I have the following rules set:
allow untrusted_app mali_device:chr_file { open read write getattr ioctl };
allow untrusted_app ump_device:chr_file { open read write getattr ioctl };
Nevertheless I get the following error in the audit logs:
type=1400 msg=audit(1375190659.875:41): avc: denied { write } for
pid=3478 comm="atik.exynosroot" name="ump" dev=tmpfs ino=582
scontext=u:r:untrusted_app:s0:c50,c256 tcontext=u:object_r:ump_device:s0
tclass=chr_file
type=1400 msg=audit(1375190659.875:42): avc: denied { write } for
pid=3478 comm="atik.exynosroot" name="mali" dev=tmpfs ino=748
scontext=u:r:untrusted_app:s0:c50,c256
tcontext=u:object_r:mali_device:s0 tclass=chr_file
type=1400 msg=audit(1375190682.065:44): avc: denied { write } for
pid=3478 comm="atik.exynosroot" path="/dev/ump" dev=tmpfs ino=582
scontext=u:r:untrusted_app:s0:c50,c256 tcontext=u:object_r:ump_device:s0
tclass=chr_file
type=1400 msg=audit(1375190685.980:45): avc: denied { write } for
pid=3517 comm="atik.exynosroot" name="ump" dev=tmpfs ino=582
scontext=u:r:untrusted_app:s0:c50,c256 tcontext=u:object_r:ump_device:s0
tclass=chr_file
Is there some additional restriction for the untrusted_app domain, that
the policies do not work?
Regards
Janosch
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
