/dev/mali0 is labeled u:object_r:gpu_device:s0 in the device/samsung/manta/sepolicy/file_contexts file. Looks like your device policy does not assign it a specific label and it is defaulting to u:object_r:device:s0, thereby causing your bootanim denials.
/dev/fimg2d is labeled u:object_r:video_device:s0 in the device/samsung/manta/sepolicy/file_contexts file, which seems to match yours, but video_device is not directly accessible to apps, only to privileged components like system_server and mediaserver. ueventd.manta.rc assigns /dev/fimg2d mode 0660 and ownership media media, so it is not even directly accessible to apps under DAC on manta / Nexus 10. If your device requires it to be directly accessible, you need to label it with a different type than video_device under current policy. Also I am wondering about your zygote denials;why would the zygote be opening that device? On Sun, Dec 28, 2014 at 10:44 PM, 조재익 <[email protected]> wrote: > On 3.10 kernel with Lollipop 5.0.0.1, several error makes boot problem. > If I try to add audit2allow results to /device/.../sepolicy, it conflict > with never allow policy in /external/sepolicy. > > Any solutions? errors are as follows. > > > > 1. bootanim related issue > > type=1400 audit(1388844565.050:4): avc: denied { read write } for pid=2063 > comm="BootAnimation" name="mali0" dev="tmpfs" ino=2728 > scontext=u:r:bootanim:s0 tcontext=u:object_r:device:s0 tclass=chr_file > permissive=0 > > > > 2. fimg2d related issues > > [ 224.442445] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15602): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.465052] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15603): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.487766] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15604): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.510375] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15605): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.533030] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15606): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.555665] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15607): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.578323] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15608): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.600941] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15609): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.623592] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15610): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > [ 224.646251] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844767.080:15611): avc: denied { open } for pid=9830 comm="main" > path="/dev/fimg2d" dev="tmpfs" ino=2930 scontext=u:r:zygote:s0 > tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 > > [ 217.459917] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15392): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.484161] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15393): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.508492] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15394): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.532760] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15395): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.557085] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15396): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.581294] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15397): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.605709] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15398): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.629945] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15399): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.654228] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15400): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.678452] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15401): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.702768] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15402): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > [ 217.727067] [5: logd.auditd: 1979] [c5] type=1400 > audit(1388844757.580:15403): avc: denied { read write } for pid=9581 > comm="ndroid.launcher" name="fimg2d" dev="tmpfs" ino=2930 > scontext=u:r:untrusted_app:s0 tcontext=u:object_r:video_device:s0 > tclass=chr_file permissive=0 > > > > Regards, > > > > > *Jaeik ChoSenior Engineer, Ph.D.* > > ___________________________________________ > > Security Part, S/W Solution Dev. Team > > System LSI, *SAMSUNG ELECTRONICS CO.,LTD.* > > Office : +82-31-8037-5209 Fax : +82-31-8000-8000 (75209) > > Cell : +82-10-4500-1125 > Personal e-mail : [email protected] > > > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. >
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
