Hi, When bringing up Nougat MR2 with Kernel 4.4, I see bunch of getattr denials for many core services and new services that I define. /vendor is symbolic link to /system/vendor on file system.
[ 8.874966] type=1400 audit(8.849:11): avc: denied { getattr } for pid=195 comm="audioserver" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:audioserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 [ 8.875310] type=1400 audit(8.849:10): avc: denied { getattr } for pid=196 comm="cameraserver" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:cameraserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 [ 8.875614] type=1400 audit(8.849:12): avc: denied { getattr } for pid=200 comm="mediacodec" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:mediacodec:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 [ 8.876029] type=1400 audit(8.849:13): avc: denied { getattr } for pid=201 comm="mediadrmserver" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:mediadrmserver:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 [ 9.458085] type=1400 audit(9.439:17): avc: denied { getattr } for pid=219 comm="bootanimation" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:bootanim:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 [ 20.093269] type=1400 audit(20.019:21): avc: denied { getattr } for pid=765 comm="bootstat" path="/vendor" dev="rootfs" ino=5881 scontext=u:r:bootstat:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=1 How do I resolve them without writing rules for each domain. Regards, Vishal