If anyone else sees a bunch of relabelfrom/relabelto's coming from ueventd,
like so:
[ 14.409448] type=1400 audit(978307239.225:26): avc: denied { relabelfrom }
for pid=1572 comm="ueventd" name="ttyS0" dev="tmpfs" ino=9613
scontext=u:r:ueventd:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file
permissive=1
[ 14.428107] type=1400 audit(978307239.225:27): avc: denied { relabelto } for
pid=1572 comm="ueventd" name="ttyS0" dev="tmpfs" ino=9613
scontext=u:r:ueventd:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file
permissive=1
The root causes are from changes:
system/core:
commit: 24a3cbfa732dc14c1a559f4ad79e1700fbae888f :
https://android-review.googlesource.com/219919
system/sepolicy:
commit: d41ad551189c1b7be26a1807980418858b2a132e:
https://android-review.googlesource.com/235336
The problem stems from the introduced call to lsetfilecon() which does so
without discretion.
The fix is to only call lsetfilecon() on a delta.
The introductory patches to correct the issue are here:
https://android-review.googlesource.com/#/q/topic:coldboot-fix
For those backporting any changes, bear in mind that these will need CTS fixes
and/or waivers.
Thanks to sds for helping me debug this.
----
Bill
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
