On Nov 30, 2016 18:14, "Sameer Joshi" <sameerpjo...@gmail.com> wrote: > > Hi All, > > I want to give access to untrusted app to write to /tmp directory. > > This is on top of 6.0 M code. > > Denial was following: > > [ 151.092299] type=1400 audit(1479910142.370:18): avc: denied { write } for pid=2947 comm="a.android.flare" name="/" dev="tmpfs" ino=5591 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0 > > To solve this, I did following in untrusted_app.te ( as per the output from audit2allow) : > > allow untrusted_app tmpfs:dir write; > > Even after adding this rule, this denial keeps on appearing again. > > Any way to fix this?
typeattribute tmpfs, mlstrustedobject; This is likely very bad. Allowing a world accessable writable place for apps allows one app to malform the data another app will access. > > Regards, > > Sameer Joshi > > > > > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.