On 02/27/2014 02:39 PM, Tai Nguyen (tainguye) wrote:
> Has anyone seen these messages?
>
>
> audit(1393513904.570:4): avc: denied { open } for pid=2971
> comm="SharedPreferenc" name="com.android.gallery3d_preferences.xml" dev=dm-0
> ino=139463 scontext=u:r:untrusted_app:s0
> tcontext=u:object_r:platform_app_data_file:s0 tclass=file
>
> audit(1393514030.384:5): avc: denied { write } for pid=2982
> comm="GalleryPackages" name="shared_prefs" dev=dm-0 ino=139457
> scontext=u:r:untrusted_app:s0 tcontext=u:object_r:platform_app_data_file:s0
> tclass=dir
>
> audit(1393514050.079:14): avc: denied { open } for pid=3556
> comm="SharedPreferenc" name="AlarmClock.xml" dev=dm-0 ino=139289
> scontext=u:r:untrusted_app:s0 tcontext=u:object_r:platform_app_data_file:s0
> tclass=file
>
> audit(1393514050.079:15): avc: denied { open } for pid=3555
> comm="AsyncHandler" name="alarms.db" dev=dm-0 ino=139276
> scontext=u:r:untrusted_app:s0 tcontext=u:object_r:platform_app_data_file:s0
> tclass=file
>
>
> root@android:/ # ls -Z /data/data/com.android.deskclock/shared_prefs
>
> -rw-rw---- u0_a84 u0_a84 u:object_r:platform_app_data_file:s0
> AlarmClock.xml
>
>
> The current rules are
>
> # Read/write data files created by the platform apps if they
>
> # were passed to the app via binder or local IPC. Do not allow open.
>
> allow appdomain platform_app_data_file:file { getattr read write };
Looks like you have an app running in untrusted_app that should be
running in one of the platform app domains. ps -Z output?
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
