On Thu, 2012-10-04 at 14:37 +0200, Alexandra Test wrote:
> Hi all,
> I update the release of Seandroid on Samsung Galaxy Nexus.
>
> I need to solve the following denials, any help?
> <5>[ 17.174133] type=1400 audit(1349352924.312:3): avc: denied
> { getattr } for pid=656 comm="Thread-50" path="/cache/lost+found"
> dev=mmcblk0p11 ino=11 scontext=u:r:media_app:s0
> tcontext=u:object_r:unlabeled:s0 tclass=dir
> <5>[ 928.219604] type=1400 audit(1349353835.359:4): avc: denied
> { read } for pid=1428 comm=4173796E635461736B202332 name="events"
> dev=tmpfs ino=4260 scontext=u:r:untrusted_app:s0:c42
> tcontext=u:object_r:log_device:s0 tclass=chr_file
>
>
> I tried to modify the file_contexts but after push it on the devices,
> more denials appeared.
The first one you can ignore or add a dontaudit rule to silence, e.g.
add the following line to external/sepolicy/app.te and rebuild your
policy:
dontaudit media_app unlabeled:dir getattr;
The second one you can allow by enabling the app_read_logs or
android_cts policy booleans (via SEAndroidManager or SEAndroidAdmin).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
