priv_app is allowed. See https://android.googlesource.com/platform/system/sepolicy/+/refs/tags/android-9.0.0_r45/private/priv_app.te#104
You should sign your apk with dev (not platform) certificate and build it in priv-app. And then the app will be labled as priv-app. 在 2019年6月20日星期四 UTC+8下午10:06:47,Arabi写道: > > *Background:* I have customized an AOSP distribution and created a custom > OTA updater service to integrate with it. But whenever I call the updater > service, the following error message is generated: > > E/SELinux: avc: denied { find } for service=android.os.UpdateEngineService > pid=22801 uid=10024 scontext=u:r:platform_app:s0:c512,c768 > tcontext=u:object_r:update_engine_service:s0 tclass=service_manager > permissive=0 > > *Diagnosis:* Based on the error message, our app is being built as a > platform_app. As a result, we are not being allowed to access the path > '/data/' on the system. > > *Possible solution:* There might be two approaches towards the solution: > > 1. Build the app as a system_app > > OR, > > 1. Build the app as a plaform_app and change SELinux config so that > the app is granted necessary access to '/data/' on the system. > > *Main question:* Am I heading towards the right direction with the > understanding and possible solutions stated here? If not, what am I missing > and what should be done in order to fix this issue? > -- -- unsubscribe: android-porting+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-porting --- You received this message because you are subscribed to the Google Groups "android-porting" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-porting+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/android-porting/8726f313-efea-464c-be9b-47385289d597%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.