5>[ 2978.206604] type=1400 audit(1342634359.195:1155): avc: denied { open } for pid=10393 comm="android.cts.jni" name="libjnitest.so" dev=mmcblk0p12 ino=578521 scontext=u:r:release_app:s0:c41 tcontext=u:object_r:system_data_file:s0 tclass=file
<5>[12124.019561] type=1400 audit(1342643505.007:1919): avc: denied { open } for pid=24055 comm="ationTestRunner" name="libctspermission_jni.so" dev=mmcblk0p12 ino=578541 scontext=u:r:release_app:s0:c41 tcontext=u:object_r:system_data_file:s0 tclass=file
On Fri, Jul 27, 2012 at 11:37 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
Need to know more about the denial to diagnose.On Fri, 2012-07-27 at 11:34 -0700, Haiqing Jiang wrote:
> ---
> app.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/app.te b/app.te
> index 85de816..dca2e0c 100644
> --- a/app.te
> +++ b/app.te
> @@ -83,6 +83,8 @@ allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_
> # App sdcard file accesses
> allow platformappdomain sdcard:dir create_dir_perms;
> allow platformappdomain sdcard:file create_file_perms;
> +# System data file accesses XXX????
> +allow platformappdomain system_data_file:file open;
>
> #
> # Untrusted apps.
Also, enabling syscall audit may help with getting full pathnames,
although you likely need the ARM audit patches for that.
--
Stephen Smalley
National Security Agency
-----------------------------------
Haiqing Jiang, PH.D studentComputer Science Department, North Carolina State University
