing the device as well and the error is gone.

Unfortunately I don't have access to other Sony devices, otherwise I would have tested those as well.
Attachment #8686518 - Flags: review?(lissyx+mozillians) → review+
https://github.com/mozilla-b2g/device-qcom-sepolicy/commit/81f4d00416e95ac70775901d138d46af409c56e8
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
BAD! This just broke all Yukon devices. These changes should have been pushed to platform specific repos. I've fixed the problem upstream.

Alex can you revert this change?
Status: RESOLVED → REOPENED
Flags: needinfo?(lissyx+mozillians)
Resolution: FIXED → ---
Reverted: https://github.com/mozilla-b2g/device-qcom-sepolicy/commit/e0a1cce6a8559ccc88e15da148531d36e18ae5f7

Sorry for the mess.
Flags: needinfo?(lissyx+mozillians)
Flags: needinfo?(julian.r.hector)
Flags: needinfo?(afarden)
Thanks, actually Julian I'm glad you brought this to my attention. The reason these should be platform specific sepolicy is because other Android projects like CyanogenMod need their own qcom/sepolicy repo, so a build based on Sony's AOSP repos will not have these changes, therefore will have sepolicy errors.

The reason this broke Yukon is because I already made the changes for Yukon, but for whatever reason I didn't push it to the other platforms.

This obviously means that upstream Yukon has been broken for two weeks, but nobody at Sony noticed...

Anyway I've fixed it upstream and it's already merged, so I'll open PRs for Yukon, Rhine and Shinano.
Flags: needinfo?(afarden)
Heh, thanks Adam, I was just writing out a reply to the bug asking exactly the questions you just answered with Comment 6, as soon as I hit 'submit' it showed me the conflict.

So even though the yukon and shinano platform share the same qcom-sepolicy repo, and the file path are identical on both devices, this should still be fixed on a per platform basis?

Also I am curious, can you post the error message you got with those changes?
My understanding is that if a path in file_contexts doesn't exist, the labeling will just be ignored and the changes that have been backed out are only related to the file path.

Sorry for breaking it!
Flags: needinfo?(julian.r.hector) → needinfo?(afarden)
Attached file Yukon PR 

        Attachment #8687568 -
        Flags: review?(lissyx+mozillians)

    
    

    
  

      
      
      
      

        Attached file
          
        Rhine PR
      

    


  

        Attachment #8687569 -
        Flags: review?(lissyx+mozillians)

    
    

    
  

      
      
      
      

        Attached file
          
        Shinano PR
      

    


  

        Attachment #8686518 -
        Attachment is obsolete: true

        Attachment #8687570 -
        Flags: review?(lissyx+mozillians)
Flags: needinfo?(afarden)
Summary: Update device/qcom/sepolicy tree for sony-aosp-l → Update sepolicy on sony platforms for sony-aosp-l

    
    

    
  
The error message was something like "duplicate entry found". The executables were moved by Sony from their usual QCOM locations in /system/bin to /system/vendor/bin. Why this was done I have no idea, but instead of editing the QCOM sepolicy it is better to add the new nonstandard locations for these executables to the platform policy.

This is exactly what I did for Yukon but not for other platforms.

This saves us headaches when we need to merge QCOM upstream, but unfortunately other Sony contributors failed to understand the consequences of changing QCOM sepolicy.

    
  

        Attachment #8687568 -
        Flags: review?(lissyx+mozillians) → review+

    
  

        Attachment #8687569 -
        Flags: review?(lissyx+mozillians) → review+

    
  

        Attachment #8687570 -
        Flags: review?(lissyx+mozillians) → review+

    
  
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: