Hi,
I am trying to make our application operational under
SEAndroid. Currently the application produces "open" and "execute"
denials when it is loading its dynamic libraries from
/data/data/APPDIR/lib directory:
<5>[ 3913.711395] type=1400 audit(1341923463.083:9): avc: denied {
open } for pid=1832 comm="t.circletech.cc" name="libsdl-1.2.so"
dev=mmcblk0p12 ino=578446 scontext=u:r:untrusted_app:s0:c38
tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[ 3913.711730] type=1400 audit(1341923463.083:10): avc: denied {
execute } for pid=1832 comm="t.circletech.cc"
path="/data/data/net.circletech.cc/lib/libsdl-1.2.so" dev=mmcblk0p12
ino=578446 scontext=u:r:untrusted_app:s0:c38
tcontext=u:object_r:system_data_file:s0 tclass=file
My guess is that these libraries should have a different label. Such
that the application is allowed to load them. But which one? And how to
change it? I tried to change the policy (file_contexts), but it had no
effect (it seems that files in the lib directory are relabeled during
installation).
Thank you,
Michal Mašek
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
