[ 5.762658] init: SELinux: Could not load policy: Invalid argument
[ 5.768144] init: failed to load policy: Invalid argument
[ 5.773426] init: Security failure; rebooting into recovery mode...
Here are the list of backported upstream SELinux patches needed to run Android N for kernel versions 3.10, 3.14, and 3.18. Similar patches may be found or easily cherry-picked to Android 3.4 and 4.1 kernels.
$ make -j32 :)
3.10
Required:
Revert "SELinux: ss: Fix policy write for ioctl operations"
https://android-review.googlesource.com/162273
Revert "SELinux: use deletion-safe iterator to free list"
https://android-review.googlesource.com/162274
Revert "SELinux: per-command whitelisting of ioctls"
https://android-review.googlesource.com/162275
Revert "security: lsm_audit: add ioctl specific auditing"
https://android-review.googlesource.com/162276
selinux: remove unnecessary pointer reassignment
https://android-review.googlesource.com/162277
security: add ioctl specific auditing to lsm_audit
https://android-review.googlesource.com/162278
selinux: extended permissions for ioctls
https://android-review.googlesource.com/162279
Optional for backwards compatibility:
selinux: Android kernel compatibility with M userspace
https://android-review.googlesource.com/#/c/179155
Other SELinux bug fixes
selinux: do not check open perm on ftruncate call
https://android-review.googlesource.com/#/c/173321
mm: reorder can_do_mlock to fix audit denial
https://android-review.googlesource.com/140751
3.14
Required:
Revert "SELinux: ss: Fix policy write for ioctl operations"
ttps://android-review.googlesource.com/162282
Revert "SELinux: use deletion-safe iterator to free list"
https://android-review.googlesource.com/162283
Revert "SELinux: per-command whitelisting of ioctls"
https://android-review.googlesource.com/162284
Revert "security: lsm_audit: add ioctl specific auditing"
https://android-review.googlesource.com/162285
selinux: remove unnecessary pointer reassignment
https://android-review.googlesource.com/162286
security: add ioctl specific auditing to lsm_audit
https://android-review.googlesource.com/162287
selinux: extended permissions for ioctls
https://android-review.googlesource.com/162288
Optional for backwards compatibility:
selinux: Android kernel compatibility with M userspace
https://android-review.googlesource.com/#/c/179245
Other SELinux bug fixes
selinux: do not check open perm on ftruncate call
https://android-review.googlesource.com/173225
mm: reorder can_do_mlock to fix audit denial
https://android-review.googlesource.com/180251
3.18
Required:
Revert "SELinux: ss: Fix policy write for ioctl operations"
https://android-review.googlesource.com/162310
Revert "SELinux: use deletion-safe iterator to free list"
https://android-review.googlesource.com/162311
Revert "SELinux: per-command whitelisting of ioctls"
https://android-review.googlesource.com/162312
Revert "security: lsm_audit: add ioctl specific auditing"
https://android-review.googlesource.com/162313
selinux: remove unnecessary pointer reassignment
https://android-review.googlesource.com/162314
security: add ioctl specific auditing to lsm_audit
https://android-review.googlesource.com/162315
selinux: extended permissions for ioctls
https://android-review.googlesource.com/162316
UPSTREAM: selinux: fix bug in conditional rules handling
https://android-review.googlesource.com/#/c/197120/
Optional for backwards compatibility:
selinux: Android kernel compatibility with M userspace
https://android-review.googlesource.com/#/c/178861
Other SELinux bug fixes
selinux: do not check open perm on ftruncate call
https://android-review.googlesource.com/#/c/173332/
mm: reorder can_do_mlock to fix audit denial
