Re: [android-porting] Selinux 'syntax' error in policy.

Fri, 27 Jul 2018 08:44:52 -0700 

Hi Satish,

Thanks for the reply. I was aware of audit2allow but never bothered to
use it. I started using it and I found out I simply missed the
semicolon at the end of the rule.

Thanks again.
-Gautam.

On Thu, Jul 19, 2018 at 1:23 PM, Satish Patel <tosatishpa...@gmail.com> wrote:
>
>
> On Thu, Jul 19, 2018 at 12:04 AM, <mindentr...@gmail.com> wrote:
>>
>> Hi,
>>
>> I am trying to port AOSP Marshmallow for Beaglebone black. I get a lot of
>> AVC denied errors. When I tried to write a allow policy I get syntax error
>> while the build checks the policy.
>>
>> Following is the avc denied error:
>>
>> ##avc: denied { open } for pid=630 comm="zygote"
>> path="/sys/kernel/debug/tracing/trace_marker" dev="tracefs" ino=62
>> scontext=u:r:zygote:s0 tcontext=u:object_r:debugfs_tracing:s0 tclass=file
>> permissive=1
>>
> Try audit2allow. It frame the rule as per the denial message. (not all but
> in most of the cases it does work good)
> https://source.android.com/security/selinux/validate
>
> For message:
>
> <5> type=1400 audit: avc:  denied  { read write } for  pid=177
> comm="rmt_storage" name="mem" dev="tmpfs" ino=6004 scontext=u:r:rmt:s0
> tcontext=u:object_r:kmem_device:s0 tclass=chr_file
>
>
> adb pull /sys/fs/selinux/policy
> adb logcat -b all -d | audit2allow -p policy
>
>
> output
>
> #============= shell ==============
> allow shell kernel:security setenforce;
> #============= rmt ==============
> allow rmt kmem_device:chr_file { read write };
>
>
>>
>> Following is my rule:
>> allow zygote debugfs_tracing:file {write}
>>
>> I am not sure what is wrong. Can somebody please help?
>>
>> Thanks.
>>
>> --
>> --
>> unsubscribe: android-porting+unsubscr...@googlegroups.com
>> website: http://groups.google.com/group/android-porting
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "android-porting" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to android-porting+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>
>
> --
> Regards,
> satish patel

-- 
-- 
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting

--- 
You received this message because you are subscribed to the Google Groups 
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to