On 03/06/2013 05:03 PM, Persaud, Ryan K. wrote:
While testing the Netflix application com.netflix.mediaclient, I got the following denial:type=1400 audit(1362425946.431:10): avc: denied { execute } for pid=890 comm="Thread-100" path="/data/data/com.netflix.mediaclient/files/libcrittercism-ndk.so" dev=mtdblock1 ino=855 scontext=u:r:untrusted_app:s0:c48,c256 tcontext=u:object_r:app_data_file:s0:c48,c256 tclass=file Netflix put the libcrittercism-ndk.so library in the assets directory instead of lib when the apk was generated. Consequently when the app is installed, libcrittercism-ndk.so gets placed into the files directory. I’ve noted two other applications, com.imangi.templerun2 and com.kiloo.subwaysurf, that also have libraries in the assets directory. Should the default SEAndroid policy reflect this practice?
Preferably not, as this violates separation of code and data, but may be required in the default policy of AOSP and commodity devices for compatibility.
-- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
