Hi,
What are these audit messages mean? Do we miss a transition for
/system/bin/mksh, thus, it has domain shell_exec? I think this is related to
the interface where each app registers its command interface to our debugsh
service; thus, allowing user to run those commands in our debug shell.
# audit(1360619566.398:115):
# scontext="u:r:platform_app:s0" tcontext="u:object_r:shell_exec:s0"
# class="file" perms="execute"
# comm="DebugshSocketLi" exe="" path=""
# message=" [ 51.604309] type=1400 audit(1360619566.398:115): avc: denied {
# execute } for pid=1127 comm="DebugshSocketLi" name="mksh" dev=mmcblk0p13
# ino=672 scontext=u:r:platform_app:s0 tcontext=u:object_r:shell_exec:s0
# tclass=file "
# audit(1360619566.398:115):
# scontext="u:r:platform_app:s0" tcontext="u:object_r:shell_exec:s0"
# class="file" perms="{ read open }"
# comm="DebugshSocketLi" exe="" path=""
# message=" [ 51.665161] type=1400 audit(1360619566.398:115): avc: denied {
# read open } for pid=1127 comm="DebugshSocketLi" name="mksh" dev=mmcblk0p13
# ino=672 scontext=u:r:platform_app:s0 tcontext=u:object_r:shell_exec:s0
# tclass=file "
# audit(1360619566.398:115):
# scontext="u:r:platform_app:s0" tcontext="u:object_r:shell_exec:s0"
# class="file" perms="execute_no_trans"
# comm="DebugshSocketLi" exe="" path=""
# message=" [ 51.712402] type=1400 audit(1360619566.398:115): avc: denied {
# execute_no_trans } for pid=1127 comm="DebugshSocketLi"
# path="/system/bin/mksh" dev=mmcblk0p13 ino=672 scontext=u:r:platform_app:s0
# tcontext=u:object_r:shell_exec:s0 tclass=file "
allow platform_app shell_exec:file { read execute open execute_no_trans };
Thannks,
Tai
