All,
We have the following rules
allow shell shell_data_file:dir create_dir_perms;
allow shell shell_data_file:file create_file_perms;
But we still got permission denied
root@android:/data/local # ls -Z
drwxrwx--x shell shell u:object_r:shell_data_file:s0 tmp
drwxr-xr-x root net_admin u:object_r:system_data_file:s0 udev
root@android:/data/local # id
uid=0(root) gid=0(root) context=u:r:shell:s0
root@android:/data/local # ls -Z tmp
opendir failed, Permission denied
The audit.log file shows
audit(1380736858.382:29): avc: denied { dac_override } for pid=11062
comm="ls" capability=1 scontext=u:r:shell:s0 tcontext=u:r:shell:s0
tclass=capability
audit(1380736858.390:30): avc: denied { dac_read_search } for pid=11062
comm="ls" capability=2 scontext=u:r:shell:s0 tcontext=u:r:shell:s0
tclass=capability
root@android:/data/misc/audit #
What are we missing?
Thanks
