SELinux not enabled?

UPPERCASE · April 3, 2022, 3:08am

I cannot confirm it for 100% since I cannot access /sys or run the sestatus command because that one is missing. But when I run ls -aliZ /etc/selinux I not only see old configs from 2009 (seems like all files are “from 2009”, so I guess I can ignore that) and no SELinux config file. But also some missing context labels? Missing context labels usually means those files were created with SELinux off. A relabeling is then needed before turning SELinux on again.

But before I’ll jump to conclusions I would like to double check if this phone really has no SELinux. That would be a bummer. Does anyone have a rooted FP running the stock ROM? If so, please show the contents of /sys/fs/selinux or the output of sestatus if you installed that one with e.g. Termux.

UPPERCASE · April 3, 2022, 7:10am

My Pixel 3 has the same output of /etc/selinux, so there might still be hope

hirnsushi · April 3, 2022, 10:57am

Here’s the content of /sys/fs/selinux:

1110 drwxr-xr-x  3 root root u:object_r:system_file:s0                 4096 2009-01-01 01:00 .
 768 drwxr-xr-x 13 root root u:object_r:system_file:s0                 4096 2009-01-01 01:00 ..
1111 drwxr-xr-x  2 root root u:object_r:system_file:s0                 4096 2009-01-01 01:00 mapping
1121 -rw-r--r--  1 root root u:object_r:file_contexts_file:s0         36294 2009-01-01 01:00 plat_file_contexts
1122 -rw-r--r--  1 root root u:object_r:hwservice_contexts_file:s0     8752 2009-01-01 01:00 plat_hwservice_contexts
1123 -rw-r--r--  1 root root u:object_r:mac_perms_file:s0              7449 2009-01-01 01:00 plat_mac_permissions.xml
1124 -rw-r--r--  1 root root u:object_r:property_contexts_file:s0     47416 2009-01-01 01:00 plat_property_contexts
1125 -rw-r--r--  1 root root u:object_r:seapp_contexts_file:s0         2898 2009-01-01 01:00 plat_seapp_contexts
1126 -rw-r--r--  1 root root u:object_r:sepolicy_file:s0            1581305 2009-01-01 01:00 plat_sepolicy.cil
1127 -rw-r--r--  1 root root u:object_r:system_file:s0                   65 2009-01-01 01:00 plat_sepolicy_and_mapping.sha256
1128 -rw-r--r--  1 root root u:object_r:service_contexts_file:s0      18953 2009-01-01 01:00 plat_service_contexts

I also checked getenforce according to the docs:

FP4:/ # getenforce                                                                                                                                   
Enforcing

I can look for a cross-compiled sestatus if you need more info, I’m not running Termux.

Edit: Ok, I’m not sure what output you need for /sys/fs/selinux, I know absolutely nothing about SELinux . That’s the output for ls -aliZ let me know if you just wanted the content

UPPERCASE · April 3, 2022, 11:11am

Awesome! Thanks for checking. Just to double check, you run the stock FP ROM, right?

hirnsushi · April 3, 2022, 11:14am

I ran that on vanilla FPOS yes.
The other device I have access to is running CalyxOS if you need something to compare it to.

UPPERCASE · April 3, 2022, 12:01pm

Ah, I see what I did wrong. I trusted the local terminal too much (TermBot). Using adb shell I can indeed also verify that it is running SELinux. Such a relief

# adb shell
FP4:/ $ getenforce
Enforcing

system · July 2, 2022, 12:02pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.