Probably not, I would relabel the fonts directory...
On Wed, Jul 10, 2013 at 1:16 PM, Peck, Michael A <[email protected]> wrote: > These are from SE for Android master running on a Galaxy Nexus.**** > > Opera actually crashes at startup in both permissive mode and enforcing > mode so I can’t tell if the denial has a real impact. J**** > > Chrome continues to run fine in both permissive mode and enforcing mode so > the denial seems to have no real impact.**** > > ** ** > > From com.opera.browser:**** > > ** ** > > type=1400 msg=audit(1373450195.545:679): avc: denied { getattr } for > pid=22328 comm="Thread-637" path="/system/fonts/DroidSans.ttf" > dev=mmcblk0p10 ino=452 scontext=u:r:untrusted_app:s0:c34,c256 > tcontext=u:object_r:system_file:s0 tclass=lnk_file**** > > ** ** > > lrw-r--r-- root root u:object_r:system_file:s0 > DroidSans.ttf -> Roboto-Regular.ttf**** > > ** ** > > Should “allow domain system_file:lnk_file read;” in domain.te be changed > to “allow domain system_file:lnk_file r_file_perms;” instead?**** > > ** ** > > From com.android.chrome:**** > > ** ** > > type=1400 msg=audit(1373486606.474:1271): avc: denied { search } for > pid=31949 comm="SandboxedProces" name="com.android.chrome" dev=mmcblk0p12 > ino=594517 scontext=u:r:isolated_app:s0 > tcontext=u:object_r:platform_app_data_file:s0 tclass=dir**** > > type=1400 msg=audit(1373486606.474:1272): avc: denied { getattr } for > pid=31949 comm="SandboxedProces" path="/data/data/com.android.chrome" > dev=mmcblk0p12 ino=594517 scontext=u:r:isolated_app:s0 > tcontext=u:object_r:platform_app_data_file:s0 tclass=dir**** > > ** ** > > Seems like the isolated service might be doing a little bit more than it > should .. but the browser seems to still run fine in enforcing mode, so no > policy change may be needed..**** > > ** ** > > ** ** > -- Respectfully, William C Roberts
