priv_app is allowed. See
https://android.googlesource.com/platform/system/sepolicy/+/refs/tags/android-9.0.0_r45/private/priv_app.te#104
You should sign your apk with dev (not platform) certificate and build it
in priv-app. And then the app will be labled as priv-app.
在 2019年6月20日星期四 UTC+8下午10:06:47,Arabi写道:
>
> *Background:* I have customized an AOSP distribution and created a custom
> OTA updater service to integrate with it. But whenever I call the updater
> service, the following error message is generated:
>
> E/SELinux: avc: denied { find } for service=android.os.UpdateEngineService
> pid=22801 uid=10024 scontext=u:r:platform_app:s0:c512,c768
> tcontext=u:object_r:update_engine_service:s0 tclass=service_manager
> permissive=0
>
> *Diagnosis:* Based on the error message, our app is being built as a
> platform_app. As a result, we are not being allowed to access the path
> '/data/' on the system.
>
> *Possible solution:* There might be two approaches towards the solution:
>
> 1. Build the app as a system_app
>
> OR,
>
> 1. Build the app as a plaform_app and change SELinux config so that
> the app is granted necessary access to '/data/' on the system.
>
> *Main question:* Am I heading towards the right direction with the
> understanding and possible solutions stated here? If not, what am I missing
> and what should be done in order to fix this issue?
>
--
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-porting+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-porting/8726f313-efea-464c-be9b-47385289d597%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
