On Jul 12, 2016 21:38, "Jeffrey Vander Stoep" <[email protected]> wrote: > > No it's hex. Should have the 0x in front of it (but doesn't). Definitely my bad :(
Ahh that's what is was. I knew their was something goofy about it that drove me nuts ;-p. You should update that print out. > > Looks like android-6.0.1_r55 has the patch I referred to. Yongqin, do you have repro steps? > > On Tue, Jul 12, 2016 at 9:29 PM William Roberts <[email protected]> wrote: >> >> >> On Jul 12, 2016 21:20, "Jeffrey Vander Stoep" <[email protected]> wrote: >> > >> > Hi Yongqin, >> > >> > Looks like a process is indiscriminately calling ashmem_get_size_region() (ioctl number 7704=ASHMEM_GET_SIZE) on a unix socket. This is a bug and should not be allowed. The selinux denial is working as intended. >> > >> > A similar bug was fixed here: >> > https://android-review.googlesource.com/#/c/198885/4/libs/binder/Parcel.cpp >> > >> > Does your tree include this patch? >> > >> > On Tue, Jul 12, 2016 at 8:43 PM YongQin Liu <[email protected]> wrote: >> >> >> >> Hi, All >> >> >> >> When I update to use tag android-6.0.1_r55, I got following avc denials during the boot up: >> >> >> >> avc: denied { ioctl } for pid=177 comm="Binder_2" path="socket:[10083]" dev="sockfs" ino=10083 ioctlcmd=7704 scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 tclass=unix_stream_socket permissive=0 >> >> >> >> and >> >> avc: denied { ioctl } for pid=465 comm="Binder_1" path="socket:[14454]" dev="sockfs" ino=14454 ioctlcmd=7704 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=unix_stream_socket permissive=0 >> >> >> >> >> >> With following rules I can make the denials disappeared: >> >> 11:29:17 liuyq: hikey$ git diff --staged >> >> diff --git a/sepolicy/ioctl_macros b/sepolicy/ioctl_macros >> >> new file mode 100644 >> >> index 0000000..398976c >> >> --- /dev/null >> >> +++ b/sepolicy/ioctl_macros >> >> @@ -0,0 +1 @@ >> >> +define(`IOCTLTEST', `0x00007704') >> >> diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te >> >> new file mode 100644 >> >> index 0000000..7c337a9 >> >> --- /dev/null >> >> +++ b/sepolicy/surfaceflinger.te >> >> @@ -0,0 +1 @@ >> >> +allow surfaceflinger surfaceflinger:unix_stream_socket { IOCTLTEST }; >> >> diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te >> >> new file mode 100644 >> >> index 0000000..218a8a2 >> >> --- /dev/null >> >> +++ b/sepolicy/system_server.te >> >> @@ -0,0 +1 @@ >> >> +allow system_server system_server:unix_stream_socket { IOCTLTEST }; >> >> 11:29:19 liuyq: hikey$ >> >> >> >> >> >> but how should I find the real name for the ioctlcmd=7704? >> >> searched in kernel, and found 7704 is defined ad following: >> >> kernel/linaro/hisilicon/drivers/gpu/drm/radeon/r600d.h:1219:#define HDMI1_STATUS 0x7704 >> >> iirc the ioctlcmd prints as base 10 not hex. Is that correct Jeff? >> >> >> >> >> but it does not seem to be used for ioctl command. >> >> >> >> -- >> >> Best Regards, >> >> Yongqin Liu >> >> --------------------------------------------------------------- >> >> #mailing list >> >> [email protected] >> >> http://lists.linaro.org/mailman/listinfo/linaro-android >> >> _______________________________________________ >> >> Seandroid-list mailing list >> >> [email protected] >> >> To unsubscribe, send email to [email protected]. >> >> To get help, send an email containing "help" to [email protected]. >> > >> > >> > _______________________________________________ >> > Seandroid-list mailing list >> > [email protected] >> > To unsubscribe, send email to [email protected]. >> > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
