[android-building] SELinux issues using Kernel 4.19 and Android Nougat r7.1.1_r58

Sat, 26 Jan 2019 15:42:06 -0800 

Hi,

I am using Kernel 4.19 and Android Nougat r7.1.1_r58 and I am having issues 
with selinux. During bootup I get this:

[    3.563247] SELinux:  Permission validate_trans in class security not 
defined in policy.
[    3.572142] SELinux:  Permission getrlimit in class process not defined 
in policy.
[    3.580066] SELinux:  Class process2 not defined in policy.
[    3.586061] SELinux:  Permission map in class file not defined in policy.
[    3.593279] SELinux:  Permission map in class dir not defined in policy.
[    3.600313] SELinux:  Permission map in class lnk_file not defined in 
policy.
[    3.607872] SELinux:  Permission map in class chr_file not defined in 
policy.
[    3.615429] SELinux:  Permission map in class blk_file not defined in 
policy.
[    3.622979] SELinux:  Permission map in class sock_file not defined in 
policy.
[    3.630554] SELinux:  Permission map in class fifo_file not defined in 
policy.
[    3.638206] SELinux:  Permission map in class socket not defined in 
policy.
[    3.645592] SELinux:  Permission map in class tcp_socket not defined in 
policy.
[    3.653361] SELinux:  Permission map in class udp_socket not defined in 
policy.
[    3.661024] SELinux:  Permission map in class rawip_socket not defined 
in policy.
[    3.668952] SELinux:  Permission map in class netlink_socket not defined 
in policy.
[    3.677043] SELinux:  Permission map in class packet_socket not defined 
in policy.
[    3.685034] SELinux:  Permission map in class key_socket not defined in 
policy.
[    3.692764] SELinux:  Permission map in class unix_stream_socket not 
defined in policy.
[    3.701164] SELinux:  Permission map in class unix_dgram_socket not 
defined in policy.
[    3.709554] SELinux:  Permission map in class netlink_route_socket not 
defined in policy.
[    3.718219] SELinux:  Permission map in class netlink_tcpdiag_socket not 
defined in policy.
[    3.727047] SELinux:  Permission map in class netlink_nflog_socket not 
defined in policy.
[    3.735681] SELinux:  Permission map in class netlink_xfrm_socket not 
defined in policy.
[    3.744244] SELinux:  Permission map in class netlink_selinux_socket not 
defined in policy.
[    3.753078] SELinux:  Permission map in class ne[    3.779391] SELinux:  
Permission map in class netlink_connector_socket not defined in policy.
[    3.788399] SELinux:  Permission map in class netlink_netfilter_socket 
not defined in policy.
[    3.797408] SELinux:  Permission map in class netlink_dnrt_socket not 
defined in policy.
[    3.805955] SELinux:  Permission map in class 
netlink_kobject_uevent_socket not defined in policy.
[    3.815406] SELinux:  Permission map in class netlink_generic_socket not 
defined in policy.
[    3.824230] SELinux:  Permission map in class 
netlink_scsitransport_socket not defined in policy.
[    3.833597] SELinux:  Permission map in class netlink_rdma_socket not 
defined in policy.
[    3.843730] SELinux:  Permission map in class netlink_crypto_socket not 
defined in policy.
[    3.852587] SELinux:  Permission map in class appletalk_socket not 
defined in policy.
[    3.860806] SELinux:  Permission map in class dccp_socket not defined in 
policy.
[    3.868673] SELinux:  Permission map in class tun_socket not defined in 
policy.
[    3.876421] SELinux:  Class cap_userns not defined in policy.
[    3.882507] SELinux:  Class cap2_userns not defined in policy.
[    3.888622] SELinux:  Class sctp_socket not defined in policy.
[    3.894785] SELinux:  Class icmp_socket not defined in policy.
[    3.900897] SELinux:  Class ax25_socket not defined in policy.
[    3.907074] SELinux:  Class ipx_socket not defined in policy.
[    3.913161] SELinux:  Class netrom_socket not defined in policy.
[    3.919459] SELinux:  Class atmpvc_socket not defined in policy.
[    3.925821] SELinux:  Class x25_socket not defined in policy.
[    3.931902] SELinux:  Class rose_socket not defined in policy.
[    3.938012] SELinux:  Class decnet_socket not defined in policy.
[    3.944376] SELinux:  Class atmsvc_socket not defined in policy.
[    3.950664] SELinux:  Class rds_socket not defined in policy.
[    3.956742] SELinux:  Class irda_socket not defined in policy.
[    3.962910] SELinux:  Class pppox_socket not defined in policy.
[    3.969111] SELinux:  Class llc_socket not defined in policy.
[    3.975517] SELinux:  Class can_socket not defined in policy.
[    4.094631] SELinux: the above unknown classes and permissions will be 
denied

 audit: type=1400 audit(4.520:3): avc:  denied  { map } for  pid=1 
comm="init" path="/file_contexts.bin" dev="rootfs" ino=8020 
scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file 
permissive=1

....


I added permissions for avc denied rules for map etc but while compiling I 
get : 
:ERROR 'permission map is not defined for class file' at token ';' on line 
20937

It is not clear in Android documentation where to add the permission for 
the class and in which files. Could somebody please help me with this?

Thanks,
Gautam.

-- 
-- 
You received this message because you are subscribed to the "Android Building" 
mailing list.
To post to this group, send email to android-building@googlegroups.com
To unsubscribe from this group, send email to
android-building+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-building?hl=en

--- 
You received this message because you are subscribed to the Google Groups 
"Android Building" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-building+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to