Problem was totally on my end. I had added own my package to the mac_permissions that was also signed with the platform key. Problem was that the <seinfo value> tag for that signing was not set to "platform". Hence all other apps signed with the platform key got labelled untrusted_app. Corrected the seinfo value tag for the signing for my app and everything was properly labelled again!
Thanks for your help! On Fri, Jan 17, 2014 at 9:52 AM, Edvard Holst <[email protected]> wrote: > When installing AnyConnect on the Mako, I get the following avc denials. > > type=1400 msg=audit(3703773.999:178): avc: denied { getattr } for > pid=1522 comm="Binder_1" > path="/data/local/tmp/com.cisco.anyconnect.vpn.android.avf-2.apk" > dev="mmcblk0p23" ino=97731 scontext=u:r:untrusted_app:s0:c3,c256 > tcontext=u:object_r:shell_data_file:s0 tclass=file > type=1400 msg=audit(3703773.999:179): avc: denied { read } for pid=1522 > comm="Binder_1" name="com.cisco.anyconnect.vpn.android.avf-2.apk" > dev="mmcblk0p23" ino=97731 scontext=u:r:untrusted_app:s0:c3,c256 > tcontext=u:object_r:shell_data_file:s0 tclass=file > type=1400 msg=audit(3703773.999:180): avc: denied { open } for pid=1522 > comm="Binder_1" name="com.cisco.anyconnect.vpn.android.avf-2.apk" > dev="mmcblk0p23" ino=97731 scontext=u:r:untrusted_app:s0:c3,c256 > tcontext=u:object_r:shell_data_file:s0 tclass=file > type=1400 msg=audit(3703774.009:181): avc: denied { read write } for > pid=683 comm="PackageManager" path="/data/app/vmdl1971219509.tmp" > dev="mmcblk0p23" ino=276900 scontext=u:r:untrusted_app:s0:c3,c256 > tcontext=u:object_r:apk_tmp_file:s0 tclass=file > type=1400 msg=audit(3703774.119:182): avc: denied { getattr } for > pid=1523 comm="Binder_2" path="/data/app/vmdl1971219509.tmp" > dev="mmcblk0p23" ino=276900 scontext=u:r:untrusted_app:s0:c3,c256 > tcontext=u:object_r:apk_tmp_file:s0 tclass=file > > > What gives? The PackageManager should be allowed to readand write apk tmp > files in /data/app shouldnt it? > > Best regards >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
