Your kernel likely has this patch: https://android-review.googlesource.com/#/c/58360/ Nexus9 does not.
Without this patch all inodes in / have the rootfs label (which init has the mounton permission for in core policy). You can cherrypick the upstream fix from AOSP master: https://android-review.googlesource.com/#/c/161780/1 or add the new rules to your device specific policy. On Tue, Oct 20, 2015 at 8:00 AM YongQin Liu <[email protected]> wrote: > Hi, All > > When I tried the Marshmallow version on our platforms, I got following > warnings: > avc: denied { mounton } for pid=1 comm="init" path="/cache" dev="rootfs" > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:cache_file:s0 tclass=dir > permissive=1 > avc: denied { mounton } for pid=1 comm="init" path="/storage" dev="rootfs" > ino=73 scontext=u:r:init:s0 tcontext=u:object_r:storage_file:s0 tclass=dir > permissive=1 > > To remove this warnings, I need to add following rules into the init.te > file: > allow init cache_file:dir mounton; > allow init storage_file:dir mounton; > > but I did not see similar rules added into the init.te file for Nexus9 > build(device/htc/flounder/sepolicy/), > and there is no such warnings on the Nexus9 build too. > > I am confused on why Nexus9 does not need the mounton rules for init > domain, and does not have the warnings. > > Anyone here can help to explain for me or point me where I should check? > > Thanks in advance! > -- > Best Regards, > Yongqin Liu > --------------------------------------------------------------- > #mailing list > [email protected] <[email protected]> > http://lists.linaro.org/mailman/listinfo/linaro-android > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
