IMHO you would probably be best advised to pull in all the current work on master into you're external project. On Apr 13, 2014 4:56 PM, "Jaejyn Shin" <[email protected]> wrote:
> Dear Nick Kralevich > > Thank you for your nice advice !! > I will apply those commit and test it again. > > Thank you > Best regards > > > 2014-04-13 23:15 GMT+09:00 Nick Kralevich <[email protected]>: > >> >> Dave Platt committed the zygote socket changes. They are available by >> looking at his commit history: >> >> https://android-review.googlesource.com/#/q/owner:%22Dave+Platt%22 >> >> Applying those patches should be sufficient to resolve this problem. >> >> >> >> On Sat, Apr 12, 2014 at 10:19 PM, Jaejyn Shin <[email protected]>wrote: >> >>> Dear SEAndroid developer >>> >>> I found the below denial logs in my device >>> >>> 01-01 01:41:08.270 E/auditd ( 2997): auditd: type=1400 >>> msg=audit(1388540468.270:6): avc: denied { getopt } for pid=3489 comm= >>> "zygote" path="/dev/socket/zygote" scontext=u:r:untrusted_app:s0 >>> tcontext=u:r:zygote:s0 tclass=unix_stream_socket >>> 01-01 01:41:16.490 E/auditd ( 2997): auditd: type=1400 >>> msg=audit(1388540476.490:8): avc: denied { getattr } for pid=4519 comm= >>> "zygote" path="socket:[10409]" dev="sockfs" ino=10409 >>> scontext=u:r:untrusted_app:s0 tcontext=u:r:zygote:s0 >>> >>> This logs are shown many times from the lots of different applications. >>> >>> During analyzing this denial, I found a aosp commit >>> >>> https://android-review.googlesource.com/#/c/81300/ >>> >>> # Needed to close the zygote socket, which involves getopt / getattr >>> # This should be deleted after b/12061011 is fixed >>> allow appdomain zygote:unix_stream_socket { getopt getattr }; >>> >>> According the the comment of the commit, I understood that the allow >>> rule was removed after modifying zygote source (b/12061011 is fixed). >>> >>> I also don't want write the allow rule, but I want to modify my zygote >>> source. >>> >>> Is there anybody who know how to modify the zygote source ? >>> >>> Thank you >>> Best regards >>> >> >> >> >> -- >> Nick Kralevich | Android Security | [email protected] | 650.214.4037 >> > >
