Dear Stephen,
Thanks your suggestion after adding mlstrustedobject problem
solved.can you please explain the difference between levelFrom=User &&
levelFrom=App
Regards
Harish K
On Mon, Oct 20, 2014 at 6:44 PM, Stephen Smalley <[email protected]> wrote:
> On 10/20/2014 08:03 AM, harish kavali wrote:
> > Hi all,
> >
> > i had created a new directory in "/data/mydir" and labelled it in
> the
> > file_contexts as
> > /data/mydir(/.*)? u:object_r:my_data_file:s0
> >
> > in file.te i defined the new type as
> > type my_data_file, file_type, data_file_type;
>
> Add 'mlstrustedobject' here if you want it to be writable by apps
> running at any level, e.g.
> type my_data_file, file_type, data_file_type, mlstrustedobject;
>
> >
> > in my type enforcement file "myapp.te" i had added the following rule
> > allow my_app my_data_file:dir create_dir_perms;
> > allow my_app my_data_file:file create_file_perms;
> > allow my_app my_data_file:file r_file_perms;
> > allow my_app my_data_file:file w_file_perms;
>
> create_file_perms is a superset of r_file_pems and w_file_perms so you
> can omit the latter two lines.
>
> >
> > all the files are located in device/lge/hammerhead/sepolicy directory
> >
> > when i try to read a file from /data/mydir i am able to read it, but
> > when i try to write to that file
> > i am gettting avc denied error
> > even i am unable to create a file in that /data/mydir
>
> Please, in the future, show the actual avc message. But I am fairly
> sure it is due to a level mismatch as above.
>
> >
> > my seapp_contexts contains
> > user=_app seinfo=cdac domain=cdac_app type=app_data_file levelFrom=user
>
> This doesn't align with your statements above; there you used my_app but
> here you use cdac_app. Regardless, with levelFrom=user, you are being
> assigned a unique MLS category set per Android user and therefore must
> mark any types that should be writable with mlstrustedobject as well.
>
> >
> > Please help me in this issue i am using seandroid 4.4.4 branch
>
>
>
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
