All my untrusted app are from google which are expected
root@android:/ # ps -Z | grep untrust
u:r:untrusted_app:s0 u0_a25 2114 183
com.google.process.gapps
u:r:untrusted_app:s0 u0_a25 3132 183 com.google.android.gms
u:r:untrusted_app:s0 u0_a28 6541 183 com.google.android.tts
u:r:untrusted_app:s0 u0_a21 6813 183
com.google.android.apps.maps
u:r:untrusted_app:s0 u0_a0 6948 183 com.android.contacts
u:r:untrusted_app:s0 u0_a25 7171 183
com.google.process.location
u:r:untrusted_app:s0 u0_a25 7185 183
com.google.android.gsf.login
u:r:untrusted_app:s0 u0_a29 7245 183
com.google.android.talk
Also, when I run gallery app, I got these messages
audit(1393533291.343:868): avc: denied { search } for pid=13457
comm="droid.gallery3d" name="com.android.gallery3d" dev=dm-0 ino=139484
scontext=u:r:untrusted_app:s0
tcontext=u:object_r:platform_app_data_file:s0 tclass=dir
audit(1393533291.343:869): avc: denied { search } for pid=13457
comm="droid.gallery3d" name="com.android.gallery3d" dev=dm-0 ino=139484
scontext=u:r:untrusted_app:s0
tcontext=u:object_r:platform_app_data_file:s0 tclass=dir
audit(1393533291.343:870): avc: denied { search } for pid=13457
comm="droid.gallery3d" name="com.android.gallery3d" dev=dm-0 ino=139484
scontext=u:r:untrusted_app:s0
tcontext=u:object_r:platform_app_data_file:s0 tclass=dir
Tai
On 2/27/14, 2:51 PM, "Stephen Smalley" <[email protected]> wrote:
>On 02/27/2014 02:39 PM, Tai Nguyen (tainguye) wrote:
>> Has anyone seen these messages?
>>
>>
>> audit(1393513904.570:4): avc: denied { open } for pid=2971
>>comm="SharedPreferenc" name="com.android.gallery3d_preferences.xml"
>>dev=dm-0 ino=139463 scontext=u:r:untrusted_app:s0
>>tcontext=u:object_r:platform_app_data_file:s0 tclass=file
>>
>> audit(1393514030.384:5): avc: denied { write } for pid=2982
>>comm="GalleryPackages" name="shared_prefs" dev=dm-0 ino=139457
>>scontext=u:r:untrusted_app:s0
>>tcontext=u:object_r:platform_app_data_file:s0 tclass=dir
>>
>> audit(1393514050.079:14): avc: denied { open } for pid=3556
>>comm="SharedPreferenc" name="AlarmClock.xml" dev=dm-0 ino=139289
>>scontext=u:r:untrusted_app:s0
>>tcontext=u:object_r:platform_app_data_file:s0 tclass=file
>>
>> audit(1393514050.079:15): avc: denied { open } for pid=3555
>>comm="AsyncHandler" name="alarms.db" dev=dm-0 ino=139276
>>scontext=u:r:untrusted_app:s0
>>tcontext=u:object_r:platform_app_data_file:s0 tclass=file
>>
>>
>> root@android:/ # ls -Z /data/data/com.android.deskclock/shared_prefs
>>
>> -rw-rw---- u0_a84 u0_a84
>>u:object_r:platform_app_data_file:s0 AlarmClock.xml
>>
>>
>> The current rules are
>>
>> # Read/write data files created by the platform apps if they
>>
>> # were passed to the app via binder or local IPC. Do not allow open.
>>
>> allow appdomain platform_app_data_file:file { getattr read write };
>
>Looks like you have an app running in untrusted_app that should be
>running in one of the platform app domains. ps -Z output?
>
>
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
