- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- selinux denies the /system/bin/sh permission
selinux denies the /system/bin/sh permission
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
selinux denies the /system/bin/sh permission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am booting AndroidN7.1.2 freescale release on sabrsd board.
If I am flashing the build binaries(boot-imx6q.img etc.) using "fsl-sdcard-partition.sh". I am successfully getting the console.
I have partitioned my sd-card as below to use the "uImage" and "uramdisk":
mmcblk2: p1 p2 p3 < p5 p6 p7 p8 > p4
where p1(boot vfat),p2(recovery vfat), p4(data ext4) are primary partitions
& p5(system), p6(cache), p7(device), p8(misc) are logical ext4 paritions.
But I am failing to get the console as permission is denied "init: cannot execve('/system/bin/sh'): Permission denied".
content of fstab.freescale file is below:
==============================================
/devices/soc0/soc.1/2100000.aips-bus/219c000.usdhc/mmc_host /mnt/media_rw/extsd vfat defaults voldmanaged=extsd:auto
/devices/soc0/soc.1/2100000.aips-bus/2184200.usb/ci_hdrc.1 /mnt/media_rw/udisk vfat defaults voldmanaged=udisk:auto
/dev/block/mmcblk2p5 /system ext4 ro,barrier=1 wait
/dev/block/mmcblk2p4 /data ext4 nosuid,nodev,nodiratime,noatime,nomblk_io_submit,noauto_da_alloc,errors=panic wait,encryptable=/dev/block/mmcblk2p9
/dev/block/mmcblk2p6 /cache ext4 nosuid,nodev,nomblk_io_submit wait
/dev/block/mmcblk2p7 /device ext4 ro,nosuid,nodev wait
/dev/block/mmcblk2p1 /boot vfat defaults defaults
/dev/block/mmcblk2p2 /recovery vfat defaults defaults
/dev/block/mmcblk2p8 /misc emmc defaults defaults
log:
=====
init: init first stage started!
SELinux: Permission validate_trans in class security not defined in policy.
SELinux: Class cap_userns not defined in policy.
SELinux: Class cap2_userns not defined in policy.
SELinux: the above unknown classes and permissions will be denied
audit: type=1403 audit(67.630:2): policy loaded auid=4294967295 ses=4294967295
audit: type=1404 audit(67.640:3): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
init: (Initializing SELinux enforcing took 0.18s.)
init: init second stage started!
init: Running restorecon...
init: waitpid failed: No child processes
init: (Loading properties from /default.prop took 0.00s.)
init: (Parsing /init.environ.rc took 0.00s.)
init: (Parsing /init.usb.rc took 0.00s.)
init: (Parsing init.freescale.usb.rc took 0.00s.)
init: (Parsing init.freescale.i.MX6Q.rc took 0.00s.)
init: (Parsing init.freescale.sd.rc took 0.00s.)
init: (Parsing /init.freescale.rc took 0.02s.)
ueventd: ueventd started!
ueventd: Coldboot took 0.35s.
Console: switching to colour dummy device 80x30
watchdogd: started (interval 10, margin 20)!
EXT4-fs (mmcblk2p5): mounted filesystem with ordered data mode. Opts: barrier=1
EXT4-fs (mmcblk2p4): Ignoring removed nomblk_io_submit option
EXT4-fs (mmcblk2p4): recovery complete
EXT4-fs (mmcblk2p4): mounted filesystem with ordered data mode. Opts: nomblk_io_submit,noauto_da_alloc,errors=panic
EXT4-fs (mmcblk2p6): Ignoring removed nomblk_io_submit option
EXT4-fs (mmcblk2p6): recovery complete
EXT4-fs (mmcblk2p6): mounted filesystem with ordered data mode. Opts: nomblk_io_submit
EXT4-fs (mmcblk2p7): mounted filesystem with ordered data mode. Opts: (null)
FAT-fs (mmcblk2p1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
file system registered
using random self ethernet address
using random host ethernet address
audit: type=1400 audit(68.530:4): avc: denied { execute } for pid=235 comm="init" name="vdc" dev="mmcblk2p5" ino=397 scontext=u:r:i
nit:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
rfkill: BT RF going to : off
binder: 236:236 transaction failed 29189, size 0-0
audit: type=1400 audit(68.580:5): avc: denied { execute } for pid=237 comm="init" name="sh" dev="mmcblk2p5" ino=254 scontext=u:r:in
it:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
audit: type=1400 audit(68.620:6): avc: denied { execute } for pid=239 comm="init" name="magd" dev="mmcblk2p5" ino=149 scontext=u:r:
init:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
read descriptors
read strings
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
init: Starting service 'console'...
audit: type=1400 audit(73.660:7): avc: denied { execute } for pid=243 comm="init" name="sh" dev="mmcblk2p5" ino=254 scontext=u:r:in
it:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
init: cannot execve('/system/bin/sh'): Permission denied
init: Service 'console' (pid 243) exited with status 127
init: Service 'console' (pid 243) killing any children in process group
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
binder: 236:236 transaction failed 29189, size 0-0
Please help me.
thanks,
Praveen
diegoadrian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
This problem normally disappear if you disable the Android verity during u-boot.
For that try using the below bootargs:
U-Boot > setenv bootcmd boota mmc2
U-Boot > setenv bootargs console=ttymxc0,115200 init=/init
video=mxcfb0:dev=ldb,fbpix=RGB32,bpp=32 video=mxcfb1:off video=mxcfb2:off video=mxcfb3:off
vmalloc=128M androidboot.console=ttymxc0 consoleblank=0 androidboot.hardware=freescale
cma=448M androidboot.selinux=permissive androidboot.dm_verity=disable
U-Boot > saveenv
Plase, take note that those bootargs are for an LDVS screen. If you want to use another type of screen, the bootargs will be different.
Best Regards,
Diego.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tkanks, I had solved it,because some one modify
int drm_fbdev_cma_create_with_funcs(struct drm_fb_helper *helper,
struct drm_fb_helper_surface_size *sizes,
const struct drm_framebuffer_funcs *funcs)
{
.....
//sizes->surface_height = sizes->surface_height*2;(some one add it? I delete it,it is ok)
mode_cmd.width = sizes->surface_width;
mode_cmd.height = sizes->surface_height;
TKS
