On Fri, May 11, 2018 at 10:10 PM, Mahaveer, Vishal via Seandroid-list <
seandroid-list@tycho.nsa.gov> wrote:
> Hi,
>
> On a Kernel 4.4.x + Android O MR1 setup, I get below SELinux denials
> whenever a media file is played from emulated internal storage.
> There is no break in functionality, Audio/Video files continue to play.
>
> [ 76.118051] type=1400 audit(1526017556.089:131): avc: denied { read }
> for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3"
> dev="fuse" ino=11 scontext=u:r:mediaextractor:s0
> tcontext=u:object_r:fuse:s0 tclass=file permissive=0
> [ 76.201339] type=1400 audit(1526017556.089:131): avc: denied { read }
> for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3"
> dev="fuse" ino=11 scontext=u:r:mediaextractor:s0
> tcontext=u:object_r:fuse:s0 tclass=file permissive=0
> [ 76.227933] type=1400 audit(1526017556.169:132): avc: denied { accept }
> for pid=192 comm="android.hardwar" lport=33452
> scontext=u:r:hal_vehicle_default:s0
> tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=0
>
>
> Is it OK to add below rule for this?
> allow mediaextractor fuse:file read;
>
Yes, you can add this rule in my opinion.
>
> [or]
>
> Should the folders /storage/emulated/* be labeled as media_rw_data_file,
> Similar to /data/media?
> /data/media(/.*)? u:object_r:media_rw_data_file:s0
>
>
>
>
>
>
>
--
Regards,
satish patel
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
