On Fri, May 11, 2018 at 10:10 PM, Mahaveer, Vishal via Seandroid-list < seandroid-list@tycho.nsa.gov> wrote:
> Hi, > > On a Kernel 4.4.x + Android O MR1 setup, I get below SELinux denials > whenever a media file is played from emulated internal storage. > There is no break in functionality, Audio/Video files continue to play. > > [ 76.118051] type=1400 audit(1526017556.089:131): avc: denied { read } > for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3" > dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 > tcontext=u:object_r:fuse:s0 tclass=file permissive=0 > [ 76.201339] type=1400 audit(1526017556.089:131): avc: denied { read } > for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3" > dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 > tcontext=u:object_r:fuse:s0 tclass=file permissive=0 > [ 76.227933] type=1400 audit(1526017556.169:132): avc: denied { accept } > for pid=192 comm="android.hardwar" lport=33452 > scontext=u:r:hal_vehicle_default:s0 > tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=0 > > > Is it OK to add below rule for this? > allow mediaextractor fuse:file read; > Yes, you can add this rule in my opinion. > > [or] > > Should the folders /storage/emulated/* be labeled as media_rw_data_file, > Similar to /data/media? > /data/media(/.*)? u:object_r:media_rw_data_file:s0 > > > > > > > -- Regards, satish patel
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.