You are hitting with neverallow rule , I am not sure which AOSP version you are using , But *device/avaya/brio/sepolicy/system_app.te:38* should give you what is neverallowed .
Generally for tmpfs is by default expected to get defined on using app_domain(system_app) in system_app.te and macro for the app_domain can be seen here https://android.googlesource.com/platform/external/sepolicy/+/4d19f98c728373860c5628d46fe5f4d664c601d2/te_macros#74 Please make sure there are no modification in system/sepolicy ( AOSP owned code) On Fri, Sep 14, 2018 at 2:02 PM Sameer Joshi <sameerpjo...@gmail.com> wrote: > Hi , > > We are trying to have our own way of generating debug report and for that > we are running a script from settings app , after "Generate report" is > pressed. We are using Android 8.1 for this scenario. > > In this case , we are trying to create new files in "/tmp" directory. > > We get the following denials: > > 09-14 12:24:01.174 4592 4592 W media_report.sh: type=1400 audit(0.0:53): > avc: denied { create } for name="audio_result" scontext=u:r:system_app:s0 > tcontext=u:object_r:system_app_tmpfs:s0 tclass=file permissive=0 > 09-14 12:24:01.174 4592 4592 W media_report.sh: type=1400 audit(0.0:54): > avc: denied { create } for name="audio_params" scontext=u:r:system_app:s0 > tcontext=u:object_r:system_app_tmpfs:s0 tclass=file permissive=0 > > Using audit2allow , gives the following rules: > #============= system_app ============== > allow system_app system_app_tmpfs:file create; > > Adding this rule into system_app.te gives following error during > compilation. > > FAILED: > out/target/product/brio/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil > /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 > out/host/linux-x86/bin/checkpolicy -C -M -c 30 -o > out/target/product/brio/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil.tmp > out/target/product/brio/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy.conf > ) && (grep -Fxv -f > out/target/product/brio/obj/FAKE/selinux_policy_intermediates/reqd_policy_mask.cil > out/target/product/brio/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil.tmp > > > out/target/product/brio/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_policy_raw.cil > )" > *device/avaya/brio/sepolicy/system_app.te:38:ERROR 'unknown type > system_app_tmpfs' at token ';' on line 26169:* > *#============= system_app ==============* > *allow system_app system_app_tmpfs:file create;* > checkpolicy: error(s) encountered while parsing configuration > > Can anyone help to know how to solve this problem? > > Regards, > > Sameer Joshi > > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.