On Nov 30, 2016 18:14, "Sameer Joshi" <sameerpjo...@gmail.com> wrote:
>
> Hi All,
>
> I want to give access to untrusted app to write to /tmp directory.
>
> This is on top of 6.0 M code.
>
> Denial was following:
>
> [ 151.092299] type=1400 audit(1479910142.370:18): avc: denied { write }
for pid=2947 comm="a.android.flare" name="/" dev="tmpfs" ino=5591
scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0
tclass=dir permissive=0
>
> To solve this, I did following in untrusted_app.te ( as per the output
from audit2allow) :
>
> allow untrusted_app tmpfs:dir write;
>
> Even after adding this rule, this denial keeps on appearing again.
>
> Any way to fix this?
typeattribute tmpfs, mlstrustedobject;
This is likely very bad. Allowing a world accessable writable place for
apps allows one app to malform the data another app will access.
>
> Regards,
>
> Sameer Joshi
>
>
>
>
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
