An app I installed (Big Win Basketball) kept crashing whenever SELinux
enforcing mode was turned on. This is on a Galaxy Nexus (maguro).
Oddly, with enforcing mode turned off, no denial messages were showing up in
the log.
<5>[ 552.326965] type=1400 audit(1358990973.587:16): avc: denied { search }
for pid=1907 comm="igwinbasketball" name="/" dev=tmpfs ino=2500
scontext=u:r:untrusted_app:s0:c48,c256 tcontext=u:object_r:tmpfs:s0 tclass=dir
>From logcat:
E/AndroidRuntime( 3105): Caused by: java.lang.IllegalArgumentException: Invalid
path: /storage/emulated/0
E/AndroidRuntime( 3105): Caused by: libcore.io.ErrnoException: statfs failed:
EACCES (Permission denied)
I eventually noticed (using a Terminal Emulator app) that from the perspective
of running apps, /storage/emulated is labeled as u:object_r:tmpfs:s0 (but from
the perspective of 'adb shell' it's labeled u:object_r:rootfs:s0), which I
think was preventing the app from being able to access /storage/emulated/0
(which is correctly labeled u:object_r:sdcard:s0).
I modified dalvik/vm/Init.cpp to label /storage/emulated as
u:object_r:sdcard:s0 when mounting and that seemed to fix the problem. Not
sure if that is the right approach or the right label (though it's already
setting gid=1028 which is sdcard_r, so labeling as sdcard might make sense).
diff --git a/vm/Init.cpp b/vm/Init.cpp
index 11d884e..639da90 100644
--- a/vm/Init.cpp
+++ b/vm/Init.cpp
@@ -1658,7 +1658,7 @@ static bool initZygote()
const char* target_base = getenv("EMULATED_STORAGE_TARGET");
if (target_base != NULL) {
if (mount("tmpfs", target_base, "tmpfs", MS_NOSUID | MS_NODEV,
- "uid=0,gid=1028,mode=0050") == -1) {
+ "uid=0,gid=1028,mode=0050,fscontext=u:object_r:sdcard:s0") == -
SLOGE("Failed to mount tmpfs to %s: %s", target_base, strerror(errn
return -1;
}
