On 10/18/2016 10:56 AM, Stephen Smalley wrote: > On 10/18/2016 10:49 AM, Sava Mikalački wrote: >> I'm not sure how to answer the ownership question. I'm trying to allow >> my application to write files in data/system/ifw which would be picked >> up by the IntentFilter and then block certain application components >> from executing. I have existing code that does that and it worked on >> Marshmallow but its not working on Nougat because of that permission >> denied exception when creating a file in data/system/ifw folder. Does >> that help out in your question? > > On a device running 7.0, ls -ld /data/system/ifw shows that it is owned > by the system UID and is only writable by owner. So your app has to run > with the system UID (and thus would be system_app) in order to write > there. I don't really think that's new to 7.0 though.
What is new to 7.0 is that system_app is no longer allowed to create/write to system_data_file, which is the default type on /data/system/ifw. So SELinux would deny those attempts (but you should get avc messages in logcat / dmesg). ls -lZd /data/system/ifw and ps -eZ | grep <name-of-your-app> might be interesting. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.