On 05/04/2015 11:29 PM, Inamdar Sharif wrote: > > > -----Original Message----- > From: Stephen Smalley [mailto:[email protected]] > Sent: Monday, May 04, 2015 6:15 PM > To: Inamdar Sharif; [email protected] > Subject: Re: system server accessing dex2oat > > On 05/04/2015 01:57 AM, Inamdar Sharif wrote: >> Hi Guys, >> >> I am facing the following avc denied >> >> avc: denied { execute } for pid=667 comm="android.ui" name="dex2oat" >> dev="sda22" ino=158 scontext=u:r:system_server:s0 >> tcontext=u:object_r:dex2oat_exec:s0 tclass=file >> >> >> >> But on AOSP this is a neverallow rule. >> >> https://android.googlesource.com/platform/external/sepolicy/+/361cdaff >> 3096fafc16bbe88b84d6f99f7944def7 >> >> >> >> I can see that the process is "android.ui" (process running when this >> avc occured) >> >> Is this a bug in Android or something in the code went wrong?? > > Are you running AOSP master? > > No , I am not using AOSP master. > [Sharif]I don't have this neverallow rule in my external/sepolicy. > But since this will be coming in later releases ,it makes sense not to add as > this will be a part of CTS as well. > > Did you get logcat output for the failure beyond just the avc denial? > > [Sharif]I don't see any suspecting log in logcat beyond the avc. > This happens while booting Android L.
If you have visibility into the bug 16317188 cited in the change that added the neverallow, that might help clarify matters. I do not. Regardless, you shouldn't assume that neverallows added to AOSP master are applicable to prior releases; they sometimes require code changes first that would only be in master or later releases. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
