Hi,
When bringing up Nougat MR2 with Kernel 4.4, I see bunch of getattr denials for
many core services and new services that I define.
/vendor is symbolic link to /system/vendor on file system.
[ 8.874966] type=1400 audit(8.849:11): avc: denied { getattr } for pid=195
comm="audioserver" path="/vendor" dev="rootfs" ino=5881
scontext=u:r:audioserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file
permissive=1
[ 8.875310] type=1400 audit(8.849:10): avc: denied { getattr } for pid=196
comm="cameraserver" path="/vendor" dev="rootfs" ino=5881
scontext=u:r:cameraserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file
permissive=1
[ 8.875614] type=1400 audit(8.849:12): avc: denied { getattr } for pid=200
comm="mediacodec" path="/vendor" dev="rootfs" ino=5881
scontext=u:r:mediacodec:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file
permissive=1
[ 8.876029] type=1400 audit(8.849:13): avc: denied { getattr } for pid=201
comm="mediadrmserver" path="/vendor" dev="rootfs" ino=5881
scontext=u:r:mediadrmserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file
permissive=1
[ 9.458085] type=1400 audit(9.439:17): avc: denied { getattr } for pid=219
comm="bootanimation" path="/vendor" dev="rootfs" ino=5881
scontext=u:r:bootanim:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file
permissive=1
[ 20.093269] type=1400 audit(20.019:21): avc: denied { getattr } for pid=765
comm="bootstat" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:bootstat:s0
tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1
How do I resolve them without writing rules for each domain.
Regards,
Vishal
